Dell PowerSwitch S4810P Configuration Guide for the S4810 System 9.100.0
Dell PowerSwitch S4810P Manual
View all Dell PowerSwitch S4810P manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S4810P manual content summary:
- Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1
Dell Configuration Guide for the S4810 System 9.10(0.0) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 3
Contents 1 About this Guide...32 Audience...32 Conventions...32 Related Documents...32 2 Configuration Fundamentals...33 Accessing the Command Line...33 CLI Modes...33 Navigating CLI Modes...35 The do - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 4
a UNIX Logging Facility Level...71 Synchronizing Log Messages...72 Enabling Timestamp on Syslog Messages...73 File Transfer Services...73 Configuration Task List for File Transfer Services 73 Enabling the FTP Server...73 Configuring FTP Server Parameters...74 Configuring FTP Client Parameters...74 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 5
Viewing the Configuration Lock Status...78 Recovering from a Forgotten Password...79 Recovering from a Forgotten Enable Password...80 Recovering from a Failed Start...80 Restoring the Factory Default Settings...81 Important Points to Remember...81 Restoring Factory Default Environment Variables 81 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 6
Information...128 Logging of ACL Processes...128 Guidelines for Configuring ACL Logging...129 Configuring ACL Logging...130 Flow-Based Monitoring Support for ACLs...130 Behavior of Flow-Based Monitoring...130 Enabling Flow-Based Monitoring...132 8 Bidirectional Forwarding Detection (BFD 133 How - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 7
Troubleshooting BFD...159 9 Border Gateway Protocol IPv4 (BGPv4)...161 Autonomous Systems ...170 Multiprotocol BGP...170 Implement BGP with Dell Networking OS...171 Additional Path (Add-Path) Support...171 Advertise IGP Cost as MED for Redistributed Routes 171 Ignore Router-ID in Best-Path - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 8
Memory (CAM)...217 CAM Allocation...217 Test CAM Usage...219 View CAM-ACL Settings...219 View CAM Usage...221 CAM Optimization...221 Troubleshoot CAM Profiling...221 CAM Profile Mismatches...221 QoS CAM Region Limitation...222 11 Control Plane Policing (CoPP)...223 Configure Control Plane Policing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 9
253 DCBx Port Roles...253 DCB Configuration Exchange...255 Configuration Source Election...255 Propagation of DCB Information...256 Auto-Detection and Manual Configuration of the DCBx Version 256 DCBx Example...256 DCBx Prerequisites and Restrictions...257 Configuring DCBx...257 Verifying the DCB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 10
Configure a Method of Hostname Resolution...279 Using DNS for Address Resolution...279 Using NetBIOS WINS for Address Resolution...280 Creating Manual Binding Entries...280 Debugging the DHCP Server...280 Using DHCP Clear Commands...281 Configure the System to be a Relay Agent...281 Configure the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 11
...325 Viewing the FRRP Configuration...325 Viewing the FRRP Information...325 Troubleshooting FRRP...325 Configuration Checks...325 Sample Configuration and Topology...326 18 19 High Availability (HA)...332 Component Redundancy...332 Automatic and Manual Stack Unit Failover...332 Contents 11 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 12
Management and Standby Units 333 Forcing an Stack Unit Failover...333 Specifying an Auto-Failover Limit...334 Disabling Auto-Reboot...334 Manually Synchronizing Management and Standby Units 334 Pre-Configuring a Stack Unit Slot...334 Removing a Provisioned Logical Stack Unit...335 Hitless Behavior - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 13
Interworking of EIS With Various Applications...358 Designating a Multicast Router Interface...358 21 Interfaces...359 Basic Interface Configuration...359 Advanced Interface Configuration...359 Interface Types...360 View Basic Interface Information...360 Resetting an Interface to its Factory Default - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 14
Monitoring and Maintaining Interfaces...380 Maintenance Using TDR...381 Splitting QSFP Ports to SFP+ Ports...382 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port 382 Important Points to Remember...383 Example Scenarios...383 Configuring wavelength for 10-Gigabit SFP+ optics 386 Link - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 15
with Subnet Broadcast Addresses...412 UDP Helper with Configured Broadcast Addresses 412 UDP Helper with No Configured Broadcast Addresses 413 Troubleshooting UDP Helper...413 24 IPv6 Routing...414 Protocol Overview...414 Extended Address Space...415 Stateless Autoconfiguration...415 IPv6 Headers - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 16
Overview...434 Monitoring iSCSI Traffic Flows...435 Application of Quality of Service to iSCSI Traffic Flows 436 Information Monitored in iSCSI Traffic 443 Multi-Topology IS-IS...444 Transition Mode...444 Interface Support...444 Adjacencies...445 Graceful Restart...445 Timers...445 Implementation - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 17
LACP Modes...467 Configuring LACP Commands...467 LACP Configuration Tasks...468 Creating a LAG...468 Configuring the LAG Interfaces as Dynamic...468 Setting the LACP Long Timeout...469 Monitoring and Debugging LACP...469 Shared LAG State Tracking...470 Configuring Shared LAG State Tracking...470 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 18
Important Points to Remember...502 LLDP Compatibility...502 CONFIGURATION versus INTERFACE Configurations 502 Enabling LLDP...503 Disabling and Undoing LLDP...503 Enabling LLDP on Management Ports...503 Disabling and Undoing LLDP on Management Ports 504 Advertising TLVs...504 Viewing the LLDP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 19
MSDP with Anycast RP...532 Configuring Anycast RP...533 Reducing Source-Active Message Flooding...534 Specifying the RP Address Used in SA Messages 534 MSDP Sample Configurations...536 32 Multiple Spanning Tree Protocol (MSTP 539 Protocol Overview...539 Spanning Tree Variations...540 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 20
Interface...598 Redistributing Routes...599 Configuring a Default Route...599 Enabling OSPFv3 Graceful Restart...600 OSPFv3 Authentication Using IPsec...602 Troubleshooting OSPFv3...608 36 Policy-based Routing (PBR)...609 Overview...609 Implementing PBR...610 Configuration Task List for Policy-based - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 21
Send Multicast Traffic...621 Configuring PIM-SM...621 Related Configuration Tasks...622 Enable PIM-SM...622 Configuring S,G Expiry Timers...623 Configuring a Static Rendezvous Point...624 Overriding Bootstrap Router Updates...624 Configuring a Designated Router...624 Creating Multicast Boundaries - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 22
yellow" with single traffic class 691 Applying Layer 2 Match Criteria on a Layer 3 Interface 692 Applying DSCP and VLAN Match Criteria on a Service Queue 692 Classifying Incoming Packets Using ECN and Color-Marking 693 Guidelines for Configuring ECN for Classifying and Color-Marking Packets 695 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 23
Sample configuration to mark non-ecn packets as "yellow" with Multiple traffic class 695 Sample configuration to mark non-ecn packets as "yellow" with single traffic class 696 Enabling Buffer Statistics Tracking ...697 43 Routing Information Protocol (RIP)...699 Protocol Overview...699 RIPv1...699 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 24
Cipher List...746 Secure Shell Authentication...747 Troubleshooting SSH...749 Telnet...750 VTY Line and and Authorization 751 VTY MAC-SA Filter Support...751 Role-Based Access Control...752 Overview Display Information About User Roles...761 48 Service Provider Bridging...763 VLAN Stacking...763 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 25
Dynamic Mode CoS for VLAN Stacking...773 Mapping C-Tag to S-Tag dot1p Values...775 Layer 2 Protocol Tunneling...775 Implementation Information...777 Enabling Layer 2 Protocol Tunneling...777 Specifying a Destination MAC Address for BPDUs 778 Setting Rate-Limit BPDUs...778 Debugging Layer 2 Protocol - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 26
SNMP...808 Deriving Interface Indices...809 Monitor Port-Channels...810 Troubleshooting SNMP Operation...811 51 Stacking...812 Stacking Overview...812 Stack Roles...814 MAC Addressing on Stacks...814 Stacking LAG...815 Supported Stacking Topologies...815 High Availability on Stacks...816 Management - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 27
Stack...830 Removing Front End Port Stacking...831 Troubleshoot a Stack...831 Recover from Stack Link Flaps...831 Recover from a Card Problem State on a Stack 832 52 Storm Control Configuration Wizard 851 Configuring SupportAssist Manually...851 Configuring SupportAssist Activity...853 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 28
Enabling NTP...860 Configuring NTP Broadcasts...861 Disabling NTP on an Interface...861 Configuring a Source IP Address for NTP Packets 861 Configuring NTP Authentication...862 Dell Networking OS Time and Date...864 Configuration Task List ...864 Setting the Time and Date for the Switch Software - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 29
Snooping...902 VLT IPv6...903 VLT Port Delayed Restoration...903 PIM-Sparse Mode Support on VLT...903 VLT Routing ...905 Non-VLT ARP Sync...907 RSTP a VLT Configuration...922 Additional VLT Sample Configurations...925 Troubleshooting VLT...927 Reconfiguring Stacked Switches as VLT...928 Specifying - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 30
Proxy ARP Capability on VLT Peer Nodes...934 Working of Proxy ARP for VLT Peer Nodes...934 VLT Nodes as Rendezvous Points for Multicast Resiliency 935 Configuring VLAN-Stack over VLT...936 IPv6 Peer Routing in VLT Domains Overview...939 IPv6 Peer Routing...939 Synchronization of IPv6 ND Entries in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 31
an Over-temperature Condition...996 Recognize an Under-Voltage Condition...996 Troubleshoot an Under-Voltage Condition...996 Troubleshooting Packet Loss...997 Displaying Drop Counters...997 Dataplane Statistics...999 Display Stack Port Statistics...1000 Display Stack Member Counters...1000 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 32
including Internet Engineering Task Force (IETF) requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Topics: • Audience • Conventions • Related - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 33
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 34
when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, 10 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 35
PRIORITY-GROUP PROTOCOL GVRP QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 36
CLI Command Mode Loopback Interface Management Ethernet Interface Null Interface Port-channel Interface Tunnel Interface VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 37
priority-group PROTOCOL GVRP Dell(config-gvrp)# protocol gvrp QOS POLICY Dell(conf-qos-policy-out-ets)# qos-policy-output SUPPORTASSIST Dell(support-assist)# support-assist VLT DOMAIN Dell(conf-vlt-domain)# vlt domain VRRP Dell(conf-if-interface-type- vrrp-group slot/port-vrid-vrrp - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 38
-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 39
cd clear clock Change current directory Reset functions Manage the system clock • Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 40
Short-Cut Key Action Combination Esc D Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 41
The no-more command displays the output all at once rather than one screen at a time. This is similar to the terminal length command except that the no-more option affects the output of the specified command only. The save command copies the output to a file for future reference. NOTE: You can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 42
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 43
Console Access The device has two management ports available for system access: a serial RS-232 /RJ-45 console port and an out-of-band (OOB) Ethernet port to manage the switch with an IP address. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 44
session and run commands or script files. This method of connectivity is supported with S4810, S4048-ON, S3048-ON, S4820T, and Z9000 switches might expect a failure in executing SSH-related scripts. • To avoid denial of service (DoS) attacks, a rate-limit of 10 concurrent sessions per minute in SSH - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 45
the behavior may not really be interactive. • In some cases, when you use an SSH session, when certain show commands such as show tech-support produce large volumes of output, sometimes few characters from the output display are truncated and not displayed. This may cause one of the commands to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 46
interface ManagementEthernet slot/port 2 Assign an IP address to the interface. INTERFACE mode ip address ip-address/mask • ip-address: an address in dotted-decimal format (A.B.C.D). • mask: a subnet mask in /prefix-length format (/ xx). 3 Enable the interface. INTERFACE mode no shutdown Configure a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 47
• Create a password to access EXEC Privilege mode. CONFIGURATION mode enable [password | secret | sha256-password] [level level] [encryption-type] password • level: is the privilege level, is 15 by default, and is not required. • encryption-type: specifies how you input the password, is 0 by default - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 48
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 49
Source file name []: test.c User name to login remote host: username Example of Logging in to Copy from NFS Mount Dell#copy nfsmount:///test flash: Destination file name [test]: test2 ! 5592 bytes successfully copied Dell# Dell#copy nfsmount:///test.txt ftp://10.16.127.35 Destination file name [ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 50
period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems. To view a list of files or the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 51
the configuration files. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 52
no ip address shutdown ! interface TenGigabitEthernet 1/3 no ip address shutdown ! interface TenGigabitEthernet 1/4 no ip address shutdown ! interface TenGigabitEthernet 1/10 no ip address shutdown ! interface TenGigabitEthernet 1/34 ip address 2.1.1.1/16 shutdown ! interface Vlan 2 no ip address no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 53
by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Managing the File System The Dell Networking system can use the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 54
in CONFIGURATION mode. NOTE: The no feature vrf command is not supported on any of the platforms. To enable the VRF feature and cause show command-history Command Dell#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 [12/5 10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 55
that the local copy is exactly the same as the published software image. This validation procedure, and the verify {md5 | sha256} command to support it, prevents the installation of corrupted or modified images. The verify {md5 | sha256} command calculates and displays the hash of any file on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 56
keyword startup-config. • To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 57
and the Logging Configuration • Configuring a UNIX Logging Facility Level • Synchronizing Log Messages • Enabling Timestamp on Syslog Messages • File Transfer Services • Terminal Lines • Setting Timeout for EXEC Privilege Mode • Using Telnet to get to Another Network Device • Lock CONFIGURATION Mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 58
• restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands at his privilege level and below. Removing a Command from EXEC Mode To remove a command from the list of available commands in EXEC mode for a specific - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 59
CONFIGURATION mode privilege exec level level {command ||...|| command} • Move a command from EXEC Privilege to EXEC mode. CONFIGURATION mode privilege exec level level {command ||...|| command} • Allow access to CONFIGURATION mode. CONFIGURATION mode privilege exec level level configure • Allow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 60
range Configure interface range sonet SONET interface tengigabitethernet TenGigabit Ethernet interface vlan VLAN interface Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#? end Exit from configuration mode exit Exit from interface configuration mode Dell(conf-if-te - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 61
• Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, display, and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 62
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 63
Example of Configuring the Logging Message Format Dell(conf)#logging version ? Select syslog version (default = 0) Dell(conf)#logging version 1 Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 64
Figure 2. Setting Up a Secure Connection to a Syslog Server Pre-requisites To configure a secure connection from the switch to the syslog server: 1 On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2 On the syslog server, create a reverse SSH tunnel from the syslog server to the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 65
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 66
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 67
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin User: admin Last login time: 12 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 68
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 69
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 70
Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 71
Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 72
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 73
application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. The FTP and TFTP services are enhanced to support the VRF-aware functionality. If you want the FTP or TFTP server to use a VRF table that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 74
CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 75
• Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server. Terminal Lines You can access the system remotely and restrict access to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 76
seq 10 deny ip 30.1.1.0/24 any seq 15 permit ip any any ! ip access-list extended testpermit seq 15 permit ip any any ! ipv6 access-list testv6deny seq 10 deny ipv6 3001::/64 any seq 15 permit ipv6 any any ! Dell(conf)# Dell(conf)#line vty 0 0 Dell(config-line-vty)#access-class testv6deny ipv6 Dell( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 77
reaches this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system during downtime. • Telnet 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 78
mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set autolock, every time a user is in CONFIGURATION mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 79
Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. Use the following commands if you forget your password. 1 Log onto the system using the console. 2 Power- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 80
in the following steps. For details about the setenv command, its supporting commands, and other commands that can help recover from a failed start , see the u-Boot chapter in the Dell Networking OS Command Line Reference Guide. 1 Power-cycle the chassis (pull the power cord and reinsert it). 2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 81
uBoot mode setenv gatewayip address 6 Reload the system. uBoot mode reset Restoring the Factory Default Settings Restoring the factory-default settings deletes the existing NVRAM settings, startup configuration, and all configured settings such as, stacking or fanout. To restore the factory default - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 82
In case the system fails to reload the image from the partition, perform the following steps: 1 Power-cycle the chassis (pull the power cord and reinsert it). 2 Hit any key to abort the boot process. You enter uBoot immediately, the => prompt indicates success. (during bootup) press any key 3 Assign - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 83
-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 84
Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 85
• Configuring the Static MAB and MAB Profile • Configuring Critical VLAN Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: 1 When the authenticator senses a link state change, it requests that the supplicant - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 86
in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Attribute 41 Attribute 61 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 87
• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 88
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.1X configuration information for an interface, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 89
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 90
The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 91
Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: 3600 seconds 10 SINGLE_HOST Initialize Initialize Initialize Initialize Re-Authenticating a Port You can configure the authenticator for periodic re-authentication. After the supplicant has - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 92
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. You can configure the amount of time the authenticator waits for a response. To terminate the authentication process, use the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 93
Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 94
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 95
! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 96
802.1x profile information Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring the Static MAB and MAB Profile Enable MAB (mac-auth-bypass) before using the dot1x static-mab command to enable static mab. To enable static MAB and configure a static MAB profile, use the following commands. • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 97
• Enable critical VLAN for users or devices INTERFACE mode dot1x critical-vlan [{vlan-id}] Specify a VLAN interface identifier to be configured as a critical VLAN. The VLAN ID range is 1- 4094. Example of Configuring a Critical VLAN for an Interface Dell(conf-if-Te-2/1)#dot1x critical-vlan 300 Dell( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 98
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 99
on the hardware specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 100
You can have up to eight different ACL VLAN groups at any given time. 2 Add a description to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode description description 3 Apply an egress IP ACL to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode ip access-group {group name} out implicit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 101
cam-acl-vlan vlanaclopt 4 View the number of FP blocks that is allocated for the different VLAN services. EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 102
for VLAN Processes The VLAN contentaware processor (VCAP) application is a pre-ingress CAP that modifies the VLAN settings before packets are forwarded. To support ACL CAM optimization, the CAM carving feature is enhanced. A total of four VCAP groups are present: two fixed groups and two dynamic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 103
To display the number of FP blocks that is allocated for the different VLAN services, use the show cam-acl-vlan command. After you configure the ACL VLAN groups, reboot the system to store the settings in nonvolatile storage. During - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 104
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 105
Resequencing • Route Maps • Logging of ACL Processes • Flow-Based Monitoring Support for ACLs IP Access Control Lists (ACLs) In Dell Networking switch/ information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 106
for IPv6 ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create a Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. 106 Access Control Lists (ACLs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 107
is a standard or extended ACL. Determine the Order in which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). As shown in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 108
• Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation. • If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 109
interface TenGigabitEthernet 1/1 Set clauses: tag 35 level stub-area Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax. Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route-map - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 110
Also, if there are different instances of the same route-map, then it's sufficient if a permit match happens in any instance of that routemap. Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(config-route-map)#match metric 2000 In the following example, instance 10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 111
• Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source {access-list-name | prefix-list prefix-list-name - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 112
• Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route's next hop. CONFIG-ROUTE-MAP mode set next-hop ip-address • Assign an IPv6 address as the route's next hop. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 113
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 114
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 115
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1 Enter - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 116
ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log Dell(config-std-nacl)# To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 117
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. The traffic passes through the filter in the order of the filter's sequence and hence you can configure the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 118
Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence numbers to filters, you may have to insert a new filter. To prevent reconfiguring multiple - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 119
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 120
interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3 Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 121
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 122
packets were transmitted successfully. NOTE: The ip control-plane [egress filter] and the ipv6 control-plane [egress filter] commands are not supported. 1 Apply Egress ACLs to IPv4 system traffic. CONFIGURATION mode ip control-plane [egress filter] 2 Apply Egress ACLs to IPv6 system traffic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 123
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 124
! ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a "permit all" statement. By including this line in a prefix list, you specify that all routes not matching any - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 125
Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 126
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 127
Rules Rules After Resequencing: Resquencing seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 128
there is no match command, all traffic matches the route map and the set command applies. Logging of ACL Processes This functionality is supported on the S4810 platform. To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 129
the ACL parameters that pertain to that ACL entry. The ACL service collects the ACL log and records the following attributes per log message the logging settings associated with it are also removed. • ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 130
. If ACL logging is stopped because the configured threshold has exceeded, it is re-enabled after the logging interval period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. Configure ACL logging only on ACLs that are applied to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 131
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 132
Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S4810 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 133
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 134
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 135
The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS does - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 136
A session can have four states: Administratively Down, Down, Init, and Up. State Administratively Down Down Init Up Description The local system does not participate in a particular session. The remote system is not sending control packets or at least not within the detection time for a particular - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 137
Figure 10. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD) 137 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 138
system, the session state on the local system changes to Init. Figure 11. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 139
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 140
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1 Enter interface mode. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 141
Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 142
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 143
To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 144
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent notifies the BFD manager, which in turn notifies the OSPF protocol - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 145
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 146
The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 147
Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 148
Disabling BFD for OSPF If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 149
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 150
of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 151
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1 Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2 Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 152
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 153
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 154
Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 155
Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 156
2.2.2.2 1 273 273 0 3.3.3.2 1 282 281 0 0 (0) 04:32:26 0 0 0 00:38:12 0 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 157
Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ... Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 158
vrrp bfd all-neighbors Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 159
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 160
CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 161
chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol connections from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates inside - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 162
with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 163
Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 164
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 165
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 166
preferences. BGP sees that the Weight criteria results in two potential "best paths" and moves to local preference to reduce the options. If a number of best paths is determined, this selection criteria is applied to group's best to determine the ultimate best path. In non-deterministic mode (the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 167
c AS_CONFED_SET is not included in the AS_PATH length. d AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5 Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6 Prefer the path with the lowest multi- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 168
Figure 22. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 169
Figure 23. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 170
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 171
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 172
allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 173
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 174
router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 175
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 176
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 177
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 178
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 179
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 180
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 181
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 182
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 183
• neighbor next-hop-self • neighbor route-map out • neighbor route-reflector-client • neighbor send-community A neighbor may keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's and if the neighbor's configuration does not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 184
10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 185
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 186
prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 187
24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura 24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 188
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 189
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 190
You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION mode. AS-PATH ACL mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Use a configured AS-PATH ACL for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 191
Regular Expression ^ (caret) $ (dollar) . (period) * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 192
Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 193
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1 Create - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 194
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 195
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1 Enter the ROUTE-MAP mode and assign a name to a route map. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 196
route-map map-name [permit | deny] [sequence-number] 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 197
*>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 205.171.0.16 205.171.0.16 100 0 100 0 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 198
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 199
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 200
CONFIG-PREFIX LIST mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the configured prefix list. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} Configure the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 201
Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes. To view the BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 202
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. To configure a route reflector, use the following commands. • Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 203
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 204
default is 60 minutes. • route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 205
The following example shows how to configure values to reuse or restart a route. In the following example, default = 15 is the set time before the value decrements, bgp dampening 2 ? is the set re-advertise value, bgp dampening 2 2000 ? is the suppress value, and bgp dampening 2 2000 3000 ? is the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 206
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 207
can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes. When you configure a peer to support IPv4 multicast, Dell Networking OS takes the following actions: • Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 multicast as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 208
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 209
• Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp {ip-address | peer-group-name} soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only when route-refresh is not negotiated to avoid the peer from resending messages. In-BGP is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 210
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 211
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 212
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 213
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 214
R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config ! interface TengigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 215
BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 216
R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 217
10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 218
The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 256 CAM entries. Select 1 to configure 128 entries. Select 2 to configure 256 entries. Even though you can perform CAM carving to allocate the maximum - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 219
mode show cam-acl 4 Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 220
L2PT : 0 0 IpMacAcl : 0 0 VmanQos : 0 0 VmanDualQos : 0 0 EcfmAcl : 0 0 FcoeAcl : 0 0 iscsiOptAcl : 0 0 ipv4pbr : 0 2 vrfv4Acl : 0 2 Openflow : 0 0 fedgovacl : 0 0 Dell(conf)# Example of Viewing CAM-ACL Settings NOTE: If you change the cam-acl setting from - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 221
chapter. Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting. an error message. In this case, manually adjust the CAM configuration on the card with non-EG line cards, the non-EG line cards enter a problem state. • Before moving a card to a new chassis, change - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 222
flow region. 2 Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 223
11 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 224
-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. 224 Control Plane Policing (CoPP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 225
input name cpu-qos class-map name qos-policy name 7 Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8 Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 226
Dell(conf-policy-map-in-cpuqos)#exit The following example shows creating the control plane service policy. Dell(conf)#control-plane-cpuqos Dell(conf-control-cpuqos)#service-policy rate-limit-protocols egressFP_rate_policy Dell(conf-control-cpuqos)#exit 226 Control Plane Policing (CoPP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 227
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1 Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 228
RS/RA packets not given high priority leads to the session establishment problem. To solve this issue, starting from release 9.4.(0.0), IPv6 NDP to 12 on CPU port. However, the front-end port and the backplane ports support only 8 queues. As a result, when packets are transmitted to the local CPU, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 229
The backplane ports can have a maximum of 4 control queues. So, when we have more than 'n' CMIC queues for well-known protocols and n > 4, then streams on 'n' CMIC queues must be multiplexed on 4 control queues on back-plane ports and on the Master unit, these streams must be de-multiplexed to 'n' - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 230
mask lengths greater than /64. This will restrict the subnet sizes to required optimal level which would avoid these NDP attacks. The IPv6 stack already supports handling of >/64 subnets and doesn't require any additional work. The default catch-all entry is put in the LPM table for IPv4 and IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 231
CONFIGURATION mode Dell(conf)#control-plane-cpuqos 6 Assign the protocol based service policy on the control plane. Enabling this command on a port- applied to each queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 232
Q7 Dell# 1100 Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ Q6 CP 100 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 233
the root directory flash:/CONFIG_TEMPLATE. After copying the configuration files to the startup config and reloading the system. The device supports the following DCB features: • Data center bridging exchange protocol (DCBx) • Priority-based flow control (PFC) • Enhanced transmission selection (ETS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 234
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 235
FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic. Configure the same lossless queues on all ports. • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses DCB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 236
Traffic Groupings Traffic Groupings Group ID Group bandwidth Group transmission selection algorithm (TSA) In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: • PFC enabled or disabled • No bandwidth limit or no ETS processing • ETS uses the DCB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 237
converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE. • Priority-based flow control • Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol (FIP) snooping DCB processes virtual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 238
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 239
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 240
between peer devices. PFC allows network administrators to create zero-loss links for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network (LAN) traffic. To configure PFC, follow these steps: 1 Create a DCB Map - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 241
peer devices. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 242
queues, an error message displays. Configuring PFC in a DCB Map A switch supports the use of a DCB map in which you configure priority-based flow control create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packet-drop congestion management for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 243
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 244
that your network is used to process. For example, you can assign a higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of buffer space to be allocated for each priority and the pause or resume thresholds for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 245
or which is already configured for lossless queues (pfc no-drop queues command). Command Mode CONFIGURATION INTERFACE Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 246
as no-drop pfc no-drop INTERFACE queues for lossless traffic. For the dot1p-queue assignments. queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 247
