Dell Force10 Z9000 FTOS Configuration Guide for Z9000 System
Dell Force10 Z9000 Manual
View all Dell Force10 Z9000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Force10 Z9000 manual content summary:
- Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 1
FTOS Configuration Guide for the Z9000 System FTOS 9.1(0.0) Publication Date: February 2013 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 2
damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2013 Dell Force10. All rights reserved. Reproduction of these - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 3
|3 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 4
www.dell.com | support.dell.com 4| - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 5
1 About this Guide 27 Objectives 27 Audience 27 Conventions 28 Information Symbols 28 2 Configuration Fundamentals 29 Accessing the Command Line 29 CLI Modes 30 Navigating CLI Modes 31 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 6
www.dell.com | support.dell.com syslog messages 61 File Transfer Services 62 Configuration Task List for File Transfer Services 62 Terminal Lines 64 Deny and Z9000 69 Recovering from a Forgotten Enable Password on the S4810 and Z9000 71 Recovering from a Failed Start on the S4810 and Z9000 72 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 7
Configuring BFD for BGP 142 Configuring BFD for VRRP 150 Configuring BFD for VLANs 153 Configuring BFD for Port-Channels 155 Configuring Protocol Liveness 158 Troubleshooting BFD 158 |7 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 8
www.dell.com | support.dell.com 8 Border Gateway Protocol 159 Protocol Overview 160 Autonomous Next Hop 172 Multiprotocol BGP 172 Implementing BGP with FTOS 172 Additional Path (Add-Path) support 172 Advertise IGP cost as MED for redistributed routes 173 Ignore Router-ID for some best- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 9
Behavior 263 Example: EF Line Card with EG Chassis Profile (Card Problem 263 Example: EH Line Card with EG Chassis Profile (Card Problem 264 When to Use CAM Profiling 264 Important Points to Remember 264 Flow 276 CAM profile for the VLAN ACL group feature 276 Troubleshoot CAM Profiling 276 |9 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 10
www.dell.com | support.dell.com CAM Profile Mismatches 276 QoS CAM Region Limitation 277 11 profile configuration 304 Troubleshooting packet loss 305 Displaying Drop Counters 305 Dataplane Statistics 306 Displaying Stack Member Counters 308 Application core dumps 309 Mini core dumps 309 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 11
DHCP Server 319 Configure a Method of Hostname Resolution 319 Create Manual Binding Entries 320 Debug DHCP server 321 DHCP Clear Commands 321 Monitoring FIPS Mode Status 339 Disabling the FIPS Mode 339 16 Force10 Resilient Ring Protocol (FRRP 341 Protocol Overview 341 Ring Status 342 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 12
www.dell.com | support.dell.com FRRP Configuration 347 Troubleshooting FRRP 352 Configuration Checks 352 Sample Configuration and Specifying a Port as Connected to a Multicast Router 371 Configuring the Switch as Querier 371 Fast Convergence after MSTP Topology Changes 372 Designating a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 13
Physical Interfaces 377 Overview of Layer Modes 378 Configure Layer 2 (Data Link) Mode 378 Configure Layer 3 (Network) Mode 379 Management 380 Configure Management Interfaces on the E-Series, C-Series, S4810 and Z9000 .380 Configure Management Interfaces on the S-Series 382 VLAN Interfaces 383 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 14
www.dell.com | support.dell.com 20 IPv4 Routing 421 IP Addresses 421 Implementation Information 422 with Configured Broadcast Addresses 438 UDP Helper with No Configured Broadcast Addresses 438 Troubleshooting UDP Helper 439 21 IPv6 Routing 441 Protocol Overview 442 Extended Address Space - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 15
to Intermediate System 487 Protocol Overview 487 IS-IS Addressing 488 Multi-Topology IS-IS 489 Transition Mode 489 Interface support 490 Adjacencies 490 Graceful Restart 490 Implementation Information 491 Configuration Information 492 Configuration Task List for IS-IS 492 Configuring - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 16
www.dell.com | support.dell.com 24 Clustering 529 Default Behavior 529 Configuring the Switch for Microsoft Server Clustering 530 Enable and Disable 541 Protocol Data Units 541 Optional TLVs 542 Management TLVs 543 TIA-1057 (LLDP-MED) Overview 544 TIA Organizationally Specific TLVs - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 17
Disabling and Undoing LLDP 550 Advertising TLVs 550 Viewing the LLDP Configuration 552 Viewing Information Advertised by Adjacent LLDP Agents 552 Configuring LLDPDU Intervals 553 Configuring Transmit and Receive Mode 554 Configuring a Time to Live 555 Debugging LLDP 556 Relevant Management - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 18
www.dell.com | support.dell.com 18 | Create Multiple Spanning Tree Instances 593 Influence MSTP Root Selection 595 Interoperate with Non-FTOS Bridges 595 Modify Global Parameters 596 Modify Interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 19
OSPFv2 parameters on interfaces 643 Enable OSPFv2 authentication 645 Enable OSPFv2 graceful restart 645 Filter routes 647 Redistribute routes 648 Troubleshooting OSPFv2 649 Sample Configurations for OSPFv2 652 Basic OSPFv2 Router Topology 652 Configuration Task List for OSPFv3 (OSPF for IPv6 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 20
www.dell.com | support.dell.com Monitoring PIM 681 31 PIM Source-Specific Mode (PIM-SSM 683 Implementation Information 685 Important Points to Remember 685 716 PVST+ Extended System ID 716 PVST+ Sample Configurations 717 35 Quality of Service (QoS 721 Implementation Information 723 20 | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 21
Port-based QoS Configurations 723 Set dot1p Priorities for Incoming Traffic 724 Honor dot1p Priorities on Ingress Traffic 724 Configure Port-based Rate Policing 725 Configure Port-based Rate Limiting 726 Configure Port-based Rate Shaping 727 Policy-based QoS Configurations 727 Classify - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 22
www.dell.com | support.dell.com SSH to copy a software image 805 Secure Shell Authentication 806 Troubleshooting SSH 809 Telnet 809 Trace Lists 810 Configuration Tasks for Trace and Authorization 817 VTY MAC-SA Filter Support 817 40 Service Provider Bridging 819 VLAN Stacking 819 Important - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 23
VLAN Stacking Packet Drop Precedence 830 Enable Drop Eligibility 831 Honor the Incoming DEI Value 831 Mark Egress Packets with a DEI Value 832 Dynamic Mode CoS for VLAN Stacking 832 Layer 2 Protocol Tunneling 835 Implementation Information 837 Enable Layer 2 Protocol Tunneling 838 Specify a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 24
www.dell.com | support.dell.com Subscribe to Managed Object Value Updates using SNMP 855 Copy Configuration Files Using SNMP 858 Manage VLANs using SNMP 864 Create a VLAN 864 Assign a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 25
and VLT 923 VLT Bandwidth Monitoring 923 VLT and IGMP Snooping 924 VLT Port Delayed Restoration 924 PIM-Sparse Mode Support on VLT 925 RSTP Configuration 926 VLT Configuration Procedure 927 Verifying a VLT Configuration 941 Sample Configuration: Virtual Link Trunking 943 Troubleshooting VLT - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 26
www.dell.com | support.dell.com VRRP Configuration 952 Configuration Task List for VRRP 952 VRRP initialization delay 961 Sample Configurations 962 50 Standards Compliance 965 IEEE Compliance 965 RFC and I-D Compliance 966 MIB Location 976 1 Index 977 26 | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 27
configuring protocols on Dell Force10 systems. For complete information on protocols, refer to other documentation including IETF Requests for Comment (RFCs). The instructions in this guide cite relevant RFCs, and Chapter 50, Standards Compliance contains a complete list of the supported RFCs and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 28
you to choose one. Information Symbols Table 1-1 describes symbols contained in this guide. Table 1-1. Information Symbols Symbol ces Warning Platform Specific Feature Description This symbol informs you of a feature that supported on one or two platforms only: e is for E-Series, c is for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 29
2 Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 30
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in INTERFACE sub-mode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1-Gigabit Ethernet, or 10-Gigabit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 31
Figure 2-2. CLI Modes in FTOS EXEC EXEC Privilege CONFIGURATION ARCHIVE AS-PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 32
www.dell.com | support.dell.com Table 2-1. FTOS Command Modes CLI Command Mode EXEC EXEC Privilege CONFIGURATION Prompt FTOS> FTOS# FTOS(conf)# Access Command Access the router through the console - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 33
MAC ACCESS-LIST Table 2-1. FTOS Command Modes (continued) CLI Command Mode Prompt STANDARD ACCESSLIST EXTENDED ACCESSLIST FTOS(config-std-macl)# FTOS(config-ext-macl)# Access Command mac access-list standard mac access-list extended MULTIPLE SPANNING TREE OPENFLOW FTOS(config-mstp)# FTOS( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 34
www.dell.com | support.dell.com The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 35
Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • Enter ? at the prompt or after a keyword to list the keywords available in the current mode. • ? after a prompt lists all of the available keywords. The - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 36
www.dell.com | support.dell.com • The UP and DOWN arrow keys display previously entered commands (see Command History). • The BACKSPACE and DELETE keys erase the previous letter. • Key combinations - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 37
Filtering show Command Outputs Filter the output of a show command to display specific information by adding | [except | find | grep | no-more | save] specified_text after the command. The variable specified_text is the text for which you are filtering and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 38
dell.com | support.dell. . For example: • On the system that telnets into the switch, Message 1 appears: Message 1 Multiple Users in Configuration mode is in configuration mode If either of these messages appears, Dell Force10 recommends that you coordinate with the users listed in the message - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 39
• Configuration File Management • File System Management When you power up the switch, the system performs a Power-On Self Test (POST) during which the Console access Serial console The RJ-45/RS-232 console port is labeled on the Z9000 chassis. It is in the upper right-hand side, as you face the I/O - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 40
www.dell.com | support.dell.com To access the console port, follow the procedures below. Refer to Table 3-1 for the console port pinout. Step 1 2 3 Task Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the Z9000 console port to a terminal server. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 41
except for S25 and S50) and Z-Series have a dedicated management port. The S25 and S50 switches do not have a dedicated management port. • All Dell Force10 products can be managed via the front-end data ports as well. Access the C-Series, E-Series, S-Series, and the Z-Series Remotely Configuring the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 42
www.dell.com | support.dell.com Configure the Management Port IP Address Assign IP addresses to the management ports in order to access the system remotely. Note: Assign different IP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 43
for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Force10system. CONFIGURATION Access the S-Series Remotely The S-Series does not have a dedicated management port nor a separate management routing table - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 44
www.dell.com | support.dell.com Configure the Enable Password Access the EXEC Privilege mode already encrypted using a DES hash. Obtain the encrypted password from the configuration file of another Dell Force10 system. • 5 is for inputting a password that is already encrypted using an MD5 hash - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 45
file-url destination-file-url. Note: See the FTOS Command Line Interface Reference Guide for a detailed description of the copy command. • To copy a local file location shown in Table 3-2. • To copy a remote file to Dell Force10 system, combine the file-origin syntax for a remote file location with - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 46
www.dell.com | support.dell.com • The usbflash and rpm0usbflash commands are supported on E-Series ExaScale systems. Refer to your system's Release Notes for a list of approved USB vendors. • The usbflash command is supported on Z9000. Refer to your system's Release Notes for a list of approved USB - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 47
the Overload bit for Startup Scenario For information on setting the router overload bit for a specific period of time after a switch reload is implemented, see the FTOS Command Line Reference Guide, Chapter 18 - Intermediate System to Intermediate System (IS-IS). View Files File information and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 48
www.dell.com | support.dell.com To view a list of files on the internal or external Flash: Step Task 1 View a list of files on: the internal flash of an RPM - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 49
-unit 0 secondary flash:// FTOS-ZB-8.3.11.1.bin boot system stack-unit 0 default system: A: boot system gateway x.x.x.x --More-- File System Management The Dell Force10 system can use the internal Flash, external Flash, or remote devices to store files. It stores files on the internal Flash by - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 50
www.dell.com | support.dell.com In Figure 3-7, the default storage location is changed Figure 487. Figure 3-8. Command Example show command-history FTOS#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname FTOS [12/5 10:57:12]: CMD-(CLI):ip - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 51
4 Management e c s z Management is supported on platforms: This chapter explains the different protocols or services used to manage the Dell Force10 system including: • Configure Privilege Levels • Configure Logging • File Transfer Services • Terminal Lines • Lock CONFIGURATION mode • Recovering - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 52
www.dell.com | support.dell.com A user can access all commands at his privilege level and below. Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 53
The following table lists the configuration tasks you can use to customize a privilege level: Task Command Syntax Command Mode Remove a command from the list of available commands in EXEC mode. Move a command from EXEC Privilege to EXEC mode. Allow access to CONFIGURATION mode. Allow access to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 54
www.dell.com | support.dell.com Create a Custom Privilege Level FTOS(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 55
Apply a Privilege Level to a Username To set a privilege level for a user: Task Configure a privilege level for a user. Command Syntax username username privilege level Command Mode CONFIGURATION Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 56
www.dell.com | support.dell.com Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. Message 1 BootUp Events % - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 57
and assigning write permissions to the file. • on a 4.1 BSD UNIX system, add the line: local7.debugging /var/log/force10.log • on a 5.7 SunOS UNIX system, add the line: local7.debugging /var/adm/force10.log In the lines above, local7 is the logging facility level and debugging is the severity level - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 58
www.dell.com | support.dell.com Task Specify the size of the logging buffer. Note: When you decrease the buffer size, FTOS deletes all messages stored in the buffer. Increasing - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 59
SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 60
www.dell.com | support.dell.com Configure a UNIX logging facility level You can save system log Command FTOS#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 61
Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 62
www.dell.com | support.dell.com To have FTOS include a timestamp with the syslog message, use the following command syntax in the CONFIGURATION mode: Command Syntax Command Mode Purpose service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] CONFIGURATION Add - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 63
Enable FTP server To enable the system as an FTP server, use the following command in the CONFIGURATION mode: Command Syntax ftp-server enable Command Mode Purpose CONFIGURATION Enable FTP on the system. To view FTP configuration, use the show running-config ftp Command Output in the EXEC - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 64
www.dell.com | support.dell.com Configure FTP client parameters To configure FTP client line (aux) connects secondary devices such as modems. Deny and Permit Access to a Terminal Line Dell Force10 recommends applying only standard ACLs to deny and permit access to VTY lines. • Layer 3 ACL - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 65
To apply an IP ACL to a line: Task Apply an ACL to a VTY line. Command Syntax ip access-class access-list Command Mode LINE To view the configuration, enter the show config command in the LINE mode, as shown in Applying an Access List to a VTY Line. Applying an Access List to a VTY Line FTOS( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 66
www.dell.com | support.dell.com To configure authentication for a terminal line: Step 1 2 3 Task Command Syntax Create an authentication method list. You may use a mnemonic name or use the keyword - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 67
To telnet to another device: Note: On S4810 and Z9000 platforms, the system allows 120 telnet sessions per minute limit, the telnet service will be stopped for 10 minutes. Console and SSH service may be used to :0000:0000:0000. Elision of zeros is supported. telnet-peer-rpm telnet [ip-address] - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 68
www.dell.com | support.dell.com Password: FTOS>exit FTOS#telnet 2200:2200:2200:2200: be in CONFIGURATION mode at any time (Message 2). A two types of locks can be set: auto and manual. • Set an auto-lock using the command configuration mode exclusive auto from CONFIGURATION mode. When you set an - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 69
to EXEC mode. Recovering from a Forgotten Password on the S4810 and Z9000 If you configure authentication for the console and you exit out of EXEC via console. Power-cycle the chassis by all of the power modules and then switching them back on On the S4810, press any key to abort the boot process - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 70
www.dell.com | support.dell.com Step 7 8 9 10 11 Task Command Syntax Copy startup-config when the system grub>save_env stconfigignore reloads and reboot the environment. grub>reboot The Z9000 will boot up with the factory default configuration. The default FTOS system prompt displays when - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 71
Command Mode Log onto the system via console. Power-cycle the chassis by switching off all of the power modules and then switching them back on. Press any key to abort the boot process. You enter grub on the Z9000, as indicated by the "grub>" prompt. Note: You must enter the CLI commands - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 72
www.dell.com | support.dell.com Step Privilege Recovering from a Failed Start on the S4810 and Z9000 A system that does not start correctly might be attempting start, see the uBoot chapter in the FTOS Command Line Reference Guide Step Task Command Syntax 1 Power-cycle the chassis (pull the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 73
). This feature is named for its IEEE specification. 802.1X employs Extensible Authentication Protocol (EAP access device, in this case, a Dell Force10switch. The network access device mediates all in Ethernet and Radius frames. * Note: FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 74
www.dell.com | support.dell.com Method Code (0-255) Length EAP-Method Frame EAP-Method Data (Supplicant Requested Credentials) The authentication process involves three devices traffic can be forwarded normally. Note: The Dell Force10 switches place 802.1X-enabled ports in the unauthorized state - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 75
3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the supplicant prove - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 76
Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge Type (79) Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Dell Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 77
.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • E-Series and C-Series support only RADIUS as the authentication server. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X 802.1X must be enabled globally and at the interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 78
www.dell.com | support.dell.com Figure 5-4. Enabling 802.1X To enable 802.1X: Step 1 2 3 Task Enable 802.1X globally. Enter INTERFACE mode on an interface or a range of interfaces. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 79
why the supplicant might fail to respond; the supplicant might have been booting when the request arrived, or there might be a physical layer problem. To configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame: Step 1 Task Command Syntax - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 80
www.dell.com | support.dell.com To configure a maximum number of Request Identity re-transmissions: Step 1 Task Command Syntax Command Mode Configure a maximum number of times that a Request Identity frame - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 81
Re-transmissions Auth PAE State: Backend State: Initialize Initialize Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized is an authorized state. A device connected to this port in this state is never - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 82
www.dell.com | support.dell.com Figure 5-8. Configuring Port-control FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.1x - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 83
Figure 5-9. Configuring a Reauthentiction Period FTOS(conf-if-gi-2/1)#dot1x reauthentication interval 7200 FTOS(conf-if-gi-2/1)#dot1x reauth-max 10 FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: Dot1x Status: Enable Port Control: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 84
Initialize Initialize Dynamic VLAN Assignment with Port Authentication FTOS supports dynamic VLAN assignment when using 802.1X. The basis Figure 5-11, red text). In Figure 5-11 shows the configuration on the Dell Force10 system before connecting the end-user device in black and blue text, and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 85
1X Guest and Authentication-fail VLANs Typically, the authenticator (Dell Force10 system) denies the supplicant access to the network until the configured, or the VLAN that the authentication server indicates in the authentication data. Note: Ports cannot be dynamically assigned to the default VLAN. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 86
www.dell.com | support.dell.com The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices, and the Authentication-fail VLAN 802.1X - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 87
Figure 5-13. Configuring an Authentication-fail VLAN FTOS(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 FTOS(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown FTOS(conf-if-gi-1/2)# View your - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 88
88 | 802.1X www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 89
filter (if configured) is applied. When a packet matches a filter, the switch drops or forwards the packet based on the filter's specified action. If the the ACL, the packet is dropped (implicit deny). The number of ACLs supported on a system depends on your CAM size. See CAM Profiling, CAM - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 90
www.dell.com | support.dell.com • Configuring Ingress ACLs • Configuring Egress ACLs • Configuring ACLs to Loopback • Applying an ACL on Loopback Interfaces • IP Prefix Lists • ACL Resequencing • Route Maps IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 91
space is not correct: % Error: Sum of all regions does not total to 100%. User Configurable CAM Allocation c z User Configurable CAM Allocations are supported on platforms: Allocate space for IPV6 ACLs on the by using the cam-acl command in CONFIGURATION mode. Access Control Lists (ACLs) | 91 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 92
www.dell.com | support.dell.com The CAM space is allotted in FP blocks. The total space for IPv6 ACLs. Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 93
your line card documentation for detailed specification on entries allowed per ACL. Egress Access list Note: IP ACLs are supported over VLANs in Version 6.2.1.1 and higher. problem related to control traffic. We have -maps to queues using the command service-queue, FTOS matches the class-maps - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 94
www.dell.com | support.dell.com ACLs acl1 and acl2 have overlapping rules because the map-in)#exit FTOS(conf)#interface gig 1/0 FTOS(conf-if-gi-1/0)#service-policy input pmap IP Fragment Handling FTOS supports a configurable option to explicitly deny IP fragmented packets, particularly second - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 95
• Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a loopback interface, the command is accepted, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 96
www.dell.com | support.dell.com To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 97
log] [order] [monitor] [fragments] Command Mode CONFIG-STD-NACL Purpose Configure a drop or forward filter. The parameters are: • log and monitor options are supported on E-Series only. Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter. To - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 98
www.dell.com | support.dell.com If you are creating a standard ACL with only one or assign it a unique name. Configure a drop or forward IP ACL filter. • log and monitor options are supported on E-Series only. When you use the log keyword, CP processor logs details about the packets that match. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 99
first entering the IP ACCESS LIST mode and then assigning a sequence number to the filter. Note: On E-Series ExaScale systems, TCP ACL flags are not supported in an extended ACL with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 100
www.dell.com | support.dell.com TCP packets: To create a filter for TCP packets with options are supported on E-Series only. mask | any | host ip-address} [operator port [port]] [count [byte] | log] [order] [monitor] [fragments] When you create the filters with a specific sequence number, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 101
to examine IP packets. • log and monitor options are supported on E-Series only. Configure a deny or permit filter to examine TCP packets. • log or permit filter to examine UDP packets. • log and monitor options are supported on E-Series only. When you use the log keyword, CP processor logs - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 102
www.dell.com | support.dell.com Figure 6-8. Extended IP ACL FTOS(config-ext-nacl)# is simply appended, existing counters are not affected. Table 6-2. L2 and L3 ACL Filtering on Switched Packets L2 ACL Behavior Deny Deny Permit Permit L3 ACL Behavior Deny Permit Deny Permit Decision on Targeted - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 103
. • out: configure the ACL to filter outgoing traffic. This keyword is supported only on E-Series. Note: The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. Apply rules to the new ACL. Access - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 104
www.dell.com | support.dell.com To view which IP ACL is applied to an interface, the ACL by using the count option when creating ACL entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one at any given time. To view the number of packets matching - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 105
"in" keyword to specify ingress. Begin applying rules to the ACL named "abcd." View the access-list. Configuring Egress ACLs e z Egress ACLs are supported on platforms: Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 106
www.dell.com | support.dell.com Figure 6-11. Creating an Egress ACL FTOS(conf)# The ip control-plane [egress filter] and the ipv6 control-plane [egress filter] commands are not supported on S4810 systems. FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 107
only to the CPU on the RPM-this eliminates the need to apply specific ACLs onto all ingress interfaces and achieves the same results. By localizing an ACL on Loopback Interfaces e ACLs can be applied on Loopback interfaces supported on platform To apply an ACL (standard or extended) for loopback, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 108
www.dell.com | support.dell.com Figure 6-12. Applying an ACL to the Loopback addresses between 112.24.0.0 to 112.24.255.255. Below are some examples that permit or deny filters for specific routes using the le and ge parameters, where x.x.x.x/x represents a route prefix: • To deny only /8 prefixes - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 109
routes for routing protocols (for example, RIP, OSPF, and BGP). Note: The S-Series platform does not support all protocols. It is important to know which protocol you are supporting prior to implementing Prefix-Lists. Configuration Task List for Prefix Lists To configure a prefix list, you must - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 110
www.dell.com | support.dell.com If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 111
Figure 6-14. Prefix List FTOS(conf-nprefixl)#permit 123.23.0.0 /16 FTOS(conf-nprefixl)#deny 133.24.56.0 /8 FTOS(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 FTOS(conf-nprefixl)# To delete a filter, enter the show config command in the PREFIX LIST - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 112
www.dell.com | support.dell.com Use a prefix list for route redistribution To pass traffic through a and actions specified in the prefix list. To apply a filter to routes in RIP (RIP is supported on C and E-Series), use either of the following commands in the ROUTER RIP mode: Command Syntax - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 113
To view the configuration, use the show config command in the ROUTER OSPF mode (Figure 6-18) or the show running-config ospf command in the EXEC mode. Figure 6-18. Command Example: show config in ROUTER OSPF Mode FTOS(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 114
www.dell.com | support.dell.com Table 6-4. ACL Resequencing Example (Resequenced) seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 115
12 permit ip any host 1.1.1.4 Route Maps c e s z Route-maps are supported on platforms: Like ACLs and prefix lists, route maps are composed of a series route redistribution. For example, a route map can be called to filter only specific routes and to add a metric. Route maps also have an "implicit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 116
www.dell.com | support.dell.com Important Points to Remember For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 117
of a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command. Access Control Lists (ACLs) | 117 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 118
www.dell.com | support.dell.com Figure 6-24. Command Example: show route-map FTOS#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 119
routes with the same AS-PATH numbers. Match routes with COMMUNITY list attributes in their path. Match routes whose next hop is a specific interface. The parameters are: • For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/ port information. • For a 1-Gigabit Ethernet - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 120
www.dell.com | support.dell.com Command Syntax Command Mode match ipv6 address prefix-list-name as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated. Match routes with a specific tag. To configure a set condition, use any or all of the following commands in the ROUTE- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 121
these attributes for routes that are redistributed into those protocols. Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In Figure 6-25, the redistribute command calls the route map static - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 122
www.dell.com | support.dell.com Configure a route map for route tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 123
media, topologies, and routing protocols can support using any encapsulation. Dell Force10 has implemented BFD at Layer 3 and support BFD on OSPF, IS-IS, VLANs, VRRP, LAGs, and physical ports based on the IETF internet draft document draft-ietf-bfd-base-03. On the S4810 and Z9000, BFD is supported - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 124
