Dell PowerSwitch S4810P Configuration Guide for the S4810 System 9.90.0
Dell PowerSwitch S4810P Manual
View all Dell PowerSwitch S4810P manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S4810P manual content summary:
- Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1
Dell Configuration Guide for the S4810 System 9.9(0.0) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 3
Contents 1 About this Guide...33 Audience...33 Conventions...33 Related Documents...33 2 Configuration Fundamentals 34 Accessing the Command Line...34 CLI Modes...34 Navigating CLI Modes...36 The do - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 4
a UNIX Logging Facility Level...70 Synchronizing Log Messages...71 Enabling Timestamp on Syslog Messages...71 File Transfer Services...72 Configuration Task List for File Transfer Services...72 Enabling the FTP Server...72 Configuring FTP Server Parameters...72 Configuring FTP Client Parameters...73 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 5
Using Telnet to get to Another Network Device...76 Lock CONFIGURATION Mode...76 Viewing the Configuration Lock Status...77 Recovering from a Forgotten Password...77 Recovering from a Forgotten Enable Password...78 Recovering from a Failed Start...79 Restoring the Factory Default Settings...79 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 6
Configuring Dynamic VLAN Assignment with Port Authentication 103 Guest and Authentication-Fail VLANs...104 Configuring a Guest VLAN...105 Configuring an Authentication-Fail VLAN...105 7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM).... 107 Optimizing CAM Utilization - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 7
...158 Configure BFD for VRRP...164 Configuring Protocol Liveness...167 Troubleshooting BFD...167 10 Border Gateway Protocol IPv4 (BGPv4 169 Autonomous BGP with Dell Networking OS...179 Additional Path (Add-Path) Support...179 Advertise IGP Cost as MED for Redistributed Routes 179 Ignore Router - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 8
AS Number Migration...182 BGP4 Management Information Base (MIB)...183 Important Points to Remember...183 Configuration Information...184 BGP Configuration...184 Enabling BGP...185 Configuring AS4 Number Representations...188 Configuring Peer Groups...189 Configuring BGP Fast Fall-Over...192 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 9
CAM Allocation...225 Test CAM Usage...227 View CAM-ACL Settings...227 View CAM Usage...229 CAM Optimization...229 Troubleshoot CAM Profiling...229 CAM Profile Mismatches...229 QoS CAM Region Limitation...230 12 Control Plane Policing (CoPP 231 Configure Control Plane Policing...232 Configuring CoPP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 10
Gateway...287 Configure a Method of Hostname Resolution...287 Using DNS for Address Resolution...287 Using NetBIOS WINS for Address Resolution...287 Creating Manual Binding Entries...287 Debugging the DHCP Server...288 Using DHCP Clear Commands...288 Configure the System to be a Relay Agent...288 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 11
Source Address Validation...299 Enabling IP Source Address Validation...299 DHCP MAC Source Address Validation...300 Enabling IP+MAC Source Address Validation...300 Viewing the Number of SAV Dropped Packets...301 Clearing the Number of SAV Dropped Packets...301 15 Equal Cost Multi-Path (ECMP 302 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 12
the FRRP Configuration...330 Viewing the FRRP Information...330 Troubleshooting FRRP...330 Configuration Checks...330 Sample Configuration and Topology High Availability (HA 337 Component Redundancy...337 Automatic and Manual Stack Unit Failover...337 Synchronization between Management and Standby - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 13
IGMP Protocol Overview...343 IGMP Version 2...343 IGMP Version 3...344 Configure IGMP...347 Related Configuration Tasks...347 Viewing IGMP Enabled Interfaces...348 Selecting an IGMP Version...348 Viewing IGMP Groups...348 Adjusting Timers...349 Adjusting Query and Response Timers...349 Preventing a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 14
Configuring Layer 3 (Interface) Mode...368 Egress Interface Selection (EIS)...369 Important Points to Remember...369 Configuring EIS...369 Management Interfaces...370 Configuring Management Interfaces...370 Configuring a Management Interface on an Ethernet Port 371 VLAN Interfaces...372 Loopback - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 15
Auto-Negotiation on Ethernet Interfaces...394 Setting the Speed and Duplex Mode of Ethernet Interfaces 394 Set Auto-Negotiation Options...396 View Advanced Interface Information...397 Configuring the Interface Sampling Size...397 Dynamic Counters...398 Clearing Interface Counters...399 23 Internet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 16
...414 UDP Helper with No Configured Broadcast Addresses 415 Troubleshooting UDP Helper...415 25 IPv6 Routing...416 Protocol Overview... Overview...435 Monitoring iSCSI Traffic Flows...436 Application of Quality of Service to iSCSI Traffic Flows 436 Information Monitored in iSCSI Traffic Flows - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 17
System 444 IS-IS Protocol Overview...444 IS-IS Addressing...444 Multi-Topology IS-IS...445 Transition Mode...445 Interface Support...445 Adjacencies...445 Graceful Restart...446 Timers...446 Implementation Information...446 Configuration Information...447 Configuration Tasks for IS-IS...447 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 18
29 Layer 2...481 Manage the MAC Address Table...481 Clearing the MAC Address Table...481 Setting the Aging Time for Dynamic Entries...481 Configuring a Static MAC Address...481 Displaying the MAC Address Table...482 MAC Learning Limit...482 Setting the MAC Learning Limit...483 mac learning-limit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 19
Configuring the Time to Live Value...507 Debugging LLDP...508 Relevant Management Objects...508 31 Microsoft Network Load Balancing 514 NLB Unicast Mode Scenario...514 NLB Multicast Mode Scenario...514 Limitations of the NLB Feature...515 Microsoft Clustering...515 Enable and Disable VLAN Flooding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 20
Related Configuration Tasks...543 Enable Multiple Spanning Tree Globally...544 Adding and Removing Interfaces...544 Creating Multiple Spanning Tree Instances...544 Influencing MSTP Root Selection...545 Interoperate with Non-Dell Bridges...546 Changing the Region Name or Revision...546 Modifying - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 21
-Interface...600 Redistributing Routes...601 Configuring a Default Route...601 Enabling OSPFv3 Graceful Restart...601 OSPFv3 Authentication Using IPsec...604 Troubleshooting OSPFv3...610 37 Policy-based Routing (PBR 611 Overview...611 Implementing PBR...612 Configuration Task List for Policy-based - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 22
39 PIM Source-Specific Mode (PIM-SSM 628 Implementation Information...628 Important Points to Remember...628 Configure PIM-SSM...628 Related Configuration Tasks...628 Enabling PIM-SSM...629 Use PIM-SSM with IGMP Version 2 Hosts...629 Configuring PIM-SSM with IGMPv2...629 40 Port Monitoring...632 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 23
yellow" with single traffic class 688 Applying Layer 2 Match Criteria on a Layer 3 Interface 690 Applying DSCP and VLAN Match Criteria on a Service Queue 690 Classifying Incoming Packets Using ECN and Color-Marking 691 Guidelines for Configuring ECN for Classifying and Color-Marking Packets 693 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 24
RIPv1...697 RIPv2...697 Implementation Information...697 Configuration Information...698 Configuration Task List...698 RIP Configuration Example...704 45 Remote Monitoring (RMON 710 Implementation Information...710 Fault Recovery...710 Setting the RMON Alarm...710 Configuring an RMON Event...711 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 25
Cipher List...743 Secure Shell Authentication...743 Troubleshooting SSH...746 Telnet...746 VTY Line and and Authorization 747 VTY MAC-SA Filter Support...747 Role-Based Access Control...748 Display Information About User Roles...757 49 Service Provider Bridging 759 VLAN Stacking...759 Important - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 26
Setting Rate-Limit BPDUs...774 Debugging Layer 2 Protocol Tunneling...774 Provider Backbone Bridging...775 50 sFlow...776 Overview...776 Implementation Information...776 Important Points to Remember...776 Enabling Extended sFlow...777 Enabling and Disabling sFlow on an Interface...778 Enabling sFlow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 27
SNMP...803 Deriving Interface Indices...804 Monitor Port-Channels...805 Troubleshooting SNMP Operation...806 52 Stacking...808 Stacking Overview...808 Stack Roles...810 MAC Addressing on Stacks...810 Stacking LAG...811 Supported Stacking Topologies...811 High Availability on Stacks...812 Management - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 28
Recover from Stack Link Flaps...828 Recover from a Card Problem State on a Stack...829 53 Storm Control...830 Configure Storm Control SupportAssist Using a Configuration Wizard 845 Configuring SupportAssist Manually...846 Configuring SupportAssist Activity...847 Configuring SupportAssist Company... - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 29
Configuring a Source IP Address for NTP Packets 855 Configuring NTP Authentication...856 Dell Networking OS Time and Date...858 Configuration Task List ...858 Setting the Time and Date for the Switch Software Clock 859 Setting the Timezone...859 Set Daylight Saving Time...859 Setting Daylight - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 30
Snooping...896 VLT IPv6...896 VLT Port Delayed Restoration...896 PIM-Sparse Mode Support on VLT...896 VLT Routing ...898 Non-VLT ARP Sync...900 RSTP a VLT Configuration...914 Additional VLT Sample Configurations...918 Troubleshooting VLT...919 Reconfiguring Stacked Switches as VLT...921 Specifying - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 31
Working of Proxy ARP for VLT Peer Nodes...927 VLT Nodes as Rendezvous Points for Multicast Resiliency 927 Configuring VLAN-Stack over VLT...928 IPv6 Peer Routing in VLT Domains Overview...931 Working of IPv6 Peer Routing...932 Synchronization of IPv6 ND Entries in a VLT Domain 932 Synchronization - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 32
an Over-temperature Condition...987 Recognize an Under-Voltage Condition...987 Troubleshoot an Under-Voltage Condition...987 Troubleshooting Packet Loss...988 Displaying Drop Counters...989 Dataplane Statistics...990 Display Stack Port Statistics...991 Display Stack Member Counters...991 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 33
protocols, refer to related documentation, including IETF requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Audience This document is intended - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 34
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 35
when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, 10 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 36
ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 37
CLI Command Mode VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE Plus PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 38
failover-group Dell(conf-pg)# priority-group Dell(config-gvrp)# protocol gvrp Dell(conf-qos-policy-outets)# qos-policy-output Dell(support-assist)# support-assist Dell(conf-vlt-domain)# vlt domain Dell(conf-if-interface-typeslot/port-vrid-vrrp-groupid)# vrrp-group Dell=> Press any - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 39
-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 40
• Enter ? after a command prompt to list all of the available keywords. The output of this command is the same as the help command. Dell#? bmp cd clear clock BMP commands Change current directory Reset functions Manage the system clock • Enter ? after a partial keyword lists all of the keywords - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 41
Short-Cut Key Combination CNTL-X CNTL-Z Esc B Esc F Esc D Action Deletes the line. Ends continuous scrolling of command outputs. Moves the cursor back one word. Moves the cursor forward one word. Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 42
The find keyword displays the output of the show command beginning from the first occurrence of specified text. The following example shows this command used in combination with the show system brief command. Example of the find Keyword The display command displays additional configuration - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 43
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 44
secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with S4810, S4048-ON, S3048-ON, S4820T, and Z9000 switches and provides a reliable, safe communication mechanism. Entering CLI commands Using an SSH - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 45
a failure in executing SSH-related scripts. • To avoid denial of service (DoS) attacks, a rate-limit of 10 concurrent sessions per minute in use an SSH session, when certain show commands such as show tech-support produce large volumes of output, sometimes few characters from the output display - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 46
Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. 1. Enter INTERFACE mode for the Management port. CONFIGURATION mode interface ManagementEthernet slot/port 2. Assign an IP address to the interface. INTERFACE mode ip address ip- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 47
• enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method. Dell Networking recommends using the enable secret password. To configure an enable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 48
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 49
Source file name []: test.c User name to login remote host: mashutosh Example of Logging in to Copy from NFS Mount Dell#copy nfsmount:///test flash: Destination file name [test]: test2 ! 5592 bytes successfully copied Dell# Dell#copy nfsmount:///test.txt ftp://10.16.127.35 Destination file name [ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 50
after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide. Viewing Files You can only view file information and content on local file systems. To view a list of files or the contents of a file - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 51
on the device. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 52
! interface TenGigabitEthernet 1/3 no ip address shutdown ! interface TenGigabitEthernet 1/4 no ip address shutdown ! interface TenGigabitEthernet 1/10 no ip address shutdown ! interface TenGigabitEthernet 1/34 ip address 2.1.1.1/16 shutdown ! interface Vlan 2 no ip address no shutdown ! interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 53
by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Managing the File System The Dell Networking system can use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 54
in CONFIGURATION mode. NOTE: The no feature vrf command is not supported on any of the platforms. To enable the VRF feature and cause show command-history Command Dell#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 [12/5 10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 55
default is to use the flash drive. You can just enter the image file name. • hash-value: (Optional). Specify the relevant hash published on i-Support. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification MD5 Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 56
-config. • To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services are enhanced to support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 57
4 Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 58
level level command. In the command, specify the privilege level of the user or terminal line and specify all the keywords in the command to which you want to allow access. Allowing Access to Different Modes This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 59
Current privilege level is 3. Dell#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 60
Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level NOTE: When you assign a privilege level between 2 and 15, access to the system begins - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 61
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 62
line vty0 ( 10.14.1.91 ) Clearing Audit Logs To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is enabled, only the system administrator user role can issue this command. Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 63
%IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8 To view any changes made, use the show running-config logging command in EXEC privilege mode. Setting Up a Secure Connection to a Syslog Server You can use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 64
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 65
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 66
Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions. By default, you can use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 67
3 vty 1 10.14.1.97 Clear existing session? [line number/Enter to cancel]: When you try to create more than the permitted number of sessions, the following message appears, prompting you to close one of the existing sessions. If you close any of the existing sessions, you are allowed to login. $ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 68