,30-35 2 Associate above class-maps to Queues Queue assignment as below. NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3)to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic. Table 18 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 248
classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802 mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 249
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 250
-priority group and is given the priority-group (TCG) ID 15. • The CIN version supports two types of strict-priority scheduling: • Group strict priority: Use this to increase its bandwidth interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 250 Data Center Bridging (DCB) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 251
.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p to data queues, not to control queues. • Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 252
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 253
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 254
configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual The port is configured to operate only with administrator-configured settings and does not auto-configure with DCB settings received from a DCBx - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 255
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 256
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 257
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link a configuration-source role. 4 Configure ports to operate in a manual role. 1 Enter INTERFACE Configuration mode. CONFIGURATION mode interface type - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 258
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6 On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 259
4 Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | the Application Priority TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-appln- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 260
[no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7 Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 261
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 19. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 262
priority-list 4 set-pgid 2 The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 263
Table 20. show interface pfc summary Command Description Fields Interface Description Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 264
0 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1 ets summary Interface TenGigabitEthernet 1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled PG-grp Priority# BW-% BW-COMMITTED - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 265
The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : Admin is enabled TC-grp - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 266
interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 267
-unit all stack-ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 268
port role: auto-upstream, auto-downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used . In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 269
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 270
on all interfaces. CONFIGURATION mode dcb enable 2 Configure the shared PFC buffer size and the total buffer size. A maximum of 4 lossless queues are supported. CONFIGURATION mode dcb pfc-shared-buffer-size value dcb pfc-total-buffer-size value The default PFC total buffer size is 3088. 3 Configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 271
The number of ports supported based on lossless queues configured depends on the buffer. The default number of PFC queues in the system is two. For each priority, you can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 272
Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 273
1 Enabling DCB Dell(conf)#dcb enable 2 Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p 3 Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth 50 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 274
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 275
Option Subnet Mask Number and Description Option 1 Specifies the client's subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client's default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 276
client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. A server sends this message to the client if it is not able to fulfill - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 277
configurations that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For Management Responding To Client Requests Providing Administration Services Description DHCP servers are the owners of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 278
1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands 278 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 279
Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses in a DHCP address pool are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To exclude an address, follow this step. • Exclude an address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 280
for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to recommends specifying clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address and the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 281
the DHCP Client PDUs. NOTE: DHCP Relay is not available on Layer 2 interfaces and VLANs on the Z-Series and S4820T platforms. DHCP relay agent is supported on Layer 2 interfaces and VLANs on the S3048-ON, S4810 and S4048-ON platforms. Dynamic Host Configuration Protocol (DHCP) 281 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 282
Figure 35. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int tengigabitethernet 1/3 TenGigabitEthernet 1/3 is up, line protocol is down - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 283
Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported on Ethernet, VLAN, and port-channel interfaces. • The mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 284
added by the DHCP client. If you remove the statically configured IP route using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management routes added by the DHCP client that is removed or replaced by the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 285
new master reinitiates a DHCP packet transaction by sending a DHCP discovery packet on nonbound interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 286
To use the router as the VRRP owner, if you enable a DHCP client on an interface that is added to a VRRP group, assign a priority less than 255 but higher than any other priority assigned in the group. Configure the System for User Port Stacking (Option 230) Set the stacking-option variable to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 287
trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted. agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 288
ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1 Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2 Specify ports connected to IPv6 DHCP servers as trusted. INTERFACE mode ipv6 dhcp snooping trust 3 Enable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 289
clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command. • Display the contents of the binding table. EXEC Privilege mode show - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 290
Debugging the IPv6 DHCP To debug the IPv6 DHCP, use the following command. • Display debug information for IPV6 DHCP. EXEC Privilege mode debug ipv6 dhcp IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 291
a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 292
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 293
an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 294
NOTE: Before enabling SAV With VLAN option, allocate at least one FP block to the ipmacacl CAM region. DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet's source hardware address against the client hardware address field (CHADDR) in the payload. Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 295
Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source-address-validation discard-counters command displays the number of SAV dropped packets. Dell>show ip dhcp snooping source-address-validation discard-counters deny access-list on TenGigabitEthernet 1/1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 296
14 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 297
NOTE: You cannot separate LAG and ECMP, but you can use different algorithms across the chassis with the same seed. If LAG member ports span multiple port-pipes and line cards, set the seed to the same value on each port-pipe to achieve deterministic behavior. NOTE: If you remove the hash algorithm - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 298
• Configure the maximum number of paths per ECMP group. CONFIGURATION mode. ip ecmp-group maximum-paths {2-64} • Enable ECMP group path management. CONFIGURATION mode. ip ecmp-group path-fallback Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 299
Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indices are generated in even numbers (0, 2, 4, 6... 1022) and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 300
works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. In addition, DCB provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 301
FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 302
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 303
, solicitations, FLOGI/FDISC requests and responses, FLOGO requests and responses, keep-alive packets, and clear virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: FIP Snooping 303 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 304
Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure on all VLANs, enable FIP snooping globally on a switch. • A switch can support a maximum eight VLANs. Configure at least one FCF/bridge-to-bridge port mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 305
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 306
trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 307
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 308
NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 27. Displaying FIP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 309
Table 28. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 310
Table 30. show fip-snooping fcf Command Description Field FCF MAC FCF Interface VLAN FC-MAP ENode Interface FKA_ADV_PERIOD No of ENodes FC-ID Description MAC address of the FCF. Slot/port number of the interface to which the FCF is connected. VLAN ID number used by the session. FC-Map value - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 311
The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 312
Field Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Description Number of FIP FDISC reject frames received on the interface. Number of FIP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 313
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 38. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 314
Dell(conf-if-te-1/1)# switchport Dell(conf-if-te-1/1)# protocol lldp Dell(conf-if-te-1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Dell(conf)# interface tengigabitethernet 1/5 Dell(conf-if-te-1/5)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 315
16 FIPS Cryptography Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce. FIPS mode is also - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 316
, a new RSA host key-pair is generated automatically. You can also manually create this key-pair using the crypto key generate command. NOTE: Under certain in the Security chapter of the Dell Networking OS Command Line Reference Guide. Monitoring FIPS Mode Status To view the status of the current - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 317
Examples of the show fips status and show system Commands The following example shows the show fips status command. Dell#show fips status FIPS Mode : Enabled for the system using the show system command. The following example shows the show system command. Dell#show system Stack MAC : 00:01:e8:8a: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 318
against any single link/switch failure and thus provides for greater network uptime. Topics: • Protocol Overview • Implementing FRRP • FRRP Configuration • Troubleshooting FRRP • Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology. You can configure up to 255 rings - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 319
When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the groups; multiple rings can be connected with a common link. The platform supports up to 32 rings on a system (including stacked units). Member VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 320
In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 321
• Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) • Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. • Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 322
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 323
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 324
• The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1 Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 325
the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 326
• There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only. • Spanning Tree (if you enable it globally) must be disabled on both Primary and Secondary interfaces when you enable FRRP. • When the interface ceases to be a part of any FRRP process, if - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 327
Example of R3 TRANSIT interface TenGigabitEthernet 3/14 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 328
other. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN , implement the rapid spanning tree protocol (RSTP). The device does not support enabling GVRP and MSTP at the same time. Dell(conf)#protocol spanning - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 329
• RPM Redundancy Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 330
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 331
be >= 3*Join timer. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy. The primary RPM performs all the following sub-sections: • Automatic and Manual RPM Failover • RPM Synchronization GARP VLAN Registration Protocol (GVRP) 331 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 332
continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the dedicated or load-balanced redundancy for each component. Automatic and Manual Stack Unit Failover Stack unit failover is the process of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 333
Example of the show redundancy Command Dell#show redundancy -- Stack-unit Status -- Mgmt ID: 0 Stack-unit ID: 0 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 9.6(0.0) Link to Peer: Down Peer Stack-unit: not present -- Stack-unit Redundancy - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 334
auto-reboot, use the following command. • Prevent a failed stack unit from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot Manually Synchronizing Management and Standby Units To manually synchronize Management and Standby units at any time, use the following command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 335
does not trigger a topology change. Packet loss is non-zero, but trivial, and so is still called hitless. Dell Networking OS supports graceful restart for the following protocols: • Border gateway • Open shortest path first • Protocol independent multicast - sparse mode High Availability (HA) 335 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 336
• Intermediate system to intermediate system Software Resiliency During normal operations, Dell Networking OS monitors the health of both hardware and software components in the background to identify potential failures, even before these failures manifest. Software Component Health Monitoring On - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 337
System Log Event messages provide system administrators diagnostics and auditing information. Dell Networking OS sends event messages to the internal buffer, all terminal lines, the console, and optionally to a syslog server. For more information about event messages and configurable options, refer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 338
versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces. • Dell Networking systems cannot serve as an IGMP host or an IGMP version 1 IGMP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 339
leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 340
still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 341
Figure 43. IGMP Version 3-Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1 The first unsolicited report from the host indicates that it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 342
Figure 44. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1 Host 1 sends a message indicating it is leaving group 224.1.1.1 and that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 343
Figure 45. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1 Enable multicast routing using the ip multicast-routing command. 2 Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 344
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 345
Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1 225.1.2.1 TenGigabitEthernet 1/1 Mode IGMPV2 IGMPV2 Adjusting Timers Uptime 00:11:19 00:10:19 Expires 00 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 346
To apply the access list, use the following command. • Apply the access list. INTERFACE mode ip igmp access-group access-list-name Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 347
The following table lists the location and description shown in the previous illustration. Table 33. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 348
. IGMP Snooping Implementation Information • IGMP snooping on Dell Networking OS uses IP multicast addresses not MAC addresses. • IGMP snooping is supported on all stack members. • IGMP snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology changes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 349
CONFIGURATION mode ip igmp snooping enable • View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 350
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 351
association between applications and their port numbers. Table 34. Association Between Applications and Port Numbers Application Name Port Number SSH 22 Sflow-Collector 6343 Client Supported Supported Server Supported Internet Group Management Protocol (IGMP) 351 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 352
port for confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 353
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 354
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 355
• If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management application drop counter is incremented. • Whenever IP address is assigned to the management port, it is stored in a global variable in the IP stack, which is used for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 356
• EIS is enabled implies that EIS feature is enabled and the application might or might not be configured as a management application • EIS is disabled implies that either EIS feature itself is disabled or that the application is not configured as a management application Transit Traffic This - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 357
Protocol radius Sflow-collector Snmp (SNMP Mib response and SNMP Traps) ssh syslog tacacs telnet tftp icmp (ping and traceroute) Behavior when EIS is Enabled EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior for ICMP Behavior when EIS is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 358
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 359
and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state. Basic Interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 360
• Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • Configuring wavelength for 10-Gigabit SFP+ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 361
.10.10.1 TenGigabitEthernet 1/7 unassigned TenGigabitEthernet 1/8 unassigned TenGigabitEthernet 1/9 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 362
no ip address shutdown ! interface TenGigabitEthernet 2/7 no ip address shutdown ! interface TenGigabitEthernet 2/8 no ip address shutdown ! interface TenGigabitEthernet 2/9 no ip address shutdown Resetting an Interface to its Factory Default State You can reset the configurations applied on an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 363
interface is a single RJ-45 Fast Ethernet port on a switch. The interface provides dedicated management access to the system. Stack-unit interfaces support Layer 2 and Layer 3 traffic over the 10-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. These interfaces can also become part of virtual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 364
Type of Interface Port Channel VLAN Possible Modes Layer 2 Layer 3 Layer 2 Layer 3 Requires Creation Yes Default State Shutdown (disabled) Yes, except for the default VLAN. No shutdown (active for Layer 2) Shutdown (disabled for Layer 3 ) Configuring Layer 2 (Data Link) Mode Do not configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 365
ip address ip-address • Enable the interface. INTERFACE mode no shutdown Example of Error Due to Issuing a Layer 3 Command on a Layer 2 Interface If an interface is in the incorrect layer mode for a given command, an error message is displayed (shown in bold). In the following example, the ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 366