www.dell.com | support.dell.com How BFD Works Two neighboring systems running BFD establish a ; these control packets are sent without regard to transmit and receive intervals. Note: FTOS does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 125
Interval Required Required Min Min RX Interval Echo RX Interval Auth Type Auth Length Auth Data Range: 0-31 Code: 0: AdminDown Range: 0-31 Code: 0: No Diagnostic 1: that the local system is capable of supporting The minimum interval between Echo packtes that the local system is capable of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 126
dell.com | support.dell.com Table 7-1. BFD Packet Fields Field Diagnostic Code State Flag Detection Multiplier Length My Discriminator Your Discriminator Desired Min TX Interval Required Min RX Interval Required Min Echo RX Authentication Type Authentication Length Authentication Data support - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 127
to status inquiries from the Demand mode initiator. Either system (but not both) can request Demand mode at any time. Note: FTOS supports asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. • Administratively Down-The local system will not participate - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 128
www.dell.com | support.dell.com 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 129
Up, Init o to Remember • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. • FTOS supports a maximum of 100 sessions per BFD agent. Each linecard processor has a BFD Agent, so the limit translates to 100 BFD sessions per linecard (plus, on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 130
www.dell.com | support.dell.com • Troubleshooting BFD Configuring BFD for Physical Ports Configuring BFD for Physical Ports is supported on C-Series and E-Series only. BFD on physical ports is useful when no routing protocol is enabled. Without BFD, if the remote system fails, the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 131
) LocalAddr * 2.2.2.1 RemoteAddr 2.2.2.2 Interface State Rx-int Tx-int Mult Clients Gi 4/24 Up 100 100 3 C BFD Session The command show bfd neighbors detail shows more specific information about BFD sessions as seen in the following example. Bidirectional Forwarding Detection (BFD) | 131 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 132
www.dell.com | support.dell.com Figure 7-7. Viewing Session Details R1(conf-if-gi-4/24)#do show bfd change a parameter, the change affects all physical port sessions on that interface. Dell Force10 recommends maintaining the default values. To change session parameters on an interface: Step - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 133
Figure 7-8. Changing Session Parameters for Physical Ports R1(conf-if-gi-4/24)#bfd interval 100 min_rx 100 multiplier 4 role passive R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 134
www.dell.com | support.dell.com To re-enable BFD on an interface: Step 1 Task Enable BFD on an interface. Command Syntax bfd enable Command Mode INTERFACE Configuring BFD for Static Routes Configuring BFD for Static Routes is supported on C-Series and E-Series only. BFD gives systems a link - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 135
To establish a BFD session: Step 1 Task Command Syntax Establish BFD sessions for all neighbors that are the next hop ip route bfd of a static route. Command Mode CONFIGURATION Verify that sessions have been created for static routes using the command show bfd neighbors, as shown in the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 136
www.dell.com | support.dell.com Disabling BFD for static routes If BFD is disabled, all static route with all OSPF neighbors at once, or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the full state. 136 | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 137
Figure 7-11. Establishing Sessions with OSPF Neighbors FTOS(conf-if-gi-2/1)# ip address 2.2.2.2/24 FTOS(conf-if-gi-2/1)# no shutdown FTOS(conf-if-gi-2/1)# exit FTOS(config)# router ospf 1 FTOS(config-router_ospf )# network 2.2.2.0/24 area 0 FTOS(config-router_ospf )# bfd all-neighbors FTOS(conf-if- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 138
www.dell.com | support.dell.com View the established sessions using the command show bfd neighbors, as shown in the following illustration. Figure 7-12. Viewing Established Sessions for OSPF Neighbors - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 139
of an interface Command Mode INTERFACE Configuring BFD for IS-IS e z BFD for IS-IS is supported on platforms: When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager be established for all neighbors out of a specific interface. Bidirectional Forwarding Detection (BFD) | 139 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 140
www.dell.com | support.dell.com Figure 7-13. Establishing Sessions with IS-IS Neighbors FTOS(conf )# router isis FTOS(conf-router_isis)# net 02.1921.6800.2002.00 FTOS(conf-router_isis)# - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 141
Figure 7-14. Viewing Established Sessions for IS-IS Neighbors R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * Ad Dn C I O R - Active session role - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) IS-IS BFD Sessions Enabled LocalAddr Clients * 2.2.2.2 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 142
www.dell.com | support.dell.com Disabling BFD for IS-IS If BFD is disabled globally, all disable Command Mode INTERFACE Configuring BFD for BGP cez BFD for BGP is only supported on platforms: In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 143
queue congestion. BFD notifies BGP of any failure conditions that it detects on the link. Recovery actions are initiated by BGP. BFD for BGP is supported only on directly-connected BGP neighbors and only in BGP IPv4 networks. • On an E-Series ExaScale, up to 100 simultaneous BFD sessions are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 144
www.dell.com | support.dell.com As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 145
To remove the disabled state of a BFD for BGP session with a specified neighbor, enter the no neighbor {ip-address | peer-group-name} bfd disable command in ROUTER BGP configuration mode. The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 146
www.dell.com | support.dell.com The following examples show the BFD M V - Active session role - Admin Down - BGP - CLI - ISIS - OSPF - Static Route (RTM) - MPLS - VRRP LocalAddr * 1.1.1.3 * 2.2.2.3 * 3.3.3.3 RemoteAddr 1.1.1.2 2.2.2.2 3.3.3.2 Interface State Rx-int Tx-int Mult Clients Te 6/0 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 147
Figure 7-18. Verifying BFD Sessions with BGP Neighbors: show bfd neighbors detail Command R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 148
www.dell.com | support.dell.com Figure 7-19. Displaying BFD Packet Counters: show bfd counters bgp Command R2# show bfd counters bgp Interface TenGigabitEthernet 6/0 Protocol BGP Messages: Registration : 5 De-registration : 4 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 149
Figure 7-21. Displaying Routing Sessions with BGP Neighbors: show ip bgp neighbors Command R2# show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Last read 00:00:30, last write - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 150
www.dell.com | support.dell.com Configuring BFD for VRRP e c BFD for VRRP is only supported on platforms: When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 151
To establish sessions with all VRRP neighbors: Step 1 Task Establish sessions with all VRRP neighbors. Command Syntax vrrp bfd all-neighbors Command Mode INTERFACE Establishing VRRP sessions on VRRP neighbors The master router does not care about the state of the backup router, so it does not - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 152
www.dell.com | support.dell.com Figure 7-24. Viewing Established Sessions for VRRP Neighbors R1(conf-if-gi-4/25)#do show vrrp GigabitEthernet 4/1, VRID: 1, Net: 2.2.5.1 State: Backup, Priority: 1, Master: 2.2.5.2 Hold - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 153
an interface. Command Mode INTERFACE Command Mode VRRP Command Mode INTERFACE Configuring BFD for VLANs c e Configuring BFD for VLANs is supported only on platforms BFD on Dell Force10 systems is a Layer 3 protocol. Therefore, BFD is used with routed VLANs. BFD on VLANs is analogous to BFD on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 154
www.dell.com | support.dell.com Establishing sessions with VLAN neighbors To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 155
When configuring BFD on VLAN or LAG interfaces on the C-Series, Dell Force10 recommends a minimum value of 500 milliseconds for both the transmit and BFD for Port-Channels c e Configuring BFD for Port-Channels is supported only on platforms BFD on port-channels is analogous to BFD on physical - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 156
www.dell.com | support.dell.com Configuring BFD for port-channels is a two-step process: 1. Enable BFD globally on all participating routers. See Enabling BFD globally. 2. Enable BFD at interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 157
a parameter, the change affects all sessions on that interface. Caution: When configuring BFD on VLAN or LAG interfaces on the C-Series, Dell Force10 recommends a minimum value of 500 milliseconds for both the transmit and minimum receive time, which yields a final detection time of (500ms *3) 1500 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 158
www.dell.com | support.dell.com Configuring Protocol Liveness Protocol Liveness is a feature that notifies 1 Task Enable Protocol Liveness Command Syntax bfd protocol-liveness Command Mode CONFIGURATION Troubleshooting BFD Examine control packet field values using the command debug bfd detail. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 159
7.8.1.0 7.7.1.0. pre-7.7.1.0 Platform support Z9000 S4810 E-Series ExaScale S-Series C-Series E-Series TeraScale z ex s c et This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Force10 Operating System (FTOS). This - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 160
www.dell.com | support.dell.com • Multiprotocol BGP • Implementing BGP with FTOS • Additional Path (Add-Path) support • Advertise IGP cost as MED for redistributed routes • Ignore Router-ID for some best-path calculations • 4-Byte AS Numbers • AS4 Number Representation • AS Number Migration • - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 161
from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP 6 Router 7 AS 2 Interior BGP (IBGP) BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 162
www.dell.com | support.dell.com Since each BGP router talking to another router is a session, a BGP network needs to be in "full mesh". This is a topology that has every - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 163
Establishing a session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 164
www.dell.com | support.dell.com { Route Reflectors Route Reflectors reorganize the iBGP core into a hierarchy and allows some route advertisement rules. Note: Route Reflectors (RRs) should not be used in the forwarding path. In iBGP, hierarchal RRs maintaining - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 165
is deterministic by default, which means the bgp non-deterministic-med command is NOT applied). The best path in each group is selected based on specific criteria. Only one "best path" is selected at a time. If any of the criteria results in more than one path, BGP moves on to the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 166
www.dell.com | support.dell.com Note: In 8.3.11.4, the bgp bestpath as-path multipath-relax command is disabled by default, preventing Syste BGP from load-balancing a learned route across - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 167
Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. • Routes originated with the network or - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 168
www.dell.com | support.dell.com 11. Prefer the external path originated from the BGP router with the lowest router ID. If both paths are external, prefer the oldest path ( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 169
Figure 8-5. LOCAL_PREF Example AS 100 Router A Router B Set Local Preference to 100 T1 Link Router C AS 200 Set Local Preference to 200 Router E OC3 Link Router D Router E AS 300 Router F Multi-Exit Discriminators (MEDs) If two Autonomous Systems (AS) connect in more than one place, a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 170
www.dell.com | support.dell.com Figure 8-6. MED Route Example AS 100 Router A Router B Set MED to 100 T1 Link Router C OC3 Link AS 200 Router E Set MED to 50 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 171
Figure 8-7. Origin attribute reported FTOS#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 172
www.dell.com | support.dell.com Next Hop The Next Hop is the IP address used to Multiprotocol BGP routes into BGP. Implementing BGP with FTOS Additional Path (Add-Path) support e z BGP Add-path is supported on platforms The Add-path feature reduces convergence times by advertising multiple paths to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 173
peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. FTOS 8.3.1.0 and later support configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 174
www.dell.com | support.dell.com 4-Byte AS Numbers FTOS Version 7.7.1 and later support 4-Byte (32-bit) format when configuring Autonomous System Numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 175
ASDOT+ representation splits the full binary 4-byte AS number into two words of 16 bits separated by a decimal point (.): .. Some examples are shown in Table 8-2. • All AS Numbers between 0-65535 are represented as a decimal number, when entered in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 176
www.dell.com | support.dell.com Figure 8-9. Dynamic changes of the bgp asnotation command in the show running config ASDOT FTOS(conf-router_bgp)#bgp asnotation asdot FTOS(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 177
the show running config AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 FTOS(conf-router_bgp)#do sho ip bgp BGP table version is 28093, local router ID is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 178
www.dell.com | support.dell.com Figure 8-11. Local-AS Scenario Router A AS 100 Router B AS 200 Router C AS 300 Before Migration Router A AS 100 AS 100 Router B Local AS - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 179
support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: See the Dell Force10 iSupport webpage for the Force10 to retrieve specific attributes - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 180
. Dell Force10 recommends using options to ignore such errors. • Multiple BPG process instances are not supported. supported and are set to zero in the SNMP query response. • F10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP is not supported - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 181
BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 182
www.dell.com | support.dell.com Configuration Task List for BGP The following list includes the configuration • Route map continue Enable BGP By default, BGP is not enabled on the system. FTOS supports one Autonomous System (AS) and you must assign the AS Number (ASN). To establish BGP sessions - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 183
in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax router bgp as-number 1a bgp four-octet-as-support 1b address-family [ipv4 | ipv6} 2 neighbor {ip-address | peer-group name} remote-as as-number Command Mode Purpose CONFIGURATION Assign an AS number - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 184
www.dell.com | support.dell.com Step 3 Command Syntax Command Mode Purpose You must Configure Peer Groups before assigning it a remote AS. neighbor {ip-address | CONFIG-ROUTER-BGP Enable the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 185
Figure 8-13. Command example: show ip bgp summary (4-Byte AS Number displayed) R2#show ip bgp summary BGP router identifier 192.168.10.2, local AS number 48735.59224 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 1 paths using 72 bytes of memory - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 186
www.dell.com | support.dell.com Figure 8-14. Command example: show ip bgp neighbors FTOS#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS 18508, external link - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 187
network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in 65546 appears as 1.10. Note: The ASDOT and ASDOT+ representations are supported only in conjunction with the 4-Byte AS Numbers feature. If 4-Byte AS Numbers - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 188
www.dell.com | support.dell.com Only one form of AS Number Representation is supported at a time. You cannot combine the (conf-router_bgp)#sho conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 189
bgp asnotation asdot+ FTOS(conf-router_bgp)#bgp asnotation asdot+ FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 190
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 5 neighbor ip- keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's, and the neighbor's configuration does not affect outgoing updates. Note: When - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 191
Figure 8-19. Command example: show config (creating peer-group) FTOS(conf-router_bgp)#neighbor zanzibar peer-group FTOS(conf-router_bgp)#show conf ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar shutdown neighbor 10.1.1.1 remote-as - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 192
www.dell.com | support.dell.com Figure 8-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 193
BGP fast fall-over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while maintaining stability. The connection to a BGP peer is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 194
www.dell.com | support.dell.com Figure 8-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 195
Figure 8-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 196
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION ROUTER BGP mode to configure passive peering. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. 196 | Border Gateway Protocol - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 197
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 198
dell.com | support.dell.com Figure 8-25. Allowas-in information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support FTOS advertises support for this - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 199
all peers. Default is 120 seconds. Set maximum time to retain the restarting peer's stale paths. Default is 360 seconds. Local router supports graceful restart as a receiver only. BGP graceful restart is active only when the neighbor becomes established. Otherwise it is disabled. Graceful-restart - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 200
www.dell.com | support.dell.com Command Syntax neighbor {ip-address | peer-group-name} graceful-restart [stale-path-time time-in-seconds] Command Mode Purpose CONFIG-ROUTER-BGP Set maximum - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 201
Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an AS-PATH ACL to filter a specific AS_PATH value. Step Command Syntax 1 ip as-path access-list as-path-name 2 {deny | permit} filter parameter 3 exit 4 router bgp as-number 5 neighbor {ip-address | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 202
www.dell.com | support.dell.com Figure 8-27. Filtering with Regular Expression FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 203
route map. redistribute isis [level-1 | level-1-2 | level-2] [metric value] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_AF Include specific ISIS routes in BGP. Configure the following parameters: • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 204
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_AF Include specific OSPF routes in IS-IS. Configure the following - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 205
but are sent to CONFED-EBGP and IBGP peers. FTOS also supports BGP Extended Communities as described in RFC 4360-BGP Extended Communities AA is the AS number (2 or 4 Bytes) and NN is a value specific to that autonomous system. • local-AS: routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 206
www.dell.com | support.dell.com Step Command Syntax 2 {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Command Mode Purpose CONFIG-COMMUNITYLIST Two types of extended communities are supported. Filter routes based on the type of extended communities they carry using one of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 207
Use these commands in the following sequence, starting in the CONFIGURATION mode, To use an IP Community list or Extended Community List to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. Step Command Syntax - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 208
www.dell.com | support.dell.com If you want to remove or add a specific COMMUNITY number from a BGP all COMMUNITY numbers in the IP Community list. Configure a Community list by denying or permitting specific community numbers or types of community • community-number: use AA:NN format where AA is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 209
Figure 8-29. Command example: show ip bgp community (Partial) FTOS>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network * i 3.0.0.0/8 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 210
www.dell.com | support.dell.com Change MED attribute By default, FTOS uses the MULTI_EXIT_DISC the following sequence, starting CONFIGURATION mode to change the default value of the LOCAL_PREF attribute for specific routes. Step Command Syntax 1 route-map map-name [permit | deny] [sequence-number] - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 211
Step Command Syntax 2 set local-preference value 3 exit 4 router bgp as-number 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} Command Mode CONFIG-ROUTE-MAP CONFIG-ROUTE-MAP CONFIGURATION CONFIG-ROUTER-BGP Purpose Change LOCAL_PREF value for routes meeting the criteria of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 212
www.dell.com | support.dell.com Use the show config command in CONFIGURATION ROUTER BGP mode . Route maps can filter and set conditions, change attributes, and assign update policies. Note: FTOS supports up to 255 characters in a set community statement inside a route map. Note: With FTOS, you - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 213
• AS-PATH ACLs (using neighbor filter-list command) • route maps (using neighbor route-map command) Prior to filtering BGP routes, you must create the prefix list, AS-PATH ACL, or route map to be used. Refer to Chapter 6, "Access Control Lists (ACLs)," on page 89 for configuration information on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 214
www.dell.com | support.dell.com To view the BGP configuration, use the show config command in the ROUTER BGP mode. To view a prefix list configuration, use the show ip - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 215
Step 5 Command Syntax Command Mode neighbor {ip-address | CONFIG-ROUTER-BGP peer-group-name} filter-list as-path-name {in | out} Purpose Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 216
www.dell.com | support.dell.com When you enable a route reflector, FTOS automatically enables route routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 217
. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) All Confederation routers must be either 4-Byte or 2-Byte. You cannot have a mix of router ASN support, Use the show config command in the CONFIGURATION ROUTER BGP mode to view the configuration. Enable route flap dampening When EBGP routes - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 218
www.dell.com | support.dell.com When dampening is applied to a route, its path is described by one of name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. 218 | Border Gateway Protocol - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 219
To view the BGP configuration, use show config in the CONFIGURATION ROUTER BGP mode or show running-config bgp in EXEC Privilege mode. To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax set dampening half-life reuse suppress max- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 220
www.dell.com | support.dell.com To view which routes are dampened (non-active), -name] [regexp regular-expression] Command Mode Purpose EXEC EXEC Privilege View all flap statistics or for specific routes meeting the following criteria: • ip-address [mask]: enter the IP address and mask • filter - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 221
Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | peer-group-name} timers keepalive holdtime CONFIG-ROUTER-BGP Configure timer values for a BGP neighbor or - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 222
www.dell.com | support.dell.com Use the clear ip bgp command in EXEC Privilege | peer-group-name} soft-reconfiguration inbound EXEC Privilege CONFIG-ROUTER-BGP Clear all information or only specific details. *: Clear all peers neighbor-address: Clear the neighbor with this IP address AS Numbers: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 223
Route map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature moves to the next sequence number (also known as - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 224
dell.com | support.dell.com MBGP Configuration e c MBGP for IPv6 unicast is supported on platforms t c e s z MBGP for IPv4 Multicast is supported on platform t e MBGP is not supported by the Protocol Independent Multicast (PIM) to build data distribution trees. FTOS MBGP is implemented as per - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 225
which debugging commands are enabled, use the show debugging command in EXEC Privilege mode. Use the keyword no followed by the debug command To disable a specific debug command. For example, to disable debugging of BGP updates, enter no debug ip bgp updates command. Border Gateway Protocol | 225 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 226
www.dell.com | support.dell.com Use no debug ip bgp to disable all BGP debugging. Use undebug all to disable all debugging. Storing Last and Bad PDUs FTOS stores - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 227
PDUs on a per-peer basis using the command capture bgp-pdu neighbor direction. Disable capturing using the no form of this command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 228
www.dell.com | support.dell.com • New PDU are captured and there is no more space to store them • The max buffer size can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. 228 | Border Gateway Protocol - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 229
Figure 8-37 is a graphic illustration of the configurations shown on the following pages. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 8-37. Sample Configuration Illustration AS 99 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 230
www.dell.com | support.dell.com Figure 8-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 231
Figure 8-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 232
www.dell.com | support.dell.com Figure 8-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 233
Figure 8-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 234
www.dell.com | support.dell.com Figure 8-42. Enable Peer Groups - Router 1 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 235
Figure 8-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 236
www.dell.com | support.dell.com Figure 8-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 237
Figure 8-45. Enable Peer Groups - Router 3 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 238
238 | Border Gateway Protocol www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 239
9 Bare Metal Provisioning 3.0 (BMP 3.0) Bare Metal Provisioning 3.0 (BMP 3.0) is included as part of the FTOS image. It is supported on platforms z. Overview Bare Metal Provisioning (BMP) is a feature that improves operational efficiency to the system by automatically loading pre-defined - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 240
Prerequisites Before you use BMP 3.0 to auto-configure a supported Dell Force10 switch, you must first configure: • An external Dynamic the interface configured as part of VLT LAG. Bare Metal Provisioning works to ease configuration in the following key areas: • Switch access is allowed through all - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 241
a switch. Configure the DHCP server with the set of parameters described below for each client switch. Refer to the FTOS Configuration Guide: is assumed to be a TFTP address unless it is given as a URL. The system supports TFTP, HTTP, HTTPS, SFTP, SCP and FTP protocols, as well as files stored in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 242
www.dell.com | support.dell.com • 230 User port stacking Note: BMP will eventually exit when the timeout occurs. DHCP Retry Mechanism BMP requests a different DHCP offer in the following - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 243
and the host name is not resolved from the network-config file on the switch. Refer to the FTOS Configuration Guide, IPv4 Addressing chapter, Resolution of Host Names for information. Reload Modes Bare Metal Provisioning supports two types of reload modes: BMP mode and Normal mode. Bare Metal - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 244
dell.com | support.dell.com BMP mode is the default boot mode configured for a new system arriving from Dell Force10. This mode obtains the FTOS image and configuration file from a network source (DHCP and file servers). Use Normal mode to boot the switch Interface be configured manually. This mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 245
in to the system through a telnet or SSH session. To configure a switch to reload using the Normal mode, enter the reload-type normal-reload command. image is loaded from the local Flash. Scripts With 9.1(0.0), the system supports a scripting environment when a BMP or Normal reload occurs. BMP uses - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 246
www.dell.com | support.dell.com Post-configuration Scripts In BMP 3.0, after the pre-configuration script set the host name of the system or perform additional configuration settings. The system supports post-configuration scripts in TCLSH, EXPECT, and ZSH. If you have SmartScripts installed in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 247
• Set up a DHCP server. Refer to the FTOS Configuration Guide: Dynamic Host Configuration Protocol chapter for detailed information. You must . Configure a TFTP file server as the network source from which the switch downloads the image file and the configuration file to be applied to the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 248
www.dell.com | support.dell.com System boot and set-up behavior in BMP Mode 1. System begins boot up process in BMP mode (default mode). 2. The system sends DHCP Discover - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 249
system applies the configuration. The system is now up and running. It can be managed as usual. BMP mode: Boot and Set-up Behavior When a switch that is configured to reload in BMP mode boots up, one of the following scenarios may occur: • Reload without a DHCP Server Offer • Reload with a DHCP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 250
www.dell.com | support.dell.com Reload without a DHCP Server Offer A switch configured to reload in BMP mode and if DHCP DISCOVER sent on Ma 0/0. Reload with a DHCP Server Offer without an FTOS Image If a switch that is configured to reload in BMP mode reaches a DHCP server but does not locate a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 251
2. The system receives a DHCP offer from a DHCP server with the following parameters: 13:23:47: %STKUNIT0-M:CP %JUMPSTART-5-BOOT_OFFER: DHCP acquired IP 10.16.134.167 mask 255.255.0.0 server IP 10.16.134.207. 13:23:48: %STKUNIT0-M:CP %JUMPSTART-5-BOOT_OFFER: DHCP tftp IP NIL sname NIL dns IP NIL - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 252
www.dell.com | support.dell.com b If is optional, it allows you to specify the configuration file to be applied to a switch by assigning a hostname. When the DHCP offer is received and no DNS IP address script must contain the signature "#/ DELL-FORCE10". 252 | Bare Metal Provisioning 3.0 (BMP 3.0) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 253
the Post-Configuration Script (BMP mode only) To reload FTOS on a switch using a pre-configuration script, the following conditions must be true: • are required for the post-configuration script, such as the signature "#/DELL-FORCE10" that is required for the pre-configuration script. • The post- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 254
www.dell.com | support.dell.com Script Examples Auto-execution Script - Normal mode FTOS#show (mfs:21)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting Starting Dell Force10 application 00:00:13: %STKUNIT1-M:CP %RAM-6-ELECTION_ROLE: Stack unit 1 is transitioning to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 255
indicates the auto-execution script is executing. FTOS#show version Dell Force10 Real Time Operating System Software Dell Force10 Operating System Version: 2.0 Dell Force10 Application Software Version: 1-0(0-338) Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved. Build Time: Thu Dec 27 21 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 256
dell.com | support.dell.com The following line indicates the successful completion of the auto-execution script. 00:00:49: %STKUNIT1-M:CP %JUMPSTART-5-AUTOEXEC_SUCCESS: The AutoExec Script execution returned Success. The following line indicates that the Configuration file is loaded into the switch - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 257