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 69
logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table. CONFIGURATION - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 70
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 71
when the error or message was created. To enable timestamp, use the following command. • Add timestamp to syslog messages. CONFIGURATION mode service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] Specify the following optional parameters: - You can add the keyword - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 72
application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. The FTP and TFTP services are enhanced to support the VRF-aware functionality. If you want the FTP or TFTP server to use a VRF table that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 73
Configure the following optional and required parameters: - username: enter a text string. - encryption-type: enter 0 for plain text or 7 for encrypted text. - password: enter a text string. NOTE: You cannot use the change directory (cd) command until you have configured ftp-server topdir. To view - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 74
processes either IPv4 or IPv6 rules, but not both. Using this configuration, you can set up two different types of access classes with each class processing either IPv4 or IPv6 rules separately. To apply an IP ACL to a line, Use the following command. • Apply an ACL to a VTY line. LINE mode access- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 75
line local none radius tacacs+ Prompt for the password you assigned to the terminal line. Configure a password for the terminal line to which you assign a method list that contains the line authentication method. Configure a password using the password command from LINE mode. Prompt for the system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 76
limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system 0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 77
using the configure terminal lock command from CONFIGURATION mode. When you configure a manual lock, which is the default, you must enter this command each time you want to enter CONFIGURATION mode and deny access to others. Viewing the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 78
uBoot mode reset 7. Copy startup-config.bak to the running config. EXEC Privilege mode copy flash://startup-config.bak running-config 8. Remove all authentication statements you might have for the console. LINE mode no authentication login no password 9. Save the running-config. EXEC Privilege mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 79
in the following steps. For details about the setenv command, its supporting commands, and other commands that can help recover from a failed start , see the u-Boot chapter in the Dell Networking OS Command Line Reference Guide. 1. Power-cycle the chassis (pull the power cord and reinsert it). - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 80
* persistent settings (stacking, fanout, etc.) * * After restoration the unit(s) will be powercycled immediately. * * Proceed with caution ! * Proceed with factory settings? Confirm [yes/no]:yes -- Restore status -- Unit Nvram Config 0 Success Power-cycling the unit(s). .... - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 81
uBoot mode => setenv gatewayip gateway_ip_address For example, 10.16.150.254. 6. Save the modified environmental variables. uBoot mode => saveenv 7. Reload the system. uBoot mode reset Management 81 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 82
operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM - IEEE 802.1ag connectivity fault management (CFM) • Link layer OAM - IEEE - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 83
Maintenance Domains Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in the following illustration. A CFM maintenance domain is a management space on a network that a single management entity owns and operates. The network administrator assigns a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 84
Figure 4. Maintenance Points Maintenance End Points A maintenance end point (MEP) is a logical entity that marks the end point of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP - monitors the forwarding path internal to a bridge on the customer or provider - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 85
. EXEC Privilege mode show ethernet cfm domain [name | brief] Example of Viewing Configured Maintenance Domains Dell# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services 802.1ag 85 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 86
MA-Name VLAN CC-Int X-CHK Status My_MA 200 10s enabled Domain Name: praveen Level: 6 Total Service: 1 Services MA-Name VLAN CC-Int Your_MA 100 10s X-CHK Status enabled Creating a Maintenance Association A Maintenance association (MA) is a subdivision of an MD that contains all - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 87
entity (ME). An ME is a point-to-point relationship between two MEPs within a single domain. A MIP is not associated with any MA or service instance, and it belongs to the entire MD. 1. Create a MIP. INTERFACE mode ethernet cfm mip domain {name | level } ma-name name 2. Display configured - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 88
MP ID: 900 Sender Chassis ID: Force10 MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active Setting the MP Database Persistence To set the database persistence, use the following command. • Set the amount of time that data from a missing MEP is kept in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 89
• Reception of a CCM with an MD level lower than the receiving MEP, which indicates a configuration or cross-connect error. • Reception of a CCM containing a port status/interface status TLV, which indicates a failed bridge or aggregated port. The continuity check protocol sends fault notifications - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 90
Figure 6. MPLS Core Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]). The MPs on the path to the target MAC address reply to the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 91
• Display the Link Trace Cache. EXEC Privilege mode show ethernet cfm traceroute-cache • Delete all Link Trace Cache entries. EXEC Privilege mode clear ethernet cfm traceroute-cache Example of Viewing the Link Trace Cache Dell#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 92
MA-Index MA-Name VLAN CC-Int X-CHK Status 1 test 0 1s enabled Domain Name: Your_Name MD Index: 2 Level: 2 Total Service: 1 Services MA-Index MA-Name VLAN CC-Int X-CHK Status 1 test 100 1s enabled Displaying Ethernet CFM Statistics To display Ethernet CFM statistics, use the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 93
Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 802.1ag 93 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 94
-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 95
Figure 8. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 96
6. If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 97
802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 98
Enabling 802.1X Enable 802.1X globally. Figure 11. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 99
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 100
• Configure the maximum number of times the authenticator re-transmits a Request Identity frame. INTERFACE mode dot1x max-eap-req number The range is from 1 to 10. The default is 2. The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 101
Forcibly Authorizing or Unauthorizing a Port The 802.1X ports can be placed into any of the three states: • ForceAuthorized - an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 102
dot1x reauthentication [interval] seconds The range is from 1 to 65535. The default is 3600. • Configure the maximum number of times the supplicant can be re-authenticated. INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2. Example of Re-Authenticating a Port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 103
Enter the tasks the user should do after finishing this task (optional). Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 104
Figure 12. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 105
• If the supplicant fails authentication a specified number of times, the authenticator places the port in the Authentication-fail VLAN. • If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the authentication process begins. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 106
Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. 802.1x information on Te 2/1: Dot1x Status: Enable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 107
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 108
on the hardware specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 109
You can have up to eight different ACL VLAN groups at any given time. 2. Add a description to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode description description 3. Apply an egress IP ACL to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode ip access-group {group name} out - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 110
cam-acl-vlan vlanaclopt 4. View the number of FP blocks that is allocated for the different VLAN services. EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 111
for VLAN Processes The VLAN contentaware processor (VCAP) application is a pre-ingress CAP that modifies the VLAN settings before packets are forwarded. To support ACL CAM optimization, the CAM carving feature is enhanced. A total of four VCAP groups are present: two fixed groups and two dynamic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 112
by default. You must also allocate the slices for CAM optimization. To display the number of FP blocks that is allocated for the different VLAN services, use the show cam-acl-vlan command. After you configure the ACL VLAN groups, reboot the system to store the settings in nonvolatile storage. During - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 113
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 114
more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria on enabled by default and support both standard and extended ACLs and on all platforms. NOTE: Hot lock ACLs are supported for Ingress ACLs only. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 115
Ingress Access list • L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. Assigning ACLs to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 116
)#policy-map-input pmap Dell(conf-policy-map-in)#service-queue 7 class-map cmap1 Dell(conf-policy-map-in)#service-queue 4 class-map cmap2 Dell(conf-policy-map-in )#exit Dell(conf)#interface te 10/1 Dell(conf-if-te-10/1)#service-policy input pmap Important Points to Remember • For route-maps with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 117
To create a route map, use the following command. • Create a route map and assign it a unique name. The optional permit and deny keywords are the actions of the route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] The default is permit. The optional seq keyword allows - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 118
interface Loopback 23 Set clauses: tag 3444 Dell# To delete a route map, use the no route-map map-name command in CONFIGURATION mode. Configure Route Map Filters Within ROUTE-MAP mode, there are match and set commands. • match commands search for a certain criterion in the routes. • set commands - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 119
match community community-list-name [exact] • Match routes whose next hop is a specific interface. CONFIG-ROUTE-MAP mode match interface interface The parameters are: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - For a 40-Gigabit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 120
To create route map instances, use these commands. There is no limit to the number of match commands per route map, but the convention is to keep the number of match filters in a route map low. Set commands do not require a corresponding match command. Configuring Set Conditions To configure a set - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 121
Configure a Route Map for Route Redistribution Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 122
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 123
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1. Enter - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 124
NOTE: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five. To view the rules of a particular ACL configured on a particular interface, use the show ip accounting - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 125
Dell(config-std-nacl)#show config ! ip access-list standard kigali seq 5 permit 10.1.0.0/16 Dell(config-std-nacl)# To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 126
CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [count [byte]] [order] [fragments] Configure Filters, UDP Packets To create a filter for UDP packets with a specified sequence number, use the following commands. 1. Create an extended IP ACL and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 127
ACL in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number). The show config command in IP ACCESS LIST mode displays the two filters - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 128
The same ACL may be applied to different interfaces and that changes its functionality. For example, you can take ACL "ABCD" and apply it using the in keyword and it becomes an ingress access list. If you apply the same ACL using the out keyword, it becomes an egress access list. If you apply the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 129
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 130
packets were transmitted successfully. NOTE: The ip control-plane [egress filter] and the ipv6 control-plane [egress filter] commands are not supported. 1. Apply Egress ACLs to IPv4 system traffic. CONFIGURATION mode ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 131
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 132
ip prefix-list prefix-name 2. Create a prefix list with a sequence number and a deny or permit action. CONFIG-NPREFIXL mode seq sequence-number {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefixlength] The optional parameters are: • ge min-prefix-length: the minimum prefix length to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 133
Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 134
If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name in [interface] • Apply a configured prefix list to outgoing routes. You can specify an interface or type of route. If you enter the name of a non-existent prefix list - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 135
For example, the following table contains some rules that are numbered in increments of 1. You cannot place new rules between these packets, so apply resequencing to create numbering space, as shown in the second table. In the same example, apply resequencing if more than two rules must be placed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 136
Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 137
, and the ACL parameters that pertain to that ACL entry. The ACL service collects the ACL log and records the following attributes per log message. • that ACL entry. Guidelines for Configuring ACL Logging This functionality is supported on the S4810 platform. Keep the following points in mind when - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 138
) is generated for that ACL entry. • When you delete an ACL entry, the logging settings associated with it are also removed. • ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. • For ACL entries applied on port-channel interfaces, one match - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 139
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 140
on TenGigabitEthernet 1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S4810 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 141
! interface TenGigabitEthernet 1/1 ip address 10.11.1.254/24 ip access-group testflow in shutdown Dell(conf-if-te-1/1)#exit Dell(conf)#do show ip accounting access-list testflow ! Extended Ingress IP access list testflow on TenGigabitEthernet 1/1 Total cam count 4 seq 5 permit icmp any any monitor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 142
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 143
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 144
The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS does - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 145
State Administratively Down Description The local system does not participate in a particular session. Down Init Up The remote system is not sending control packets or at least not within the detection time for a particular session. The local system is communicating. Both systems are exchanging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 146
Figure 14. BFD Three-Way Handshake State Changes 146 Bidirectional Forwarding Detection (BFD) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 147
system, the session state on the local system changes to Init. Figure 15. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 148
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 149