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 367
CONFIGURATION mode interface managementethernet interface The slot range is 0. • Configure an IP address and mask on a Management interface. INTERFACE mode ip address ip-address mask • ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in /prefix format (/x). - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 368
• When applied, the management port on the primary RPM assumes the virtual IP address. Executing the show interfaces and show ip interface brief commands on the primary RPM management interface displays the virtual IP address and not the actual IP address assigned on that interface. • A duplicate IP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 369
internets: MIB-II (RFC 1213). NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 370
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 371
Port Channel Implementation Dell Networking OS supports static and dynamic port channels. • Static - Port channels that are statically configured. • Dynamic - Port channels that are dynamically configured using the link aggregation control protocol ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 372
cannot have flow control. Flow control can only be present on the physical interfaces if they are part of a port channel. NOTE: The system supports jumbo frames by default (the default maximum transmission unit (MTU) is 1554 bytes). To configure the MTU, use the mtu command from INTERFACE mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 373
channel-member interface The interface variable is the physical interface type and slot/port information. 2 Double check that the interface was added to the port channel. INTERFACE PORT-CHANNEL mode show config Examples of the show interfaces port-channel Commands To view the port channel's - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 374
switchport channel-member TenGigabitEthernet 1/6 Dell(conf-if-portch)#int Te 1/6 Dell(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Te 1/6. Dell(conf-if)# Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 375
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3 Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 376
Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged Name: TenGigabitEthernet 1/1 802.1QTagged: True Vlan membership: Q - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 377
-value } For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change to another algorithm. CONFIGURATION mode Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 378
Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 379
Create a Multiple-Range The following is an example of multiple range. Example of the interface range Command (Multiple Ranges) Dell(conf)#interface range tengigabitethernet 1/5 - 10 , tengigabitethernet 1/1 , vlan 1 Dell(conf-if-range-te-1/1,te-1/5-10,vl-1)# Exclude Duplicate Entries The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 380
To define an interface-range macro, use the following command. • Defines the interface-range macro and saves it in the running configuration file. CONFIGURATION mode Define the Interface Range The following example shows how to define an interface-range macro named "test" to select Ten Gigabit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 381
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 382
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: When you split a 40G port (such as fo 1/4) into four 10G ports, the 40G interface configuration is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 383
NOTE: Although it is possible to configure the remaining three 10 Gigabit ports, the Link UP event does not occur for these ports leaving the lanes unusable. Dell Networking OS perceives these ports to be in a Link Down state. You must not try to use these remaining three 10 Gigabit ports for actual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 384
SFP+ 0 Connector = 0x23 Dell#show interfaces tengigabitethernet 0/3 transceiver SFP+ 0 Serial ID Base Fields SFP+ 0 Id = 0x0d SFP+ 0 Ext Id = 0x00 SFP+ 0 Connector = 0x23 Dell#show interfaces tengigabitethernet 0/4 transceiver SFP 0 Serial ID Base Fields SFP 0 Id = 0x0d SFP 0 Ext - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 385
QSFP 0 Diagnostic Information QSFP 0 Rx Power measurement type QSFP 0 Temp High Alarm threshold QSFP 0 Voltage High Alarm threshold QSFP 0 Bias High Alarm threshold = OMA = 0.000C = 0.000V = 0.000mA Dell#show interfaces fortyGigE 0/12 transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id = - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 386
LineSpeed 1000 Mbit Dell#show interfaces tengigabitethernet 0/5 gigabitethernet 0/0 is up, line protocol is down Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE LineSpeed 1000 Mbit Dell#show interfaces - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 387
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 388
Dell#show interfaces dampening Tengigabitethernet 1/1 Interface Supp Flaps Penalty Half-Life Reuse State Te 1/1 Up 0 0 1 2 Dell# Suppress 3 Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 389
To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 390
control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 391
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 392
Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization, and to manually synchronize them if necessary, use the following command sequence. 1 Determine the local interface status. Refer to the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 393
details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface sends - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 394
displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Configuring the Interface Sampling Size Although you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 395
more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 396
• Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones. Without an interface specified, the command clears all interface counters. EXEC Privilege mode clear counters [interface] [vrrp [vrid] | learning-limit] (OPTIONAL) Enter the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 397
, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. • Transport mode - (default) Use to encrypt policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual Internet Protocol Security (IPSec) 397 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 398
transform-set myXform-set session-key inbound esp 256 auth encrypt session-key outbound esp 257 auth encrypt match 0 tcp a::1 /128 0 a::2 /128 23 match 1 tcp a::1 /128 23 a::2 /128 0 match 2 tcp a::1 /128 0 a::2 /128 21 match 3 tcp a::1 /128 21 a::2 /128 0 match 4 tcp 1.1.1.1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 399
23 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 400
Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 401
if)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.11.1.1/24 no shutdown ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 402
----------S 2.1.2.0/24 S 6.1.2.0/24 S 6.1.2.2/32 S 6.1.2.3/32 S 6.1.2.4/32 S 6.1.2.5/32 S 6.1.2.6/32 S 6.1.2.7/32 S 6.1.2.8/32 S 6.1.2.9/32 S 6.1.2.10/32 S 6.1.2.11/32 S 6.1.2.12/32 S 6.1.2.13/32 S 6.1.2.14/32 S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- ------ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 403
VLAN interface to enable the generation of ICMP unreachable messages. PMTD is supported on all the layer 3 VLAN interfaces. Because all of the Layer 3 to the initial SYN packet that requests a connection to the router for a specific service (such as SSH or BGP) with a SYN ACK, the router waits for a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 404
interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive the show config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies commands - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 405
To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 406
Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • Configuring Static ARP Entries (optional) • Enabling Proxy ARP (optional) • Clearing ARP Cache (optional) • ARP Learning - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 407
maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 408
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. NOTE: Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re-installed in CAM. Use this option with extreme caution. ARP Learning via Gratuitous ARP Gratuitous ARP can mean - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 409
choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. IPv4 Routing 409 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 410
ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 411
Example of Enabling UDP Helper and Using the UDP Helper show Command Dell(conf-if-te-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view the interfaces and ports on which you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 412
Figure 49. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 413
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 414
IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended address space • Stateless autoconfiguration • Header format simplification • Improved - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 415
of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 416
• Next Header (8 bits) • Hop Limit (8 bits) • Source Address (128 bits) • Destination Address (128 bits) IPv6 provides for extension headers. Extension headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 417
itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 418
the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet's Source IP Address identifying the unknown option type. 418 IPv6 Routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 419
send an ICMP Parameter Problem, Code 2 message to to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 420
fe80::/64 subnet. Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system in the Dell Networking OS Command Line Interface Reference Guide. Extended Address Space IPv6 Neighbor Discovery Stateless Autoconfiguration - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 421
support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting Problem - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 422
Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages assigned, it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 423
Figure 54. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 424
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) 424 IPv6 Routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 425
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 426
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 427
the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router. NOTE: Telnet to link local addresses is supported on the system. • Enter the IPv6 Address for the device. EXEC mode or EXEC Privileged mode telnet [vrf vrf-name] ipv6 address • ipv6 address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 428
For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server community ipv6 • snmp-server community access-list-name ipv6 • snmp-server group ipv6 • snmp- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 429
IPV6 is enabled Stateless address autoconfiguration is enabled Link Local address: fe80::201:e8ff:fe8b:386e Global Unicast address(es): Actual address is 400::201:e8ff:fe8b:386e, subnet is 400::/64 Actual address is 412::201:e8ff:fe8b:386e, subnet is 412::/64 Virtual-IP IPv6 address is not set - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 430
The following example shows the show ipv6 route command. Dell#show ipv6 route Codes: C - connected, L - local, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 431
• Clear (refresh) all or a specific route from the IPv6 routing table. EXEC mode clear ipv6 route [vrf vrf-name] {* | ipv6 address prefix-length} • vrf vrf-name:(OPTIONAL) name of the VRF. • *: all routes. • ipv6 address: the format is x:x:x:x::x. • mask: the prefix length is from 0 to 128. NOTE: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 432
other-config-flag {on | off} 9 Enable verification of the advertised default router preference value. The preference value must be less than or equal to the specified limit. POLICY LIST CONFIGURATION mode router-preference maximum {high | low | medium} 10 Set the router lifetime. POLICY LIST - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 433
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing 433 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 434
provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies on iSCSI traffic. When enabled, iSCSI optimization to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 435
• iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier of congestion that would otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported. The following illustration shows iSCSI optimization between servers and a storage array in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 436
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 437
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 438
Synchronizing iSCSI Sessions Learned on VLT-Lags with VLTPeer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 439
addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 440
in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2. You cannot disable LLDP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 441
• remark: marks incoming iSCSI packets with the configured dot1p or DSCP value when they egress the switch. The default is: the dot1 and DSCP values in egress packets are not changed. 8 (Optional) Set the aging time for iSCSI session monitoring. CONFIGURATION mode [no] iscsi aging time time. The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 442
3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0 Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0 Target: iqn. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 443
-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS- called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 444
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 445
recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You can configure the system as a Level 1 router, a Level 2 router, or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 446
Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 447
Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 448
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 449
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 450
} • adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. • manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 451
Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value Current Mode/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 452
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 453
wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs. Cost Range Supported on IS-IS Interfaces 0 to 63 0 to 16777215 0 to 63 0 to 63 0 to : System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 454
• default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 455
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 456
Enter the type of interface and the interface information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 457
• static: for user-configured routes. • bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 458
and Partial SNPs. • Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password The Dell OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 459
new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER ISIS mode set-overload-bit This setting prevents other routers from using it as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 460
the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 461
to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is but set back to 63 because the higher value is not supported. wide wide narrow narrow narrow narrow transition transition transition narrow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 462
Beginning Metric Style transition narrow transition narrow transition narrow transition narrow transition wide transition wide transition wide transition wide transition Final Metric Style wide transition wide narrow wide transition transition wide narrow narrow transition transition Moving to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 463
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 464
Figure 57. IPv6 IS-IS Sample Topography IS-IS Sample Configuration - Congruent Topology IS-IS Sample Configuration - Multi-topology IS-IS Sample Configuration - Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 465
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 466
27 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 467
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 468
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 469
Dell(conf-if-te-4/15-lacp)#port-channel 32 mode active ... Dell(conf)#interface TenGigabitethernet 4/16 Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 470
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 471
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 472
• If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 473
0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 474
Figure 61. Inspecting the LAG Configuration 474 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 475
Figure 62. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 475 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 476
Figure 63. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 477
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 478
Figure 64. Inspecting a LAG Port on BRAVO Using the show interface Command 478 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 479
Figure 65. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 479 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 480
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 481
28 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 482
Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 483
NOTE: The CAM-check failure message beginning in Dell Networking OS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 484
mac learning-limit station-move The mac learning-limit station-move command allows a MAC address already in the table to be learned from another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 485
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 486
mac-address-table disable-learning lacp • Disable source MAC address learning from LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning lldp • Disable source MAC address learning from LACP and LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning If you don't use any option, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 487
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 488
dynamic LAG, the backup interface can be a static or dynamic LAG In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 489
-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-3/41-42)#interface tengig 3/41 Dell(conf-if-te-3/41)#shutdown 00:24 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 490
the interface to bring it back to an FEFD operational state. When you enable Aggressive mode on an interface in the same state, manual intervention is required to reset the interface. FEFD enabled systems (comprised of one or more interfaces) automatically switches between four different states - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 491
not received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface] Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 492
no shutdown 3 Enable fefd globally. CONFIGURATION mode fefd-global {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode. Dell#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is ' - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 493
Example of Viewing FEFD Configuration Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal 3 Unknown Debugging FEFD To debug FEFD, use the first command. To provide - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 494
with its peer 494 Layer 2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 495
29 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 496
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 72. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 497
to which a port belongs if the port is in Hybrid mode). Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV. Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the result of auto - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 498
LLDPMED framework. • LLDP-MED Network Connectivity Device - any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 499
formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 4 Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. 5 6 7 8 9 10 11 12-255 Location Identification - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 500
Capabilities 1 Network Policy 2 Location Identification 3 Extended Power via MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 53. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 501
8 9-255 Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 502
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 503
advertise disable end exit hello mode multiplier no show Advertise TLVs Disable LLDP protocol globally Exit from configuration mode Exit from LLDP configuration mode LLDP hello configuration LLDP mode configuration (default = rx and tx) LLDP multiplier configuration Negate a command or set its - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 504