Pre-configuration Script - BMP Mode #! /usr/bin/expect #/DELL-FORCE10 # Execute F10do and Print proc print_f10do {cmd_str} { set str [exec f10do "$cmd_str"] set tmp_str [string map {\n \r\n} $str ] puts $tmp_str } set ftp_ip set ftp_username set ftp_passwd " - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 258
www.dell.com | support.dell.com after 5000 puts "Download Complete !!!\r\n" if {[file exists $config_file]} { puts "Config File: $config_file downloaded successfully\r\n" } else { puts "ERROR: Config File: $config_file - Not Found\r\n" } if {[ - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 259
Configuration • CAM Optimization • Applications for CAM Profiling • Troubleshoot CAM Profiling Content Addressable Memory Content Addressable Memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Force10 systems, the CAM stores Layer 2 and Layer 3 forwarding - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 260
dell.com | support.dell.com CAM Profiles Dell Force10 Dell Force10 systems are most commonly used. In general, non-default profiles allocate more space to particular regions to accommodate specific Line Interface Reference Guide for details regarding available , lag-hash-mpls Provides 16K entries - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 261
8K 16K 3K 4K 1K Microcode Microcode is a compiled set of instructions for a CPU. On Dell Force10 systems, the microcode controls how packets are handled. There is a all systems. Refer to the Command Line Interface Reference Guide for details regarding available profiles for each system. Table - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 262
www.dell.com | support.dell.com Table 10-3. Microcode Descriptions Microcode Description lag-hash-mpls ipv6-extacl acl-group For hashing based on MPLS labels (up to five labels deep). With the default microcode, MPLS packets are distributed over a port-channel based on the MAC source and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 263
Profile Error # Before reload: 01:09:56: %RPM0-P:CP %CHMGR-4-EG_PROFILE_WARN: If EG CAM profile is selected, non-EG cards will be in problem state after reload # After reload: 00:04:46: %RPM0-P:CP %CHMGR-3-PROFILE_MISMATCH: Mismatch: line card 1 has mismatch CAM profile or microcode Message 2 EH - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 264
dell.com | support.dell.com -- Line card 1 -- Status : card problem Layer 2 FIB entries when the system is deployed as a switch. • Configure more Layer 3 FIB entries when the system is more ACLs (when IPv6 is not employed). • Hash MPLS packets based on source and destination IP addresses for LAGs. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 265
• FTOS automatically reconfigures the CAM profile on line cards and the secondary RPM to match the system CAM profile by saving the correct profile on the card and then rebooting it. • The CAM configuration is applied to entire system when you use CONFIGURATION mode commands. You must save the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 266
www.dell.com | support.dell.com Allocate space for IPV4 ACLs and QoS regions, and IPv6 6 be in factors of 2. For example, a CLI configuration of 5+4+2+1+1 Blocks is not supported; a configuration of 6+4+2+1 Blocks is supported. You must save the new CAM settings to the startup-config (write-mem or - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 267
Test CAM Usage c e s z The test cam-usage command is supported on platforms This command applies to both IPv4 and IPv6 CAM profiles, but command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 268
www.dell.com | support.dell.com Reserved : 8K entries FIB : 0 entries ACL : 0 entries Flow : 0 entries EgACL : 0 entries MicroCode Name : FTOS# View CAM-ACL settings c s The show cam-acl command is supported on platforms View the current cam-acl settings for the C-Series, S-Series - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 269
L2Qos : 2 L2PT : 1 IpMacAcl : 2 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 -- Line card 6 -- Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 2 Ipv4Qos : 2 L2Qos : 2 L2PT : 1 IpMacAcl : 2 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 The default - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 270
www.dell.com | support.dell.com View CAM Usage View the amount of CAM space | 2878 | 44 | 2834 --More-- Configure IPv4Flow Sub-partitions e IPv4Flow sub-partition are supported on platform The IPv4Flow CAM partitions have sub-partitions for several types of information. Table 10-5 lists - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 271
Table 10-5. IPv4Flow CAM Sub-partition Sizes Partition Space Allocated Space Allocated Space Allocated (EtherScale) (TeraScale) (ExaScale) QoS System Flow Trace Lists 8K 2K 2K 5K 5K 5K 1 1K 1K You can re-configure the amount of space allocated for each type of entry. FTOS requires - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 272
www.dell.com | support.dell.com Multicast Fib/Acl : Pbr : Qos : System Flow : Trace Lists : Current Settings 8K 2K 7K 6K 1K Next Boot 9K 1K 8K 5K 1K -- Line - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 273
2 ACL Sub-partitions e IPv4Flow sub-partitions are supported on platform The Ingress Layer 2 ACL CAM partition to 100%. * Note: You must allocate at least ( * ) entries at least when employing PVST+ . For example, the default CAM Profile - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 274
www.dell.com | support.dell.com To re-allocate CAM space within the Ingress Layer 2 ACL partition on the entire system as shown in the following example. : Step 1 2 3 4 Task Re- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 275
system-flow Set system flow entries CAM Optimization c s CAM optimization is supported on platforms When this command is enabled, if a Policy Map containing includes a CAM profile and microcode that treats MPLS packets as non-IP packets. Normally, switching and LAG hashing is based on source and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 276
dell.com | support.dell.com • When MPLS not use this CAM profile for Layer 2 egress ACLs. Troubleshoot CAM Profiling CAM Profile Mismatches The CAM profile on all this case, manually adjust the CAM configuration on the card to match the system configuration. Dell Force10 recommends the following - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 277
actual CAM usage before applying a service-policy. The command test cam-usage service-policy provides this test framework, refer to Pre-calculating Available QoS CAM Space. Note: For troubleshooting other CAM issues, refer to the E-Series Network Operations Guide. Content Addressable Memory (CAM - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 278
www.dell.com | support.dell.com 278 | Content Addressable Memory (CAM) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 279
supported on platforms: Overview Control Plane Policing (CoPP) uses ACL rules and QoS policies to create filters for a system's control plane. That filter prevents traffic not specifically VLT Q5 400 PPS Q4 2000 PPS sFlow MAC Learning Limit Violation Log, HyperPull Q3 300 PPS Q2 300 PPS MC Data - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 280
www.dell.com | support.dell.com Figure 11-2. CoPP solution example Hardware Queue Rate Limiting Q7 1100 PPS Q6 400 PPS OPSF flood CPU at 1100 PPS ICMP fails STP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 281
a QoS input policy map to match to the class-map and qos-policy for each desired protocol. Enter Control Plane mode. Assign the protocol based service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword. mac - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 282
www.dell.com | support.dell.com Sample Config for CoPP protocol configuration Create IP/IPv6/MAC Extended ACL FTOS(conf)#ip access-list extended ospf cpu-qos FTOS(conf-ip- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 283
average packet size, and applies that rate to the corresponding queue. Consequently, 1 kbps is roughly equivalent to 2 pps. The basics for creating a CoPP service policy is to create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 284
www.dell.com | support.dell.com Sample Config for CoPP CPU queue configuration Create QoS the show cpu-queue rate command to view the rates for each queue. FTOS#show cpu-queue rate cp Service-Queue Rate (PPS) ----------- Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 Q5 400 Q6 400 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 285
Use the show ip protocol-queue-mapping command to view the queue mapping for each configured protocol. FTOS#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag TCP (BGP) any/179 179/any _ UDP (DHCP) 67/68 68/67 _ UDP (DHCP-R) 67 67 _ TCP (FTP) any 21 _ ICMP any any - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 286
www.dell.com | support.dell.com 286 | Control Plane Policing (CoPP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 287
Last restart reason • show hardware commands • Troubleshooting packet loss • Application core dumps • Mini core dumps • TCP dumps Offline Diagnostics The offline Points to Remember • Diagnostics only test connectivity, not the entire data path. • Diagnostic results are stored on the flash of the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 288
www.dell.com | support.dell.com Running Offline Diagnostics 1. Place the unit in the offline state using the offline stack-unit command from EXEC Privilege mode, as shown in Taking a Z- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 289
Z9000 9-0-0-0 128 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present -- Power Supplies -- Unit Bay Status Type Temperature(deg C) FanSpeed(rpm) 0 0 up AC 40 13888 0 1 up - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 290
www.dell.com | support.dell.com Figure 12-3. Running Offline Diagnostics on a Z-Series Standalone Unit FTOS#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 291
Z8FX122P00109 Part Number : 7520057401 Product Revision : H Version : E9-0-0-23 Z9000 LEVEL 0 DIAGNOSTICS + TEST - 1 PSU [0] STATUS ---> POWER ON Monitor Test FAIL + TEST - 5 PSU [0] Source Type --> AC Test 5.000 - Psu Source type test PASS diagS3240GetPsuOnStatus[580]: ERROR: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 292
:32: %Z9000:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 0 FTOS#00:37:32 : Approximate time to complete the Diags ... 1 Min 30 Sec FTOS# WARNING: Reboot is highly recommended after running Offline Diagnostics in Debug Mode. Debug Mode can be used only for troubleshooting specific test - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 293
. All messages are stored in a ring buffer and can be saved to a file either manually or automatically upon failover. Auto Save on Crash or Rollover Exception information on for master or Note: Non-management member units do not support this functionality. Z-Series Debugging and Diagnostics | 293 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 294
www.dell.com | support.dell.com Last restart reason If a Z9000 system restarted for some reason (automatically or manually), the show latest FTOS version on the Z9000. Note: The show hardware commands should only be used under the guidance of the Dell Force10 Technical Assistance Center. 294 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 295
status of the stack-unit CPU port which connects to the external management interface. show hardware stack-unit {0-11} cpu data-plane statistics View driver-level statistics for the data-plane port on the CPU for the specified stack-unit. It provides insight into the packet types entering the CPU - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 296
www.dell.com | support.dell.com The Z9000 supports 32 40G ports or 128 10G ports on four port-pipes, which are also called units. The system displays internal port numbers, not the external - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 297
Table 12-3. Cross-reference of internal port numbers to user port numbers Internal Unit Port Number User Ports 0 to 31 on Unit 0 User Ports 32 to 63 on Unit 1 User Ports 64 to 95 on Unit 2 User Ports 96 to 127 on Unit 3 No User Ports on Unit 4 27 26 58 90 122 Internal 28 27 59 91 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 298
www.dell.com | support.dell.com • 65 60 75 70 80 FTOS# Troubleshoot an over-temperature condition To troubleshoot an over-temperature condition: 1. Use in EXEC mode to bring the line card back online. In addition, Dell Force10 requires that you install blanks in all slots without a line card - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 299
first shuts down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then RPMs. Troubleshoot an under-voltage condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status LEDs are lit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 300
www.dell.com | support.dell.com Buffer tuning Buffer Tuning allows you to modify the way your switch allocates buffers from -Output queues going from the FP to the front-end PHY. All ports support eight queues, 4 for data traffic and 4 for control traffic. All 8 queues are tunable. Physical memory - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 301
/29 = 2036 cells Figure 12-10. Buffer Tuning Points Front-end Links CSF Unit 3 1 2 FP Unit 1 IDP Switch Links 3 PHY PHY Deciding to tune buffers Dell Force10 recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 302
www.dell.com | support.dell.com Buffer tuning commands Note: Buffer profile queue 1 is not supported. Use default buffer profile queue 4. Task Define a buffer profile for the FP queues. Define a buffer profile for the CSF queues. Change the dedicated buffers on a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 303
Display the allocations for any buffer profile using the show commands in Figure 12-12. Display the default buffer profile using the command show buffer-profile {summary | detail} from EXEC Privilege mode, as shown in Figure 12-11. Figure 12-11. Display the Default Buffer Profile FTOS#show buffer- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 304
www.dell.com | support.dell.com Using a pre-defined buffer instructing you to remove the default configuration using the command no buffer-profile global. Sample buffer profile configuration The two general types of network environments are sustained data transfers and voice/data. Dell Force10 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 305
0/10 no ip address switchport no shutdown buffer-policy fsqueue-fp FTPS# Troubleshooting packet loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. • show hardware stack-unit cpu data-plane statistics • show hardware stack-unit cpu party-bus statistics • show - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 306
dell.com | support.dell unit port command Figure 12-15. Displaying Drop Counters Z9000-B4#show hardware stack-unit 0 drops unit 2 UserPort 0 0 0 0 0 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command provides insight into the packet types coming to the CPU. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 307
Figure 12-16. Displaying Dataplane Statistics FTOS#show hardware stack-unit 0 cpu data-plane statistics bc pci driver statistics for device: rxHandle :0 noMhdr :0 noMbuf :0 noClus :0 recvd :0 dropped :0 recvToNet :0 rxError :0 rxDatapathErr :0 rxPkt(COS0) :0 rxPkt(COS1) :0 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 308
www.dell.com | support.dell.com Displaying Party Bus Statistics FTOS#sh hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 309
. Undo this command using the no logging coredump server Mini core dumps FTOS supports mini core dumps on the for kernel crashes. The mini core dump apply to Master units. Kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other very minimal information - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 310
www.dell.com | support.dell.com Mini core text file example VALID MAGIC PANIC STRING panic string is :< the crash cause. TCP dumps TCP dump captures CPU bound control plane traffic to improve troubleshooting and system manageability. When enabled, a TCP dump captures all the packets on the local - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 311
Task Enable a TCP dump for CPU bound traffic. Command Syntax Command Mode tcpdump cp [capture-duration time | filter expression | max-file-count value | packet-count value | snap-length value | write-to path] CONFIGURATION Z-Series Debugging and Diagnostics | 311 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 312
www.dell.com | support.dell.com 312 | Z-Series Debugging and Diagnostics - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 313
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP: • relieves network administrators of manually configuring hosts, which is a can be a tedious and error-prone process when hosts often join, leave, and change locations - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 314
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport for the DHCP server. It can be used with or in place of the MAC address to provide DHCP data to use to send customer options based on the information provided. 255 Signals the last option in the DHCP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 315
plus IP address) to the accepted configuration parameters and stores the data in a database called a binding table. The server then broadcasts this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. • DHCPNAK-A - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 316
www.dell.com | support.dell.com Implementation Information • The Dell Force10 implementation of DHCP is based on RFC 2131 to be a DHCP Server c s z Configure the System to be a DHCP Server is supported only on platforms: A DHCP server is a network device that has been programmed to provide network - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 317
granting, renewing, and terminating leases. 5. Providing Administration Services: The DHCP server includes functionality that allows an administrator IP address ranges, lease length specifications, and configuration data that DHCP hosts need. Configuring the Dell Force10 system to be a DHCP server - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 318
www.dell.com | support.dell.com To create an address pool: Step 1 2 3 4 Task Command Syntax Access the DHCP server CLI context. ip dhcp server Create an address pool and give - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 319
Default: Disabled DHCP show config DHCP In the following figure, an IP phone is powered by PoE and has acquired an IP address from the Dell Force10 system, which is advertising LLDP-MED. The leased IP address is displayed using show ip dhcp binding, and confirmed with show lldp neighbors. Figure - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 320
www.dell.com | support.dell.com Address Resolution using NetBIOS WINS Windows Internet Naming Service (WINS) is a name resolution service that Force10 recommends specifying clients as hybrid. netbios-name-server address netbios-node-type type Command Mode DHCP DHCP Create Manual - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 321
does not receive a response to its request and therefore cannot access the network. You can configure an interface on the Dell Force10 system to relay the DHCP messages to a specific DHCP server using the command ip helper-address dhcp-address from INTERFACE mode, as shown in the following figure - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 322
www.dell.com | support.dell.com When ip helper-address is configured, the system listens PDUs. Note: DHCP Relay is not available on Layer 2 interfaces and VLANs. Figure 13-4. Configuring Dell Force10 Systems as a DHCP Relay Device To view the ip helper-address configuration for an interface, use the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 323
Configure the System for User Port Stacking When you set the DHCP offer on the DHCP server, you can set the stacking-option variable to provide the stack-port detail so a stack can be formed when the units are connected. Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 324
www.dell.com | support.dell.com The relay agent strips Option 82 from DHCP responses before forwarding them to the client. Task Insert Option 82 into DHCP packets. For routers between the relay agent and the DHCP server, enter the trust-downstream option. Manually reset the remote ID for Option 82 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 325
Enable DHCP snooping Step 1 2 3 Task Enable DHCP Snooping globally. Specify ports connected to DHCP servers as trusted. Enable DHCP Snooping on a VLAN. Command Syntax Command Mode ip dhcp snooping ip dhcp snooping trust ip dhcp snooping vlan CONFIGURATION INTERFACE CONFIGURATION Add a static - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 326
www.dell.com | support.dell.com View the DHACP Snooping statistics with the show ip dhcp snooping command as shown in the following example. FTOS#show ip dhcp snooping IP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 327
false IP to MAC mappings into the ARP cache of a network device. It is used to launch man-in-the-middle (MITM), and denial-of-service (DoS) attacks, among others. A spoofed ARP message is one in which MAC address in the sender hardware address field and the IP address in the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 328
www.dell.com | support.dell.com • denial of service-an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 329
Bypass the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by default. Task Specify an interface as - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 330
www.dell.com | support.dell.com The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 331
FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. Task Display the IP+MAC ACL for an interface for the entire system. Command Syntax show ip dhcp snooping source-address-validation [interface] Command Mode EXEC Privilege Dynamic Host - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 332
www.dell.com | support.dell.com 332 | Dynamic Host Configuration Protocol (DHCP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 333
14 Equal Cost Multi-Path (ECMP) Equal Cost Multi-Path (ECMP) is supported on platforms: e c s ECMP for Flow-based Affinity ECMP for Flow-based Affinity is available on platforms e and The hashing algorithm on E-Series TeraScale and E-Series - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 334
www.dell.com | support.dell.com FTOS Behavior: In FTOS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with version 8.2.1.2, the default hash-algorithm is 24. Deterministic ECMP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 335
they are routed through two different chassis. Backbone router Flow A Core Router 1 TeraScale Flow B Core Router 2 ExaScale Next-hop 1 Next-hop 2 Prefix: P Link Bundle Monitoring Link Bundle Monitoring is supported only on platform Monitoring linked ECMP bundles allows traffic distribution - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 336
www.dell.com | support.dell.com Enable link bundle monitoring using the ecmp-group command. Note: two ecmp-groups are not related in any way. Managing ECMP Group Paths Managing ECMP Group Paths is supported only on platform: Configure the maximum number of paths for an ECMP route that the L3 CAM - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 337
supported on the following platforms: z This chapter describes how to enable FIPS cryptography requirements on the Dell Force10 Guidance section G.5 guidelines. The current validation includes the S4810 and Z9000 platforms. More details on the cryptography module validation may be found at - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 338
www.dell.com | support.dell.com RSA host key-pair will be generated automatically. This key-pair can also be created manually using the crypto key generate command. Note: Under certain unusual circumstances, it is possible Line Interface Guide for more information. 338 | Enabling FIPS Cryptography - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 339
Monitoring FIPS Mode Status The status of the current FIPS mode (Enabled/Disabled) can be viewed directly using either the show fips status command or the show system command as shown below. FTOS#show fips status FIPS Mode : Enabled for the system using the show system command. FTOS#show - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 340
340 | Enabling FIPS Cryptography www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 341
Resilient Ring Protocol (FRRP) e c s z Force10 Resilient Ring Protocol (FRRP) is supported on platforms: Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses. FRRP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 342
dell.com | support.dell.com Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data of a switch or port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 343
nodes, instructing them to ring nodes, instructing them to clear Transit nodes, instructing them to clear the control frame instructing it to clear its a single switch connection; a Switch A Member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 344
www.dell.com | support.dell.com In the example shown in Figure 16-2, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 345
• Multiple physical rings can be run on the same switch • One Master node per ring-all other nodes are Transit • Each node has 2 member interfaces-Primary, is no distinction between a Primary and Secondary interface when operating in the Normal state. Force10 Resilient Ring Protocol (FRRP) | 345 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 346
.dell.com | support.dell. ms increments from 50 ms to 2000 ms. Dead Interval: The interval when data traffic is blocked on a port. The default is 3 times the Hello FRRP is media and speed independent. • FRRP is a Dell Force10 proprietary protocol that does not interoperate with any other vendor. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 347
data traffic; it carries only RHFs. • The Control VLAN cannot have members that are not ring ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported switch Force10 Resilient Ring Protocol (FRRP) | 347 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 348
www.dell.com | support.dell.com • All VLANS must be in Layer ports). • Member VLANs across multiple rings are not supported in Master nodes Use the commands in the following sequence, on the switch that will act as the Master node, to the Control VLAN. 348 | Force10 Resilient Ring Protocol (FRRP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 349
for all nodes on the ring. Use the commands in the following sequence, on all of the Transit switches in the ring, to create the Members VLANs for this FRRP group. Step Command Syntax 1 interface vlan for the interface. Range is entered Slot/Port-Port. Force10 Resilient Ring Protocol (FRRP) | 349 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 350
www.dell.com | support.dell.com Step Command Syntax 3 interface VLAN IDs for the ring's Member VLANs. Enable this FRRP group on this switch. Set FRRP Timers Step Command Syntax 1 timer {hello-interval|dead-interval} milliseconds 3x the Hello-Interval. 350 | Force10 Resilient Ring Protocol (FRRP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 351
or EXEC PRIVELEGED Purpose Show the information for the identified FRRP group. Ring ID: 1-255 Show the state of all FRRP groups. Ring ID: 1-255 Force10 Resilient Ring Protocol (FRRP) | 351 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 352
www.dell.com | support.dell.com Troubleshooting FRRP Configuration Checks • Each Control Ring must use a unique VLAN ID • Only two interfaces on a switch can be Members of the same Control VLAN • There . Below the figure are the associated CLI commands. 352 | Force10 Resilient Ring Protocol (FRRP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 353
GigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 3/21 secondary GigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable Force10 Resilient Ring Protocol (FRRP) | 353 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 354
www.dell.com | support.dell.com 354 | Force10 Resilient Ring Protocol (FRRP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 355
Registration Protocol (GVRP) is supported on platform: Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 356
www.dell.com | support.dell.com Figure 17-1. GVRP Compatibility Error switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In Figure 17-2, that kind of port is referred to as a VLAN trunk port, but it is not necessary to specifically - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 357
Figure 17-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Core Switches VLANs 70-80 Edge Switches VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 30-50 VLANs 70-80 NOTES: VLAN 1 mode is always fixed and cannot be - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 358
www.dell.com | support.dell.com Figure 17-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp GVRP Registration • Fixed Registration Mode: Configuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN de-registration, and registers all VLANs known - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 359
Based on the configuration in the example shown in Figure 17-5, the interface 1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 17 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 360
www.dell.com | support.dell.com FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error FTOS(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. 360 | GARP VLAN Registration Protocol (GVRP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 361
on E-Series, 31 interfaces on C-Series and S-Series, and an unlimited number of groups on all platforms. Note: The S4810 supports up to 95 interfaces. • Dell Force10 systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier. • FTOS automatically enables IGMP on interfaces on which - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 362
dell.com | support.dell. takes to stop forwarding traffic for a group to a subnet (leave latency) after the last host leaves the group. In version 1 hosts hosts for general queries or contain a group address for group-specific queries fnC0069mp Joining a Multicast Group There are two ways that - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 363
message) to the all routers multicast address 224.0.0.2 when it no longer cares about multicast traffic for a particular group. 2. The querier sends a Group-Specific Query to determine whether there are any remaining hosts in the group. There must be at least one receiver in a group on a subnet for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 364
www.dell.com | support.dell.com Figure 18-3. IGMP version 3 Membership Report Packet Format Version IHL reception state Record Type Auxiliary Data Length (0) Number of Sources Multicast Address Source Addresses Auxiliary Data Length of Auxiliary Data field Group address to which the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 365
1 Allow New 4 fnC0072mp Leaving and Staying in Groups Figure 18-5 shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the include filter for 10.11.1.1 and 10.11 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 366
www.dell.com | support.dell.com Figure 18-5. IGMP Membership Queries: Leaving and Staying in Include 10.11.1.1 LQMT 1/1 10.11.1.2 LQMT 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.1 Number of Sources: 2 Source Address: 10.11.1.1, 10. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 367
is 2 FTOS# Selecting an IGMP Version FTOS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3 using the command ip igmp version from INTERFACE mode, as - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 368
dell.com | support.dell Lowering this value decreases leave latency but increases response burstiness leave message from a host, it sends a group-specific query to the subnet. If no response is received, the Last Member Query Interval (LMQI). The switch waits one LMQI after the second query before - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 369
the outgoing interface for the subnet. IGMP Immediate Leave reduces leave latency by enabling a router to immediately delete the group membership on an interface upon receiving a Leave message (it does not send any group-specific or group-and-source queries before deleting the entry). Configure the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 370
www.dell.com | support.dell.com IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 371
are connected to multicast routers using the command show ip igmp snooping mrouter from EXEC Privilege mode. Configuring the Switch as Querier Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 372
dell.com | support.dell leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table query interval to expire. When an IGMP snooping switch is not acting as a Querier it sends out packets and IP multicast data traffic originating from receivers is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 373
them with FTOS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on platforms: e c s z SONET interfaces are only supported on platform e. Basic Interface Configuration: • Interface Types • View Basic Interface Information • Enable a Physical Interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 374
www.dell.com | support.dell.com • Auto-Negotiation on Ethernet Interfaces • View Advanced Interface Information Interface Types Interface Type Physical Management Loopback Null Port Channel VLAN Modes Possible L2, L3 N/A - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 375