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 16. Establishing a BFD Session on Physical Ports 1. Enter interface mode. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 150
Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from neighbor: 1775 Number of packets sent to neighbor: 1775 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 151
INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.2 on interface Te 4/24 (diag: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 152
Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 153
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 18. Establishing Sessions with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 154
• Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: 154 Bidirectional Forwarding Detection (BFD) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 155
1. Enable BFD globally. 2. Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 156
• Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 157
• Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode bfd all-neighbors • Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 158
internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, portchannel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, you must first configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 159
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 160
Disabling BFD for BGP You can disable BFD for BGP. To disable a BFD for BGP session with a specified neighbor, use the first command. To remove the disabled state of a BFD for BGP session with a specified neighbor, use the second command. The BGP link with the neighbor returns to normal operation - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 161
• Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 162
Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 163
The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 164
BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP neighbor mode BFD configuration Peer active in peer-group outbound optimization ... R2# show ip bgp neighbors 2.2.2.4 BGP neighbor is 2.2.2.4, remote AS 1, external link Member of peer-group pg1 for session parameters BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 165
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 21. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 166
I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1 2.2.5.2 Te 4/25 Down 1000 1000 3 V To view session state information, use the show vrrp command. The bold line shows the VRRP BFD session. Dell(conf-if-te-4/25)#do - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 167
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 168
00 01 86 a0 00 00 00 00 00:34:14 : Sent packet for session with neighbor 2.2.2.2 on Te 4/24 TX packet dump: 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:14 : Received packet for session with neighbor 2.2.2.2 on Te 4/24 RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 169
chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol connections from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates inside - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 170
Figure 22. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the path that updated information - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 171
Figure 23. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 172
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 173
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 174
reduce the options. If a number of best paths is determined, this selection criteria is applied to group's best to determine the ultimate best path. In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 175
b. A path with no AS_PATH configured has a path length of 0. c. AS_CONFED_SET is not included in the AS_PATH length. d. AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 176
Figure 26. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 177
Figure 27. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 178
The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path 0x4014154 0 3 18508 701 3549 19421 i 0x4013914 0 3 18508 701 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 179
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 180
allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 181
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 182
AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 183
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 184
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 185
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 186
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 187
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 188
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 189
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 190
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 191
• neighbor filter-list out • neighbor next-hop-self • neighbor route-map out • neighbor route-reflector-client • neighbor send-community A neighbor may keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's and if the neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 192
10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 193
Received 6 updates, Sent 0 updates Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 5 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 194
not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. 194 Border Gateway Protocol IPv4 (BGPv4) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 195
24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support Border Gateway Protocol IPv4 (BGPv4) 195 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 196
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 197
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 198
{deny | permit} filter parameter This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 199
Regular Expression ^ (caret) $ (dollar) . (period) * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 200
neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 201
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 202
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 203
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 204
route-map map-name [permit | deny] [sequence-number] 2. Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 205
*>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 195.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 100 0 100 0 100 0 100 0 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 206
4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 207
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 208
neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • prefix-list-name: enter the name of a configured prefix list. • in: apply the prefix - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 209
Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create a AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 210
CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-reflector-client When you enable a route reflector, Dell Networking OS automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the no bgp client-to-client - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 211
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 212
- half-life: the range is from 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. The default is 15 minutes. - reuse: the range is from 1 to 20000. This number is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 213
To view a count of dampened routes, history routes, and penalized routes when you enable route dampening, look at the seventh line of the show ip bgp summary command output, as shown in the following example (bold). Dell>show ip bgp summary BGP router identifier 10.114.8.131, local AS number 65515 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 214
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 215
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 216
BGP Regular Expression Optimization Dell Networking OS optimizes processing time when using regular expressions by caching and re-using regular expression evaluated results, at the expense of some memory in RP1 processor. BGP policies that contain regular expressions to match against as-paths and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 217
To disable all BGP debugging, use the no debug ip bgp command. To disable all debugging, use the undebug all command. Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 218
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 219
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 220
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 221
ip address 10.0.2.2/24 no shutdown R2(conf-if-te-2/31)# R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.168.128.1 update-source loop - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 222
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 peer-group AAA neighbor 192.168.128.2 update-source Loopback 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 223
R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 224
Hold time is 180, keepalive interval is 60 seconds Received 93 messages, 0 in queue 5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests Sent 99 messages, 0 in queue 5 opens, 4 notifications, 5 updates 85 keepalives, 0 route refresh requestsCapabilities received from neighbor - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 225
11 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 226
The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 256 CAM entries. Select 1 to configure 128 entries. Select 2 to configure 256 entries. Even though you can perform CAM carving to allocate the maximum - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 227
mode show cam-acl 4. Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 228
Ipv6Acl : 0 0 Ipv4Qos : 2 2 L2Qos : 1 1 L2PT : 0 0 IpMacAcl : 0 0 VmanQos : 0 0 VmanDualQos : 0 0 EcfmAcl : 0 0 FcoeAcl : 0 0 iscsiOptAcl : 0 0 ipv4pbr : 0 2 vrfv4Acl : 0 2 Openflow : 0 0 fedgovacl : 0 0 Dell(conf)# Example of Viewing CAM-ACL - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 229
system behaves as described in this chapter. Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting. CAM Profile Mismatches The CAM profile on the system displays an error message. In this case, manually adjust the CAM configuration on the card to match the system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 230
is used in a chassis with non-EG line cards, the non-EG line cards enter a problem state. • Before moving a card to a new chassis, change the CAM profile on a Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 231
12 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 232
-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. 232 Control Plane Policing (CoPP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 233
name cpu-qos class-map name qos-policy name 7. Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8. Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 234
Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL. Dell(conf)#ip access-list extended ospf cpu-qos Dell(conf-ip-acl-cpuqos)#permit ospf Dell(conf-ip-acl-cpuqos)#exit Dell(conf)#ip access-list extended bgp cpu-qos Dell(conf-ip-acl- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 235
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1. Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 236
RS/RA packets not given high priority leads to the session establishment problem. To solve this issue, starting from release 9.4.(0.0), IPv6 NDP to 12 on CPU port. However, the front-end port and the backplane ports support only 8 queues. As a result, when packets are transmitted to the local CPU, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 237
The backplane ports can have a maximum of 4 control queues. So, when we have more than 'n' CMIC queues for well-known protocols and n > 4, then streams on 'n' CMIC queues must be multiplexed on 4 control queues on back-plane ports and on the Master unit, these streams must be de-multiplexed to 'n' - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 238
mask lengths greater than /64. This will restrict the subnet sizes to required optimal level which would avoid these NDP attacks. The IPv6 stack already supports handling of >/64 subnets and doesn't require any additional work. The default catch-all entry is put in the LPM table for IPv4 and IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 239
applied to each queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 240
Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ Q6 CP 100 UDP (DHCP) 67/68 68 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 241
clustering and storage area networks. Ethernet Enhancements in Data Center Bridging The following section describes DCB. The S4810 system supports loading two DCB_Config files: FCoE_DCB_Config and iSCSI_DCB_Config. These files are located in the root directory flash:/CONFIG_TEMPLATE. After copying - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 242
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 243
FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic. Configure the same lossless queues on all ports. • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses DCB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 244
transmission selection algorithm (TSA) Description Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: - PFC enabled or disabled - No bandwidth limit or no ETS processing • ETS uses the DCB MIB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 245
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 246
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 247
you enable DCB. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (Class of Service (CoS) values) without impacting other priority classes. Different traffic types are assigned to different priority classes. Data Center Bridging (DCB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 248
for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network ( the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 249
traffic that you configure to be paused exceeds the two lossless queues, an error message displays. Configuring PFC in a DCB Map An S4810 switch supports the use of a DCB map in which you configure priority-based flow control (PFC) setting. To configure PFC parameters, you must apply a DCB map - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 250
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 251
(pfc no-drop queues command). Priority-Based Flow Control Using Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S4810 platform. In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 252
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 253
Step Task configured for lossless queues (pfc no-drop queues command). Command Command Mode Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface. The configuration of no- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 254
function as no-drop queues for lossless traffic. For the dot1p-queue assignments. pfc no-drop queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 255
table . NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3)to manage data traffic. classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 256
(refer to Configuring Bandwidth Allocation for DCBx CIN) and dot1p-queue mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 257
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 258
bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Configuring ETS in a DCB Map An S4810 switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 259
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 260
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 261
are not compatibly configured on a peer device and the local switch. Mis-configuration detection is feature-specific because some DCB features support asymmetric configuration. • Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 262
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 263
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 264
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link down a configuration-source role. 4. Configure ports to operate in a manual role. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode 264 Data - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 265
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6. On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 266
, use the DCBx port-role command in INTERFACE Configuration mode (Step 3). 4. Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [etsconf | ets-reco | pfc - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 267
NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-applntlv iscsi. 6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 268
- tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 21. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 269
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 270
Table 22. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 271
following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 272
TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 273
ets detail Command Description Field Interface Description Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Data Center Bridging (DCB) 273 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 274