management-interface 3 Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2 Enter LLDP management-interface mode. LLDP- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 505
• softphone-voice • streaming-video • video-conferencing • video-signaling • voice • voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 77. Configuring LLDP Viewing the LLDP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 506
PDT 1999-2014 Existing System Capabilities: Repeater Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled 506 Link Layer Discovery Protocol (LLDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 507
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 508
! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 509
use the no debug lldp command. Figure 78. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 510
Table 55. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus msgTxHold msgTxInterval rxInfoTTL txInfoTTL Basic TLV Selection mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal statsFramesDiscardedTotal - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 511
TLV Type TLV Name TLV Variable 127 Port-VLAN ID PVID 127 Port and Protocol VLAN ID port and protocol VLAN supported System Local Remote Local Remote port and protocol VLAN enabled Local Remote PPVID Local LLDP MIB Object lldpLocPortDesc lldpRemPortDesc lldpLocSysName lldpRemSysName - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 512
TLV Type 127 TLV Name VLAN Name TLV Variable VID VLAN name length VLAN name System Remote Local Remote Local Remote Local Remote Table 58. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 1 LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote LLDP-MED Class Type - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 513
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System Local Remote Local Remote Local Remote Local Remote Local Remote Power Priority Local Remote Power Value Local - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 514
30 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 515
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering To provide transparent failover or balancing, Microsoft clustering allows multiple servers using Microsoft Windows to be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 516
There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets that use these ARP entries. Enabling a Switch for Multicast NLB To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 517
31 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 518
Figure 80. MSDP SA Message Format Topics: • Anycast RP • Implementation Information • Configure Multicast Source Discovery Protocol • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 519
active sources in the area of the other RPs. If any of the RPs fail, IP routing converges and one of the RPs becomes the active RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 520
Figure 81. Configuring Interfaces for MSDP 520 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 521
Figure 82. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 521 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 522
Figure 83. Configuring PIM in Multiple Routing Domains 522 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 523
Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP. CONFIGURATION mode ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 524
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 525
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the SA cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 526
Figure 85. MSDP Default Peer, Scenario 2 526 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 527
Figure 86. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 527 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 528
Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 529
229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 73 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 530
UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1 OPTIONAL: Cache sources that the SA filter denies in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 531
ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache MSDP Source-Active - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 532
SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 533
• traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for the group must, at least initially, travel over the same part of the network. You can load balance source registration between multiple RPs by strategically mapping groups to RPs, but this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 534
CONFIGURATION mode interface loopback 2 Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3 In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 535
interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 536
neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.11 ip msdp originator-id Loopback 1 ! ip route 192.168.0.3/32 10.11.0. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 537
no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 538
MSDP Sample Configuration: R3 Running-Config ip multicast-routing ! interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 1/1 ip address 10. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 539
32 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 540
802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. • You can configure 64 MSTIs including the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 541
• Adding and Removing Interfaces • Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 542
• Create an MSTI. PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 543
spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 544
PROTOCOL MSTP mode revision number Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 545
4 Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20. Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 546
To change the port cost or priority of an interface, use the following commands. 1 Change the port cost of an interface. INTERFACE mode spanning-tree msti number cost cost The range is from 0 to 200000. For the default, refer to the default values shown in the table.. 2 Change the port priority of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 547
of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 90. MSTP with Three VLANs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 548
MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 1/21 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/31 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 200 no ip address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 549
no ip address tagged TenGigabitEthernet 2/11,31 no shutdown Router 3 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs mapped to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 550
(Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 551
• MSTP Instances. • To verify the VLAN to MSTP instance mapping, use the show commands. • Are there "extra" MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 552
across default and non-default virtual routing and forwarding (VRFs). The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Topics: • Enabling - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 553
5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 554
NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 555
Figure 91. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 61. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 556
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 557
ip pim neighbor-filter Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to route processor (RP) for the specified multicast source and group, use the following command. If the source DR never sends register packets to the RP, no hosts can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 558
Figure 92. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 62. Preventing a Source from Transmitting to a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 559
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 560
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 561
objects of interest, monitor their state, and report to a client when a change in an object's state occurs. The following tracked objects are supported: • Link status of Layer 2 interfaces • Routing status of Layer 3 interfaces (IPv4 and IPv6) • Reachability of IP hosts • Reachability of IPv4 and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 562
Figure 93. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 563
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 564
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 565
track object-id interface interface line-protocol Valid object IDs are from 1 to 65535. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 566
To configure object tracking on the routing status of a Layer 3 interface, use the following commands. 1 Configure object tracking on the routing status of an IPv4 or IPv6 interface. CONFIGURATION mode track object-id interface interface {ip routing | ipv6 routing} Valid object IDs are from 1 to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 567
In order for an route's reachability or metric to be tracked, the route must appear as an entry in the routing table. A tracked route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table. For example, when - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 568
(Optional) E-Series only: For an IPv4 route, you can enter a VRF name to specify the virtual routing table to which the tracked route belongs. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked route. OBJECT TRACKING mode delay {[up seconds] [down - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 569
track resolution {ip route | ipv6 route} {isis resolution-value | ospf resolution-value} The range of resolution values is: • ISIS routes - 1 to 1000. The default is 1. • OSPF routes - 1 to 1592. The efault is 1. 2 Configure object tracking on the metric of an IPv4 or IPv6 route. CONFIGURATION mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 570
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv6 route: Dell(conf)#track 8 ipv6 route 2::/64 metric threshold Dell(conf-track-8)#threshold metric up 30 Dell(conf-track-8)#threshold metric down 40 Displaying - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 571
IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 572
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 573
Figure 94. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 574
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 575
Figure 95. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 576
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 577
• Type 8: Link LSA (OSPFv3) - This LSA carries the IPv6 address information of the local links. • Type 9: Link Local LSA (OSPFv2), Intra-Area-Prefix LSA (OSPFv3) - For OSPFv2, this is a link-local "opaque" LSA as defined by RFC2370. For OSPFv3, this LSA carries the IPv6 prefixes of the router and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 578
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 579
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 580
router. Multiple OSPFv2 processes allow for isolating routing domains, supporting multiple route policies and priorities in different domains, and To ensure equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 581
Examples of Setting and Viewing a Dead Interval In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell(conf)#int tengigabitethernet 2/2 Dell(conf-if-te-2/2)#ip ospf hello-interval 20 Dell(conf-if-te-2/2)#ip ospf dead-interval 80 Dell(conf-if-te-2/2)# In the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 582
• Troubleshooting OSPFv2 1 Configure a physical interface. Assign an IP address, physical or of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 583
using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 584
no shutdown 3 Return to CONFIGURATION mode to enable the OSPFv2 process globally. CONFIGURATION mode router ospf process-id [vrf] The range is from 0 to 65535. After the OSPF process and the VRF are tied together, the OSPF process ID cannot be used again in the system. If you try to enable more OSPF - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 585
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 586
Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 587
CONFIG-ROUTEROSPF- id mode passive-interface {default | interface} The default is enabled passive interfaces on ALL interfaces in the OSPF process. Entering the physical interface type, slot, and number enables passive interface on only the identified interface. • For a 10-Gigabit Ethernet interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 588
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 589
• Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello-interval seconds • seconds: the range is from 1 to 65535 (the default is 10 seconds). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 algorithm to produce a message - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 590
Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100 Backup Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 591
Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 592
You are in PREFIX LIST mode. • Create a prefix list with a sequence number and a deny or permit action. CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] The optional parameters are: • ge min-prefix-length: is the minimum prefix - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 593
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 594
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 595
! interface TenGigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 - Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 596
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 597
CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128. 2 Bring up the interface. CONF-INT-type slot/port mode no shutdown Assigning Area ID on an Interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 598
EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non-default VRF and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 599
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 600
-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] • Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 601
• Display the Type-11 Grace LSAs sent and received on an OSPFv3 router (shown in the following example). EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database grace-lsa • Display the currently configured OSPFv3 parameters for graceful restart (shown in the following example). EXEC Privilege - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 602
The ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the IP and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 603
Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration using the internet key exchange [IKE] protocol is not supported are supported; encrypted and unencrypted keys are supported. NOTE: To encrypt all keys on a router, use the service password- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 604
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 605
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 606
• key: specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 607
-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 608
the routes in the OSPF database? • Did you include the OSPF routes in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events and/or packets • show ipv6 neighbors • show ipv6 routes Viewing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 609
36 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 610
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 611
PBR Exceptions (Permit) To create an exception to a redirect list, use thepermit command. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. The Dell Networking OS assigns the first available sequence number to a rule configured without - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 612
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 613
the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 614
redirect-group xyz shutdown Dell(conf-if-gi-1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 615
to give you a guidance with typical configurations. You can copy and paste from these examples to your CLI. Make the necessary changes to support your own IP addresses, interfaces, names, and so on. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 616
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 617
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 618
seq 25 redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144, Track 4 [up], Next-hop reachable (via Vl 20) Applied interfaces: Te 2/28 Dell# Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 619
Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 620
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 621
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 622
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 623
TenGigabitEthernet 2/13 (10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11 TenGigabitEthernet 1/12 TenGigabitEthernet 2/13 --More-- Configuring S,G Expiry Timers By - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 624
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 625
INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 626
. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default. Configure PIM-SSM Configuring PIM-SSM - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 627
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 628
Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 629
239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Never Member Ports: Te 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 630
port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 631
must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The platform supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 632
Example of Viewing a Monitoring Session In the example below, 0/25 and 0/26 belong to Port-pipe 1. This port-pipe has the same restriction of only four destination ports, new or used. Dell(conf-mon-sess-300)#do show mon session SessionID Source Destination Direction Mode Type ---- 0 Te 1/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 633
MONITOR SESSION mode source Example of Viewing Port Monitoring Configuration To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#$source ten 1/1 dest ten 1/2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 634
Figure 99. Port Monitoring Example Enabling Flow-Based Monitoring Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 635
Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote- configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 636
Figure 100. Remote Port Mirroring Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 637
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 638
Displaying Remote-Port Mirroring Configurations To display the current configuration of remote port mirroring for a specified session, enter the show config command in MONITOR SESSION configuration mode. Dell(conf-mon-sess-2)#show config ! monitor session 2 type rpm source fortyGigE 1/52 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 639
6 flow-based enable 7 no enable Configuring the sample Source Remote Port Mirroring Specify flow-based enable for mirroring on a flow by flow basis and also for vlan as source. (Optional) No disable command is mandatory in order for a rpm session to be active. Dell(conf)#interface vlan 10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 640
Configuring the sample Source Remote Port Mirroring Dell(conf)#inte te 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)#no shutdown Dell(conf-if-te-1/1)#exit Dell(conf)#interface te 1/2 Dell(conf-if-te-1/2)#switchport Dell(conf-if-te-1/2)#no shutdown Dell(conf-if-te-1/2)#exit Dell(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 641
direction. • A flow-based source VLAN is monitored only for ingress traffic (not egress traffic). direction. Changes to Default Behavior • Rate-limiting ïs not supported for ERSPAN traffic. • You can configure the same port as both source and destination in an ERSPAN session. • You can configure TTL - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 642
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1-3 mac access-group flow in Only ingress packets are supported for mirroring shutdown 642 Port Monitoring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 643
attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM bytes of the header needs to be ignored/ chopped off. • Some tools support options to edit the capture file. We can make use of such features ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 644
b Using Python script • Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and forward - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 645
supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide direct access between the guest ports. • A service provider can provide Layer 2 security for customers - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 646
• A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. • A primary VLAN has one or more promiscuous ports. • A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN - a subdomain of the primary VLAN. • There are two types of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 647