are enabled for Layer 3 data transmission. In Figure 19-2, Manual administratively down down NO Manual administratively down down YES Manual up up YES Manual up up YES Manual up up YES Manual up up NO Manual administratively down down NO Manual administratively down down NO Manual - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 376
www.dell.com | support.dell.com Figure 19-3. Interfaces listed in the show running-config Command (Partial) FTOS#show running Current Configuration ... ! interface GigabitEthernet 9/6 no ip address shutdown ! interface GigabitEthernet 9/7 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 377
each unit of the S4810 and Z9000; it provides dedicated management access to the system. The other S-Series (non-S4810) systems supported by FTOS do not have this interfaces: • Overview of Layer Modes • Configure Layer 2 (Data Link) Mode • Management Interfaces • Auto-Negotiation on Ethernet - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 378
www.dell.com | support.dell.com Overview of Layer Modes On all systems running FTOS, you can Configure Layer 2 (Data Link) Mode Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface. The user can not configure switching or Layer 2 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 379
For information on enabling and configuring Spanning Tree Protocol, see Chapter 10, Layer 2, on page 47. To view the interfaces in Layer 2 mode, use the command show interfaces switchport in the EXEC mode. Configure Layer 3 (Network) Mode When you assign an IP address to a physical interface, you - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 380
www.dell.com | support.dell.com Command Syntax ip address ip-address mask [secondary] ICMP redirects are not sent ICMP unreachables are not sent Management Interfaces The S4810 and Z9000 systems support the Management Ethernet interface as well as the standard S-Series interface on any port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 381
IP address and should not be in the same subnet as the virtual IP. Figure 19-8. Viewing Two Global IPv6 Addresses on the S4810 and Z9000 FTOS#show interfaces managementethernet 0/0 ManagementEthernet 0/0 is up, line protocol is up Hardware is DellForce10Eth, address is 00:01:e8:a0:bf:f3 Current - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 382
www.dell.com | support.dell.com To configure IP addresses on a Management interface, use the following command in the MANAGEMENT INTERFACE mode: Command Syntax ip address ip-address mask Command - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 383
. FTOS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information on configuring different routing protocols, refer to the chapters on the specific protocol - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 384
www.dell.com | support.dell.com Assign an IP address to an interface with the following command Vlan 10 ip address 1.1.1.2/24 tagged GigabitEthernet 2/2-13 tagged TenGigabitEthernet 5/0 ip ospf authentication-key force10 ip ospf cost 1 ip ospf dead-interval 60 ip ospf hello-interval 15 no shutdown - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 385
configurable command in the INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port channel definition and standards • Port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 386
www.dell.com | support.dell.com With this feature, the user can create larger-capacity interfaces /Channel 16 64 8 8 8 8 Note: If you are using either 10G ports or 40G ports, the Z9000 supports 8 members per LAG As soon as a port channel is configured, FTOS treats it like a physical interface. For - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 387
10/100/1000 Mbps interfaces in port channels When both 10/100/1000 interfaces and GigE interfaces are added to a port channel, the interfaces must share a common speed. When interfaces have a configured speed different from the port channel speed, the software disables those interfaces. The common - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 388
www.dell.com | support.dell.com To configure a port channel, use these commands in the shutdown • mtu • ip mtu (if the interface is on a Jumbo-enabled by default.) Note: The Z9000 supports jumbo frames by default (the default maximum transmission unit (MTU) is 12000 bytes) You can configure the MTU - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 389
To add a physical interface to a port channel, use these commands in the following sequence in the INTERFACE mode of a port channel: Step Command Syntax 1 channel-member interface 2 show config Command Mode INTERFACE PORT-CHANNEL INTERFACE PORT-CHANNEL Purpose Add the interface to a port channel. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 390
www.dell.com | support.dell.com Figure 19-12 displays the port channel's mode (L2 for Layer 00:00:00 Queueing strategy: fifo 1212627 packets input, 1539872850 bytes Input 1212448 IP Packets, 0 Vlans 0 MPLS 4857 64-byte pkts, 17570 over 64-byte pkts, 35209 over 127-byte pkts 69164 over 255-byte - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 391
Reassign an interface to a new port channel An interface can be a member of only one port channel. If the interface is a member of a port channel, you must remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 392
www.dell.com | support.dell.com Configure the minimum oper up links in a port channel (LAG) You can configure the minimum links in a port channel (LAG) that must be in " - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 393
advantage of resources by distributing traffic over multiple paths when transferring data to a destination. FTOS allows you to modify the hashing algorithms the C-Series and S-Series. Note: Hash-based load-balancing on MPLS does not work when packet-based hashing (load-balance ip-selection - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 394
www.dell.com | support.dell.com E-Series load-balancing On the E-Series, the default load-balance criteria are a 5-tuple, as follows: • IP source address • IP destination address • Protocol type • TCP/UDP source port • TCP/UDP destination port Balancing may be applied to IPv4, switched IPv6, and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 395
Commands Default (IP 5-tuple) load-balance ip-selection 3-tuple load-balance ip-selection mac load-balance ip-selection 3-tuple load-balance ip-selection mac Switched IP Traffic IP 5-tuple (lower 32 bits) IP 3-tuple (lower 32 bits) MAC-based MAC-based Routed IP Traffic (IPv4 only) IP 5-tuple IP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 396
www.dell.com | support.dell.com Table 19-5. The load-balance Commands and Port Channel Types Configuration Commands load-balance ip-selection packet-based load-balance ip-selection packet-based load-balance ip-selection mac Switched IP Traffic Packet based: IPV4 No distribution: IPV6 MAC-based - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 397
FTOS(conf)##hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 FTOS(conf)# On C-Series and S-Series, the hash-algorithm command is specific to ECMP groups and has different defaults from the E-Series. The default ECMP hash configuration is crc-lower. This takes the lower 32 bits of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 398
www.dell.com | support.dell.com For more on load-balancing, see "Equal Cost Multipath and Link Aggregation Frequently Asked Questions" in the E-Series FAQ section (login required) of iSupport: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 399
• Overlap port ranges • Commas • Add ranges Create a single-range Figure 19-18. Creating a Single-Range Bulk Configuration FTOS(config)# interface range gigabitethernet 5/1 - 23 FTOS(config-if-range-gi-5/1-23)# no shutdown Create a multiple-range Figure 19-19. Creating a Multiple-Range Prompt FTOS( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 400
www.dell.com | support.dell.com Commas The example below shows how to use commas to add different interface types to the range, enabling all Gigabit Ethernet interfaces in the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 401
Choose an Interface-range Macro To use an interface-range macro in the interface range command, enter this command: Command Syntax interface range macro name Command Mode Purpose CONFIGURATION Selects the interfaces range to be configured using the values saved in a named interface-range macro. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 402
using TDR The Time Domain Reflectometer (TDR) is supported on all Dell Force10 switch/routers. TDR is an assistance tool to resolve link becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link, that is, when the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 403
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (refer to the Z9000 Installation Guide or the Z9000 Release Notes for a list of supported cables). Command Syntax stack-unit stack-unit port number portmode quad Command Mode Purpose CONFIGURATION - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 404
dell.com | support.dell.com Important Points • Splitting a 40G port into 4x10G port is supported only on a standalone unit. • Split ports cannot be used as stack-link to stack an Z9000 interface connected to the switch will flap. Link Debounce Timer instructs the Ethernet switch to delay the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 405
• Changes made do not affect any ongoing debounces. The timer changes take affect from the next debounce onward. Assign a debounce time to an interface Command Syntax link debounce time [milliseconds] Command Mode INTERFACE Purpose Enter the time to delay link status change notification on this - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 406
www.dell.com | support.dell.com Disable ports when one only SFM is available (E300 only) Selected ports so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces • Link dampening is disabled when the interface is configured for port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 407
(conf-if-gi-1/1)#exit View the link dampening configuration on an interface using the command show config, or view dampening information on all or specific dampened interfaces using the command show interfaces dampening from EXEC Privilege mode, as shown in Figure 19-29. Figure 19-29. Viewing all - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 408
show interfaces interface x/y Configure MTU size on an Interface The Z9000 supports a link Maximum Transmission Unit (MTU) of 12000 bytes and maximum is supported on platforms c s z Threshold Settings are supported only on platforms: Ethernet Pause Frames allow for a temporary stop in data - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 409
allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal Control frames to carry the PAUSE commands. Ethernet Pause Frames are supported on full duplex only. The only configuration applicable to half duplex - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 410
C-Series and S-Series (non-S4810) platforms, Ethernet Pause Frames TX should be enabled only after consulting with the Dell Force10 Technical Assistance Center. Note: The S4810 supports only the rx control option. The S4810 does not transmit pause frames. Ethernet Pause Frames flow control must be - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 411
-byte link MTU The MTU range is 592-12000, with a default of 1500. On the E-Series, the user must enter the ip mtu command to manually configure the IP MTU to compensate for the Layer 2 header. The C-Series and S-Series automatically configure the IP MTU. Table 19-7 lists the various Layer - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 412
www.dell.com | support.dell.com Port-pipes A port pipe is a Dell Force10 specific term for the hardware path that packets follow through a Raw Slot Capacity / Slot Port-pipe Channel (Gbps) (Gbps) E1200/E1200i-AC/DC 2 E600/E600i 2 E300 1 9 3.125 9 3.125 8 3.125 56.25 56.25 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 413
1T is used in the S25P model of the S-Series, its speed can be manually set with the speed command. When the speed is set to 10 or 100 Dell Force10 recommends keeping auto-negotiation enabled. Auto-negotiation should only be disabled on switch ports that attach to devices not capable of supporting - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 414
www.dell.com | support.dell.com Note: The show interfaces status command displays link status, but not administrative status. For link and administrative status, use show ip interface [interface | brief | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 415
FTOS(conf-if-autoneg)# For details on the speed, duplex, and negotiation auto commands, see the Interfaces chapter of the FTOS Command Reference Guide. Adjust the keepalive timer Use the keepalive command to change the time interval between keepalive messages on the interfaces. The interface sends - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 416
www.dell.com | support.dell.com Figure 19-35. show Commands with configured Keyword Examples FTOS#show . The show interfaces switchport command (Figure 19-36) displays the interface, whether the interface supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Figure - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 417
type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 1d23h44m Queueing strategy: fifo 0 packets input, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 418
www.dell.com | support.dell.com Dynamic Counters By default, counting for the following enabled on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by FTOS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 419
information. • For a VLAN, enter the keyword vlan followed by a number from 1 to 4094 E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. (OPTIONAL) Enter the keyword vrrp to clear statistics for all VRRP groups configured. Enter - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 420
420 | Interfaces www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 421
20 IPv4 Routing e c s z IPv4 Routing is supported on platforms: FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS. • IP Addresses • Directed - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 422
www.dell.com | support.dell.com At its most basic level, an IP address is 32 allows you to save two more IP addresses on point-to-point links than 30-bit masks. FTOS supports RFC 3021 with ARP. Configuration Task List for IP Addresses The following list includes the configuration tasks for IP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 423
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 3 Command Syntax interface interface Command Mode CONFIGURATION no shutdown INTERFACE ip address ip-address INTERFACE mask [secondary] Purpose Enter the keyword - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 424
www.dell.com | support.dell.com Figure 20-2. show ip interface Command Example FTOS#show ip int gi unreachables are not sent FTOS# Configure static routes A static route is an IP address that is manually configured and not learned by a routing protocol, such as OSPF. Often static routes are used as - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 425
Figure 20-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway ----------- ------- S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, Te 5/0 S 6.1.2.2/32 via 6.1.20.2, Te 5/0 S 6.1.2.3/32 via 6.1.20.2, Te 5/0 S 6.1.2.4/32 via 6.1.20.2, Te - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 426
www.dell.com | support.dell.com To view the configured static routes for the management port, configuration, use the show config command in the INTERFACE mode. Resolution of Host Names Domain Name Service (DNS) maps host names to IP addresses. This feature simplifies such commands as Telnet and FTP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 427
show hosts command. Figure 20-5. show hosts Command Example FTOS>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL -------- ----- ---- ks (perm, OK) - patch1 (perm, OK) - tomm-3 (perm, OK) - gxr (perm, OK - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 428
www.dell.com | support.dell.com Command Syntax ip domain-list name Command Mode configured until a match is found or the list is exhausted. DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode. Command Syntax ip domain - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 429
, refer to the FTOS Command LIne Reference. Configure static ARP entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache. To configure a static ARP entry, use the following - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 430
www.dell.com | support.dell.com Command Syntax arp ip-address mac-address interface interface: enter the interface type slot/port information. These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command syntax. To view the static - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 431
ARP is a request. A Gratuitous ARP Request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: • detect IP address conflicts • inform switches of their presence on a port so that packets can be forwarded • update the ARP table of other nodes on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 432
www.dell.com | support.dell.com Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Enable ARP learning via gratuitous ARP. Command - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 433
best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP Error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic Configuration Task List for ICMP Use the following steps to configure ICMP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 434
www.dell.com | support.dell.com To reenable the creation of ICMP unreachable messages on the displayed in the show config command output. Enable ICMP redirects e Enable ICMP redirects is supported on platform By default, ICMP redirect messages are disabled. When enabled, ICMP redirect messages - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 435
2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. See Configuring a Broadcast Address on page 435. Important Points to Remember about UDP Helper • The existing command ip directed broadcast is rendered meaningless if UDP helper is enabled on the same interface. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 436
www.dell.com | support.dell.com Figure 20-12. Configuring a Broadcast Address FTOS(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 FTOS(conf-if-vl-100)#show config ! - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 437
broadcast address: 1.1.255.255 Hosts on VLAN 100: 1.1.0.2, 1.1.0.3, 1.1.0.4 1/1 1/2 Ingress interface IP Address: 2.1.1.1/24 UDP helper enabled Packet 2 Switched Packet 1/3 VLAN 101 IP address: 1.11.1/24 Subnet broadcast address: 1.1.1.255 Configured broadcast address: 1.1.255.255 Hosts on VLAN - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 438
.dell.com | support.dell.com Name System Description System Capabilities Management Addr Organizationally Specific End of LLDPDU UDP Helper with Configured Broadcast interface IP Address: 2.1.1.1/24 UDP helper enabled Packet 2 Switched Packet Destination Address: 1.1.255.255 1/3 VLAN 101 IP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 439
Troubleshooting UDP Helper Display debugging information using the command debug ip udp-helper, as at interface 194.12.129.98 BOOTP Reply, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D:46:DC, giaddr = 172.21.50.193, hops = 2 2005-07-05 11:59:36 %RELAY-I-BOOTREPLY, Forwarded BOOTREPLY for 00:02:2D - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 440
440 | IPv4 Routing www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 441
IPv4 usage to allow for the constant expansion. This chapter provides a brief discussion of the differences between IPv4 and IPv6, and the Dell Force10 support of IPv6. This chapter discusses the following, but is not intended to be a comprehensive discussion of IPv6. • Protocol Overview • Extended - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 442
dell.com | support.dell.com Protocol Overview IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support its service provider. Z9000, only management ports support stateless auto-configuration as a host. 442 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 443
The router redirect functionality in Neighbor Discovery Protocol (NDP) is similar to IPv4 router redirect messages. Neighbor Discovery Protocol (NDP) uses ICMPv6 redirect messages (Type 137) to inform nodes that a better router exists on the link. IPv6 Headers The IPv6 header has a fixed length of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 444
www.dell.com | support.dell.com Version (4 bits) The Version field always contains the number 6, referring to the packet's IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 445
Table 21-1. Next Header field values Value 50 51 59 60 Description Encrypted Security Authentication header No Next Header Destinations option header Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page at http://www - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 446
dell.com | support.dell that it does not have to process any router specific information and immediately processes the packet to its final Problem, Code 2 message to the packet's Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option Data - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 447
0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups several hosts connect to a common hub or switch, they have an instant communication path via Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 448
with FTOS FTOS supports both IPv4 and IPv6 and both may be used simultaneously in your system. Note: Dell Force10 recommends that you Z9000 Basic IPv6 Commands 7.4.1 IPv6 Basic Addressing 8.2.1 7.8.1 7.8.1 8.3.10 8.3.11 IPv6 Basic Commands in the FTOS Command Line Interface Reference Guide - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 449
IS-IS for IPv6 N/A N/A N/A N/A support for redistribution ISIS for IPv6 N/A N/A support for distribute lists and administrative distance OSPF for IPv6 N/A (OSPFv3) Equal Cost 7.4.1 Multipath for IPv6 N/A 8.2.1 IPv6 Services and Management Telnet client over 7.5.1 IPv6 (outbound - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 450
dell.com | support.dell.com Table 21-2. FTOS and IPv6 Feature Support (continued) Secure Shell (SSH) client support over IPv6 (outbound SSH) Layer 3 only 7.5.1 Secure Shell (SSH) server support Guide IPv6 Multicast in this chapter; IPv6 PIM in the FTOS Command Line Interface Reference Guide - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 451
supported on platforms c e s z ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting Parameter Problem messages carries more data while protocol overheads (headers, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 452
www.dell.com | support.dell.com Figure 21-2. Path MTU Discovery Process 452 | IPv6 Routing - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 453
IPv6 Neighbor Discovery IPv6 NDP is supported on platforms c e s z Neighbor Discovery Protocol (NDP) is a top- must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. Note: To avoid problems with network discovery, Dell Force10 recommends configuring - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 454
e IPv6 QoS is supported on platform FTOS IPv6 supports quality of service based on DSCP field. data is sent from senders to the RP so receivers can discover who are the senders and begin receiving traffic destined to the multicast group. • PIM in Source Specific Guide Multicast chapter, in the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 455
supports accessing the system through the management interface as well as through a physical Layer 3 interface. Refer to the Security chapter in the FTOS Command Line Reference Guide IPv6 extended ACLs on the entire chassis or on a specific linecard chassis changes the CAM profile for all linecards - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 456
www.dell.com | support.dell.com Figure 21-4. Command Example: show cam-profile summary (E-Series) Current Settings : Next Boot --More-- Adjust your CAM-Profile c s z The cam-acl command is supported on platforms Although this is not a mandatory step, if you plan to implement IPv6 ACLs, you must - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 457
address command to assign an IPv6 address to an interface. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host as per RFC 4861. Data ports support more than two IPv6 addresses. IPv6 Routing | 457 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 458
www.dell.com | support.dell.com When you configure IPv6 addresses on multiple interfaces (ipv6 address command) Addressing earlier in this chapter. Assign a Static IPv6 Route IPv6 Static Routes are supported on platforms c e s z Use the ipv6 route command to configure IPv6 static routes. 458 | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 459
Note: After you configure a static IPv6 route (ipv6 route command) and configure the forwarding router's address (specified in the ipv6 route command) on a neighbor's interface, the IPv6 neighbor is not displayed in the show ipv6 route command output. Command Syntax Command Mode ipv6 route prefix - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 460
dell.com | support.dell.com Telnet with IPv6 IPv6 Telnet is supported on platforms c e s z The Telnet client and server in FTOS support local addresses is supported on the S4810 and Z9000. Command Syntax support IPv6. Refer to the SNMP and SYSLOG chapter in the FTOS Command Line Reference Guide - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 461
Show IPv6 Information All of the following show commands are supported on platforms c e s z View specific IPv6 configuration with the following commands. Command Syntax Command Mode show ipv6 ? EXEC or EXEC Privileged FTOS#show ipv6 ? accounting IPv6 accounting information cam IPv6 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 462
www.dell.com | support.dell.com Show an IPv6 Interface View the IPv6 configuration for a specific interface with the following command. Command Syntax Command Mode show ipv6 interface type {slot/ EXEC port} Purpose Show the currently running configuration for the specified - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 463
Figure 21-6. Command Example: show ipv6 interface (Z9000) FTOS#show ipv6 int te 1/10 TenGigabitEthernet 1/10 is up, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:3166 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 464
www.dell.com | support.dell.com Show IPv6 Routes View the global IPv6 routing information with the following command. Command Syntax show ipv6 route type Command Mode EXEC Purpose Show - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 465
Figure 21-8. Command Example: show ipv6 route FTOS#show ipv6 route Codes: C - connected, L - local, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 466
www.dell.com | support.dell.com Show the Running-Configuration for an Interface View the clear ipv6 route {* | ipv6 address prefix-length} Command Mode EXEC Purpose Clear (refresh) all or a specific routes from the IPv6 routing table. * : all routes ipv6 address : x:x:x:x::x mask : prefix length - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 467
Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter. IPv6 Routing | 467 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 468
468 | IPv6 Routing www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 469
LACP) e c s z Link Aggregation Control Protocol (LACP) is supported on platforms: The major sections in the chapter are: • Introduction to LAG or acting as dedicated ports, whereas ports in a static LAG must be specifically removed from the LAG in order to act alone. FTOS uses LACP to create dynamic - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 470
www.dell.com | support.dell.com Important Points to Remember • LACP enables you to add members -number deletes the specified LAG, including a dynamically created LAG. This command causes all LACP-specific commands on the member interfaces to be removed. The interfaces are restored to a state that - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 471
LACP Configuration Commands If aggregated ports are configured with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax [no] lacp system-priority priority-value [no] port-channel- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 472
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG (Figure 22-2): - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 473
To configure the LACP long timeout (Figure 196): Step 1 Task Set the LACP timeout value to 30 seconds. Command Syntax lacp long-timeout Command Mode CONFIG-INT-PO Figure 22-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 474
www.dell.com | support.dell.com Shared LAG State Tracking Shared LAG State Tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 475
In Figure 22-6, LAGs 1 and 2 have been placed into to the same failover group. Figure 22-6. Configuring Shared LAG State Tracking R2#config R2(conf)#port-channel failover-group R2(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 View the failover group configuration using the show running - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 476
due to this feature, its members may still be in the up state. Configure LACP as Hitless c e Configure LACP as Hitless is supported only on platforms: LACP on Dell Force10 systems can be configured to be hitless. When configured as hitless, there is no noticeable impact on dynamic LAG state upon an - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 477
Figure 22-10. Enabling Hitless LACP FTOS(conf)#redundancy protocol lacp FTOS#show running-config redundancy ! redundancy protocol lacp FTOS# FTOS#show running-config interface gigabitethernet 0/12 ! interface GigabitEthernet 0/12 no ip address ! port-channel-protocol LACP port-channel 200 mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 478
www.dell.com | support.dell.com Configuring a LAG on ALPHA Figure 22-12. Creating a LAG on ALPHA Alpha(conf)#interface port-channel 10 Alpha(conf-if-po-10)#no ip - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 479
address is not set MTU 1554 bytes, IP MTU 1500 bytes Confirms the number of links to bring up the LAG and that this is a switch port instead of a router port. LineSpeed 3000 Mbit Members in this channel: Gi 2/31(U) Gi 2/32(U) Gi 2/33(U) ARP type: ARPA, ARP Timeout 04:00 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 480
www.dell.com | support.dell.com Figure 22-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 481
Summary of the configuration on ALPHA Figure 22-16. Summary of the configuration on ALPHA Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/ - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 482
www.dell.com | support.dell.com Summary of the configuration on BRAVO Figure 22-17. Summary of the configuration on BRAVO Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 483
Figure 22-18. Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 484
www.dell.com | support.dell.com Figure 22-19. Using the show interfaces port-channel bring up Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes the LAG and that this is a switch port instead of a router port. LineSpeed 3000 Mbit Members in this channel: Gi 3/21(U) Gi 3/22(U) Gi - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 485
10 Priority 32768 FTOS# PPP is a connection-oriented protocol that enables layer two links over a variety of different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in half-duplex or full-duplex mode. It was designed to carry IP traffic but - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 486
www.dell.com | support.dell.com 486 | Link Aggregation Control Protocol (LACP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 487
with FTOS 8.1.1.0 and later. It is supported on the with FTOS 8.3.10.0 and on Z9000 with FTOS 9.0.0.0. Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Force10 supports both IPv4 and IPv6 versions of IS - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 488
.dell.com | support.dell.com systems manage destination paths for external routers. Only Level 2 routers can exchange data a Level 1 router. To establish adjacencies, each IS-IS router sends different Protocol Data Units (PDU). For IP traffic, the IP addressing information is included in the IS - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 489
ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode will not recognize the ability of the single-topology mode router to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 490
www.dell.com | support.dell.com Interface support MT IS-IS is supported on physical Ethernet interfaces, physical Sonet in a redundant configuration) should not necessarily interrupt data packet forwarding. This behavior is supported because the forwarding tables previously computed by an active - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 491
to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. FTOS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing. To support IPv6, the Dell Force10 implementation of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 492
www.dell.com | support.dell.com Table 23-1 displays the default values for IS-IS. Table 23-1. IS enable and configure IS-IS features on that interface only. Commands in the ADDRESS-FAMILY mode are specific to IPv6. Note that by using the IS-IS routing protocol to exchange IPv6 routing information - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 493
• Set the overload bit on page 509 • Debug IS-IS on page 510 Enable IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 494
www.dell.com | support.dell.com Step 3 4 5 6 7 Task Command Syntax Command Mode Enter a number from 1 to 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. interface interface CONFIGURATION Enter an IPv4 Address. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 495