Field Admin mode Admin Parameters Remote Parameters Local Parameters Operational status (local port) Description ETS mode: on or off. ETS configuration on local port, including priority groups, assigned dot1p priorities, and bandwidth allocation. ETS configuration on remote peer port, including - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 275
5 - - 6 - - 7 - - 8 - - Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Admin is Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 276
Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local State: In-Sync Peer DCBx Status DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Total DCBx Frames transmitted 994 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 277
DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Queue Mapping) using the service-class dynamic dot1p command in INTERFACE configuration mode. Data Center Bridging (DCB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 278
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 279
4000 dcb pfc-total-buffer-size 5000 3. Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured depends on the buffer. The default number of PFC queues in the system is two for S4810 and Z9500, and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 280
Figure 36. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 281
Enabling DCB Dell(conf)#dcb enable 2. Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p 3. Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth 50 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 282
other configuration parameters to network endstations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 283
Option Domain Name Server Number and Description Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via DNS. IP Address Lease Time Option 51 Specifies the amount of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 284
client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. A server sends this message to the client if it is not able to fulfill - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 285
configurations that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For Management Responding To Client Requests Providing Administration Services Description DHCP servers are the owners of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 286
the Server for Automatic Address Allocation 2. Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands Excluding Addresses from the Address Pool The DHCP server - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 287
NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 288
the DHCP Client PDUs. NOTE: DHCP Relay is not available on Layer 2 interfaces and VLANs on the Z-Series and S4820T platforms. DHCP relay agent is supported on Layer 2 interfaces and VLANs on the S3048-ON, S4810 and S4048-ON platforms. 288 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 289
Figure 39. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int tengigabitethernet 1/3 TenGigabitEthernet 1/3 is up, line protocol is down - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 290
Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported on Ethernet, VLAN, and port-channel interfaces. • The mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 291
assigned IP addresses can be released without removing the DHCP client operation on the interface on a switch configured as a DHCP client. 3. Manually acquire a new IP address from the DHCP server by releasing a dynamically acquired IP address while retaining the DHCP client configuration on the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 292
using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 293
To use the router as the VRRP owner, if you enable a DHCP client on an interface that is added to a VRRP group, assign a priority less than 255 but higher than any other priority assigned in the group. Configure the System for User Port Stacking (Option 230) Set the stacking-option variable to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 294
trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted. agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 295
Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1. Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2. Specify ports connected to IPv6 DHCP servers as trusted. INTERFACE mode ipv6 dhcp snooping trust 3. Enable IPv6 DHCP snooping on a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 296
• Display the contents of the binding table. EXEC Privilege mode show ip dhcp snooping Example of the show ip dhcp snooping Command View the DHCP snooping statistics with the show ip dhcp snooping command. Dell#show ip dhcp snooping IP DHCP Snooping IP DHCP Snooping Mac Verification IP DHCP Relay - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 297
IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the snooping binding table. • Enable IPV6 DHCP snooping . CONFIGURATION mode ipv6 dhcp snooping verify mac-address Configuring the DHCP secondary-subnet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 298
a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 299
an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 300
The DHCP binding table associates addresses the DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to. When you enable IP source address validation on a port, the system verifies that the source IP address is one - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 301
• Enable IP+MAC SAV. INTERFACE mode ip dhcp source-address-validation ipmac • Enable IP+MAC SAV with VLAN option. INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 302
15 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 303
NOTE: While the seed is stored separately on each port-pipe, the same seed is used across all CAMs. NOTE: You cannot separate LAG and ECMP, but you can use different algorithms across the chassis with the same seed. If LAG member ports span multiple port-pipes and line cards, set the seed to the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 304
NOTE: For the new settings to take effect, save the new ECMP settings to the startup-config (write-mem) then reload the system. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode. ip ecmp-group maximum-paths {2-64} • Enable ECMP group path management. CONFIGURATION mode. ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 305
Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indices are generated in even numbers (0, 2, 4, 6... 1022) and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 306
switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack. Fibre Channel over types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 307
Table 27. FIP Functions FIP Function FIP VLAN discovery FIP discovery Initialization Maintenance Logout Description FCoE devices (ENodes) discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic. FCoE end-devices and FCFs are automatically discovered. FCoE devices learn ENodes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 308
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows: Port-based ACLs FCoE-generated ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 309
virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 310
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 311
FCF trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 312
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 313
5. Enable FIP snooping on all VLANs or on a specified VLAN. CONFIGURATION mode or VLAN INTERFACE mode. fip-snooping enable 6. Configure the port for bridge-to-FCF links. INTERFACE mode or CONFIGURATION mode fip-snooping port-mode fcf NOTE: To disable the FCoE transit feature or FIP snooping on VLANs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 314
aa:bb:cc:00:00:00 Te 1/42 aa:bb:cc:00:00:00 Te 1/42 aa:bb:cd:00:00:00 Te 1/43 100 aa:bb:cd:00:00:00 Te 1/43 100 FCoE MAC FC-ID Port WWPN Port WWNN 0e:fc:00:01:00:01 01:00:01 31:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 0e:fc:00:01:00:02 01:00:02 41:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 315
The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------- 54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields. Table 32. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 316
Number of FLOGI Accepts :0 Number of FLOGI Rejects :0 Number of FDISC Accepts :0 Number of FDISC Rejects :0 Number of FLOGO Accepts :0 Number of FLOGO Rejects :0 Number of CVL :0 Number of FCF Discovery Timeouts :0 Number of VN Port Session Timeouts :0 Number of Session failures - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 317
Field Number of VN Port Keep Alives Number of Multicast Discovery Advertisements Number of Unicast Discovery Advertisements Number of FLOGI Accepts Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 318
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 42. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 319
Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# portmode hybrid Dell(conf-if-te-1/1)# switchport Dell(conf-if-te-1/1)# protocol lldp Dell(conf-if-te-1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 320
17 FIPS Cryptography Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce. FIPS mode is also - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 321
server, a new RSA host key-pair is generated automatically. You can also manually create this key- pair using the crypto key generate command. NOTE: Under in the Security chapter of the Dell Networking OS Command Line Reference Guide. Monitoring FIPS Mode Status To view the status of the current - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 322
Reload Type : normal-reload [Next boot : normal-reload] -- Unit 0 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : S4810 - 52-port GE/TE/FG (SE) Current Type : S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 323
18 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 324
When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the groups; multiple rings can be connected with a common link. The platform supports up to 32 rings on a system (including stacked units). Member VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 325
Figure 43. Example of Multiple Rings Connected by Single Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 326
Important FRRP Concepts The following table lists some important FRRP concepts. Concept Explanation Ring ID Each ring has a unique 8-bit ring ID through which the ring is identified (for example, FRRP 101 and FRRP 202, as shown in the illustration in Member VLAN Spanning Two Rings Connected by - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 327
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 328
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 329
• The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 330
the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 331
• The maximum number of rings allowed on a chassis is 255. Sample Configuration and Topology The following example shows a basic FRRP topology. Example of R1 MASTER interface TenGigabitEthernet 1/24 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/34 no ip address switchport no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 332
! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 3/21 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 333
other. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN implement the rapid spanning tree protocol (RSTP). The device does not support enabling GVRP and MSTP at the same time. Dell(conf)#protocol spanning - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 334
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-byswitch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 335
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 336
be >= 3*Join timer. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy. The primary RPM performs all the following sub-sections: • Automatic and Manual RPM Failover • RPM Synchronization 336 GARP VLAN Registration Protocol (GVRP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 337
continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the dedicated or load-balanced redundancy for each component. Automatic and Manual Stack Unit Failover Stack unit failover is the process of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 338
Primary Stack-unit: mgmt-id 0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot Stack-unit: Enabled Auto failover limit: 3 times in 60 minutes -- Stack-unit Failover Record -- Failover Count: 0 Last failover timestamp: None Last failover Reason: None Last - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 339
auto-reboot, use the following command. • Prevent a failed stack unit from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot Manually Synchronizing Management and Standby Units To manually synchronize Management and Standby units at any time, use the following command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 340
so does not trigger a topology change. Packet loss is non-zero, but trivial, and so is still called hitless. Dell Networking OS supports graceful restart for the following protocols: • Border gateway • Open shortest path first • Protocol independent multicast - sparse mode • Intermediate system to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 341
Software Resiliency During normal operations, Dell Networking OS monitors the health of both hardware and software components in the background to identify potential failures, even before these failures manifest. Software Component Health Monitoring On each of the line cards and the stack unit, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 342
Hot-Lock Behavior Dell Networking OS hot-lock features allow you to append and delete their corresponding content addressable memory (CAM) entries dynamically without disrupting traffic. Existing entries are simply shuffled to accommodate new entries. Hot-Lock IP ACLs allows you to append rules to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 343
IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces on S4810 and S4820 and an unlimited number of groups on all other platforms - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 344
Figure 45. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 345
• To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered. An additional query type, the Group-and-Source-Specific Query, keeps track of state changes, while the Group-Specific and General queries still refresh the existing state. • - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 346
3. The host's third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts. There are no other - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 347
Figure 49. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 348
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 349
EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1 225.1.2.1 TenGigabitEthernet 1/1 Mode IGMPV2 IGMPV2 Uptime 00:11 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 350
Preventing a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports. Create an extended access list containing the permissible source-group pairs. NOTE: For rules in IGMP access lists, source is the multicast source, not the source of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 351
Figure 50. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 35. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 352
Location 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 353
packets. IGMP Snooping Implementation Information • IGMP snooping on Dell Networking OS uses IP multicast addresses not MAC addresses. • IGMP snooping is supported on all stack members. • IGMP snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology changes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 354
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 355
ip igmp snooping querier IGMP snooping querier does not start if there is a statically configured multicast router interface in the VLAN. The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet. When enabled, IGMP snooping querier - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 356
8008 HTTP server port for confd application 8888 secure HTTP server port for confd application Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 357
Two tables, namely, Egress Interface Selection routing table and default routing table, are maintained. In the preceding table, the columns Client and Server indicate that the applications can act as both a client and a server within the switch. The Management Egress Interface Selection table - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 358
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 359
management port. In this case, the source IP address is a management port IP address only if the traffic was originally destined to the management port IP. • ICMP-based applications like ping and traceroute are exceptions to the preceding logic since we do not have TCP/UDP port number. So if source - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 360
Traffic type / Application type Non-EIS management application Switch initiated traffic Switch-destined traffic Transit Traffic management port is down or route lookup fails, packets are dropped Front-end default route will take higher precedence over management default route and SSH session to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 361
EIS Behavior for ICMP: ICMP packets do not have TCP/UDP ports. To do an EIS route lookup for ICMP-based applications (ping and traceroute) using the source ip option, the management port IP address should be specified as the source IP address. If management port is down or route lookup fails, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 362