the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN. • Creating PVLAN Ports • Creating a Primary VLAN • Creating - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 648
NOTE: You cannot add interfaces that are configured as PVLAN ports to regular VLANs. You also cannot add "regular" ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 649
6 (OPTIONAL) Assign an IP address to the VLAN. INTERFACE VLAN mode ip address ip address 7 (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 650
INTERFACE VLAN mode private-vlan mode isolated 4 Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 651
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 102. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 652
is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 653
Primary Isolated Community : 4000 : 4003 : 4001 NOTE: In the following example, notice the addition of the PVLAN codes - P, I, and C - in the left column. The following example shows viewing the VLAN status. S50V#show vlan Codes: * - Default VLAN, G - GVRP VLANs, P - Primary, C - Community, I - - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 654
41 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree - developed by a third party - that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 655
three other variations of spanning tree, as shown in the following table. Table 65. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term Spanning Tree Protocol (STP) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 656
Configure Per-VLAN Spanning Tree Plus Configuring PVST+ is a four-step process. 1 Configure interfaces for Layer 2. 2 Place the interfaces in VLANs. 3 Enable PVST+. 4 Optionally, for load balancing, select a nondefault bridge-priority for a VLAN. Related Configuration Tasks • Modifying Global PVST - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 657
no disable vlan 100 bridge-priority 4096 Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 658
Example of the show spanning-tree pvst vlan Command To display the PVST+ forwarding topology, use the show spanning-tree pvst [vlan vlan-id] command from EXEC Privilege mode. Dell_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 659
The range is from 6 to 40. The default is 20 seconds. The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 660
The range is from 0 to 240, in increments of 16. The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 661
To keep both ports in a Forwarding state, use extend system ID. Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST+ does not detect a loop and both ports can remain in a Forwarding state. Figure 105. PVST+ with Extend System ID • Augment the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 662
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 2/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 663
protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+) 663 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 664
how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 67. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 665
Ingress Egress Egress Egress Egress Egress Figure 106. Dell Networking QoS Architecture Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations Quality of Service (QoS) 665 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 666
for Classifying and Color-Marking Packets • Applying Layer 2 Match Criteria on a Layer 3 Interface • Applying DSCP and VLAN Match Criteria on a Service Queue • Classifying Incoming Packets Using ECN and Color-Marking • Guidelines for Configuring ECN for Classifying and Color-Marking Packets • Sample - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 667
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 668
shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate shape 500 50 Dell(conf-if-te-1/1)#end 668 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 669
. Figure 107. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 670
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4 Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 671
4 Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class -maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 672
example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 673
regulate egress traffic. The regulation mechanisms for output QoS policies are bandwidth percentage, scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted and re-added automatically to ensure that the order of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 674
% - Default Bandwidth Percentage for 8- Queue System 1% 2% 3% 4% 5% 10% 25% 50% NOTE: The system supports 4 data queues. When you assign a percentage to one queue, note that this change also affects the amount of bandwidth ranging from 1 to 100%, in increments of 1%. 674 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 675
To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 676
48-63 32-47 32-47 16-31 16-31 0-15 0-15 Table 72. Default dot1p to Queue Mapping dot1p 0 1 Queue ID 0 0 676 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 677
the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 678
an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 679
Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input 1/11 Dell(conf-if-te-1/11)# qos dscp-color-policy bat-enclave-map Quality of Service (QoS) 679 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 680
a specific interface Dell# show qos dscp-color-policy detail tengigabitethernet 1/10 Interface TenGigabitEthernet 1/10 Dscp-color-map mapONE yellow 4,7 red 20,30 680 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 681
, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue-based rate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 682
, for example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. 682 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 683
Networking OS assigns a color (also called drop precedence) - red, yellow, or green - to each packet based on it DSCP value before queuing it. Quality of Service (QoS) 683 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 684
-profile Command Dell#show qos statistics wred-profile Interface Te 1/1 Drop-statistic Dropped Pkts Green Yellow Out of Profile 51623 51300 0 Dell# 684 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 685
against the CAM space for a specific port-pipe or all port-pipes using these commands: • test cam-usage service-policy input policy-map {stack-unit } number port-set number • test cam-usage service-policy input policy-map {stack-unit } all The output of this command, shown in the following example - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 686
shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. S4810 platform support four global service-pools in the egress direction. Two service pools are used- one for loss-based queues and the other for lossless (priority-based flow control (PFC - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 687
for backplane ports. Also, WRED/ECN is not supported for multicast packets. The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 688
queues when the minimum guaranteed buffers for the queue are consumed. S4810 platform supports four global service-pools in the egress direction. mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 689
access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 690
, all packets are considered as 'green' (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as 'yellow' alone will be provided. By default Dell Networking ip dscp • match ip precedence • match ip vlan 690 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 691
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 692
in class-map input configuration mode. You can include the class map in a policy map, and apply the class and policy map to a service queue using the service-queue command. In this way, the system applies the match criteria in a class map according to queue priority (queue numbers closer to 0 have - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 693
map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Classifying Incoming ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 694
) at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn 'match-any' logical operator of the class-map. 694 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 695
the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • ACK • FIN • SYN • PSH • RST • URG -group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Quality of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 696
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 697
! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Enabling Buffer Statistics Tracking You CELLS MCAST 3 0 Unit 1 unit: 3 port: 17 (interface Fo 1/160) Q# TYPE Q# TOTAL BUFFERED CELLS Quality of Service (QoS) 697 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 698
0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 698 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 699
variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 700
homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 701
CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange routing information. ROUTER RIP mode network ip-address Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 702
[120/1] via 29.10.10.12, 00:01:22, Fa 1/49 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 12.0.0.0/8 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 703
Assigning a Prefix List to RIP Routes Another method of controlling RIP (or any routing protocol) routing information is to filter the information through a prefix list. A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 704
To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 705
The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 706
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 707
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 708
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 709
10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 710
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- R 10.11.10.0/24 via 10.11.20.2, Te 3/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 711
no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/1 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/2 ip address 10.11.20.1/24 no shutdown ! - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 712
is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. 712 Remote Monitoring (RMON) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 713
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value eventnumber] falling-threshold - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 714
• number: assigned event number, which is identical to the eventIndex in the eventTable in the RMON MIB. The value must be an integer from 1 to 65,535 and be unique in the RMON Event Table. • log: (Optional) generates an RMON log entry when the event is triggered and sets the eventType in the RMON - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 715
• integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in the RMON History Table. • owner: (Optional) specifies the name of the owner of the RMON group of statistics. The default is a null-terminated string. • ownername: (Optional) records - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 716
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 76. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 717
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 718
• Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1 Enter PROTOCOL SPANNING TREE RSTP mode. CONFIGURATION mode protocol spanning-tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 719
Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.cbb4 Number of topology changes 4, last change occurred 00:02:17 ago on Te 1/26 Port 377 ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 720
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 721
• Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 722
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 723
• Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). • Disable global spanning tree (the no spanning-tree command in CONFIGURATION mode). To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface. INTERFACE mode spanning- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 724
46 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. 724 Software-Defined Networking (SDN) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 725
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 726
process request. • stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 727
actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 728
For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to five authentication methods to a method list. Dell Networking OS evaluates the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 729
NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 730
-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and keys, use the following command. • Turn on the obscuring of passwords and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 731
to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 732
Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 733
CONFIGURATION mode enable password [level level] [encryption-mode] password Configure the optional and required parameters: • level level: specify a level from 0 to 15. Level 15 includes all levels. • encryption-type: enter 0 for plain text or 7 for encrypted text. • password: enter a string up to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 734
Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC no Negate a command show Show running system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 735
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 736
a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 737
Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list. Default method lists do not need to be explicitly applied to the line, so they are not mandatory. To create a method list, use the following commands. • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 738
• retransmit retries: the range is from 0 to 100. Default is 3. • timeout seconds: the range is from 0 to 1000. Default is 5 seconds. • key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 739
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 740
use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 741
closes the Telnet session immediately. The following example demonstrates how to configure the access-class from a TACACS+ server. This configuration ignores the configured access-class on the VTY line. If you have configured a deny10 ACL on the TACACS+ server, the system downloads it and applies it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 742
proposes a countermeasure to the problem. This countermeasure is configured into remote login and other secure network services over an insecure network. Dell Networking Networking OS Command Line Interface Reference Guide. Dell Networking OS SCP, which SCP client software is supported. To use the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 743
RSA Authentication : disabled. Vty Encryption HMAC Dell(conf)# Remote IP To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 744
User name to login remote host: admin Password to login remote host: Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 745
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 746
cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 747
The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc. Example of Configuring a Cipher List The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 748
Using RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. 1 On the SSH client (Unix machine), generate an RSA key, as shown in the following example. 2 Copy the public key id_rsa.pub to the Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 749
-l User name option -m HMAC algorithm to use (for v2 clients only) -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 750
you use - line, local, or remote. Table 78. VTY Access Authentication Method Line Local TACACS+ RADIUS VTY access-class support? YES NO YES YES Username access-class support? NO YES NO NO Dell Networking OS provides several ways to configure access classes for VTY lines, including: • VTY Line - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 751
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 752
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 753
NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need to enter an enable password because you will be automatically placed in EXEC Priv mode. For greater security, the ability to view event, audit, and security system log is associated with user roles. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 754
login authentication test authorization exec test exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 755
permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles. Important Points to Remember - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 756
When you modify a command for a role, you specify the role, the mode, and whether you want to restrict access using the deleterole keyword or grant access using the addrole keyword followed by the command you are controlling access. For information about how to create new roles, see also Creating a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 757
The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode. Dell(conf)#role configure deleterole secadmin ? LINE Initial keywords of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 758
for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 759
privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 760
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 761
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 762
line route-map router Line Configuration mode Route map configuration mode Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 763
only 802.1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated, and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network. Even under ideal conditions, customers and the provider - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 764
Figure 111. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as . 1 Creating Access and Trunk Ports 2 Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 764 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 765
provider bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3 Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 766
as tagged, and VLAN 103, which is a stacking VLAN. Dell(conf)#interface tenigabitethernet 1/1 Dell(conf-if-te-1/1)#portmode hybrid Dell(conf-if-te-1/1)#switchport 766 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 767
TPID. Systems may use any 2byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value. Service Provider Bridging 767 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 768
appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. 768 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 769
Figure 112. Single and Double-Tag TPID Match Service Provider Bridging 769 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 770
Figure 113. Single and Double-Tag First-byte TPID Match 770 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 771
VLAN match - switch to default VLAN switch to default VLAN switch to default VLAN switch to VLAN switch to default VLAN switch to default VLAN Service Provider Bridging 771 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 772
switch to default VLAN VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 773
CFI/DEI Te 1/1 Green 0 Te 1/1 Yellow 1 Te 2/9 Yellow 0 Te 2/10 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 774
of Queue 3 also matches the traffic. This is an expected behavior. Examples of QoS Interface Configuration and Rate Policing policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 ! class-map match-any a layer2 match mac access-group a ! mac access-list standard a seq 5 permit any ! qos - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 775
rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 776
address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. 776 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 777
2 protocol tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode Service Provider Bridging 777 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 778
BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. 778 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 779
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 780
any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling rate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 781
in the sFlow datagram depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional information in the sFlow are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 782
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 783
Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum header second bold lines indicate sFlow is enabled on Te 1/16 and Te 1/17 Dell#show sflow sFlow services are enabled sFlow 783 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 784
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 785
per sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 786
output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 787
Table 81. Extended Gateway Summary IP SA IP DA static/connected/IGP static/connected/IGP static/connected/IGP BGP BGP static/connected/IGP BGP BGP srcAS and srcPeerAS - 0 - Exported Exported dstAS and dstPeerAS - Exported - Exported Exported Description Extended gateway data is not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 788