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 GigabitEthernet 4/22 Loopback 0 Redistributing: Distance: 115 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 496
www.dell.com | support.dell.com Configure Multi-Topology IS-IS (MT IS-IS) Step Task Command Syntax Command Mode 1 Enable Multi-Topology IS-IS for multi-topology [transition] IPv6. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 497
Configure Multi-Topology IS-IS (MT IS-IS) Step Task Command Syntax Command Mode 1 Enable Multi-Topology IS-IS for multi-topology [transition] IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 498
www.dell.com | support.dell.com Command Syntax graceful-restart restart-wait seconds graceful-restart t1 time value from its peer and adjusts its T3 value accordingly if user has configured this option. manual: allows you to specify a fixed value that the restarting router should use. Range: 50-120 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 499
-restart detail FTOS#show isis graceful-restart detail Configured Timer Value Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 500
www.dell.com | support.dell.com Figure 23-5. Command Example: show isis interface FTOS#show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 501
IS-IS links or interfaces are associated with a cost that is used in the SPF calculations. The possible cost varies depending on the metric style supported. If you configure narrow, transition or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 502
www.dell.com | support.dell.com Figure 23-7. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 503
Table 23-3. Correct Value Range for the isis metric command Metric Style narrow transition transition Correct Value Range 0 to 63 0 to 63 Configuring the distance of a route Configure the distance for a route using the distance command from ROUTER ISIS mode. Change the IS-type You can configure - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 504
dell.com | support.dell.com Figure 23-8. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x00000009 eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10 a specific interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 505
information. • For a VLAN, enter the keyword vlan followed by a number from 1 to 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. Apply a configured prefix list to all outgoing IPv4 IS-IS routes. You can configure one of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 506
www.dell.com | support.dell.com IPv6 routes Use these commands in ADDRESS-FAMILY IPV6 followed by a number from 1 to 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. ROUTER ISIS-AF IPV6 Apply a configured prefix list - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 507
. Default is 0. • metric-type: choose either external or internal. Default is internal. • map-name: name of a configured route map. Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • level-1, level-1-2, or level-2:: Assign all redistributed - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 508
www.dell.com | support.dell.com IPv6 routes Use any of the these commands in | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER ISIS Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • level-1, level - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 509
SNPs. Set the authentication password for a routing domain. FTOS supports both DES and HMAC-MD5 authentication methods. This password is inserted the following command in ROUTER ISIS mode to set the overload bit manually. Command Syntax set-overload-bit Command Mode Purpose ROUTER ISIS Set - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 510
dell.com | support.dell.com Figure 23-9. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x0000000A eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10 view specific information - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 511
the keyword no followed by the debug command to disable a specific debug command. For example, to disable debugging of IS-IS supports the following IS-IS metric styles: • narrow (supports only type, length, and value (TLV) up to 63) • wide (supports TLV up to 16777215) • transition (supports both - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 512
www.dell.com | support.dell.com For any level (Level-1, Level-2, or Level-1-2), the value to 16777215 0 to 63 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 513
transition metric style. 1 a truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. Moving to transition and then to another metric style produces different results (Table 23-6). Table 23-6. Metric Value when Metric Style Changes Multiple - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 514
www.dell.com | support.dell.com Leaking from One Level to Another In the following scenarios, each IS-IS level is configured with a different metric style. Table 23-7. Metric Value - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 515
and IPv6 routing is S being used. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. Note: Whenever ISIS configuration changes are made, the IS-IS process must be cleared S (re-started) using - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 516
www.dell.com | support.dell.com Figure 23-10. IS-IS Sample Configuration - Congruent Topology FTOS(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 517
Figure 23-13. IPv6 IS-IS Sample Topography Intermediate System to Intermediate System | 517 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 518
www.dell.com | support.dell.com 518 | Intermediate System to Intermediate System - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 519
24 Layer 2 e c s z Layer 2 features are supported on platforms: This chapter describes the following Layer 2 features: • Managing the MAC Address Table • MAC Learning Limit • NIC Teaming • Microsoft Clustering • Configuring Redundant Pairs • Restricting - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 520
dell.com | support.dell.com Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch Static entries must be entered manually: Task Create a static - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 521
Display the MAC Address Table To display the contents of the MAC address table: Task Command Syntax CommandMode Display the contents of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time. • count displays the number of dynamic and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 522
www.dell.com | support.dell.com FTOS Behavior: When configuring MAC Learning Limit on a port or VLAN the configuration is accepted (becomes part of running-config and show mac learning- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 523
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If sticky MAC is enabled, the specified port will retain any dynamically-learned addresses and prevent them from - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 524
www.dell.com | support.dell.com FTOS Behavior: The C-Series and S-Series do not generate learning-limit Command Mode EXEC Privilege Learning Limit Violation Actions e Learning Limit Violation Actions are supported on platforms: z You can configure the system to take an action when the MAC - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 525
Station Move Violation Actions Station Move Violation Actions are supported on platforms: S-Series (S25/S50) no-station-move is a learning-limit or station-move violation shuts down an interface, you must manually reset it: Task Reset interfaces in ERR_Disabled state caused by a learning limit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 526
www.dell.com | support.dell.com Per-VLAN MAC Learning Limit e Per-VLAN MAC Learning Figure 24-1, an Internet Exchange Point (IXP) connects multiple Internet Service Provider (ISP). An IXP can provide several types of services to its customers including public an private peering. Public peering means - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 527
NICs have been teamed together. In this case, if the primary NIC fails, traffic switches to the secondary NIC, since they are represented by the same set of addresses. station-move refresh-arp on the Dell Force10 switch at the time that NIC teaming is being configured on the server. Layer 2 | 527 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 528
www.dell.com | support.dell.com Note: If this command is not configured, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 24-3. Configuring mac-address-table station-move refresh-arp Command MAC: A:B:C:D IP: 1.1.1.1 X Port 0/1 Move MAC - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 529
Microsoft Clustering e Microsoft Clustering is supported only on platform: Microsoft Clustering allows a reply, the Dell Force10 switch learns the active server's MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server's actual - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 530
Server1: IPS1 MACS1 Server2: IPS2 MACS2 Server3: IPS3 MACS3 VLAN 1 Client Data Server4: IPS4 MACS4 fnC0028mp Configuring the Switch for Microsoft Server Clustering To preserve failover and balancing, the Dell Force10 switch must learn the cluster's virtual MAC address, and it must forward - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 531
, so failover has no effect on the feature. Configuring Redundant Pairs e c s Configuring Redundant Pairs is supported on platforms: z Networks that employ switches that do not support Spanning Tree (STP)-for example, networks with Digital Subscriber Line Access Mutiplexers (DSLAM)-cannot have - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 532
www.dell.com | support.dell.com Figure 24-7. Configuring Redundant Layer 2 Pairs without Spanning Tree Redundant links create a switching loop. Without STP broadcast storms occurs. Use backup interfaces to create redundant links in networks without STP FTOS(conf-if-gi-3/41)#switchport FTOS(conf- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 533
Important Points about Configuring Redundant Pairs • You may not configure any interface to be a backup for more than one interface, no interface can have more than one backup, and a backup interface may not have a backup interface. • Neither the active nor the backup interface may be a member of a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 534
dell.com | support.dell Manual administratively down down GigabitEthernet 3/42 unassigned YES Manual up up [output omitted] Restricting Layer 2 Flooding e Restricting Layer 2 Flooding is supported the min-speed option, to allow some specific multicast traffic (identified using a MAC address - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 535
multicast traffic to be flooded on all ports, but some specific traffic to be restricted, use mac-flood-list with the min Failure Detection Far-end Failure Detection is supported on platforms: e Z Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 536
www.dell.com | support.dell.com Figure 24-10. Configuring Far-end Failure Detection FTOS( interface in the same state, manual intervention is required to reset the interface. FEFD enabled systems (comprised of one or more interfaces) will automatically switch between four different states: Idle, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 537
changes to Err-disabled. All interfaces in the Err-disabled state must be manually reset using the fefd reset [interface] command in EXEC privilege mode (it interface FEFD configurations override global FEFD configurations. • FTOS supports FEFD on physical Ethernet interfaces only, excluding the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 538
www.dell.com | support.dell.com Report interval frequency and mode adjustments can be made by supplementing this command as well. Step 1 2 3 Task Setup two or more connected interfaces for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 539
Step 3 Task Enable FEFD on each interface Command Syntax Command Mode fefd {disable | interval | mode} INTERFACE Figure 24-12. FEFD enabled interface configuration FTOS(conf-if-gi-1/0)#show config ! interface GigabitEthernet 1/0 no ip address switchport fefd mode normal no shutdown FTOS(conf- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 540
www.dell.com | support.dell.com During an RPM Failover In the event that an RPM failover occurs, FEFD will become operationally down on all enabled ports for approximately 8-10 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 541
(LLDP) e c s z Link Layer Discovery Protocol (LLDP) is supported only on platforms: This chapter contains the following sections: • 802.1AB base (MIB) on each device, and is accessible via SNMP. Protocol Data Units Configuration information is exchanged in the form of Type, Length, Value - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 542
www.dell.com | support.dell.com TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 25-2), which is transmitted are Management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 25-2. LLDPDU Frame Preamble Start Frame Destination MAC Source - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 543
of information in the following data field. The sub-types are determined by the owner of the OUI. Figure 25-3. Organizationally Specific TLV TLV Type (127) FTOS does not currently support this TLV. IEEE 802.1 Organizationally Specific TLVs 127 Port-VLAN ID On Dell Force10 systems, indicates the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 544
port can process. FTOS does not currently support this TLV. IEEE 802.3 Organizationally Specific TLVs 127 MAC/PHY Configuration/Status Indicates to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Force10 system is an LLDP-MED network connectivity - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 545
TIA Organizationally Specific TLVs The Dell Force10 system is an LLDP-MED Network Connectivity Services ELIN Indicates power requirements, priority, and power status Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. FTOS does not currently support - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 546
values of the LLDP-MED Device Type is listed in Table 25-5. The Dell Force10 system is a Network Connectivity device, which is Type 4. When you enable MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved FTOS Support Yes Yes Yes Yes No No No Table 25-5. LLDP-MED Device Types - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 547
configuration and associated Layer 2 and Layer 3 configurations, specifically: • VLAN ID • VLAN tagged or untagged data. Specify this application type for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 548
www.dell.com | support.dell.com Figure 25-5. LLDP-MED Policies TLV TLV Type (127) 7 bits TLV Length to a value of 2 based on the TIA-1057 specification. You can configure a different power priority through the CLI, Dell Force10 also honors the power priority value sent by the powered device - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 549
LLDP is disabled by default. • Dell Force10 systems support up to 8 neighbors per interface. • Dell Force10 systems support a maximum of 8000 total neighbors per • Configurations made at INTERFACE level affect only the specific interface, and they override CONFIGURATION level configurations. Link Layer - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 550
www.dell.com | support.dell.com Figure 25-7. Configuration and Interface mode LLDP Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces will send LLDPDUs with the specified - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 551
voice •streaming-video •video-conferencing •video-signaling •voice •voice-signaling advertise {management-tlv | dot1-tlv | dot3-tlv | med} Note: vlan-name is supported on C-Series and S-Series only. CONFIGURATI ON or INTERFACE PROTOCOL LLDP In Figure 25-8, LLDP is enabled globally. R1 and R2 are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 552
www.dell.com | support.dell.com Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either CONFIGURATION or INTERFACE mode, as shown in Figure 25-9 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 553
since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Force10 Networks Real Time Operating System Software . Dell Force10 Operating System Version: 1.0. Force10 App lication Software Version: 7.5.1.0. Copyright (c) 19 99-Build Time: Thu Aug 9 01:05:51 PDT - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 554
www.dell.com | support.dell.com Figure 25-13. Configuring LLDPDU Transmit and Receive Mode R1(conf)# no disable R1(conf-lldp)# Configuring Transmit and Receive Mode Once LLDP is enabled, Dell Force10 systems transmit and receive LLDPDUs by default. You can configure the system-at CONFIGURATION - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 555
-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a Time to Live (TTL). The TTL is the product of the LLDPDU transmit interval (hello - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 556
www.dell.com | support.dell.com Figure 25-15. Configuring LLDPDU Time to Live R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 557
FTOS supports all IEEE 802.1AB MIB objects. • Table 25-7 lists the objects associated with received and transmitted TLVs. • Table 25-8 lists the objects associated with the LLDP configuration on the local agent. • Table 25-9 lists the objects associated with IEEE 802.1AB Organizationally Specific - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 558
www.dell.com | support.dell.com Table 25-7. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration Basic TLV Selection LLDP Statistics adminStatus lldpPortConfigAdminStatus - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 559
Table 25-8. LLDP System MIB Objects TLV Type TLV Name 1 Chassis ID TLV Variable chassis ID subtype chassid ID 2 Port ID port subtype port ID 4 Port Description port description 5 System Name system name 6 System Description system description 7 System Capabilities system - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 560
www.dell.com | support.dell.com Table 25-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name 127 Port-VLAN ID 127 Port and Protocol VLAN ID 127 VLAN Name TLV Variable System PVID Local Remote port and protocol VLAN supported Local Remote port and protocol VLAN - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 561
Policy TLV Variable Application Type Unknown Policy Flag Tagged Flag VLAN ID L2 Priority DSCP Value 3 Location Identifier Location Data Format Location ID Data System Local Remote Local Remote Local Remote Local Remote Local Remote Local Remote Local Remote Local Remote LLDP-MED MIB - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 562
www.dell.com | support.dell.com Table 25-10. LLDP-MED System MIB Objects (continued) TLV Sub-Type TLV Name 4 Extended Power via MDI TLV Variable Power Device Type Power - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 563
26 Multicast Source Discovery Protocol (MSDP) e z Multicast Source Discovery Protocol (MSDP) is supported on platforms: Protocol Overview Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 PIM-SM domains. A domain in the context of MSDP is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 564
www.dell.com | support.dell.com OSPF + PIM OSPF + PIM Figure 26-1. Multicast Source Discovery Protocol AS X Area 0 + (639) Seq. Number Ack. Number Offset Reserved Flags Window Checksum Urgent Options Data Type Length Code: 1: IPv4 Source-active 2: IPv4 Source-active Request 3: IPv4 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 565
Anycast RP Using Multicast Source Discovery Protocol (MSDP), Anycast RP provides load sharing and redundancy in Protocol Independent Multicast sparse mode (PIM-SM) networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 566
www.dell.com | support.dell.com Related Configuration Tasks • Enable MSDP • Manage the Source-active Cache • Accept Source-active Messages that fail the RFP Check • Limit the Source-active Messages - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 567
Figure 26-3. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP) | 567 interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 568
Figure 26-4. Configuring OSPF and BGP for MSDP 568 | Multicast Source Discovery Protocol (MSDP) www.dell.com | support.dell.com router ospf 1 network 192.168.0.1/32 area 0 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 redistribute static redistribute connected redistribute bgp 100 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 569
Figure 26-5. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) | 569 AS 100 PIM + IGMP ip multicast routing ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 PC 2 Source: 239.0.0.1 2/1 R2 2/11 2/31 PIM + IGMP PC 3 Receiver: 239.0.0.1 4/1 4/31 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 570
Figure 26-6. Configuring MSDP 570 | Multicast Source Discovery Protocol (MSDP) www.dell.com | support.dell.com R2_E300(conf)#do show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 571
its domain (domain-local), and the sources which it has learned from its peers (domain-remote). By caching sources: • domain-local receivers experience a lower join latency, Multicast Source Discovery Protocol (MSDP) | 571 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 572
www.dell.com | support.dell.com • RPs can transmit SA messages periodically to prevent SA storms, Cache Task Clear the SA cache of all, local, or rejected entries, or entries for a specific group. Command Syntax Command Mode clear ip msdp sa-cache CONFIGURATION [group-address | local | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 573
Enable the Rejected Source-active Cache Active sources can be rejected because • the RPF check failed, • the SA limit is reached, • the peer RP is unreachable, • or because of an SA message format error. Task Cache rejected sources. Command Syntax ip msdp cache-rejected-sa Command Mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 574
www.dell.com | support.dell.com MSDP Peership Figure 26-10. MSDP Default Peer Scenario 1 RP4 (S4, G4) RP5 (S5, G5) Scenario 2 RP4 (S4, G4) RP5 (S5, G5) MSDP Peership ( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 575
Task Command Syntax Command Mode Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 576
www.dell.com | support.dell.com Prevent MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 577
OPTIONAL: Cache sources that are denied by the SA filter in the rejected SA cache. Prevent the system from caching remote sources learned from a specific peer based on source and group. ip msdp cache-rejected-sa ip msdp sa-filter list out peer list ext-acl Command Mode CONFIGURATION CONFIGURATION - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 578
www.dell.com | support.dell.com Prevent MSDP from Advertising a Local Source Task Command Syntax Prevent an RP from advertising a source in the SA ip msdp sa-filter list in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 579
Log Changes in Peership States Task Log peership state changes. Command Syntax ip msdp log-adjacency-changes Command Mode CONFIGURATION Terminate a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 580
www.dell.com | support.dell.com Clear Peer Statistics Task Reset the TCP connection to the peer and clear all peer statistics. Command Syntax clear ip msdp peer peer-address - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 581
per group, all joins are sent to that RP regardless of the topological distance between the RP, sources, and receivers, and data is transmitted to the RP until the SPT switch threshold is reached. • slow convergence when an active RP fails: When multiple RPs are configured, there can be considerable - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 582
www.dell.com | support.dell.com OSPF + PI OSPF + PIM Figure 26-18. MSDP with Anycast RP AS X Area 0 + IGMP M (10.11.4.2, 239.0.0.1), uptime 00:00:52, expires 00:03: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 583
Reducing Source-active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 584
www.dell.com | support.dell.com Figure 26-19. R1 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 585
Figure 26-20. R2 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 586
www.dell.com | support.dell.com Figure 26-21. R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 587
MSDP Sample Configurations The following figures show the running-configurations for the routers shown in figures Figure 26-5, Figure 26-4, Figure 26-5, Figure 26-6. Figure 26-22. MSDP Sample Configuration: R1 Running-config ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 588
www.dell.com | support.dell.com Figure 26-23. MSDP Sample Configuration: R2 Running-config ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 589
Figure 26-24. MSDP Sample Configuration: R3 Running-config ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 590
www.dell.com | support.dell.com Figure 26-25. MSDP Sample Configuration: R4 Running-config ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 591
27 Multiple Spanning Tree Protocol (MSTP) e c s z Multiple Spanning Tree Protocol (MSTP) is supported on platforms: Protocol Overview Multiple Spanning Tree Protocol (MSTP)-specified in IEEE 802.1Q-2003-is an RSTP-based spanning tree variation that improves on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 592
Spanning Tree, as shown in Table 44. Table 27-1. FTOS Supported Spanning Tree Protocols Dell Force10Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning Tree Plus IEEE Specification 802.1d 802.1w 802.1s Third Party Implementation Information - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 593
• Preventing Network Disruptions with BPDU Guard on page 883 • SNMP Traps for Root Elections and Topology Changes on page 779 • Configuring Spanning Trees as Hitless on page 886 Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step 1 2 Task Enter PROTOCOL - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 594
www.dell.com | support.dell.com Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 595
200,300 MSTI 2 bridge-priority 0 Interoperate with Non-FTOS Bridges FTOS supports only one MSTP region. A region is a combination of three unique qualities . The default values for name and revision will match on all Dell Force10 FTOS equipment. If you have non-FTOS equipment that will participate - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 596
www.dell.com | support.dell.com To change the the time interval in which the bridge sends MSTP Bridge Protocol Data Units (BPDUs). • Max-age is the length of time BPDU can travel before a receiving switch discards it. Note: Dell Force10recommends that only experienced network administrators change - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 597
Task Command Syntax Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds Change the max-age parameter. Range: 6 to 40 Default: 20 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 598
www.dell.com | support.dell.com Table 27-2. MSTP Default Port Cost Values Port Cost 10-Gigabit Ethernet interfaces Port Channel with 100 Mb/s Ethernet interfaces Port Channel with 1-Gigabit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 599
spanning-tree mstp from EXEC Privilege mode. MSTP Sample Configurations The running-configurations in Figure 27-10, Figure 27-11, and Figure 27-11 support the topology shown in Figure 27-9. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 27-13, could - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 600
www.dell.com | support.dell.com Blocking Figure 27-9. MSTP with Three VLANs Mapped to Two Spanning Tree Instances root R1 R2 1/2 Forwarding 2/1 1/3 2/3 3/1 3/2 R3 Figure 27-10. Router 1 Running-configuration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 601
Figure 27-11. Router 2 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 2/11 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 602
www.dell.com | support.dell.com Figure 27-12. Router 3 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 603
Figure 27-13. SFTOS Example Running-Configuration spanning-tree spanning-tree configuration name Tahiti spanning-tree configuration revision 123 spanning-tree MSTi instance 1 spanning-tree MSTi vlan 1 100 spanning-tree MSTi instance 2 spanning-tree MSTi vlan 2 200 spanning-tree MSTi vlan 2 300 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 604
www.dell.com | support.dell.com Figure 27-14. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 605
Figure 27-15. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 27-16. Displaying BPDUs and Events - Debug Log of Successful MSTP Configuration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 606
www.dell.com | support.dell.com 606 | Multiple Spanning Tree Protocol (MSTP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 607
Multicast on page 609 • Multicast Policies on page 610 • Multicast Traceroute on page 617 FTOS supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) on page 673 • PIM Source-Specific Mode (PIM-SSM) on page 683 • Internet Group Management Protocol (IGMP) on page 361 • Multicast - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 608
www.dell.com | support.dell.com Multicast with ECMP Dell Force10 multicast uses Equal-cost Multi-path (ECMP) routing the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, FTOS might forward data traffic with certain MAC addresses to the CPU in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 609
drops represent a loss of native data, and when the system is an RP only, the initial packets drops represent a loss of register packets. Both scenarios might be unacceptable depending on the multicast application. Beginning with the FTOS versions above, when the Dell Force10 system is the RP, and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 610
www.dell.com | support.dell.com Multicast Policies FTOS offers parallel Multicast features for IPv4 and IPv6. • IPv4 Multicast Policies on page 610 • IPv6 Multicast Policies on page 615 IPv4 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 611
You can prevent a host from joining a particular group by blocking specific IGMP reports. Create an extended access list containing the permissible source-group configuring an IGMP join request filter in this order might result in data loss. If you must enter the command ip igmp access-group before - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 612
Figure 28-2. Preventing a Host from Joining a Group 612 | Multicast Features www.dell.com | support.dell.com Source 2 10.11.1.2 interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown interface GigabitEthernet 3/21 ip pim sparse- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 613
Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 614
Figure 28-3. Preventing a Source from Transmitting to a Group 614 | Multicast Features www.dell.com | support.dell.com R2(conf )#do show ip pim tib interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.23.2/24 PIM Multicast Routing Table - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 615
Prevent a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group. IPv6 Multicast Policies e IPv6 Multicast - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 616
www.dell.com | support.dell.com Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax on the source DR, prevent the source DR from sending register packets to the RP for specific sources and groups. ipv6 pim register-filter access-list FTOS(conf)#ipv6 pim register-filter REG- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 617
Traceroute e Multicast Traceroute is supported only on platform: MTRACE is static mroutes and mBGP routes are preferred over unicast routes. When a Dell Force10 system is the last hop to the destination, FTOS sends a -1 10.11.3.1 PIM Reached RP/Core [default] -2 10.11.5.2 Multicast Features | 617 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 618
618 | Multicast Features www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 619
a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Force10 Operating System (FTOS). Note: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, etc.) are the same between OSPFv2 and OSPFv3. Where there are differences - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 620
www.dell.com | support.dell.com Protocol Overview Open Shortest Path First (OSPF) routing is a link-state routing protocol that calls for the sending of Link-State Advertisements (LSAs) to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 621
Figure 29-1. Autonomous System Areas Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 622
www.dell.com | support.dell.com A Stub Area (SA) does not receive external route information, associated with a valid IP address. However, Dell Force10 recommends that the router ID and the router's IP address reflect each other to make troubleshooting easier. Figure 29-2 gives some examples of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 623
Figure 29-2. OSPF Routing Examples Backbone Router (BR) A Backbone Router (BR) is part of the OSPF Backbone, Area 0. This includes all Area Border Routers (ABRs). It can also include any routers that connect only to the Backbone and another ABR, but are only part of Area 0, such as Router I in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 624
www.dell.com | support.dell.com Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 625
them as if they are understood, while ignoring them in their own SPF algorithms. • OSPFv2 always discards unknown LSA types. The LSA types supported by Dell Force10 are defined as follows: • Type 1 - Router LSA • The router lists links to other routers or networks in the same area. Type 1 LSAs are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 626
www.dell.com | support.dell.com For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the Link-State ID. Each - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 627