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 363
and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state. Basic Interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 364
Interface Type Loopback Null Port Channel VLAN Modes Possible L3 N/A L2, L3 L2, L3 Default Mode L3 N/A L3 L2 Requires Creation Yes No Yes Yes (except default) Default State No Shutdown (enabled) Enabled Shutdown (disabled) L2 - Shutdown (disabled) L3 - No Shutdown (enabled) View Basic Interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 365
.10.10.1 TenGigabitEthernet 1/7 unassigned TenGigabitEthernet 1/8 unassigned TenGigabitEthernet 1/9 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 366
interface is a single RJ-45 Fast Ethernet port on a switch. The interface provides dedicated management access to the system. Stack-unit interfaces support Layer 2 and Layer 3 traffic over the 10-Gigabit Ethernet and 40-Gigabit Ethernet, 25-Gigabit Ethernet, 40-Gigabit Ethernet, 50-Gigabit Ethernet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 367
Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic does not pass through them. The following section includes information about optional configurations for physical interfaces: • Overview of Layer Modes • Configuring Layer 2 (Data Link) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 368
no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 369
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 370
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 371
Interface index is 302006472 Internet address is 10.16.130.5/16 Link local IPv6 address: fe80::201:e8ff:fea0:bff3/64 Global IPv6 address: 1::1/ Global IPv6 address: 2::1/64 Virtual-IP is not set Virtual-IP IPv6 address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 372
internets: MIB-II (RFC 1213). NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 373
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 374
If one of the five interfaces fails, traffic is redistributed across the remaining interfaces. Port Channel Implementation Dell Networking OS supports static and dynamic port channels. • Static - Port channels that are statically configured. • Dynamic - Port channels that are dynamically configured - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 375
Port channels can contain a mix of 1G/10G/40G interfaces. The interface speed the port channel uses is determined by the first port channel member that is physically up. Dell Networking OS disables the interfaces that do not match the interface speed that the first channel member sets. That first - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 376
cannot have flow control. Flow control can only be present on the physical interfaces if they are part of a port channel. NOTE: The system supports jumbo frames by default (the default maximum transmission unit (MTU) is 1554 bytes). To configure the MTU, use the mtu command from INTERFACE mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 377
2456590654 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 5 minutes): Input 00.01Mbits/sec, 2 packets/sec Output 81.60Mbits/sec, 133658 packets/sec Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 378
Dell(conf-if-po-3)#channel tengi 1/8 Dell(conf-if-po-3)#sho conf ! interface Port-channel 3 no ip address channel-member TenGigabitEthernet 1/8 shutdown Dell(conf-if-po-3)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 379
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3. Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 380
-value } For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change to another algorithm. CONFIGURATION mode Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 381
• xor1 - uses Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor1 • xor2 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor2 • xor4 -Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor4 • xor8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 • xor16 - uses 16 bit XOR. Bulk - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 382
Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 1/1 - 23 Dell(config-if-range-te-1/1-23)# no shutdown Dell(config-if-range-te-1/1-23)# Create a Multiple-Range The following is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 383
To define an interface-range macro, use the following command. • Defines the interface-range macro and saves it in the running configuration file. CONFIGURATION mode define interface-range macro_name {vlan vlan_ID - vlan_ID | {{tengigabitethernet | fortyGigE} slot/interface - interface}} [ , {vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 384
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 385
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: When you split a 40G port (such as fo 1/4) into four 10G ports, the 40G interface configuration is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 386
Gigabit port and you can use only that port for data transfer. As a result, only the first fanned-out port is identified as the active 10 Gigabit port with a speed of 10G or 1G depending on whether you insert an SFP+ or SFP cable respectively. NOTE: Although it is possible to configure the remaining - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 387
Dell#show interfaces tengigabitethernet 0/2 transceiver SFP+ 0 Serial ID Base Fields SFP+ 0 Id = 0x0d SFP+ 0 Ext Id = 0x00 SFP+ 0 Connector = 0x23 Dell#show interfaces tengigabitethernet 0/3 transceiver SFP+ 0 Serial ID Base Fields SFP+ 0 Id = 0x0d SFP+ 0 Ext Id = 0x00 SFP+ 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 388
QSFP 0 Serial ID Base Fields QSFP 0 Id = 0x0d QSFP 0 Ext Id = 0x00 QSFP 0 Connector = 0x23 QSFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 0 Encoding = 0x00 QSFP 0 Diagnostic Information QSFP 0 Rx Power measurement type = OMA QSFP 0 Temp High - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 389
LineSpeed 10000 Mbit Dell#show interfaces tengigabitethernet 0/4 gigabitethernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE LineSpeed 1000 Mbit Dell#show interfaces - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 390
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 391
Dell#show interfaces dampening Tengigabitethernet 1/1 Interface Supp Flaps Penalty Half-Life Reuse State Te 1/1 Up 0 0 1 2 Dell# Suppress 3 Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 392
To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 393
control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 394
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 395
EXEC Privilege mode show interfaces [interface | stack-unit stack-unit-number] status 2. Determine the remote interface status. EXEC mode or EXEC Privilege mode [Use the command on the remote system that is equivalent to the first command.] 3. Access CONFIGURATION mode. EXEC Privilege mode config 4. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 396
details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface sends - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 397
displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TenGigabitEthernet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 398
Example of the rate-interval Command The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 1/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9 Internet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 399
The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL • L2 FIB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 400
gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. • Transport mode - SA) - Necessary algorithmic parameters for AH and ESP functionality IPSec supports the following authentication and encryption algorithms: • Authentication only: - - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 401
CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth encrypt session-key outbound esp 257 auth encrypt match 0 tcp a::1 /128 0 a::2 / - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 402
Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. 402 IPv4 Routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 403
-if)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.11.1.1/24 no shutdown ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 404
Use the following required and optional parameters: - vrf vrf-name : use the VRF option after the ip route keyword to configure a static route on that particular VRF, use the VRF option after the next hop to specify which VRF the next hop belongs to. This will be used in route leaking cases. NOTE: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 405
PMTD to function correctly, you must enter the ip unreachables command on a VLAN interface to enable the generation of ICMP unreachable messages. PMTD is supported on all the layer 3 VLAN interfaces. Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN subinterfaces are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 406
is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages. feature is not supported on significantly high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 407
To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 408
ip domain-list name Configure this command up to six times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted. Configuring DNS with Traceroute To configure your switch to perform - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 409
the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 410
To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. Clearing ARP Cache To clear the ARP cache of dynamically - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 411
Figure 51. ARP Learning via ARP Request Beginning with Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 52. ARP Learning via ARP Request with ARP Learning via - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 412
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 413
• The broadcast traffic rate should not exceed 200 packets per second when you enable UDP helper. • You may specify a maximum of 16 UDP ports. • UDP helper is compatible with IP helper (ip helper-address): - UDP broadcast traffic with port number 67 or 68 are unicast to the dynamic host - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 414
1. It is flooded on VLAN 101 without changing the destination address because the forwarding process is Layer 2. 2. If you enabled UDP helper, the system changes the destination IP address to the configured broadcast address 1.1.255.255 and forwards the packet to VLAN 100. 3. Packet 2 is also - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 415
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 416
upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended renumbering of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, network - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 417
• M and O flags • Reachable time • Retrans timer • MTU options • Preferred and valid lifetime values for the same prefix Only management ports support stateless auto-configuration as a host. The router redirect functionality in the neighbor discovery protocol (NDP) is similar to IPv4 router redirect - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 418
itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 419
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 420
11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet's Source IP ::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 421
IPv6 BGP in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 8.3.10 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 support for redistribution 8.3.10 Intermediate System to Intermediate System IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 422
client support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 423
messages. The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 424
Figure 58. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 425
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): IPv6 Routing 425 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 426
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 427
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 428
The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session router. NOTE: Telnet to link local addresses is supported on the system. • Enter the IPv6 Address for the for IPv6 have been extended to support IPv6. For more information regarding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 429
• snmp-server community access-list-name ipv6 • snmp-server group ipv6 • snmp-server group access-list-name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options. EXEC mode or EXEC Privileged mode show ipv6 ? Example of show - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 430
Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 412::/64 onlink autoconfig Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::1:ff8b:386e ND MTU is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 431
Gateway of last resort is not set Destination Dist/Metric, Gateway, Last Change C 600::/64 [0/0] Direct, Te 1/24, 00:34:42 C 601::/64 [0/0] Direct, Te 1/24, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 1/24, 00:01:30 L fe80 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 432
- mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 433
10. Set the router lifetime. POLICY LIST CONFIGURATION mode router-lifetime value The router lifetime range is from 0 to 9,000 seconds. 11. Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12. Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 434
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. 434 IPv6 Routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 435
to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of iSCSI session information. • iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 436
or a combination of port number and target IP address, and you can remove the well-known port numbers from monitoring. Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 437
in the show commands. Detection and Auto-Configuration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto-provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 438
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 439
Enable and Disable iSCSI Optimization The following describes enabling and disabling iSCSI optimizaiton. NOTE: iSCSI monitoring is disabled by default. iSCSI auto-configuration and auto-detection is enabled by default. If you enable iSCSI, flow control is automatically enabled on all interfaces. To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 440
following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 441
CONFIGURATION mode [no] iscsi target port tcp-port-1 [tcp-port-2...tcp-port-16] [ip-address address] • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests. You can configure up to 16 target TCP ports on the switch in one command or multiple - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 442
The default is 4 (0x10 in the bitmap). 11. (Optional) Configures the auto-detection of Compellent arrays on a port. INTERFACE mode [no] iscsi profile-compellent. The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 443
Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 444
protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. IS-IS addressing called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 445
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 446
recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You can configure the system as a Level 1 router, a Level 2 router, or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 447
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 448
• Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 449
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 450
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 451
} - adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. - manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 452
Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value Current Mode/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 453
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 454
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 455
- default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 456
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 457
- For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. - For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. - For a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 458
- bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 459
SNPs, and Partial SNPs. • Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password FTOS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 460
new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER ISIS mode set-overload-bit This setting prevents other routers from using it as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 461
the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 462
0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is set back to 63 because the higher value is not supported. wide wide narrow narrow narrow narrow transition transition transition transition - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 463