• MIB Support to Display the Software Core Files Generated by the System • Manage VLANs using SNMP • Managing Overload on Startup • Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Deriving Interface Indices • Monitor Port-Channels • Troubleshooting SNMP Operation - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 789
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC 3826. The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 790
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 791
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 792
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 793
The following example shows reading the value of the many managed objects at one time. > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Real Time Operating System Software Dell Operating System Version: 1.0 Dell Application Software Version: E_MAIN4 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 794
also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Dell Networking - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 795
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 796
than or equal to 5 minutes. This restriction also applies to the console message. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, the SNMP trap is not sent. To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 797
CONFIGURATION MODE snmp-server enable traps snmp syslog-unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity, enter the following command: CONFIGURATION MODE snmp-server enable traps snmp syslog-reachable Table 83. List of Syslog Server MIBS that have read - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 798
MIB Object OID copySrcFileLocation .1.3.6.1.4.1.6027.3.5.1.1.1.1.3 copySrcFileName copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 copyDestFileLocation .1.3.6.1.4.1.6027.3.5.1.1.1.1.6 copyDestFileName copyServerAddress .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 799
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 800
snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same command using the object OIDs. In both cases, a unique index number follows - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 801
a 11.11.11.11 copyUserName.110 s mylogin copyUserPassword.110 s mypass FTOS-COPY-CONFIG-MIB::copySrcFileType.110 = INTEGER: runningConfig(2) FTOS-COPY-CONFIG-MIB::copyDestFileName.110 = STRING: /home/startup-config FTOS-COPY-CONFIG-MIB::copyDestFileLocation.110 = INTEGER: ftp(4) FTOS-COPY-CONFIG-MIB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 802
MIB Object copyTimeStarted copyTimeCompleted copyFailCause copyEntryRowStatus OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13 .1.3.6.1.4.1.6027.3.5.1.1.1.1.14 .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Values 3 = failed Time value Time value 1 = bad filename 2 = copy in progress 3 = - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 803
2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 804
MIB Object chSysCoresStackUnitNumber chSysCoresProcess OID 1.3.6.1.4.1.6027.3.10.1.2.10.1.4 1.3.6.1.4.1.6027.3.10.1.2.10.1.5 Description Contains information that includes which stack unit or processor the core file was originated from. Contains information that includes the process names that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 805
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 806
• Each position in the 8-character string is for one port, starting with Port 1 at the left end of the string, and ending with Port 8 at the right end. A 0 indicates that the port is not a member of the VLAN; a 1 indicates VLAN membership. All hex pairs are 00, indicating that no ports are assigned - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 807
Example of Adding a Tagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as a tagged member of VLAN 10. >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 808
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 809
Example of Fetching MAC Addresses Learned on a Port-Channel Using SNMP Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number. MAC Addresses on Force10 System Dell( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 810
= INTEGER: 1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 811
: IF-MIB::linkUp IF-MIB::ifIndex.1107755009 = INTEGER: 1107755009 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 812
from 0 to 11 and it supports stacking up to six units. Topics: • Stacking Overview • Important Points to Remember • Stacking Installation Tasks • Stacking Configuration Tasks • Verify a Stack Configuration • Remove Units or Front End Ports from a Stack • Troubleshoot a Stack Stacking Overview Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 813
• Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Stack Master Election The stack elects a master and standby unit at - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 814
after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6-address | dhcp} Failover Roles If the stack - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 815
path selection inside the stack: If multiple paths exist between two units in the stack, the shortest path is used. Supported Stacking Topologies The device supports stacking in a ring or a daisy chain topology. Dell Networking recommends the ring topology when stacking the switches to provide - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 816
Figure 118. Supported Stacking Topologies High Availability on Stacks Stacks have master and standby management units analogous to Dell Networking route processor modules (RPM). The master unit synchronizes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 817
exit format fsck pwd rename reset show ssh-peer-stack-unit start telnet-peer-stack-unit terminal upload Dell(standby)# Exit from the EXEC Format a filesystem Filesystem check utility Display current working directory Rename a file Reset selected card Show running system information Open a SSH - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 818
, rebooted, and joined the stack. • If the new unit is running an Dell Networking OS version prior to 8.3.10.x , the unit is put into a card problem state, Dell Networking OS is not upgraded, and a syslog message is raised. The unit must be upgraded to Dell Networking OS version 8.3.12.0 before you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 819
the stack. 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3 Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack-unit-number renumber - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 820
EXEC Privilege mode show system brief Start with the management unit, then the standby, then each of the members in order of their assigned stack number (or the position in the stack you want each unit to take). Allow each unit to completely boot, and verify that the stack manager detects the unit, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 821
up up 1/3 1/3 10 up up Add Units to an Existing Stack You can add units to an existing stack in one of three ways. • By manually assigning a new unconfigured unit a position in an existing stack. • By adding a configured unit to an existing stack. • By merging two stacks. If you are adding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 822
Assigning a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps. 1 On the stack, determine the next available stack-unit number, and the management - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 823
3 Standby 4 Member 5 Member 6 Member 7 Member 8 Member 9 Member 10 Member 11 Member online S4810 S4810 8-3-7-13 64 not present not present not present not present not present not present not present not present Adding a Configured Unit to an Existing Stack To add a configured unit to an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 824
Merge Two Stacks You may merge two stacks while they are powered and online. To merge two stacks, connect one stack to the other using user port cables from the front end user portusing the mini-SAS cables from the stacking ports. • Dell Networking OS selects a master stack manager from the two - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 825
Renumbering the stack manager triggers the whole stack to reload, as shown in the message below. When the stack comes back online, the master unit remains the management unit. Dell#stack-unit 2 renumber 1 Renumbering master unit will reload the stack. WARNING: Interface configuration for current - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 826
-- Power Supplies -- Unit Bay Status Type FanStatus 0 0 absent absent 0 1 up AC up -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 0 0 up up 6960 up 6960 0 1 up up 6720 up 6720 Speed in RPM -- Unit 1 -Unit Type Status Required Type : Member Unit : not present : S4810 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 827
. • Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. • Display redundancy information. EXEC Privilege mode show redundancy Stacking 827 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 828
stack-unit unit-number • Reload a member unit, from the unit itself. EXEC Privilege mode reset-self • Reset a stack-unit when the unit is in a problem state. EXEC Privilege mode reset stack-unit unit-number {hard} Verify a Stack Configuration The light of the LED status indicator on the front panel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 829
: 44C Voltage : ok Serial Number : H1DL104400018 Part Number : Rev Vendor Id : Date Code : Country Code : Piece Part ID : N/A PPID Revision : N/A Service Tag : N/A Expr Svc Code : N/A Auto Reboot : disabled Burned In MAC : 00:01:e8:8c:53:32 No Of MACs : 3 -- Power Supplies - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 830
Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions. • Removing a Unit from a Stack • Removing Front End Port Stacking Removing a Unit from a Stack The running-configuration and startup-configuration are synchronized on all - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 831
reboots. The units come up as standalone units after the reboot completes. Troubleshoot a Stack To troubleshoot a stack, use the following recovery tasks. • Recover from Stack Link Flaps • Recover from a Card Problem State on a Stack Recover from Stack Link Flaps Stack link integrity monitoring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 832
on a Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error. To recover, disconnect the new unit from the stack, change the Dell Networking OS version to match the stack, and then reconnect it to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 833
-unicast configuration, use the show storm-control unknown-unicast [interface] command. EXEC Privilege Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 834
mode you can configure storm control for ingress and egress traffic. Do not apply per-virtual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on an interface or globally). • Configure storm control. CONFIGURATION mode • Configure the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 835
three other variations of spanning tree, as shown in the following table. Table 90. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 836
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 837
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 121. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 838
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 839
Figure 122. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 840
Topology change flag not set, detected flag not set Number of topology changes 3 last change occurred 0:16:11 ago from TenGigabitEthernet 2/3 Timers: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Times: hello 0, topology change 0, notification 0, aging Normal Port 289 ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 841
Table 91. STP Default Values STP Parameters Forward Delay Hello Time Max Age Port Cost • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • Port Channel with 100 Mb/s Ethernet interfaces • Port Channel with 1-Gigabit Ethernet interfaces • Port Channel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 842
The default values are listed in Modifying Global Parameters. To change the port cost or priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree 0 cost cost The range is from 0 to 65535. The default values are listed in Modifying - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 843
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 844
Figure 123. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. • drops the BPDU after it reaches the RP and generates a console - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 845
Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 846
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 847
• mstp: enables root guard on an MSTP-enabled port. • rstp: enables root guard on an RSTP-enabled port. • pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no spanning-tree 0 rootguard command in an interface configuration mode. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 848
per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 849
• Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 850
troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support information on SmartScripts, see Dell Networking Open Automation guide. Figure 126. SupportAssist NOTE: SupportAssist is Wizard • Configuring SupportAssist Manually • Configuring SupportAssist - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 851
data entry. Enable the SupportAssist service. CONFIGURATION mode support-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 852
. NOTE: This step is not mandatory and you can configure SupportAssist manually without performing this step. Even before you accept or reject the EULA activities and servers for the SupportAssist service. SUPPORTASSIST mode enable all Dell(conf)#support-assist Dell(conf-supportassist)#enable all - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 853
mac-address-table" "show trace" "show command-history" "show logging" "show tech-support" } : "alarms_records", : "arp_records", : "ip_route_records", : "mac-address-table_records", : "trace_records", : "command_history_records", : "system_logging_records", : "tech-support_records" 3 Configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 854
allows you to configure name, address and territory information of the company. SupportAssist Company configurations are optional for the SupportAssist service. To configure SupportAssist company, use the following commands. 1 Configure the contact information for the company. SUPPORTASSIST mode [no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 855
[no] contact-person [first ] last Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 2 Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 856
feature status including any activities, status of communication, last time communication sent, and so on. EXEC Privilege mode show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 857
save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure. Dell SupportAssist also collects and stores - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 858
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF. Topics - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 859
Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 860
Figure 127. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 861
Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 862
CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 863
in dotted decimal format (A.B.C.D). • ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. • key keyid : Configure a text string as the key exchanged between the NTP server and the client. • prefer: Enter the keyword prefer to set - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 864
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 865
:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. System Time and Date 865 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 866
Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following command. • Set the clock to the appropriate timezone and daylight saving time. CONFIGURATION - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 867
• last: Enter the keyword last to start daylight saving time in the last week of the month. • start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. • start-day: Enter the number of the day. The range - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 868
. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • Configuring a Tunnel • Configuring Tunnel Keepalive Settings • Configuring a Tunnel Interface • Configuring Tunnel Allow-Remote Decapsulation • Configuring the Tunnel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 869
tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 870
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 871
ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source anylocal tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Tunneling 871 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 872
57 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 873
Figure 128. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 874
Figure 129. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 875
• If one of the upstream interfaces in an uplink-state group that was down comes up, the set of UFD-disabled downstream ports (which were previously disabled due to this upstream port going down) is brought up and the UFD Disabled error is cleared. • If you disable an uplink-state group, the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 876
is automatically enabled in an uplink-state group. To re-enable upstream-link tracking, use the enable command. Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 877
02:37:29: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/7 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/7 02:37:29 : UFD: Group:3, UplinkState: DOWN 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed uplink state group state to down: Group - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 878
Uplink State Group: 3 Status: Enabled, Up Uplink State Group: 5 Status: Enabled, Down Uplink State Group: 6 Status: Enabled, Up Uplink State Group: 7 Status: Enabled, Up Uplink State Group: 16 Status: Disabled, Up Dell# show uplink-state-group 16 Uplink State Group: 16 Status: Disabled, Up Dell# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 879
The following example shows viewing the UFD configuration. Dell#show running-config uplink-state-group ! no enable uplink state track 1 downstream TenGigabitEthernet 1/2, 4, 6, 11-19 upstream TengigabitEthernet 1/8, 12 upstream PortChannel 1 ! uplink state track 2 downstream TenGigabitEthernet 1/1, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 880
upstream TenGigabitEthernet 1/3-4 Dell# show uplink-state-group 3 Uplink State Group: 3 Status: Enabled, Up Dell# show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled Uplink State Group : 3 Status: Enabled, Up Upstream Interfaces : Te 1/3(Up) Te 1/4(Dwn) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 881
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 882
VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-based VLANs and one default VLAN, as specified in Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 883
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 884
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 885
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 886
interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1 Po1(So 0/0-1) Te 1/2 Po1(So 0/0-1) When you remove a tagged interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 887
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 888
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 889
the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: • Proxy Gateway in VLT Domains • Configuring an LLDP VLT Proxy Gateway • Configuring a Static VLT Proxy Gateway Proxy Gateway in VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 890
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 891
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 892
• The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. • You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 893
Figure 132. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 894
Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address exclude-vlan 10 • Packet duplication may happen with "Exclude-VLAN" configuration - Assume you used the exclude-vlan option (called VLAN 10) in C - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 895
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 896
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 897
Figure 134. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 898
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 899
. • A VLT interconnect over 1G ports is not supported. • The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. • The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. • VLT peer switches operate as separate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 900
. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). • In a VLT domain, ingress and egress QoS policies are supported on physical VLT ports, which can be members of VLT port channels in the domain. • Ingress and egress QoS policies applied on VLT ports must - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 901