OSPF MP) on OSPFv2 only. The S-Series supports up to 16 processes simultaneously. The S4810 and Z9000 platforms support 32 OSPF processes simultaneously. On OSPFv3, FTOS supports only one process at a time for all platforms. Prior to 7.8.1.0, FTOS supports 1 OSPFv2 and 1 OSPFv3 process ID per system - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 628
necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by . This should happen before the grace period expires. Dell Force10 routers support the following OSPF graceful restart functionality: • Restarting role - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 629
planned-only and/or unplanned-only restarts. The default is support for both planned and unplanned restarts. A planned restart occurs when you enter the redundancy force-failover rpm command to force the primary RPM to switch to the backup RPM. During a planned restart, OSPF sends out a Grace - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 630
www.dell.com | support.dell.com • The E-Series supports up to 28 OSPFv2 processes. • The C-Series supports up to 6 OSPFv2 processes. • The S50 and S25 support up to 4 OSPFv2 processes. • The S55 and S60 support up to 16 OSPFv2 processes. • The S4810 and Z9000 support up to 32 OSPFv2 processes. Each - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 631
OSPF Flooding FTOS#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It To ensure equal intervals between the routers, manually set the dead interval of the Dell Force10 router to match the Cisco configuration. Use - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 632
FTOS (conf-if-gi-2/2)# Dead Interval Set at 4x Hello Interval For more information regarding this functionality or for assistance, go to http://support.dell.com/force10. Configuration Information The interfaces must be in Layer-3 mode (assigned an IP address) and enabled so that they can send and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 633
Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms: c e s z 1. Configure a physical graceful restart • Redistribute routes • Troubleshooting OSPFv2 For a complete listing of the OSPF section in the FTOS Command Line Interface Guide. Enable OSPFv2 Assign an IP address to an - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 634
www.dell.com | support.dell.com Use these commands on one of the interfaces to is not required to be the router's IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting: Command Syntax router-id ip address Command Mode Usage CONFIG - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 635
status. Figure 29-8. Command Example: show ip ospf process-id FTOS#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 0, normal 0 stub - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 636
www.dell.com | support.dell. router's IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting. Command Syntax router-id interface and assign an network address range to a specific OSPF area. IP Address Format: A.B.C.D/M Area ID Range: 0- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 637
-3 interface with IP Address and no shutdown Assign interface's IP Address to an Area Dell Force10 recommends that the OSPFv2 Router ID be the interface IP addresses for easier management and troubleshooting. Use the show config command in CONFIGURATION ROUTER OSPF mode to view the configuration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 638
www.dell.com | support.dell.com Figure 29-10. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface GigabitEthernet 12/17 is up, line protocol is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 639
Configure stub areas OSPF supports different types of LSAs to help reduce the amount of show ip ospf process-id [vrf vrf name] database database-summary EXEC Privilege configure EXEC Privilege Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs. vrf - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 640
www.dell.com | support.dell.com Configure OSPF Stub-Router Advertisement c e Configure OSPF Stub-Router Advertisement is supported on platforms: When networks through the new router for a specified time until the router's switching and routing functions are up and running, and the routing tables in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 641
the keyword vlan followed by a number from 1 to 4094 (e.g., passive-interface vlan 2222). E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. The default keyword sets all interfaces on this OSPF process as passive. The passive - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 642
can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Higher convergence levels should only be selected following consultation with Dell Force10 technical support. 642 | Open Shortest Path First (OSPFv2 and OSPFv3) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 643
#(conf-router_ospf-1)#no fast-converge FTOS#(conf-router_ospf-1)#ex FTOS#(conf)#ex FTOS##show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 0 Min LSA origination 5 secs, Min - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 644
www.dell.com | support.dell.com Use any or all of the following commands in can configure a maximum of six digest keys on an interface. Of the available six digest keys, the switches select the MD5 key that is common. The remaining MD5 keys are unused. CONFIG-INTERFACE Change the priority of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 645
Graceful Restart is enabled for the global OSPF process. Use these commands to configure OSPFv2 graceful restart. Refer to Graceful Restart for feature details. The Dell Force10 implementation of OSPFv2 graceful restart enables you to specify: Open Shortest Path First (OSPFv2 and OSPFv3) | 645 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 646
www.dell.com | support.dell.com • grace supports graceful-restart for planned restarts only. A planned restart is when the user manually enters a fail-over command to force the primary RPM over to the secondary RPM. During a planned restart, OSPF sends out a Grace LSA before the system switches - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 647
OSPF OSPF-id graceful-restart to its default state. For more information on OSPF graceful restart, refer to the FTOS Command Line Interface Reference Guide. Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 648
www.dell.com | support.dell.com Use the following commands in CONFIGURATION-ROUTER OSPF mode bgp, connected, isis, rip, or static: enter one of the keyword to redistribute those routes. rip is supported only on E-Series. • metric metric-value range: 0 to 4294967295. • metric-type metric-type: 1 for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 649
included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show interfaces • show protocols • debug ip ospf events OSPF, you must enter the Process ID to view information regarding a specific OSPF process. If you do not enter the Process ID, only the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 650
www.dell.com | support.dell.com Use the show running-config ospf command to see the state of all the enabled OSPFv2 processes. Command Syntax show running-config ospf Command - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 651
process: Command Syntax debug ip ospf process-id [event | packet | spf] Command Mode Usage EXEC Privilege View debug messages. To view debug messages for a specific OSPF process ID, enter debug ip ospf process-id. If you do not enter a process ID, the command applies to the first OSPF process - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 652
www.dell.com | support.dell.com Sample Configurations for OSPFv2 The following configurations are and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc. Basic OSPFv2 Router Topology The following illustration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 653
is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. Note: IPv6 and OSPFv3 do not support Multi-Process OSPF. Only a single OSPFv3 process is can be enabled. • Enable IPv6 Unicast Routing • Assign IPv6 addresses on an interface • Assign - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 654
www.dell.com | support.dell.com Enable IPv6 Unicast Routing Command Syntax ipv6 unicast routing Command Mode CONFIGURATION Usage Enables IPv6 unicast routing globally. Assign IPv6 addresses on an interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 655
all some of the interfaces will be passive. Interface identifies the specific interface that will be passive. • For a Gigabit Ethernet interface vlan 2222). E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. To enable both - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 656
www.dell.com | support.dell.com Redistribute routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command syntax, you can include - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 657
Planned-only. The OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover switches over to the secondary RPM. OSPFv3 is notified that a planned restart is happening. • Unplanned-only. The OSPFv3 router supports - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 658
www.dell.com | support.dell.com To display information on the use and configuration of OSPFv3 graceful restart, enter any of the following commands: Command Syntax Command Mode Usage show - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 659
Restart Reason : Switch to Redundant Processor OSPFv3 Authentication Using IPsec e z OSPFv3 Authentication Using IPsec is supported only on to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 660
www.dell.com | support.dell.com • The encapsulating security payload encapsulates data, enabling the protection of data that follows in the datagram. ESP provides authentication and confidentiality of every packet. The ESP extension header is designed to provide a combination of security services - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 661
for full confidentiality. • 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted keys are supported. Note: You may encrypt all keys on a router by using the service password-encryption command in global configuration mode. However, this command does not provide - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 662
www.dell.com | support.dell.com To configure IPsec authentication on an interface, enter the following command: Command Syntax ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} [key-encryption- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 663
algorithm used with ESP. Valid values: 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. key specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 664
www.dell.com | support.dell.com Configuring IPsec Authentication for an OSPFv3 Area Prerequisite: Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3 globally on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 665
algorithm used with ESP. Valid values: 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. key specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 666
www.dell.com | support.dell.com If you have enabled IPsec authentication in an OSPFv3 area with the area authentication command, you cannot use the area encryption command in the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 667
Figure 29-25. Command Example: show crypto ipsec policy FTOS#show crypto ipsec policy Crypto IPSec client security policy data Policy name Policy refcount : OSPFv3-1-502 : 1 In this encryption policy, the keys are not encrypted. Inbound ESP SPI : 502 (0x1F6) Outbound ESP SPI : 502 (0x1F6) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 668
www.dell.com | support.dell.com To display the IPsec security associations (SAs) used on OSPFv3 authentication and encryption policies on the router. To display information on the SAs used on a specific interface, enter interface interface, where interface is one of the following values: For a 1- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 669
-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 670
www.dell.com | support.dell.com Troubleshooting OSPFv3 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt the OSPFv3 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 671
by the slot/port information (e.g., passive-interface ten 2/3). • For a VLAN, enter the keyword vlan followed by a number from 1 to 4094 (e.g., passive-interface vlan 2222). FTOS supports 4094 VLANs. Open Shortest Path First (OSPFv2 and OSPFv3) | 671 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 672
www.dell.com | support.dell.com 672 | Open Shortest Path First (OSPFv2 and OSPFv3) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 673
The Dell Force10 implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • C-Series supports a PM-SM switches to shortest path trees (SPT) to forward multicast traffic. Every multicast group has an RP and a unidirectional shared tree (group-specific shared tree). - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 674
www.dell.com | support.dell.com Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 675
disruption. Therefore, the router must prune itself from the RPT as soon as possible. FTOS optimizes the shared to shortest-path tree switchover latency by copying and forwarding the first (S,G) packet received on the SPT to the PIM task immediately upon arrival. The arrival of the (S,G) packet - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 676
www.dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step Task 1 Enable multicast routing on the system. 2 Enable PIM-Sparse Mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 677
Figure 30-3. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 678
www.dell.com | support.dell.com Step 3 Task Command Syntax Command Mode Set the expiry time for a specific (S,G) entry (Figure 30-4). Range point is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. Identify an RP by the IP address of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 679
Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 680
hello information about that neighbor should be discarded and superseded by the information from the new hello message. FTOS supports graceful restart based on the GenID. A Dell Force10 PIM router announces its graceful restart capability to its neighbors up front as an option in its hello messages - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 681
PIM states of a neighboring router while the neighbor gracefully restarts, but the Dell Force10 system allows itself to be taken off the forwarding path if it restarts. with some exceptions. • The following tables are not supported: • pimBidirDFElectionTable • pimAnycastRPSetTable • The OIDs related - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 682
682 | PIM Sparse-Mode (PIM-SM) www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 683
-Specific Mode (PIM-SSM) is supported on platforms: PIM-Source-Specific the source sending multicast data. Multicast traffic passes from the switches to the SPT. PIM-SSM uses IGMPv3. Since receivers subscribe to a source and group, the RP and shared tree is unnecessary, so only SPTs are used. On Dell - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 684
Figure 31-1. PIM-SM with IGMPv2 versus PIM-SM with IGMPv3 684 | PIM Source-Specific Mode (PIM-SSM) www.dell.com | support.dell.com R2(conf )#do show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 685
Dell Force10implementation of PIM-SSM is based on RFC 3569. • C-Series supports a maximum of 31 PIM interfaces and 4K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors C-Series can have. • S-Series supports PIM Source-Specific Mode (PIM-SSM) | 685 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 686
www.dell.com | support.dell.com Enable PIM-SSM To enable PIM-SSM: Step 1 2 Task Command Syntax Create an ACL that uses permit rules to specify enter multiple ssm-map commands for the same access list, as long as they use different source addresses. 686 | PIM Source-Specific Mode (PIM-SSM) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 687
currently in the IGMP group table using the command show ip igmp groups group detail, as shown in Figure 31-4 on page 689. PIM Source-Specific Mode (PIM-SSM) | 687 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 688
Figure 31-3. Using PIM-SM with IGMPv2 versus PIM-SSM with IGMPv2 688 | PIM Source-Specific Mode (PIM-SSM) www.dell.com | support.dell.com R2(conf )#do show ip pim tib PIM Multicast Routing Table R3(conf )#do show ip pim tib Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 689
INCLUDE Last report received ALLOW Group source list Source address 10.11.5.2 Member Ports: Gi 1/2 Uptime 00:00:05 Expires 00:02:04 PIM Source-Specific Mode (PIM-SSM) | 689 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 690
www.dell.com | support.dell.com 690 | PIM Source-Specific Mode (PIM-SSM) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 691
on physical ports only; VLAN and port-channel interfaces do not support port monitoring. • A SONET port may only be a monitored port. • The Monitored (source, "MD") and Monitoring ports (destination, "MG") must be on the same switch. • In general, a monitoring port should have no ip address and no - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 692
www.dell.com | support.dell.com • The C-Series and S-Series may only have four port-pipe. Port Monitoring on E-Series Both the E-Series TeraScale and E-Series ExaScale support the following. • FTOS supports one destination (MG) port per monitoring session. The same destination port (MG) can - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 693
0 MD MG Monitor Session 1 MD MG Monitor Session 2 MD Monitor Session 3 MD Port Monitoring 002 E-Series ExaScale FTOS on E-Series ExaScale supports a single destination (MG) port monitoring multiple multiple source (MD) ports in one monitor session. One monitor session can have only one - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 694
www.dell.com | support.dell.com The number of source ports FTOS allows within a port-pipe is equal to the number of physical ports in the port-pipe (n). However, n number - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 695
Figure 32-4. Number of Monitoring Ports on the C-Series and S-Series FTOS(conf-mon-sess-300)#do show mon session SessionID Source Destination --------- ------ ----------- 0 Gi 0/13 Gi 0/1 10 Gi 0/14 Gi 0/2 20 Gi 0/15 Gi 0/3 30 Gi 0/16 Gi 0/37 100 Gi 0/25 Gi 0/38 110 Gi 0/26 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 696
www.dell.com | support.dell.com FTOS Behavior: The C-Series and S-Series continue to mirror outgoing traffic even after an MD participating in Spanning Tree Protocol transitions from the forwarding - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 697
Figure 32-7. Port Monitoring Example Host Traffic 1/1 1/3 Server Traffic 1/2 Host Server FTOS(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 no ip address no shutdown Sniffer FTOS(conf )#monitor session 0 FTOS(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 698
www.dell.com | support.dell.com Flow-based Monitoring e Flow-based Monitoring is supported only on platform Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface. This feature is particularly useful when - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 699
c s z The Private VLAN (PVLAN) feature is supported on platforms: For syntax details on the commands discussed are especially useful in the service provider environment, because, multiple customers are likely to maintain servers that must be strictly separated in customer-specific groups. A set of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 700
www.dell.com | support.dell.com Private VLAN Concepts The VLAN types in a private VLAN (PVLAN) contain ports configured as host. Primary VLAN-A primary VLAN is the base VLAN of a private VLAN: • A switch can have one or more primary VLANs, and it can have none. • A primary VLAN has one or more - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 701
24, Layer 2. Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 33-1. Private VLAN The outputs of the following commands are augmented in FTOS 7.8.1.0 to provide PVLAN data: • show arp: See the IP Routing Commands chapter in the FTOS Command - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 702
www.dell.com | support.dell.com Private VLAN Configuration Task List The following sections contain the in isolated or community VLAN) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) For interface details, see Enable a Physical Interface on page 376 in Chapter - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 703
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 704
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 705
Figure 33-2. Configuring VLANs for a Private VLAN FTOS#conf FTOS(conf)# interface vlan 10 FTOS(conf-vlan-10)# private-vlan mode primary FTOS(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 FTOS(conf-vlan-10)# untagged Gi 2/1 FTOS(conf-vlan-10)# tagged Gi 2/3 FTOS(conf)# interface vlan 101 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 706
www.dell.com | support.dell.com The result is that: • The ports in community show running-config | grep string), you can display a specific part of the running-config. Figure 33-8 shows the PVLAN parts of the running-config from the S50V switch in the topology diagram shown in Figure 33-3, above. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 707
: Display the primary-secondary VLAN mapping. See the example output from the S50V, above, in Figure 33-6. • Two show commands revised to display PVLAN data are: • show arp • show vlan: See revised output in Figure 33-7. Figure 33-4. show vlan private-vlan Example Output from C300 c300-1#show vlan - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 708
www.dell.com | support.dell.com Figure 33-8. Example running-config Output of PVLAN Configuration from S50V ! interface GigabitEthernet 0/3 no ip address switchport switchport mode private-vlan promiscuous no shutdown ! - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 709
34 Per-VLAN Spanning Tree Plus (PVST+) e c s z Per-VLAN Spanning Tree Plus (PVST+) is supported platforms: Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree-developed by a third party- that allows you to configure a separate Spanning - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 710
Supported Spanning Tree Protocols Dell Force10Term Spanning Tree Protocol (STP) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST+) IEEE Specification the default costs if you are using Dell Force10 systems in a multi-vendor network, verify - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 711
• PVST+ in Multi-vendor Networks on page 716 • PVST+ Extended System ID on page 716 • PVST+ Sample Configurations on page 717 Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally: Step 1 2 Task Enter PVST context. Enable PVST+. Command Syntax - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 712
www.dell.com | support.dell.com Forwarding Figure 34-3. Load Balancing with PVST+ STI 2 root vlan 100 bridge-priority 4096 R2 STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 2/ - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 713
Hello-time is the time interval in which the bridge sends Bridge Protocol Data Units (BPDUs). • Max-age is the length of time the bridge -time parameter. Note: With large configurations (especially those with more ports) Dell Force10recommends that you increase the hello-time. Range: 1 to 10 Default: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 714
www.dell.com | support.dell.com Task Change the max-age parameter. Range: 6 to 40 as the default costs. Other implementations use IEEE 802.1d costs as the default costs if you are using Dell Force10systems in a multi-vendor network, verify that the costs are values you intended. To change the port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 715
Task Change the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 Command Syntax spanning-tree pvst vlan priority Command Mode INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 34 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 716
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: VLAN unaware. There is no data loop in the above scenario, however, PVST+ can be employed to avoid potential misconfigurations. If PVST+ is enabled on the Dell Force10 switch in this network, P1 and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 717
Figure 34-5. PVST+ with Extend System ID Dell Force10 System P1 untagged in VLAN 10 XP2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled VLAN unaware Hub Task Command - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 718
www.dell.com | support.dell.com Figure 34-6. PVST+ Sample Configuration: R1 Running-configuration interface GigabitEthernet 1/22 no ip address switchport no shutdown ! interface GigabitEthernet 1/32 no ip address switchport - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 719
Figure 34-7. PVST+ Sample Configuration: R2 Running-configuration interface GigabitEthernet 2/12 no ip address switchport no shutdown ! interface GigabitEthernet 2/32 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged GigabitEthernet 2/12,32 no shutdown ! interface Vlan - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 720
www.dell.com | support.dell.com 720 | Per-VLAN Spanning Tree Plus (PVST+) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 721
has eight queues per port. Four queues are for data traffic and four are for control traffic. All queues are serviced using the Deficit Round Robin scheduling algorithm. You can only manage queuing prioritization on egress. Table 35-1. FTOS Support for Port-based, Policy-based, and Multicast QoS - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 722
www.dell.com | support.dell.com Table 35-1. FTOS Support for Port-based, Policy-based, and s z c e s z e c e s z c e s z e z Ingress Egress c e s z c e s z c e s z e c s z c e s z c e s z c e s z c e s z ez Ingress + Egress Ingress Egress - Egress ez c e s z - 722 | Quality of Service (QoS) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 723
Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Packet Processing Traffic Shaping Egress Congestion Management (WFQ Scheduling) Congestion Avoidance (WRED) Implementation Information Dell Force10's QoS implementation complies with IEEE 802 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 724
.dell.com | support.dell C-Series and S-Series distribute eight dot1p priorities across four data queues. This is different from the E-Series, which does not honor dot1p priorities on ingress traffic. Use the command service-class dynamic dot1p from INTERFACE mode to honor dot1p priorities on - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 725
hybrid port the frames are classified to the default VLAN of the port, and to a queue according to their dot1p priority dot1p priority if service-class dynamic dotp or trust dot1p are configured. When priority-tagged frames ingress a tagged port, the frames are dropped because for a tagged port the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 726
www.dell.com | support.dell.com Figure 35-5. Displaying your Rate Policing Configuration FTOS#show interfaces gigabitEthernet 1/2 rate police Rate police 300 (50) peak 800 (50 using the keyword rate limit with the command show interfaces, as shown in Figure 35-7. 726 | Quality of Service (QoS) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 727
23386960 red 320605113 Configure Port-based Rate Shaping c e s z Configure Port-based Rate Limiting is supported only on platform FTOS Behavior: On the C-Series and S-Series, rate shaping is effectively rate limiting consist of the components shown in Figure 35-9. Quality of Service (QoS) | 727 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 728
www.dell.com | support.dell.com Figure 35-9. Constructing Policy-based QoS Configurations Interface Input Service Policy 0 Input Policy Map 7 Input Policy Map Output Service Policy 0 Output Policy Map 7 Output Policy Map Class Map DSCP Input QoS Policy L3 ACL L3 Fields Rate Policing - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 729
from POLICY MAP mode. Determine the order in which ACLs are used to classify traffic When you link class-maps to queues using the command service-queue, FTOS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). For example, in Figure 35-10, class-map - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 730
dell.com | support.dell flow Set DSCP values for egress packets based on flow is supported only on platform e Match-any Layer 3 flows may have configured class maps and match criteria Display all class-maps or a specific class map using the command show qos class-map from EXEC Privilege mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 731
"match any," and ClassAF2 is "match all". FTOS#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 FTOS#show running-config class-map ! class-map match-any - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 732
www.dell.com | support.dell.com Create a QoS Policy There are two types of QoS policies: input informational message advising you of the queue to which you should apply the QoS policy (using the command service-queue from POLICY-MAP-IN mode). If you apply the QoS policy to a queue other than the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 733
Configure policy-based rate limiting e Configure policy-based rate limiting is supported only on platform Policy-based rate limiting is configured the same way on Deficit Round Robin (DRR). These strategies both offer a guaranteed data rate. To allocate an amount bandwidth to a queue using the command - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 734
by dividing the bandwidth weight by the sum of all queue weights. Note: Dell Force10 recommends assigning bandwidth to all queues. If queues are left un-allocated, the 14% Specify WRED drop precedence e z Specify WRED drop precedence is supported only on platform 734 | Quality of Service (QoS) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 735
a class-map or input QoS policy to a queue Assign an input QoS policy to a queue using the command service-queue from POLICY-MAP-IN mode. Apply an input QoS policy to an input policy map Apply an input QoS bytes counters are not incremented in show qos statistics. Quality of Service (QoS) | 735 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 736
www.dell.com | support.dell.com Table 35-5. Default DSCP to Queue Mapping DSCP/CP hex range (XXX)xxx DSCP Definition 111XXX 110XXX 101XXX 100XXX 011XXX 010XXX Back to trust diffserve or dot1p e Fall Back to trust diffserve or dot1p is available only on platforms: 736 | Quality of Service (QoS) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 737
0. In the following configuration, packets are classified to queues using the three class maps: ! policy-map-input input-policy service-queue 1 class-map qos-BE1 service-queue 3 class-map qos-AF3 service-queue 4 class-map qos-AF4 ! class-map match-any qos-AF3 match ip dscp 24 match ip access-group - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 738
www.dell.com | support.dell.com To enable Fall Back to trust diffserve or dot1p: Task Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, FTOS uses ACL optimization to conserves CAM space. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 739
policy map to an interface. See page 61. Apply an output QoS policy to a queue Apply an output QoS policy to queues using the command service-queue from INTERFACE mode. Specify an aggregate QoS policy Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode. Apply - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 740
www.dell.com | support.dell.com QoS Rate Adjustment is disabled by default, and no qos-rate- mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage an bandwidth-weight percentage - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 741
Rate 100 100 50 50 25 Create WRED Profiles To create a WRED profile: 1. Create a WRED profile using the command wred from CONFIGURATION mode. Quality of Service (QoS) | 741 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 742
www.dell.com | support.dell.com 2. The command wred places you in green-to each packet based on it DSCP value before queuing it. DSCP is a 6 bit field. Dell Force10 uses the first three bits of this field (DP) to determine the drop precedence. DP values of mode. 742 | Quality of Service (QoS) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 743
#show qos statistics wred-profile Interface Te 0/0 Drop-statistic WRED-name Dropped Pkts Green Yellow Out of Profile WRED1 WRED2 FTOS# 51623 51300 0 Quality of Service (QoS) | 743 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 744
www.dell.com | support.dell.com Pre-calculating Available QoS CAM Space c e s z Pre-calculating Available QoS CAM Space is supported on map size against the CAM space for a specific port-pipe or all port-pipes using these commands: • test cam-usage service-policy input policy-map {linecard | stack- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 745
test cam-usage is useful because it provides this measurement. Figure 35-18. test cam-usage Command Example FTOS# test cam-usage service-policy input pmap_l2 linecard 0 port-set 0 Linecard | Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 0 L2ACL 500 200 Allowed - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 746
746 | Quality of Service (QoS) www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 747
e c s z Routing Information Protocol (RIP) is supported only on platforms: RIP is supported on the S-Series following the release of FTOS version where nodes in a network are located by automatically constructing a routing data table. The routing table is established after RIP sends out one or - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 748