Beginning Metric Style narrow transition narrow transition narrow transition narrow transition wide transition wide transition wide transition wide transition Final Metric Style wide narrow wide transition transition wide narrow narrow transition transition Resulting IS-IS Metric Value original - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 464
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 465
Figure 61. IPv6 IS-IS Sample Topography IS-IS Sample Configuration - Congruent Topology IS-IS Sample Configuration - Multi-topology IS-IS Sample Configuration - Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 466
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 467
28 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 468
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 469
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 470
Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channelmember configuration in LAG 32. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 471
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 472
port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 473
LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 64. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 474
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 475
Figure 66. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 475 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 476
Figure 67. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 477
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 478
Figure 68. Inspecting a LAG Port on BRAVO Using the show interface Command 478 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 479
Figure 69. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 479 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 480
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 481
29 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. Layer 2 481 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 482
• Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table. EXEC Privilege mode show mac-address-table [address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 483
Setting the MAC Learning Limit To set a MAC learning limit on an interface, use the following command. • Specify the number of MAC addresses that the system can learn off a Layer 2 interface. INTERFACE mode mac learning-limit address_limit Three options are available with the mac learning-limit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 484
mac learning-limit no-station-move The no-station-move option, also known as "sticky MAC," provides additional port security by preventing a station move. When you configure this option, the first entry in the table is maintained instead of creating an entry on the new interface. nostation-move is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 485
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 486
72. Configuring the mac-address-table station-move refresh-arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol (STP) - for example, networks with digital subscriber line access multiplexers (DSLAM) - cannot have redundant links between - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 487
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 488
-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-3/41-42)#interface tengig 3/41 Dell(conf-if-te-3/41)#shutdown 00:24 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 489
2 L2 up 00:00:02 Te 2/1 (Up) Dell#configure Dell(conf)#interface port-channel 1 Dell(conf-if-po-1)#switchport backup interface port-channel 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 490
not received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface] Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 491
• Enable FEFD globally on all interfaces. CONFIGURATION mode fefd-global To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Enable the necessary ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 492
To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3. INTERFACE mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 493
Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) An RPM Failover In the event that an RPM failover occurs, FEFD becomes operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again. 02-05-2009 12:40: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 494
30 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 495
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 76. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 496
implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation. 127 Power via MDI Dell Networking supports the LLDP-MED protocol, which recommends that Power via MDI TLV be not implemented, and therefore Dell Networking implements Extended Power via - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 497
link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. Dell Networking OS does not currently support this TLV. Indicates the maximum frame size capability of the MAC and PHY. TIA-1057 (LLDP-MED) Overview Link layer discovery protocol - media - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 498
: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 127 Inventory Management TLVs 127 127 127 127 127 127 127 the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 499
TLV LLDP-MED Capabilities Network Policy Location Identification Extended Power via MDI-PSE Extended Power via MDI-PD Inventory reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 55. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint Class 1 Endpoint - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 500
8 9-255 Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 501
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 502
no show Negate a command or set its defaults Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3 Dell(conf-if-te-1/3)#protocol lldp Dell(conf-if-te-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface end Exit from - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 503
no disable Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2. Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3. Enter the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 504
- video-signaling - voice - voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 81. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 505
PDT 1999-2014 Existing System Capabilities: Repeater Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Link Layer Discovery Protocol (LLDP) 505 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 506
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 507
Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 508
by the system, use the no debug lldp command. Figure 82. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: 508 Link Layer Discovery Protocol (LLDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 509
• received and transmitted TLVs • the LLDP configuration on the local agent • IEEE 802.1AB Organizationally Specific TLVs • received and transmitted LLDP-MED TLVs Table 57. LLDP Configuration MIB Objects MIB Object Category LLDP Configuration Basic TLV Selection LLDP Variable adminStatus - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 510
TLV Type 127 TLV Name Port-VLAN ID TLV Variable PVID 127 Port and Protocol VLAN port and protocol VLAN ID supported System Local Remote Local Remote 510 Link Layer Discovery Protocol (LLDP) LLDP MIB Object lldpRemPortIdSubtype lldpLocPortId lldpRemPortId lldpLocPortDesc lldpRemPortDesc - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 511
TLV Type TLV Name TLV Variable port and protocol VLAN enabled System Local Remote PPVID Local Remote 127 VLAN Name VID Local Remote VLAN name length Local Remote VLAN name Local Remote Table 60. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 1 LLDP-MED Capabilities TLV - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 512
TLV Sub-Type TLV Name TLV Variable L2 Priority DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System Remote Local Remote Local Remote Local Remote Local Remote Local Remote Local Remote Power Priority Local - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 513
TLV Sub-Type TLV Name TLV Variable System Remote LLDP-MED MIB Object lldpXMedRemXPoEPSEP owerAv lldpXMedRemXPoEPDPo werReq Link Layer Discovery Protocol (LLDP) 513 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 514
31 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 515
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 516
Configuring a Switch for NLB To enable a switch for Unicast NLB mode, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across all the member ports of that VLAN. CONFIGURATION mode ip vlan- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 517
32 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 518
Figure 84. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 519
3. Enable MSDP. 4. Peer the RPs in each routing domain with each other. Refer to Enable MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 520
Figure 85. Configuring Interfaces for MSDP 520 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 521
Figure 86. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 521 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 522
Figure 87. Configuring PIM in Multiple Routing Domains 522 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 523
Figure 88. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 524
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 525
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the SA cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 526
Figure 89. MSDP Default Peer, Scenario 1 526 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 527
Figure 90. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP) 527 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 528
Figure 91. MSDP Default Peer, Scenario 3 528 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 529
Figure 92. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 530
229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 73 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 73 00:13:49 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 531
R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Reason Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 532
Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 533
Input (S,G) filter: myremotefilter Output (S,G) filter: none [Router 1] R1(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 534
03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.3, Input (S,G) filter: none Output (S,G) filter: none sent Keepalive msg rcvd Keepalive msg sent Source Active msg MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 535
Figure 93. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 536
CONFIGURATION mode ip msdp peer 5. Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 537
network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp originator-id Loopback 1! ip pim rp-address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 538
ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 539
ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ! ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 540
ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 541
ip address 10.11.5.1/24 no shutdown ! interface TenGigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface TenGigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 542
33 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 543
802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. • You can configure 64 MSTIs including the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 544
Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. • Within an MSTI, only one path - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 545
Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 546
spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 547
1 100 2 200-300 Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges. • Forward-delay - the amount of time an interface waits in the Listening state and the Learning state before it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 548
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp ! protocol spanning-tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 549
To view the current values for these interface parameters, use the show config command from INTERFACE mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode, an interface forwards frames by default until it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 550
of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 95. MSTP with Three VLANs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 551
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 552
MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown ! interface Vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 553
tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • Display MSTP-triggered topology - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 554
The following example shows viewing the debug log of a successful MSTP configuration. Dell#debug spanning-tree mstp bpdu MSTP debug bpdu is ON Dell# 4w0d4h : MSTP: Sending BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 555
following multicast protocols: NOTE: Multicast routing is supported on secondary IP addresses; it is not supported on IPv6. NOTE: Multicast routing is supported across default and non-default VRFs. • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 556
• The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. Multicast Policies The Dell Networking OS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 557
Preventing a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports. Create an extended access list containing the permissible source-group pairs. NOTE: For rules in IGMP access lists, source is the multicast source, not the source of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 558
Figure 96. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 63. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 559
Location 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 560
Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to route processor (RP) for the specified multicast source and group, use the following command. If the source DR never sends register packets to the RP, no hosts can ever discover the source - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 561
Table 64. Preventing a Source from Transmitting to a Group - Description Location 1/21 Description • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface TenGigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 562
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 563
link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP. Object Tracking Overview Object tracking allows you to define objects of interest, monitor their state, and report to a client - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 564
Figure 98. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 565
A tracked route matches a route in the routing table only if the exact address and prefix length match an entry in the routing table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact address and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 566
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 567
3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC Privilege mode show track object-id Example of Configuring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 568
Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 569
cache ages out for a route tracked for its reachability, an attempt is made to regenerate the ARP cache entry to see if the nexthop address appears before considering the route DOWN. • By comparing the threshold for a route's metric with current entries in the route table. The UP/DOWN state of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 570
3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC Privilege mode show track object-id Examples of IPv4 and IPv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 571
track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} metric threshold [vrf vrf-name] Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format. Valid - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 572
Displaying Tracked Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces, and IPv4 and IPv6 routes, use the following show commands. To display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces, IPv4 or IPv6 routes, or a VRF - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 573
IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4 Example of Viewing Object Tracking - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 574
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 575
Figure 99. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 576
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 577
Figure 100. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 578
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 579
For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 580
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 581
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 582
router. Multiple OSPFv2 processes allow for isolating routing domains, supporting multiple route policies and priorities in different domains, and To ensure equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 583