ports: 802.1p, LLDP, flow control, IPv6 dynamic routing, port monitoring, and jumbo frames. • Software features not supported with VLT • In a VLT domain, the following software features are not supported on VLT ports: 802.1x, DHCP snooping, FRRP, GVRP, ERSPAN, RSPAN, VXLAN, ingress and egress QOS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 902
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 903
that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 904
Figure 135. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 905
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 906
vlt domain domain-id 2 Enable peer-routing. VLT DOMAIN mode peer-routing 3 Configure the peer-routing timeout. VLT DOMAIN mode peer-routing-timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 907
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 908
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the address. 3 Configure a backup link for the VLT domain. 4 (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 909
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 910
back-up destination {ipv4-address | ipv6-address} [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. VLT DOMAIN CONFIGURATION - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 911
To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. For more information, refer to VLT Port Delayed Restoration. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1 Enter - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 912
To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the unit ID assigned - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 913
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 Enter the port-channel number that acts as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 914
back-up destination ip-address [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 6 When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 915
port-channel-protocol lacp 14 Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 15 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 916
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 917
2 Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vlt- peer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 918
channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:31 Te 1/18 (Up) PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 919
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 90b1.1cf4.9b79 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 90b1.1cf4.9b79 We are the root of Vlan 1000 Configured hello time 2, max age 20, forward delay 15 Interface Name PortID - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 920
Figure 136. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 921
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 922
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 923
EXEC mode show vlt role • Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode show running-config vlt • Display statistics on VLT operation. EXEC mode show vlt statistics • Display the RSTP configuration on a VLT peer switch, including the status of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 924
Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : 6(3) : 00:01:e8:8a:e9:91 : 00:01:e8:8a:e9:76 : 6(3) : 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 60 seconds : - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 925
HeartBeat Messages Received: 986 ICL Hello's Sent: 148 ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 926
Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 927
-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/48,52 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 928
Description Spanning tree mismatch at global level Behavior at Peer Up All VLT port channels go down on both VLT peers. A syslog error message is generated. Behavior During Run Time No traffic is passed on the port channels. A one-time informational syslog message is generated. Action to Take - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 929
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 930
PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not made a part of that VLAN. MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 931
Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN. • The ARP request packet originates on the primary VLAN for the intended destination IP address. The ARP request received on ICLs are not proxied, even if they are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 932
VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section describe how to configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 933
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 4 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5 To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 934
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 935
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 936
routing timeout value command. You can configure an optimal time for a VLT node to retain synced multicast routes or synced multicast outgoing interface (OIF), after a VLT peer node failure, using the multicast peer-routing-timeout command in VLT DOMAIN mode. Using the bootstrap router (BSR) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 937
no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 938
back-up destination 10.16.151.115 system-mac mac-address 00:00:00:11:11:11 unit-id 1 Dell# Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 939
(STP), thereby providing a loop-free network with optimal bandwidth utilization. IPv6 peer routing is supported on all the platforms that are compatible with IPv6 routing and support VLT. This functionality performs the following operations: • Forwarding control traffic to the correct VLT node - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 940
Synchronization of IPv6 ND Entries in a Non-VLT Domain Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. Routed VLT allows you to replace VRRP with routed VLT to route the traffic from Layer 2 access nodes. With ND synchronization, both the VLT nodes perform Layer 3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 941
Figure 137. Sample Configuration of IPv6 Peer Routing in a VLT Domain Sample Configuration of IPv6 Peer Routing in a VLT Domain Consider a sample scenario as shown in the following figure in which two VLT nodes, Unit1 and Unit2, are connected in a VLT domain using an ICL or VLTi link. To the south - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 942
Figure 138. Sample Configuration of IPv6 Peer Routing in a VLT Domain Neighbor Solicitation from VLT Hosts Consider a case in which NS for VLT node1 IP reaches VLT node1 on the VLT interface and NS for VLT node1 IP reaches VLT node2 due to LAG level hashing in the ToR. When VLT node1 receives NS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 943
Consider a situation in which NA for VLT node1 reaches VLT node1 on a non-VLT interface and NA for VLT node1 reaches VLT node2 on a non-VLT interface. When VLT node1 receives NA on a VLT interface, it learns the Host MAC address on the received interface. This learned neighbor entry is synchronized - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 944
it consumes the packets. VLT node will drop the RA message if it is received over ICL interface. Upgrading from Releases That Do Not Support IPv6 Peer Routing During an upgrade to Release 9.4(0.0) from earlier releases, VLT peers might contain different versions of FTOS. You must upgrade both the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 945
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 946
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 947
. Yes Yes No No No No Yes No Yes NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non-default-VRFs also. IPv6 ACLs are supported on default-VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. No Yes Yes No No Yes No No Virtual Routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 948
IPv6 capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF Yes Yes No No No Yes Yes Yes No No Yes Yes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 949
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 950
the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 951
Task View VRRP command output for the VRF vrf1 Command Syntax vrrp-group 10 virtual-address 10.1.1.100 no shutdown show vrrp vrf vrf1 TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 952
displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route • Configure a static route that points to a management interface. CONFIGURATION management - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 953
Figure 141. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 954
no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 955
interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 956
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 957
----------- C 1.0.0.0/24 O 10.0.0.0/24 C 11.0.0.0/24 ------Direct, Vl 128 via 1.0.0.1, Vl 128 Direct, Te 2/1 ----------0/0 110/2 0/0 ----------00:27:21 00:14:24 00:19:46 Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 958
that particular prefix will fail and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes. The source route will VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRF-Blue but not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 959
3 Configure VRF-red. ip vrf vrf-red interface-type slot/port ip vrf forwarding VRF-red ip address ip-address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4 Configure the import target in VRF-red. ip route-import 1:1 5 Configure the export target in VRF- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 960
ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11 0/0 00:00:10 22:39:59 Dell# show ip route vrf VRF- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 961
• If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG ("Duplicate prefix found %s in the target VRF %d", address, import_vrf_id) with The type/level is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 962
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. 962 Virtual Routing and Forwarding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 963
• You can expose a unique set of routes from the Source VRF for Leaking to other VRFs. For example, in VRF-red there is no option for exporting one set of routes (for example, OSPF) to VRF- blue and another set of routes (for example, BGP routes) to some other VRF. Similarly, when two VRFs leak or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 964
the Internet. Router B receives and forwards them on interface TenGigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 965
gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported. Virtual IP addresses can belong to the primary or secondary IP address' subnet configured on the interface. You can ping all the virtual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 966
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 967
no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 968
a total of 120 VRRP groups on a switch with Dell Networking OS or a total of 20 VRRP groups when using SFTOS. The S-Series supports varying number of maximum VRRP groups per interface. For more information, refer to VRRP Implementation. To activate a VRRP group on an interface (so that VRRP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 969
Examples of the Configuring and Verifying a Virtual IP Address The following example shows how to configure a virtual IP address. Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.1 Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.2 Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 970
same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 971
The following example shows verifying the VRRP authentication configuration using the show conf command. The bold section shows the encrypted password. Dell(conf-if-te-1/1-vrid-111)#show conf ! vrrp-group 111 authentication-type simple 7 387a7f2df5969da4 priority 255 virtual-address 10.10.10.1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 972
If are using VRRP version 2, you must configure the timer values in multiple of whole seconds. For example a timer value of 3 seconds or 300 centisecs are valid and equivalent. However, a time value of 50 centisecs is invalid because it not a multiple of 1 second. If you are using VRRP version 3, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 973
For a virtual group, you can track the line-protocol state or the routing status of any of the following interfaces with the interface interface parameter: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 974
authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track TenGigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 The following example shows verifying the tracking status. Dell#show track Track 2 IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 975
routing. Set the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you configure both configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 976
Figure 143. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 977
TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 978
Figure 144. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 979
R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1)#end R2#show vrrp TenGigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 980
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 981
Figure 145. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 982
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 983
VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#no ip address S1(conf-if-te-1/1)#switchport S1(conf-if-te-1/1)#no shutdown ! S1(conf-if-te-1/1)#interface vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 984
VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 1/1 S2(conf-if-te-1/1)#no ip address S2(conf-if-te-1/1)#switchport S2(conf-if-te-1/1)#no shutdown ! S2(conf-if-te-1/1)#interface vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 985
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. Virtual Router Redundancy Protocol (VRRP) 985 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 986
NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface tengigabitethernet 1/1 R2(conf-if- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 987
Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 0/0 TenGigabitEthernet 0/0, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 988
Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 988 Virtual Router Redundancy Protocol (VRRP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 989
64 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 990
3 Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-0.txt Diags completed... Rebooting the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 991
-- Power Supplies -- Unit Bay Status Type FanSpeed(rpm) 0 0 down UNKNOWN 0 0 1 up AC 14000 -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 0 0 up up 13466 up 13466 0 1 up up 13653 up 13466 Speed in RPM The following example shows the diag command ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 992
command from the flash:// TRACE_LOG_DIR directory. NOTE: Non-management member units do not support this functionality. Last Restart Reason If the system restarts for some reason (automatically or manually), the show system command output includes the reason for the restart. The following table - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 993
reboots an Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Using the Show Hardware Commands The show hardware command tree consists of commands used with the system. These commands display information - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 994
EXEC Privilege mode show hardware stack-unit {0-11} drops unit {0-1} port {1-64} This view helps identifying the stack unit/port pipe/port that may experience internal drops. • View the input and output statistics for a stack-port interface. EXEC Privilege mode show hardware stack-unit {0-11} stack- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 995
QSFP 52 Length(OM1) 1m = 0x00 QSFP 52 Length(Copper) 1m = 0x00 QSFP 52 Vendor Rev = 01 QSFP 52 Laser Wavelength = 850.00 nm QSFP 52 CheckCodeBase = 0x26 QSFP 52 Serial ID Extended Fields QSFP 52 BR max = 0 QSFP 52 BR min = 0 QSFP 52 Vendor SN = QC050955 QSFP 52 Datecode = 120205 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 996
Unit2 55 60 75 80 85 Minor Off Minor Major Off Major Shutdown Unit3 55 60 75 80 85 Troubleshoot an Over-temperature Condition To troubleshoot an over-temperature condition, use the following information. 1 Use the show environment commands to monitor the temperature levels. 2 Check - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 997
containing the packet buffer statistics per COS per port. The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet loss, use the following commands. • show hardware stack-unit stack-unit-number cpu data-plane statistics • show hardware - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 998
Example of the show hardware stack-unit Command to View Drop Counters Statistics Dell#show hardware stack-unit 0 drops UNIT No: 0 Total Ingress Drops :0 Total IngMac Drops :0 Total Mmu Drops :0 Total EgMac Drops :0 Total Egress Drops :0 UNIT No: 1 Total Ingress Drops :0 Total IngMac Drops :0 Total - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 999
IPv4 L3UC Aged & Drops : 0 TTL Threshold Drops : 0 INVALID VLAN CNTR Drops : 0 L2MC Drops : 0 PKT Drops of ANY Conditions : 0 Hg MacUnderflow : 0 TX Err PKT Counter : 0 --- Error counters--- Internal Mac Transmit Errors : 0 Unknown Opcodes : 0 Internal Mac Receive Errors : 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1000
txPkt(COS11) :0 txPkt(UNIT0) :0 Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 1 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Display Stack Port Statistics The show - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1001
RX - Broadcast Frame Counter RX - Byte Counter RX - Control frame counter RX - PAUSE frame counter RX - Oversized frame counter RX - Jabber frame counter RX - VLAN tag frame counter RX - Double VLAN tag frame counter RX - RUNT frame counter RX - Fragment counter RX - VLAN tagged packets TX - 64 Byte - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1002
RX - Oversized frame counter 0 RX - Jabber frame counter 0 RX - VLAN tag frame counter 0 RX - Double VLAN tag frame counter 0 RX - RUNT frame counter 0 RX - Fragment counter 0 RX - VLAN tagged packets 0 TX - 64 Byte Frame Counter 0 TX - 64 to 127 Byte Frame Counter 0 TX - 128 to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1003
dumps. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1004
- Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1005
describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1006
Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 99. General 2460 Internationalization of the File Transfer Protocol 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1007
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 100. General IPv4 Protocols R Full Name F C # Z-Series 79 Internet Protocol 1 79 Internet Control 2 Message Protocol 82 An Ethernet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1008
a 28 Variant of the Tiny Fragment Attack S-Series 7.6.1 7.6.1 7.7.1 7.8.1 7.8.1 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 101. General IPv6 Protocols RF Full Name C# Z-Series 188 DNS 6 Extensions to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1009
S-Series 7.8.1 8.3.12.0 7.8.1 8.3.12.0 7.8.1 7.8.1 8.3.12.0 8.3.12.0 8.3.12.0 Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 102. Border Gateway Protocol (BGP) RFC# Full Name 1997 BGP ComAmtturnibituitees 2385 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1010
Gateway Protocol 4 (BGP-4) 7.8.1 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 103. Open Shortest Path First (OSPF) RFC# Full Name 1587 The OSPF Not-So-Stubby Area - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1011
4191 Default Router Preferences and More-Specific Routes S-Series 7.8.1 7.8.1 8.3.12.0 Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 106. Multicast RFC# Full Name 1112 Host Extensions for IP Multicasting 2236 Internet Group - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1012
Protocol Specification (Revised) S-Series 7.8.1 7.8.1 SSM for IPv4 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 107. Network Management RFC# 1155 1156 1157 1212 1215 1493 1724 1850 1901 2011 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1013
Table, Ethernet History Table, Alarm Table, Event Table, Log Table The Interfaces Group MIB 7.6.1 Remote Authentication Dial In User Service (RADIUS) 7.6.1 Remote Network Monitoring Management Information 7.6.1 Base for High Capacity Networks (64 bits): Ethernet Standards Compliance 1013 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1014
for High Capacity 7.6.1 Alarms, High-Capacity Alarm Table (64 bits) IEEE 802.1X Remote Authentication Dial In User 7.6.1 Service (RADIUS) Usage Guidelines Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) Textual Conventions - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1015
that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) Force10 C-Series Enterprise Chassis MIB Force10 Enterprise IF Extension MIB (extends the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.100.0 - Page 1016
https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance. 1016 Standards Compliance
Dell
Configuration
Guide for the S4810 System
9.10(0.0)