www.dell.com | support.dell.com RIP must receive regular routing updates to maintain a correct routing globally and the other version or both versions on the interfaces. The C-Series and E-Series both support 1,000 RIP routes. Table 36-1 displays the defaults for RIP in FTOS. Table 36-1. RIP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 749
Configuration Task List for RIP • Enable RIP globally on page 749 (mandatory) • Configure RIP on interfaces on page 750 (optional) • Control RIP routing updates on page 751 (optional) • Set send and receive version on page 752 (optional) • Generate a default route on page 754 (optional) • Control - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 750
www.dell.com | support.dell.com When the RIP process has learned the RIP routes, use the show ip rip database command in the EXEC mode to view those routes ( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 751
: Command Syntax neighbor ip-address passive-interface interface Command Mode Purpose ROUTER RIP ROUTER RIP Define a specific router to exchange RIP information between it and the Dell Force10 system. You can use this command multiple times to exchange RIP information with as many RIP networks - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 752
www.dell.com | support.dell.com To add routes from other routing instances or protocols, RIP version for RIP traffic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version. Use the show config command in the ROUTER RIP mode to see whether - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 753
Figure 36-3. show ip protocols Command Example FTOS#show ip protocols Routing Protocols is RIP Sending updates every 30 seconds, next due in 23 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 754
www.dell.com | support.dell.com Figure 36-5. show ip protocols Command Example FTOS#show ip protocols Routing Protocols is RIP Sending updates every 30 seconds, next due in 11 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 755
mask [access-list-name]] ROUTER RIP offset-list access-list-name {in | out} offset ROUTER RIP [interface] Apply a weight to all routes or a specific route and ACL. Configure the following parameters: • weight range: 1 to 255 (default is 120) • ip-address mask: the IP address in dotted decimal - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 756
www.dell.com | support.dell.com To enable RIP debugging, use the following command in the EXEC privilege mode command sequence to configure RIPv2 on the two routers shown in Figure 36-7 - "Core 2" and "Core 3". The host prompts used in the example screenshots reflect those names. The screenshots are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 757
-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.0 version 2 Core2(conf-router_rip)# Core 2 Output The screenshots in this section are: • Figure 36-9: Using show ip rip database command to display - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 758
www.dell.com | support.dell.com Figure 36-10. Using show ip route Command to Show RIP Configuration on Core 2 Core2#show ip route Codes: C - connected, S - Using show ip protocols Command to Show RIP Configuration Activity on Core 2 Core2#show ip protocols Routing Protocol is "RIP" Sending - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 759
(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.0 version 2 Core3(conf-router_rip)# Core 3 RIP Output The screenshots in this section are: • Figure 36-13: Using show ip rip database command to display - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 760
www.dell.com | support.dell.com Figure 36-14. Using show ip routes for Core 3 RIP Setup Core3#show ip routes Codes: C - connected, S - 36-15. Using show ip protocols Command to Show RIP Configuration Activity on Core 3 Core3#show ip protocols Routing Protocol is "RIP" Sending updates every 30 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 761
RIP Configuration Summary Figure 36-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 36-17. Summary of Core 3 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 3/11 ip address 10.11.30.1/24 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 762
www.dell.com | support.dell.com 762 | Routing Information Protocol (RIP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 763
Monitoring (RMON) e c s z Remote Monitoring (RMON) is supported on platform: This chapter describes the Remote Monitoring (RMON): • 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Force10Ethernet Interfaces. RMON operates with SNMP and monitors all nodes on a LAN - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 764
a chassis goes down, all sampled data is lost. But the RMON configurations are saved in the configuration file, and the sampling process continues after the chassis returns to operation. Platform Adaptation-RMON supports all Dell Force10 chassis and all Dell Force10 Ethernet Interfaces. 764 | Remote - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 765
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 766
www.dell.com | support.dell.com Figure 37-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 767
Figure 37-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description "High ifOutErrors" owner nms1 The above configuration example creates RMON event number 1, with the description "High ifOutErrors", and generates a log entry when the event is triggered by an alarm. The - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 768
www.dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 769
Tree, as shown in Table 38-1. Table 38-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term Spanning Tree Protocol (STP) Rapid Spanning Tree Protocol (RSTP)5 Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST+) IEEE Specification 802.1d 802.1w 802.1s Third Party - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 770
Important Points to Remember • RSTP is disabled by default. • FTOS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in multiple messages to the RSTP task. When using the range command, Dell Force10 recommends limiting the range to 5 ports and 40 VLANs. Configure Interfaces - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 771
Figure 38-1. Configuring Interfaces for Layer 2 Mode R1(conf)# int range gi 1/1 - 4 R1(conf-if-gi-1/1-4)# switchport R1(conf-if-gi-1/1-4)# no shutdown R1(conf-if-gi-1/1-4)#show config ! interface GigabitEthernet 1/1 no ip address switchport no shutdown ! interface GigabitEthernet 1/2 no ip address - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 772
www.dell.com | support.dell.com Enable Rapid Spanning Tree Protocol Globally Rapid Spanning Tree Protocol must be enabled globally on all participating bridges; it is not enabled by default. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 773
Figure 38-4. Rapid Spanning Tree Enabled Globally R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 2/3 2/4 root 3/1 3/2 3/3 3/4 R3 Port 684 (GigabitEthernet 4/43) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.684 Designated root has priority 32768, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 774
www.dell.com | support.dell.com Figure 38-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 775
-time is the time interval in which the bridge sends RSTP Bridge Protocol Data Units (BPDUs). • Max-age is the length of time the bridge maintains that information by recomputing the RST topology. Note: Dell Force10 recommends that only experienced network administrators change the Rapid Spanning - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 776
www.dell.com | support.dell.com Table 38-2 displays the default values for : 15 seconds Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Change the max-age - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 777
EdgePort is enabled on a port using the show spanning-tree rstp command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Force10 recommends using the show config command, as shown in Figure 38-7. Rapid Spanning Tree Protocol (RSTP) | 777 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 778
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 779
Figure 38-8. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 780
www.dell.com | support.dell.com 780 | Rapid Spanning Tree Protocol (RSTP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 781
z Security features are supported on platforms: This chapter discusses several ways to provide access security to the Dell Force10system. AAA Accounting on Guide. AAA Accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 782
www.dell.com | support.dell.com Configuration Task List for AAA Accounting The following sections accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+ -Designate the security service. Currently, FTOS supports only - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 783
following commands to enable accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names): -vty)# accounting exec execAcct Monitor AAA Accounting FTOS does not support periodic interim accounting, because the periodic command can cause heavy - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 784
dell.com | support.dell.com No specific service=shell AAA Authentication FTOS supports a distributed client/server system implemented through Authentication, Authorization, and Accounting (AAA) to help secure networks against unauthorized access. In the Dell Force10 implementation, the Dell Force10 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 785
Configure login authentication for terminal lines You can assign up to five authentication methods to a method list. FTOS evaluates the methods in the order in which you enter them in each list. If the first method list does not respond or returns an error, FTOS applies the next method list until - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 786
www.dell.com | support.dell.com To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Force10 recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 787
FTOS(config)# line vty 0 9 FTOS(config-line-vty)# enable authentication mymethodlist Server-side configuration TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an entry for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 788
www.dell.com | support.dell.com • Privilege level 1-is the default level for the EXEC mode. , refer to the Security chapter in the FTOS Command Line Reference Guide. Configure a username and password In FTOS, you can assign a specific username to limit user access to the system. 788 | Security - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 789
followed by the privilege level. If you do not enter a privilege level, the default level 15 is assumed. To configure a password for a specific privilege level, use the following command in the CONFIGURATION mode: Command Syntax enable password [level level] [encryption-mode] password Command Mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 790
www.dell.com | support.dell.com Configure custom privilege levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 791
8 snmp-server FTOS(conf)#end FTOS#show running-config Current Configuration ... ! hostname FTOS ! enable password level 8 notjohn enable password force10 ! username admin password 0 admin username john password 0 john privilege 8 ! The user john is assigned privilege level 8 and assigned a password - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 792
www.dell.com | support.dell.com Figure 39-3. User john's Login and the List of 's privilege level will be the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user. To specify a password for the terminal line, use the following - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 793
2009 American Megatrends, Inc. EVALUATION COPY. Press or to enter setup. Grub 1.99~rc1 (Dell Force10) Built by root at bsdlab on Thu_Aug_18_06:51:21_UTC_2011 Z9000 Boot selector Label 3.0.1.1 NetBoot Label 0.0.0.0 4 During system boot, press ESC when prompted during the countdown to stop - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 794
. RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Force10 system). The system sends user information - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 795
standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. To do this, use the command auto - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 796
www.dell.com | support.dell.com Set access to privilege levels through RADIUS Through the all FTOS commands related to RADIUS, refer to the Security chapter in the FTOS Command Reference Guide. Note: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 797
one at a time, until a RADIUS server host responds with an accept or reject response. If you want to change an optional parameter setting for a specific host, use the radius-server host command. To change the global communication settings to all RADIUS server hosts, refer to Set global communication - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 798
www.dell.com | support.dell.com To view the RADIUS configuration, use the show running-config radius and timeout parameters) and specific host communication parameters on the same system. However, if both global and specific host parameters are configured, the specific host parameters override the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 799
to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support TACACS+, refer to the Security chapter in the FTOS Command Line Reference Guide. Choose TACACS+ as the Authentication Method One of the login authentication methods - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 800
www.dell.com | support.dell.com To select TACACS as the login authentication method, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 801
tacacs+ Command Mode Purpose EXEC Privilege View TACACS+ transactions to troubleshoot problems. TACACS+ Remote Authentication and Authorization FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 802
www.dell.com | support.dell.com Figure tacacs+ FTOS(conf)#tacacs-server host 25.1.1.2 key force10 FTOS(conf)# FTOS(conf)#line vty 0 9 IP address of the TACACS+ server host. Configure the optional communication parameters for the specific host: • port port-number range: 0 to 65335. Enter a TCP port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 803
configured ACL entries-denying TCP port-specific traffic-can be bypassed, and traffic 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards for secure remote login and other secure network services over an insecure network. FTOS is compatible - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 804
dell.com | support.dell.com SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported the Dell Force10 system - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 805
server enable. Using SCP with SSH to copy a software image To use Secure Copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following procedure: Step Task Command Syntax 1 On Chassis One, set the SSH port number (port 22 by default). ip ssh server - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 806
by default. Enable it using the command ip ssh server enable. SSH supports three methods of authentication: • SSH Authentication by Password on page 806 • by prompting for a password when attempting to connect to the Dell Force10 system. This is the simplest methods of authentication and uses - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 807
public key has been saved in /home/admin/.ssh/id_rsa.pub. Command Mode 2 Copy the public key id_rsa.pub to the Dell Force10 system. 3 Disable password authentication if enabled. no ip ssh password-authentication CONFIGURATION enable 4 Enable RSA authentication. ip ssh rsa-authentication enable - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 808
www.dell.com | support.dell.com To configure host-based authentication: Step 1 2 Task Command Syntax cat rhosts 10.16.127.201 admin 4 Copy the file shosts and rhosts to the Dell Force10 system. 5 Disable password authentication and • no ip ssh password-authentication RSA authentication, if - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 809
-p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while this term. • Host-based authentication must be enabled on the server (Dell Force10 system) and the client (Unix machine). Message 3 appears if you - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 810
dell.com | support.dell.com Trace Lists e The Trace Lists feature is supported Trace lists are enabled for all switched traffic entering the system. The number lists, you can match criteria on specific or ranges of TCP or UDP ports in the FTOS Command Reference Guide. Creating a trace list Trace - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 811
IP address for the filter to match. • count: count packets processed by the filter. • byte: count bytes processed by the filter. • log: is supported. To create a filter for TCP packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 812
www.dell.com | support.dell.com Step Command Syntax 2 seq sequence-number {deny | permit} tcp {source filter. • byte: count bytes processed by the filter. • log: is supported. When you create the filters with a specific sequence number, you can create the filters in any order and the filters are - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 813
the source IP address for the filter to match. • count: count packets processed by the filter. • byte: count bytes processed by the filter. • log: is supported. Security | 813 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 814
www.dell.com | support.dell.com Command Syntax Command Mode Purpose {deny | permit} tcp {source mask packets processed by the filter. • byte: count bytes processed by the filter. • log: is supported. Figure 39-14 illustrates a Trace list in which the sequence numbers were assigned by the software - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 815
Figure 39-14. Trace List Example FTOS(config-trace-acl)#deny tcp host 123.55.34.0 any FTOS(config-trace-acl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-trace-acl)#show config ! ip trace-list nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 816
www.dell.com | support.dell.com VTY Line and Access-Class Configuration Various methods are available Line Local TACACS+ RADIUS Username VTY access-class access-class support? support? YES NO NO YES YES NO YES NO Remote authorization support? NO NO YES (with FTOS 5.2.1.0 and later) YES - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 817
and Authorization FTOS retrieves the access class from the VTY line. The Dell Force10 OS takes the access class from the VTY line and applies it to applies for radius and line authentication) VTY MAC-SA Filter Support FTOS supports MAC access lists which permit or deny users based on their - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 818
www.dell.com | support.dell.com Figure 39-18. Example Access Class Configuration Using TACACS+ Without Prompt FTOS(conf)#mac access-list standard sourcemac FTOS(config-std-mac)#permit 00: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 819
Bridging on page 839 VLAN Stacking c e s z VLAN Stacking is supported on platforms: VLAN Stacking, also called Q-in-Q, is defined in IEEE the core independently; the customer and provider need only coordinate at the provider edge. In at the access point of a VLAN-stacking network, service providers - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 820
the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, these interfaces must be added to a non-default VLAN-Stack-enabled VLAN. • Dell Force10 cautions against using the same MAC address on different customer VLANs, on the same VLAN - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 821
to a Layer 2 port on a provider bridge that is connected to another provider bridge. Assign all access ports and trunk ports to service provider VLANs. Command Syntax vlan-stack access vlan-stack trunk member Command Mode INTERFACE INTERFACE INTERFACE VLAN Display the VLAN-Stacking configuration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 822
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking- to an 802.1Q VLAN as well as a Stacking VLAN only when the TPID 0x8100. portmode hybrid Command Mode INTERFACE 822 | Service Provider Bridging - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 823
in Figure 40-5 are as follows: • MT - stacked trunk • MU - stacked access port • T- 802.1Q trunk port • U- 802.1Q access port • NU- Native VLAN (untagged) Service Provider Bridging | 823 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 824
www.dell.com | support.dell.com Figure 40-5. Example of it does not require a specific value for the outer tag TPID. Systems may use any two-byte value; FTOS uses 0x9100 (Figure 40-6) while non-Dell Force10 systems might use a different value forwards the frame. 824 | Service Provider Bridging - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 825
Building D INTERNET VLAN BLUE SERVICE PROVIDER TPID 0x9191 VLAN GREEN VLAN TPID PCP (VLAN Purple) (0x8100) Building C R4 R4-Non-Force10 System TPID: 0x9100 TPID PCP (0x8100) CFI VID (0) ( double tagged on egress at R4 and is switched towards Building B, but is not decapsulated - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 826
www.dell.com | support.dell.com INTERNET VLAN BLUE Figure 40-7. TPID Mismatch and 0x8100 Match on the E-Series TeraScale SERVICE PROVIDER Building B VID TPID PCP (VLAN Purple) (0x8100) Building C R4-Non-Force10 System TPID: 0x8100 TPID PCP (0x8100) CFI VID (0) (VLAN Red) CFI - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 827
the E-Series ExaScale INTERNET VLAN BLUE SERVICE PROVIDER TPID 0x9191 VLAN BLUE X Series Behaviors for Mis-matched TPID Network Position Core Egress Access Point Incoming System Packet TPID TeraScale Behavior switch as 0xUVYZ drop switch as 0xUVYZ 1st-byte match mismatch switch as is - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 828
www.dell.com | support.dell.com VLAN BLUE You can configure the first eight bits -C-Series TPID: 0x8100 TPID PCP (0x8100) TPID PCP (0x8100) R4-Non-Force10 System CFI (0) VID (VLAN Red) TERNET TPID: 0x8100 SERVICE PROVIDER VLAN RED Building B CFI VID TPID PCP (0) (VLAN Purple) ( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 829
R1-C-Series w/ FTOS =8.2.1.0 TPID: 0x8181 TPID PCP (0x8100) R4-Non-Force10 System CFI (0) VID (VLAN Red) TERNET TPID: 0x8100 SERVICE PROVIDER Building B VLAN RED IN Building A Figure 40-11. Single and Double-tag TPID Mismatch on the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 830
dell.com | support.dell Core switch to default VLAN switch to VLAN switch to default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence c s z VLAN Stacking Packet Drop Precedence is available only on platform: The Drop Eligible Indicator (DEI) bit in the S-Tag indicates to a service - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 831
. Display the DEI-honoring configuration. dei honor {0 | 1} {green | red | yellow} show interface dei-honor [interface slot/ port | linecard number port-set number] INTERFACE EXEC Privilege Service Provider Bridging | 831 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 832
www.dell.com | support.dell.com Task Command Syntax FTOS#show interface dei-honor Default Drop precedence: CoS for VLAN Stacking is available only on platforms: One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 833
Figure 40-12. Statically and Dynamically Assigned dot1p for VLAN Stacking Untagged DATA 0x0800 SA DA S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 1 400 0x9100 SA DA C-Tag 3 100 0x8100 SA DA C-Tagged by the impact of the 1:8 expansion in these CAM tables. Service Provider Bridging | 833 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 834
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a since class-map "a" of Queue 3 also matches the traffic. This behavior is expected. policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 ! class-map match-any a layer2 match mac access-group a ! - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 835
Shaping or Rate Policing. Layer 2 Protocol Tunneling c e s z Layer 2 Protocol Tunneling (L2PT) is supported on platforms: Spanning Tree BPDUs use a reserved destination MAC address called the Bridge Group Address, which is might be using Spanning Tree (Figure 40-13). Service Provider Bridging | 835 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 836
the switches in the intermediate network core. On egress edge of the intermediate network, the MAC address rewritten to the original MAC address and forwarded to the opposing network region (Figure 40-14). FTOS Behavior: In FTOS versions prior to 8.2.1.0, the MAC address that Dell Force10 systems - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 837
SPANNING T INTERNE SPANNING TR REE NETWORK no spanning-tree T SERVICE PROVIDER BPDU w/ w/ SPANNING destination TREE MAC address: 01- w/ destination MAC address: 01-80-C2-00-00-00 R2 Non-Force10 System R3 Non-Force10 System Implementation Information • L2PT is available for STP, RSTP, MSTP, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 838
www.dell.com | support.dell.com Enable Layer 2 Protocol Tunneling Step 1 2 a Destination MAC Address for BPDUs By default, FTOS uses a Dell Force10-unique MAC address for tunneling BPDUs. You can configure another value. called Field Processor (FP) blocks. 838 | Service Provider Bridging - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 839
supported only on platforms: IEEE 802.1ad-Provider Bridges amends 802.1Q-Virtual Bridged Local Area Networks so that service bridges in the service provider network use this destination MAC address so these bridges treat BPDUs originating from the customer network as normal data frames, rather than - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 840
dell.com | support.dell.com Provider Backbone Bridging through IEEE 802.1ad eliminates the need for tunneling BPDUs with L2PT and increases the reliability of provider bridge networks as the network core need only learn the MAC addresses of core switches 840 | Service Provider Bridging - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 841
on page 848 • sFlow on LAG ports on page 848 • Extended sFlow on page 848 Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high speed - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 842
Agent Interface Counters Switch ASIC Flow Samples Implementation Information Dell Force10's sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe. If sFlow is not enabled on any port specifically, then the global - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 843
field is not filled in extended switch element in sFlow datagram. • switch element will not be packed in case of routed packet. • Destination VLAN field in the extended switch packets when only extended-switch information packing is . To enable sFlow on a specific interface, use the sflow enable - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 844
www.dell.com | support.dell.com sFlow -2. Command Example: show sflow FTOS#show sflow sFlow services are enabled Indicates sFlow is globally enabled Global default the following command to view sFlow information on a specific interface: Command Syntax show sflow interface interface-name - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 845
Figure 41-3. Command Example: show sflow interface FTOS#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate :8192 Sub-sampling rate :2 Counter polling interval :15 Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 The - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 846
www.dell.com | support.dell.com Specify Collectors The sflow collector command allows identification in seconds. Range: 15 to 86400 seconds Default: 20 seconds Sampling Rate e Sampling Rate is supported on platform t The sFlow sampling rate is the number of packets that are skipped before the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 847
of packets that are skipped before the next sample is taken. Although a sampling rate can be configured for each port, TeraScale line cards can support only a single sampling rate per port-pipe. Therefore, sFlow Agent uses sub-sampling to create multiple sampling rates per port-pipe. To achieve - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 848
dell.com | support.dell 5 draft. Once the back-off changes the sample-rate, users must manually change the sampling rate to the desired value. As a result of back e Extended sFlow is supported fully on platform c s z Platforms and support extended-switch information processing only. Extended - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 849
services are enabled Global default sampling rate: 4096 Global default counter polling interval: 15 Extended sFlow settings show all 3 types are enabled Global extended information enabled: gateway, router, switch via BGP the Dell Force10 system does not export extended-gateway data, prior to FTOS - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 850
www.dell.com | support.dell.com Table 41-1. Extended Gateway Summary IP SA static/connected are zero because there is no AS information for IGP. Prior to FTOS version 7.8.1.0, extended gateway data is not be exported because IP DA is not learned via BGP. 7.8.1.0 allows extended gateway information - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 851
supported on platforms: Protocol Overview Network management stations use Simple Network Management Protocol (SNMP) to retrieve or alter management data of many RFC-compliant SNMP utilities you can use to manage your Dell Force10system using SNMP. Also, these configurations use SNMP version 2c. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 852
www.dell.com | support.dell.com Related Configuration Tasks The following list contains configuration tasks for SNMP: • Read Managed Object Values • Write Managed Object Values • Subscribe to Managed Object Value - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 853
values if your management station is a member of the same community as the SNMP agent. There are several Unix SNMP commands that read data: Task Command Read the value of a single managed object, snmpget -v version -c community agent-ip {identifier.instance | as shown in Figure 42-2. descriptor - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 854
www.dell.com | support.dell.com Task Command Figure 42-4. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Force10 Networks Real Time Operating System Software Dell Force10 Operating System Version - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 855
the system. FTOS supports the following three sets of traps: • RFC 1157-defined traps: coldStart, warmStart, linkDown, linkUp, authenticationFailure, egpNeighbborLoss • Dell Force10 enterpriseSpecific environment traps: fan, supply, temperature • Dell Force10 enterpriseSpecific protocol traps: bgp - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 856
www.dell.com | support.dell.com To configure the system to send SNMP notifications: Step Task 1 Configure the Dell Force10 system send notifications to an SNMP server. 2 Specify which traps the Dell Force10 system sends to the trap receiver. • Enable all Dell Force10 enterpriseSpecific and RFC- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 857
42-2. Dell Force10 Enterprise-specific SNMP alarm: Switch fabric down MAJOR_SFM_CLR: Major alarm cleared: Switch fabric vlan %d PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: dC) MAJOR_TEMP: Major alarm: chassis temperature high (%s temperature reaches or exceeds threshold of %dC - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 858
www.dell.com | support.dell.com Table 42-2. Dell Force10 Enterprise-specific SNMP Traps Command Option xstp ecfm Trap %SPANMGR-5-STP_NEW_ROOT: New Spanning Tree Root, Bridge ID Priority 32768, Address 0001.e801.fc35. %SPANMGR-5-STP_TOPOLOGY_CHANGE: Bridge - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 859
• Copy startup-config ftp://... /abc.txt Note: Where 'ftp' is indicated in the examples above, scp or TFTP can also be used. A copy performed by CLI or SNMP can be differentiated by the trap string printed at the SNMP host. The copyAlarmIndex sent to the host has a value of '-1' for a copy done by - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 860
name rw CONFIGURATION Copy the f10-copy-config.mib MIB from the Dell Force10 iSupport webpage to the server to which you are copying the in packet. Reason: notWritable (that object does not support modification) Failed object: FORCE10-COPY-CONFIG-MIB::copySrcFileType.101 Table 42-4 shows examples - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 861
0 -t 60 -c public -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.101 i 2 copyDestFileType.101 i 3 FORCE10-COPY-CONFIG-MIB::copySrcFileType.101 = INTEGER: runningConfig(2) FORCE10-COPY-CONFIG-MIB::copyDestFileType.101 = INTEGER: startupConfig(3) Figure 42-7. Copying Configuration Files via SNMP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 862
www.dell.com | support.dell.com Table 42-4. Copying Configuration Files via SNMP (continued) Task • server- s /home/myfilename Copy a binary file from the server to the startup-configuration on the Dell Force10 system via FTP using the following command from the UNIX server: snmpset -v 2c -c public - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 863
Dell Force10 provides additional MIB Objects to view copy statistics. These are provided in Table 42-5. Table 42-5. MIB Objects for Copying Configuration Files via SNMP MIB - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 864
www.dell.com | support.dell.com Figure 42-13 shows the command syntax using MIB object name Syntax > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FORCE10-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.31 Figure 42-14. Obtaining MIB - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 865
system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: "My VLAN" [Dell Force10 system output] FTOS#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLAN Address - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 866