-Convergence • Changing OSPFv2 Parameters on Interfaces • Enabling OSPFv2 Authentication • Creating Filter Routes • Applying Prefix Lists • Redistributing Routes • Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 584
(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 585
using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 586
.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. 586 Open Shortest Path First (OSPFv2 and OSPFv3) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 587
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 588
To configure a stub area, use the following commands. 1. Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs. EXEC Privilege mode show ip ospf process-id [vrf] database database-summary 2. Enter CONFIGURATION mode. EXEC Privilege mode configure 3. Enter - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 589
- For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. - For a port channel interface, enter the keywords port-channel then a number. - For a 40-Gigabit Ethernet interface, enter the keyword FortyGigabitEthernet then the slot/port information (for example, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 590
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 591
- seconds: the range is from 1 to 65535 (the default is 10 seconds). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key. CONFIG-INTERFACE mode ip ospf message-digest-key keyid md5 key - - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 592
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Neighbor Count is 0, Adjacent neighbor count is 0 Dell# Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters, use the following commands. • Set a clear text authentication - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 593
• Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to force graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 594
CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max-prefixlength] The optional parameters are: - ge min-prefix-length: is the minimum prefix length to match (from 0 to 32). - le max-prefix-length: is the maximum prefix length to match (from 0 to 32). - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 595
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 596
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 597
interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 - Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface TenGigabitEthernet 3/1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 598
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 599
The format is A:B:C::F/128. 2. Bring up the interface. CONF-INT-type slot/port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command. The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 600
Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non-default VRF and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID} vrf {vrf-name} The process ID range is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 601
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 602
-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] - Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 603
Examples of the Graceful Restart show Commands The following example shows the show run ospf command. Dell#show run ospf ! router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0 network 30.1.1.0/24 area 0 ! ipv6 router ospf 1 log- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 604
ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the because the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 605
for full confidentiality. - 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted keys are supported. NOTE: To encrypt all keys on a router, use the service password-encryption command in Global Configuration mode. However, this command does not provide a high - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 606
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 607
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 608
- authentication-algorithm: specifies the authentication algorithm to use for encryption. The valid values are MD5 or SHA1. - key: specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 609
inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 610
the routes in the OSPF database? • Did you include the OSPF routes in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events and/or packets • show ipv6 neighbors • show virtual links • show ipv6 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 611
Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. 37 Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 612
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 613
• Apply a Redirect-list to an Interface using a Redirect-group PBR Exceptions (Permit) Use the command permit to create an exception to a redirect list. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. Dell Networking OS assigns the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 614
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 615
the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 616
redirect-group xyz shutdown Dell(conf-if-gi-1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 617
a some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. Illustration of the configuration shown below. The Redirect-List GOLD defined in this example - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 618
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 619
IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER# Configuration Tasks for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 620
Configuration Tasks for Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 621
IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/ - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 622
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 623
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 624
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 625
(10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11 TenGigabitEthernet 1/12 TenGigabitEthernet 2/13 --More-- Configuring S,G Expiry Timers By default, S, G entries - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 626
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 627
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 628
. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default. Configure PIM-SSM Configuring PIM-SSM - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 629
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 630
R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 631
SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.11.5.2 00:00:01 Vlan 300 239.0.0.2 00:00:01 Never IGMPv2-Compat 10.11.3.2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 632
port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 633
In the following examples, ports 1/13, 1/14, 1/15, and 1/16 all belong to the same port-pipe. They are pointing to four different destinations (1/1, 1/2, 1/3, and 1/37). Now it is not possible for another source port from the same port-pipe (for example, 1/17) to point to another new destination ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 634
Figure 103. Port Monitoring Configurations Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 635
0 Te 1/1 Te 1/2 rx Port N/A Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP 0 Te 1/1 Te 1/2 rx Port N/A 0 Po 10 Te 1/2 rx Port N/A Dell(conf)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 636
mirrored traffic to multiple destination ports on different switches. Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote-port mirroring session, monitored traffic is tagged with a VLAN ID and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 637
switch that participates in the transport of mirrored traffic must be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are distributed across multiple switches Remote Port Mirroring Example Remote port mirroring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 638
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 639
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 640
3 source Interface | Range Specify the port or list of ports that needs to be monitored 4 direction 5 rpm source-ip dest-ip 6 flow-based enable 7 no enable Configuring the sample Source Remote Port Mirroring Specify rx, tx or both in case to monitor ingress/egress or both - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 641
Dell(conf)#end Dell# Dell#show monitor session SessID Source Destination ----------- 1 Te 1/5 remote-vlan 10 2 Vl 100 remote-vlan 20 3 Po 10 remote-vlan 30 Dell# Configuring the sample Source Remote Port Mirroring Dir Mode --- ---rx Port rx Flow both Port Source IP --------- N/A - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 642
locally sourced ERPM GRE-encapsulated traffic from source ports. • Source Vlan monitoring can be done only for ingress packets and is not supported for egress direction. • A flow-based source VLAN can be monitored only for ingress traffic (not egress traffic). direction. Changes to Default Behavior - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 643
• Same port can be configured as both source and destination in an ERSPAN session. • TTL and ToS values can be configured in IP header of ERSPAN traffic. Configuration steps for ERPM To configure an ERPM session: Table 66. Configuration steps for ERPM Step Command Purpose 1 configure terminal - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 644
address (Port D's ip address) on the sniffer. The Header that gets attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 645
- Some tools support options to edit the capture file. We can make use of such features (for example: editcap ) and chop the ERPM header part and save it - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 646
supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide direct access between the guest ports. • A service provider can provide Layer 2 security for customers - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 647
- There are two types of secondary VLAN - community VLAN and isolated VLAN. PVLAN port types include: • Community port - a port that belongs to a community VLAN and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports. • Host port - in the context of a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 648
the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN. • Creating PVLAN Ports • Creating a Primary VLAN • Creating - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 649
The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 650
ip address ip address 7. (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN, the packet is NOT dropped. Creating a Community VLAN A - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 651
INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add ports defined as host to the VLAN. Example of Configuring Private VLAN Members The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 652
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 107. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 653
is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 654
The following example shows using the show vlan private-vlan mapping command. S50-1#show vlan private-vlan mapping Private Vlan: Primary : 4000 Isolated : 4003 Community : 4001 NOTE: In the following example, notice the addition of the PVLAN codes - P, I, and C - in the left column. The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 655
(VLAN). For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 108. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 67. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 656
Dell Networking Term Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST+) IEEE Specification 802 .1s Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 657
• Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 658
The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 659
The default is 15 seconds. • Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 660
Refer to the table for the default values. • Change the port priority of an interface. INTERFACE mode spanning-tree pvst vlan priority. The range is from 0 to 240, in increments of 16. The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 661
bpdu command. After you configure this command, if the port receives a PVST+ BPDU, the BPDU is dropped and the port remains operational. Enabling PVST+ Extend System ID In the following example, ports P1 and P2 are untagged members of different VLANs. These ports are untagged because the hub is VLAN - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 662
no shutdown ! interface TenGigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 663
! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! protocol spanning-tree pvst no disable vlan 300 bridge- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 664
how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 69. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 665
QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: Quality of Service (QoS) 665 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 666
) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An it on individual interfaces in a port channel. You can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 667
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When prioritytagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 668
QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 112. Constructing Policy-Based QoS Configurations 668 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 669
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4. Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 670
4. Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 671
example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 672
regulate egress traffic. The regulation mechanisms for output QoS policies are bandwidth percentage, scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted and re-added automatically to ensure that the order of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 673
Bandwidth Percentage for 8- Queue System 0 6.67% 1% 1 13.33% 2% 2 26.67% 3% 3 53.33% 4% 4 - 5% 5 - 10% 6 - 25% 7 - 50% NOTE: Dell Networking OS supports 8 data queues in S4048, S6000, Z9100, Z9500 and 4 data queues in S3048, S4810, S4820T, S5000, and S3100 series.. Quality - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 674
To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 675
the dot1p value. Table 73. Default dot1p to Queue Mapping dot1p 0 1 2 3 4 5 6 7 Queue ID 1 0 2 3 4 5 6 7 Table 74. Default dot1p to Queue Mapping dot1p 0 1 2 3 4 Queue ID 0 0 0 1 2 Quality of Service (QoS) 675 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 676
the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 677
an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 678
mode. Examples for Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE 678 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 679
check (CRC): 4 bytes • Inter-frame gap (IFG): (variable) You can optionally include overhead fields in rate metering calculations by enabling QoS rate adjustment. Quality of Service (QoS) 679 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 680
, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue-based rate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 681
field (DP) to determine the drop precedence. • DP values of 110 and 100, 101 map to yellow; all other values map to green. Quality of Service (QoS) 681 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 682
. • Display the number of packets and number of bytes on the egress-queue profile. EXEC Privilege mode show qos statistics egress-queue 682 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 683
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) Configuring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 684
shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. S4810 platform support four global servicepools in the egress direction. Two service pools are used- one for loss-based queues and the other for lossless (priority-based flow control (PFC - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 685
that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting for the WRED and ECN functionality for backplane ports is supported on the platform. WRED drops packets when the average queue - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 686
queues when the minimum guaranteed buffers for the queue are consumed. S4810 platform supports four global service-pools in the egress direction. mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 687
ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 688
, all packets are considered as 'green' (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as 'yellow' alone will be provided. By default Dell Networking achieved using either of the two approaches. 688 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 689
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 690
in class-map input configuration mode. You can include the class map in a policy map, and apply the class and policy map to a service queue using the service-queue command. In this way, the system applies the match criteria in a class map according to queue priority (queue numbers closer to 0 have - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 691
map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Classifying Incoming ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 692