www.dell.com | support.dell.com The table that the Dell Force10 system sends in response to the snmpget the first hex pair changes from 00 to 04. Figure 42-19. Displaying Ports in a VLAN using SNMP [Dell Force10 system output] R5(conf)#do show vlan id 10 Codes: * - Default VLAN, G - GVRP VLANs Q: - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 867
The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 868
www.dell.com | support.dell.com Figure 42-21. Adding Tagged Ports to a VLAN using Task Command Syntax Command Mode Create an SNMP community on the Dell Force10 system. snmp-server community CONFIGURATION From the Dell Force10 system, identify the interface index of the port for which you - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 869
Figure 42-22. Fetching Dynamic MAC Addresses on the Default VLAN MAC Addresses on Dell Force10 System R1_E600#show mac-address-table VlanId Mac Address Type Interface State 1 00:01:e8:06:95:ac Dynamic Gi 1/21 Active Query from Management Station >snmpwalk -v 2c -c techpubs 10.11 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 870
dell.com | support.dell.com Figure 42-24. Fetching Dynamic MAC Addresses on the Default VLAN MAC Addresses on Dell Force10 System R1_E600(conf)#do show mac-address-table VlanId Mac Address Type Interface State 1000 00:01:e8:06:95:ac 01 E8 06 95 AC SNMPv2-SMI::enterprises.6027 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 871
4 bits 14 bits 0011 00000000111010 Interface Card Type Type For interface indexing, slot and port numbering begins with the binary one. If the Dell Force10 system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 42-27 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 872
www.dell.com | support.dell.com 872 | Simple Network Management Protocol (SNMP) - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 873
The minimum number of packets per second (PPS) that storm control can limit on the S4810 is 2. Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configure storm control from INTERFACE mode Configure storm control from INTERFACE mode using the command storm - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 874
www.dell.com | support.dell.com • The percentage of storm control is calculated based on the an interface or globally on the ingress and DSCP marking for a DSCP value 1 is configured for the data traffic, the traffic goes to queue 1 instead of queue 0. Similarly, if unicast storm-control is enabled - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 875
of Spanning Tree, as shown here: Table 44-1. FTOS Supported Spanning Tree Protocols Dell Force10Term Spanning Tree Protocol (STP) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST+) IEEE Specification 802.1d 802.1w 802.1s Third Party - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 876
www.dell.com | support.dell.com Related Configuration Tasks • Adding an Interface to the page 886 Important Points to Remember • Spanning Tree Protocol (STP) is disabled by default. • FTOS supports only one Spanning Tree instance (0). For multiple instances, you must enable MSTP, or PVST+. You - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 877
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 44-1. Example of Configuring Interfaces for Layer 2 Mode R1(conf)# int - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 878
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 879
Figure 44-4. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 2/3 2/4 3/1 3/2 3/3 3/4 R3 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 880
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. Figure 44-6. show spanning-tree - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 881
Default: 15 seconds Change the hello-time parameter (the BPDU transmission interval). Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Change the max-age parameter (the refresh interval for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 882
www.dell.com | support.dell.com View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. See Figure 44-5. Modifying Interface STP Parameters - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 883
-8 shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Force10 system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change. If BPDU Guard is enabled, when the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 884
www.dell.com | support.dell.com Note: Note that unless the shutdown-on-violation option show ip int br gi 0/7 Interface IP-Address OK Method Status GigabitEthernet 0/7 unassigned YES Manual up Protocol up FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 885
gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch with Spanning Tree Enabled FTOS Behavior: BPDU Guard and BPDU filtering (see Removing an Interface from the Spanning Tree Group on page - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 886
www.dell.com | support.dell.com View only the root information using the show spanning-tree enable traps xstp. Configuring Spanning Trees as Hitless c e Configuring Spanning Trees as Hitless is supported only on platforms: You can configure Spanning Tree (STP), Rapid Spanning Tree (RSTP), Multiple - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 887
e c s z System Time and Date settings and NTP are supported on platforms: System times and dates can be set and maintained error. Temporarily or permanently insane time sources will be detected and avoided. Dell Force10 recommends configuring NTP for the most accurate time. In FTOS, other time - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 888
www.dell.com | support.dell.com • Clock offset represents the amount to adjust the local clock FTOS synchronizes with a time-serving host to get the correct time. You can set FTOS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 889
operating correctly 1: carrier loss 2: synch loss 3: format error 4: interface/link failure Recieve Timestamp Transmit Timestamp Implementation Information • Dell Force10 systems can only be an NTP client. Configuring Network Time Protocol Configuring NTP is a one-step process: 1. Enable NTP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 890
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Force10 system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 891
Set the Hardware Clock with the Time Derived from NTP Task Periodically update the system hardware clock with the time value derived from NTP. Command ntp update-calendar Figure 45-4. Displaying the Calculated NTP Synchronization Variables R5/R8(conf)#do show calendar 06:31:02 UTC Mon Mar 13 1989 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 892
www.dell.com | support.dell.com Configure a source IP address for NTP packets By default, the source address of NTP packets is the IP address of the interface used to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 893
To configure NTP authentication, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax 1 ntp authenticate 2 ntp authentication-key number md5 key 3 ntp trusted-key number Command Mode CONFIGURATION CONFIGURATION CONFIGURATION Purpose Enable NTP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 894
www.dell.com | support.dell.com Command Syntax ntp server ip-address [key keyid] [prefer] [version number] Command Mode CONFIGURATION Purpose Configure an NTP server. Configure the IP address of a - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 895
Filter dispersion is the error in calculating the minimum delay from a set of sample data from a peer. FTOS Time and Date The time and date can be set using : • Set the time and date for the switch hardware clock • Set the time and date for the switch software clock • Set the timezone • Set daylight - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 896
www.dell.com | support.dell.com Set the time and date for the switch hardware clock Command Syntax calendar set time FTOS#calendar set 08:55:00 september 18 2009 FTOS# Set the time and date for the switch software clock You can change the order of the month and day parameters to enter the time - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 897
The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax clock set time month day year Command Mode EXEC Privilege Purpose Set the system software clock to the current time and date. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 898
www.dell.com | support.dell.com Command Syntax Command Mode Purpose FTOS#conf FTOS(conf)#clock timezone Pacific -8 FTOS(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" FTOS# Set daylight saving time FTOS supports - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 899
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. Command Syntax Command Mode clock summer-time time-zone date start-month start-day start-year start- - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 900
www.dell.com | support.dell.com Command Syntax Command Mode Purpose FTOS(conf)# Set Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 901
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 902
www.dell.com | support.dell.com Command Syntax Command Mode Purpose FTOS(conf)#clock summer-time pacific recurring ? Week number to start first Week number to start last Week number - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 903
with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to Dell Force10's Technical Support Center. You can reach Technical Support: • On the Web: www.force10networks.com/support/ • By email: [email protected] • By phone: US and Canada: 866.965.5800, International: 408 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 904
904 | Upgrade Procedures www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 905
in a LAN in which all data received is kept locally and broadcast and can span multiple devices. FTOS supports up to 4093 port-based VLANs Guide chapters: • Interfaces chapter • Port Authentication (802.1x) section in the Security chapter • GARP VLAN Registration protocol (GVRP) chapter • Service - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 906
www.dell.com | support.dell.com Table 47-1 displays the defaults for VLANs in FTOS. Table 47-1. VLAN Defaults on FTOS Feature Spanning Tree group ID Mode Default VLAN ID - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 907
support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. Port-based VLANs offer increased security for traffic, conserve bandwidth, and allow switch Destination Address Source Address Tag Header Protocol Type Data 6 octets 6 octets 4 octets 2 octets - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 908
www.dell.com | support.dell.com • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). • Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 909
For more information, refer to the Interfaces chapter and Configure Layer 2 (Data Link) Mode. When an interface is placed in Layer 2 mode by see the command statement in the Layer 2 chapter of the FTOS Command Line Reference Guide. To view just the interfaces that are in Layer 2 mode, enter the show - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 910
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 911
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 Command Syntax interface vlan vlan-id 2 untagged interface Command Mode CONFIGURATION INTERFACE Purpose Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 912
www.dell.com | support.dell.com Assign an IP address to a VLAN VLANs are a Layer 2 feature. either Ingress packets, egress packets, or both. VLAN counters are disabled by default, and are supported on E-Series ExaScale exonly. Command Syntax Command Mode enable vlan-counter [ingress | egress | - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 913
VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that a port can be connected to both VLAN- is connecting a VOIP phone and a PC to the same port of the switch. The VOIP phone is configured to generate tagged packets (with VLAN = VOICE - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 914
www.dell.com | support.dell.com Enable Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different customer - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 915
between two chassis to appear as a single virtual link to the network core. VLT reduces the role of Spanning Tree protocols by allowing LAG terminations on two separate distribution or core switches, and by supporting a loop free topology. (A Spanning Tree protocol is still needed to prevent the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 916
www.dell.com | support.dell.com Figure 48-1. Virtual Link Trunking S4810 Out-of-Band Management Network Backup Link VLT Domain Backup Link S4810 Chassis Chassis Interconnect Trunk Virtual Link Trunk Switch or Server that supports LACP (802.1ad) VLT peer devices have independent management - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 917
port channel between an attached device and the VLT peer switches. VLT backup link - The backup link monitors the vitality of a VLT peer switch. The backup link sends configurable, periodic keep alive messages between VLT peer switches. VLT interconnect (VLTi) - The link used to synchronize states - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 918
VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports. • If RSTP is included on the system, it must be configured before VLT. See RSTP Configuration. • Dell Force10 strongly recommends that the VLTi (VLT - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 919
need to manually select VLANs. • VLT peer switches operate as separate chassis with independent control and data planes for devices attached on non-VLT ports. • Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported. Dell Force10 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 920
members is less than 1496 bytes, MAC addresses may not be synced. Dell Force10 recommends retaining the default MTU allocation (1554 bytes) for VLTi members. • VLT Backup link: • In the backup link between peer switches, heartbeat messages are exchanged between the two chassis for health checks. The - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 921
on a chassis does not traverse the chassis-interconnect link. • VLT allows multiple active parallel paths from access switches to VLT chassis. • VLT supports port-channel links with LACP between access switches and VLT peer switches. Dell Force10 recommends that you use static port channels on VLTi - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 922
.dell.com • All system management protocols are supported on VLT ports, including SNMP, RMON, AAA, ACL, DNS, FTP, SSH, Syslog, NTP, RADIUS, SCP, TACACS+, Telnet, and LLDP. • Layer 3 VLAN connectivity VLT peers is enabled by configuring a VLAN network interface for the same VLAN on both switches - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 923
configured using the specifications below to minimize problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports using RSTP that are not configured as edge ports and are connected to other layer 2 switches - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 924
www.dell.com | support.dell.com When the bandwidth usage drops below the 80% threshold, the system generates another syslog message (Message 2) and an SNMP trap. Message 2 Excessive VLTi Bandwidth Usage Drops Below Threshold Value Error %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 925
The Designated Router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. The VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 926
www.dell.com | support.dell.com If the VLT node elected as the designated router fails, traffic loss will occur until another VLT node is elected the designated router. RSTP Configuration The RSTP Spanning Tree protocol is supported in a VLT domain. Before you configure VLT on peer switches, you - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 927
The primary and secondary switch roles in the VLT domain are automatically assigned after both sides of the VLTi are configured. Note: If a third-party ToR unit is used, Dell Force10 recommends using static LAGs on the VLTi between VLT peers to avoid potential problems if the VLT peers are rebooted - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 928
www.dell.com | support.dell.com 4. (Optional) Manually reconfigure default VLT settings, such as MAC address and VLT primary/ secondary roles. 5. Connect the peer switches in a VLT domain to an attached access device (switch or server). Configure a VLT interconnect Step Task Command Syntax - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 929
value of the remote peer. Priority values are from 1 to 65535. Default: 32768. 3 (Optional) When you create a VLT domain on a switch, system-mac mac-address the FTOS software automatically creates a VLT-system mac-address MAC address used for internal system operations. Use the system-mac command to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 930
www.dell.com | support.dell.com (Optional) Reconfigure default VLT settings Step Task Command Syntax 4 (Optional) When you create a VLT domain on a switch, unit-id {0 | 1} the FTOS software automatically assigns a unique unit ID (0 or 1) to each peer switch. The unit IDs are used for internal - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 931
Example for a sample configuration. (Optional) Configure Enhanced VLT (eVLT) Step Task Command Syntax Set up the VLT domain. 1 Configure the port channel to be used for the VLT interface port-channel interconnect on a VLT switch and enter interface id-number configuration mode. Enter the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 932
www.dell.com | support.dell.com (Optional) Configure Enhanced VLT (eVLT) Step Task Command Syntax Command Mode 5 Configure the IP address of the management interface back-up destination VLT DOMAIN on the remote VLT peer to be used as the endpoint of the ip-address [interval seconds] - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 933
the peer units (not shown). interface port-channel port-channel id CONFIGURATION Note: To benefit from the protocol negotiations, Dell Force10 recommends VLTs used as facing hosts/switches are configured with LACP. Both peers should use the same port channel ID. 3. Configure the peer-link port - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 934
ToR unit is used, Dell Force10 recommends using static LAGs with VLT peers to avoid potential problems if the VLT peers are rebooted. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2 s4810-2(conf)#vlt domain 5 s4810-2(conf-vlt-domain)# s4810-4(conf)#vlt domain 5 s4810-4(conf - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 935
2 is connected to Te 0/50 of TOR. 1. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3. In the top of rack unit, configure LACP in the physical ports (shown for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 936
www.dell.com | support.dell.com s4810-4#show running-config interface tengigabitethernet 0/40 ! interface TenGigabitEthernet 0/40 no ip address ! port-channel-protocol LACP port-channel 2 mode active no shutdown s4810-4# configuring VLT peer lag in VLT s4810-4#show running-config - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 937
Local LAG Id Peer LAG Id Local Status Peer Status 10 10 UP UP Active VLANs 100, 200, 300, 400, Verify the VLT LAG is up in both VLT peer units. s4810-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:43:24 Te - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 938
www.dell.com | support.dell.com eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this Domain_1_Peer1(conf-if-po-100)#switchport Domain_1_Peer1(conf-if-po-100)#vlt-peer-lag port-channel 100 Domain_1_Peer1(conf-if-po-100)#no - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 939
100 Domain_1_Peer2(conf-if-po-100)#switchport Domain_1_Peer2(conf-if-po-100)#vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)#no shutdown 100 Domain_2_Peer3(conf-if-po-100)#switchport Domain_2_Peer3(conf-if-po-100)#vlt-peer-lag port-channel 100 Domain_2_Peer3(conf-if-po-100)#no shutdown - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 940
www.dell.com | support.dell.com Domain_2_Peer4(conf)#vlt domain 200 Domain_2_Peer4(conf-vlt-domain)#peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)#back-up destination 10.18.130.12 Domain_2_Peer4(conf-vlt-domain)#system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer4(conf-vlt-domain)#unit - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 941
configuration, including local and peer port-channel IDs, local and peer VLT switch status, and number of active VLANs on each port channel (see Figure 48-6). Displays the VLT peer status, role of the local VLT switch, VLT system MAC address and system priority, and the MAC address and priority - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 942
www.dell.com | support.dell.com Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.20 Up 1 3 34998 1030 1014 Figure 48-5. show vlt brief Command Output on VLT peer switches FTOS(conf)#show vlt - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 943
30 peer-link port-channel 60 back-up destination 10.11.200.20 Figure 48-9. show vlt statistics Command Output on VLT peer switches FTOS_VLTpeer1#show vlt statistics VLT Statistics HeartBeat Messages Sent: 930 HeartBeat Messages Received: 909 ICL Hello's Sent: 927 ICL Hello's Received - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 944
.dell.com | support.dell.com Figure 48-10. Configuring Virtual Link Trunking (VLT Peer 1) FTOS_VLTpeer1(conf)#vlt domain 999 FTOS_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 FTOS_VLTpeer1(conf-vlt-domain)#exit Enable VLT - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 945
10 Active Description Q Ports T Po100(Fo 0/46,50) V Po110(Fo 0/48) Figure 48-12. Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch) FTOS_TORswitch(conf)#show running-config interface port-channel 11 ! interface Port-channel 11 On an access device, verify the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 946
www.dell.com | support.dell.com Troubleshooting VLT Use the following information to help troubleshoot different VLT issues that may occur. Note: For information on VLT failure mode timing and its impact, contact your Dell Force10 representative. Description Behavior at Peer Up Behavior During - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 947
state. A syslog error message is generated. Verify the unit ID is correct on both VLT peers. Unit ID numbers must be sequential on peer units; i.e., if Peer 1 SNMP trap are generated. Verify the FTOS software versions on the VLT peers is compatible. For more information, see the Release Notes for - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 948
948 | Virtual Link Trunking (VLT) www.dell.com | support.dell.com - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 949
49 Virtual Router Redundancy Protocol (VRRP) e c s z Virtual Router Redundancy Protocol (VRRP) is supported on platforms: . This chapter covers the following information: • VRRP Overview • VRRP Benefits • VRRP Implementation • VRRP Configuration • Sample Configurations VRRP Overview Virtual - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 950
www.dell.com | support.dell.com FN0001_lp In Figure 49-1 below, Router A is configured as the GigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. Figure 49-1. Basic VRRP Configuration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 951
supports a total of 128 VRRP groups on the switch with varying number of maximum VRRP groups per interface (Table 49-1). S-Series supports a total of 120 VRRP groups on a switch . To avoid throttling VRRP advertisement packets, Dell Force10 recommends you to increase the VRRP advertisement interval - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 952
www.dell.com | support.dell.com Table 49-1. Recommended VRRP Advertise Intervals Recommended Advertise Interval Groups , as the increased dead interval may cause packets to be dropped during that switch-over time. VRRP Configuration By default, VRRP is not configured. Configuration Task List - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 953
Create a Virtual Router To enable VRRP, you must create a Virtual Router. In FTOS, a VRRP Group is identified by the Virtual Router Identifier (VRID). To enable a Virtual Router, use the following command in the INTERFACE mode. To delete a VRRP group, use the no vrrp-group vrid command in the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 954
supports a total of 128 VRRP groups on the switch with varying number of maximum VRRP groups per interface (Table 49-1). S-Series supports a total of 120 VRRP groups on a switch to multiple IP subnets configured on the interface, Dell Force10 recommends you configure virtual IP addresses belonging to - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 955
Step 2 Task Configure virtual IP addresses for this VRID. Command Syntax virtual-address ip-address1 [...ip-address12] Range: up to 12 addresses Command Mode INTERFACE -VRID Figure 49-4. Command Example: virtual-address FTOS(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.1 FTOS(conf-if-gi - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 956
www.dell.com | support.dell.com Figure 49-6. Command Example Display: show vrrp FTOS#do show vrrp Same VRRP Group (VRID) GigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 957
Configure the VRRP Group's priority with the following command in the VRRP mode: Task Configure the priority for the VRRP group. Command Syntax INTERFACE -VRID Command Mode priority priority Range: 1-255 Default: 100 Figure 49-7. Command Example: priority in Interface VRRP mode FTOS(conf-if-gi - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 958
www.dell.com | support.dell.com Configure simple authentication with the following command in the VRRP -1/1-vrid-111)#authentication-type ? FTOS(conf-if-gi-1/1-vrid-111)#authentication-type simple 0 force10 Encryption type (encrypted) Password Figure 49-10. Command Example: show config in VRID - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 959
3 consecutive advertisements, then the election process begins and the BACKUP virtual router with the highest priority transitions to MASTER. Note: Dell Force10 recommends you to increase the VRRP advertisement interval to a value higher than the default value of 1 second to avoid throttling VRRP - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 960
www.dell.com | support.dell.com Figure 49-13. Command Example: advertise-interval FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#advertise-interval 10 FTOS( - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 961
. The delay can be configured for up to 15 minutes, after which VRRP enables normally. The delay timer is set on individual interfaces and is supported on all physical interfaces, VLANS and LAGs. When both CLIs are configured, the later timer rules the VRRP enabling. For example, if vrrp delay - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 962
www.dell.com | support.dell.com Task Command Syntax Set the delay time for VRRP initialization can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. Figure 49-17 is a sample configuration for enabling - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 963
Figure 49-17. Configure VRRP Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.3/24 R2(conf-if-gi-2/31)#no shut R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 964
www.dell.com | support.dell.com Figure 49-18. VRRP Topography Illustration State Master: R2 was the first interface configured with VRRP Virtual MAC is automatically assigned and is the - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 965
Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is - Gigabit Ethernet (1000BASE-X) • ANSI/TIA-1057- LLDP-MED • Force10 - FRRP (Force10 Redundant Ring Protocol) Standards Compliance | 965 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 966
dell.com | support.dell.com • Force10 - PVST+ • SFF-8431 - SFP+ Direct Attach Cable (10GSFP+Cu) • MTU - 9,252 bytes RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support of the Differentiated Services Field (DS Field - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 967
Networks Path MTU Discovery Network Time Protocol (Version 3) Specification, Implementation and Analysis Classless Inter-Domain Routing (CIDR): 1886 1981 (Partial) Full Name DNS Extensions to support IP version 6 Path MTU Discovery for IP version 6 FTOS support, per platform s c et ex z 7.8.1 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 968
www.dell.com | support.dell.com General IPv6 Protocols 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 7.8.1 8.2.1 2461 (Partial) Neighbor Discovery for IP Version 6 (IPv6) 7.8.1 7.8.1 8.2.1 2462 (Partial) IPv6 Stateless Address Autoconfiguration 7.8.1 7.8.1 8.2.1 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 969
Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance s 7.6.1 7.6.1 7.6.1 7.6.1 7.8.1 7.6.1 FTOS support, per platform c et System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 8.1.1 9.0 9.1 8.1.1 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 970
www.dell.com | support.dell.com Intermediate System to Switching (MPLS) Label Switching Router (LSR) Management Information Base (MIB) Fast Reroute Extensions to RSVP-TE for LSP Tunnels Detecting Multi-Protocol Label Switched Data Plane Failures (MPLS TE/LDP Ping & Traceroute FTOS support - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 971
Multiprotocol Label Switching (MPLS) 5036 5063 LDP Specification Extensions to GMPLS Resource Reservation Protocol ( (MLD) Snooping Switches draft-ietf-pi Protocol Independent Multicast - Sparse Mode m-sm-v2-ne (PIM-SM): Protocol Specification (Revised) w-05 FTOS support, per platform s - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 972
www.dell.com | support.dell.com Network Management RFC# 1155 1156 1157 1212 1215 1493 1724 1850 1901 Base for the User Datagram Protocol using SMIv2 Definitions of Managed Objects for Data Link Switching using SMIv2 IP Forwarding Table MIB Definitions of Managed Objects for the Synchronous - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 973
Dial In User Service (RADIUS) Remote Network Service (RADIUS) Usage Guidelines Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 7.6.1 FTOS support - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 974
Dell Force10 CIDR Multipath Routes MIB (The IP IB-MIB Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 975
IB FORCE10-C Dell Force10 E-Series Enterprise Chassis MIB HASSIS-MI B FORCE10-C Dell Force10 File Copy MIB (supporting SNMP SET OPY-CONFI operation) G-MIB FORCE10- Dell Force10 Monitoring MIB MON-MIB FORCE10-P Dell Force10 Product Object Identifier MIB RODUCTSMIB FORCE10-S Dell Force10 S-Series - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 976
www.dell.com | support.dell.com MIB Location Dell Force10 MIBs are under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 977
89 IP ACL definition 89 RADIUS 795 ANSI/TIA-1057 544 Applying an ACL to Loopback 107 Area Border Router. See ABR. AS 160 support 182 AS-PATH ACL "permit all routes" statement 215 configuring 201 AS_PATH attribute using 200 authentication implementation 785 Authentication, TACACS+ 801 Authentication - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 978
www.dell.com | support.dell.com enabling a peer group 191 establishing BGP process 183 External BGP neighbors 185 viewing the status of peer groups 191 BPDU 775 Bridge MIB STP implementation 876 Bridge Protocol Data Units. See BPDU. C CAM Profiling, When to Use 264 cam-acl 457 cam-profile 455 CLI - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 979
forward delay 776, 881 FRRP 341 FRRP Master Node 341 FRRP Transit Node 341 FTOS 627 FTP 62 configuring client parameters 64 configuring server parameters 63 enabling server 63 using VLANs 62 G GARP VLAN Registration Protocol (GVRP) 355 grep option 37 grep pipe option 706 GVRP (GARP VLAN Registration - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 980
www.dell.com | support.dell.com using the le and ge parameters 108 IP routing VLANs 907 ip scp topdir 805 ip ssh authentication-retries 805 ip ssh 628 AS External 628 Network 627 Network Summary 628 NSSA External 628 Opaque Area-local 627 Opaque Link-local 628 Router 627 types supported 627 LSPs 488 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 981
396 management interface 378 accessing 382 configuring a management interface 381 configuring IP address 382 definition 380 IP address consideration 382 management interface, switch 377 max age 776, 881 MBGP 224 Member VLAN (FRRP) 343 MIB Location 976 minimum oper up links in a port channel 392 - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 982
www.dell.com | support.dell.com member level 1 definition 788 privilege level 15 definition 788 promiscuous port 700 Protocol Data Units. See PDU. Proxy ARP 982 | Index default 430 Q QoS traffic 727 QoS (Quality of Service) chapter 721 QSFP port splitting 403 Quality of Service (QoS) chapter 721 R - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 983
setting route metrics 755 summarizing routes 755 timer values 748 version 1 description 747 version default on interfaces 748 RIP routes, maximum 748 RIPv1 747 RIPv2 748 root bridge 775, 881 route maps configuring match commands 119 configuring set commands 120 creating 116 creating multiple - Dell Force10 Z9000 | FTOS Configuration Guide for Z9000 System - Page 984
www.dell.com | support.dell.com Trace list 810 Trace lists configuring a trace list 811 untagged interfaces 909 viewing configured 909 VLSM 421 VLSM (Variable Length Subnet Masks) 748 VLT 984 | Index ports orphan 921 VRRP 949 advertisement interval 959 benefits 951 changing advertisement
FTOS Configuration Guide for
the Z9000 System
FTOS 9.1(0.0)
Publication Date: February 2013