) at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn types: • match ip access-group • match ip dscp 692 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 693
incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: - ACK - FIN - SYN - ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" will - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 694
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 695
! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Enabling Buffer Statistics MCAST 3 0 Unit 1 unit: 3 port: 13 (interface Fo 1/156) Q# TYPE Q# TOTAL BUFFERED CELLS MCAST 3 0 Quality of Service (QoS) 695 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 696
0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 696 Quality of Service (QoS) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 697
addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 698
homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 699
Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 700
8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 12.0.0.0/8 auto-summary 20.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 20.0.0.0/8 auto-summary 29.10.10.0/24 directly connected,Fa 1/49 29.0.0.0/8 auto-summary 31.0.0.0/8 [120/1] via 29.10.10.12, 00:00: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 701
ROUTER RIP mode distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 702
version {1 | 2} • Set the RIP versions received on that interface. INTERFACE mode ip rip receive version [1] [2] • Set the RIP versions sent out on that interface. INTERFACE mode ip rip send version [1] [2] Examples of the RIP Process To see whether the version command is configured, use the show - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 703
Routing Information Sources: Gateway Distance Distance: (default is 120) Dell# Last Update Generating a Default Route Traffic is forwarded to the default route when the traffic's network is not explicitly listed in the routing table. Default routes are not enabled in RIP unless specified. Use - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 704
- weight: the range is from 1 to 255. The default is 120. - ip-address mask: the IP address in dotted decimal format (A.B.C.D), and the mask in slash format (/x). - access-list-name: the name of a configured IP ACL. • Apply an additional number to the incoming or outgoing route metrics. ROUTER RIP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 705
Figure 114. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/3)# Core2(conf-if-te-2/3)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 706
Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 707
network 192.168.1.0 network 192.168.2.0 version 2 Core3(conf-router_rip)# Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. • To display Core 3 RIP setup, use the show ip route command. • To display - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 708
Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send TenGigabitEthernet 3/21 2 2 TenGigabitEthernet 3/11 2 2 TenGigabitEthernet 3/24 2 2 TenGigabitEthernet 3/23 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 709
no shutdown ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 Routing Information Protocol (RIP) 709 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 710
the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the RMON Alarm To set an alarm on any MIB object - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 711
[no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] OR [no] rmon hc-alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 712
- description string: (Optional) specifies a description of the event, which is identical to the event description in the eventTable of the RMON MIB. The default is a null-terminated string. - owner string: (Optional) owner of this event, which is identical to the eventOwner in the eventTable of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 713
- interval: (Optional) specifies the number of seconds in each polling cycle. - seconds: (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 714
Link State Detection • Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 715
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 716
• Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1. Enter PROTOCOL SPANNING TREE RSTP mode. CONFIGURATION mode protocol spanning-tree rstp 2. Enable RSTP. PROTOCOL SPANNING TREE RSTP mode no disable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 717
Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.cbb4 Number of topology changes 4, last change occurred 00:02:17 ago on Te 1/26 Port 377 (TenGigabitEthernet 2/1) is designated Forwarding Port path cost 20000, Port - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 718
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 719
PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 720
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 721
- Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). - Disable global spanning tree (the no spanning-tree command in CONFIGURATION mode). To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface. INTERFACE mode spanning- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 722
47 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. 722 Software-Defined Networking (SDN) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 723
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 724
process request. - stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. - tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 725
record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 726
cannot be verified. Only the console port behaves this way, and does so to ensure that users are not locked out of the system if network-wide issue prevents access to these servers. 1. Define an authentication method-list (method-list-name) or specify the default. CONFIGURATION mode aaa - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 727
+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ - When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. • RADIUS - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 728
configuration. CONFIGURATION mode service obscure-passwords Example of Obscuring Password and Keys Dell(config)# service obscure-passwords AAA Authorization the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 729
all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system. To configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 730
Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within Dell Networking OS, commands have certain privilege levels. With the privilege command, you can - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 731
also assign the launch command for CONFIGURATION mode, configure, to the same privilege level as the snmp-server commands. Line 1: The user john is assigned privilege level 8 and assigned a password. Line 2: All other users are assigned a password to access privilege level 8. Line 3: The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 732
to set. If you enter disable without a level-number, your security level is 1. RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 733
Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command. When configuring AAA authorization, you can configure to limit the attributes of services available to a user - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 734
listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 735
• To use the method list. CONFIGURATION mode authorization exec methodlist Specifying a RADIUS Server Host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 736
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 737
Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login {method-list-name | default} tacacs+ [... - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 738
use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 739
a countermeasure to the problem. This countermeasure is and other secure network services over an insecure network. Command Line Interface Reference Guide. Dell Networking OS supported for secure copying between a PC and a Dell Networking OS-based system. Unix-based SCP client software is supported - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 740
Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : enabled. SSH server version : v2. SSH server vrf : - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 741
• ip ssh hostbased-authentication enable : enable host-based authentication for the SSHv2 server. • ip ssh key-size : configure the size of the server-generated RSA SSHv1 key. • ip ssh password-authentication enable : enable password authentication for the SSH server. • ip ssh pub-key-file : specify - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 742
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 743
configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 744
ctr,aes256-ctr. SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac- sha2-256-96. SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1- sha1,diffie-hellman-group14-sha1. Password Authentication : enabled. Hostbased Authentication : - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 745
6. Enable host-based authentication. CONFIGURATION mode ip ssh hostbased-authentication enable 7. Bind shosts and rhosts to host-based authentication. CONFIGURATION mode ip ssh pub-key-file flash://filename or ip ssh rhostsfile flash://filename Examples of Creating shosts and rhosts The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 746
SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub or remote. Table 80. VTY Access Authentication Method Line VTY access-class support? YES Username access-class support? NO Remote authorization support? NO Local NO YES NO TACACS+ YES NO YES (with Dell - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 747
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 748
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 749
can modify the permissions specific to that command and/or command option. For more information, see Modifying Command Permissions for Roles . NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need to enter an enable password because you will be - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 750
line console 0 login authentication test authorization exec test exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 751
role's command permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles. Important - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 752
If you add or delete command permissions using the role command, those changes only apply to the specific user role. They do not apply to other roles that have inheritance from that role. Authorization and accounting only apply to the roles specified in that configuration. When you modify a command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 753
secadmin sysadmin Exec Config Interface Line Exec Config Interface Line Router IP RouteMap Protocol MAC Example: Remove Security Administrator Access to Line Mode. The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 754
for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 755
commands role netadmin ucraaa ! Configuring TACACS+ and RADIUS VSA Attributes for RBAC For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 756
"attribute" and "value" are an attribute-value (AV) pair defined in the Dell Network OS TACACS+ specification, and "sep" is "=". These attributes allow the full set of features available for TACACS+ authorization and are authorized with the same attributes for RADIUS. Example for Configuring a VSA - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 757
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 758
Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line Role access: netadmin,sysadmin Displaying Information About Users Logged into the Switch To display - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 759
only 802.1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated, and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network. Even under ideal conditions, customers and the provider - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 760
Figure 116. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured 2. Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3. Enabling VLAN-Stacking for a VLAN. 760 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 761
bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3. Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 762
hybrid Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)#vlan-stack trunk Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address 762 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 763
Dell Networking systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3). Service Provider Bridging 763 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 764
appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. 764 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 765
Figure 117. Single and Double-Tag TPID Match Service Provider Bridging 765 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 766
Figure 118. Single and Double-Tag First-byte TPID Match 766 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 767
VLAN match - switch to default VLAN switch to default VLAN switch to default VLAN switch to VLAN switch to default VLAN switch to default VLAN Service Provider Bridging 767 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 768
switch to default VLAN VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 769
CFI/DEI Te 1/1 Green 0 Te 1/1 Yellow 1 Te 2/9 Yellow 0 Te 2/10 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 770
of Queue 3 also matches the traffic. This is an expected behavior. Examples of QoS Interface Configuration and Rate Policing policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 ! class-map match-any a layer2 match mac access-group a ! mac access-list standard a seq 5 permit any ! qos - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 771
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 772
address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. 772 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 773
profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable Service Provider Bridging 773 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 774
. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel 774 Service Provider Bridging - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 775
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 776
on any port specifically, the global sampling rate is downloaded to that port and is to calculate the portpipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 777
of sampled packet. The S-Series and Z9100-ON platforms support extended-switch information processing only. Extended sFlow packs additional information three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 778
on an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow on -if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 779
line indicates sFlow is globally enabled. The second bold lines indicate sFlow is enabled on Te 1/16 and Te 1/17 Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 780
Displaying Show sFlow on an Interface To view sFlow information on a specific interface, use the following command. • Display sFlow configuration information and statistics on a specific interface. EXEC mode show sflow interface interface-name Examples of the sFlow show Commands The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 781
sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, of sampled packet. The S-Series and Z9100-ON platforms support extended-switch information processing only. Extended sFlow packs additional - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 782
the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter the ingress interface of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 783
IP SA BGP BGP IP DA static/connected/IGP srcAS and srcPeerAS - Exported dstAS and dstPeerAS - Exported Description is no AS information for IGP. Prior to Dell Networking OS version 7.8.1.0, extended gateway data is not exported because IP DA is not learned via BGP. Version 7.8.1.0 allows - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 784
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC 3826. The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 785
Table 84. Authentication and Privacy Options FIPS Mode Disabled Privacy Options des56 (DES56-CBC) aes128 (AES128-CFB) Enabled aes128 (AES128-CFB) Authentication Options md5 (HMAC-MD5-96) sha (HMAC-SHA1-96) sha (HMAC-SHA1-96) To enable security for SNMP packets transferred between the server - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 786
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 787
Setting Up User-Based Security (SNMPv3) When setting up SNMPv3, you can set users up with one of the following three types of configuration for SNMP read/write operations. Users are typically associated to an SNMP group with permissions provided, such as OID view. • noauth - no password or privacy. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 788
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 789
also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Dell Networking - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 790
• Dell Networking enterpriseSpecific protocol traps - bgp, ecfm, stp, and xstp. To configure the system to send SNMP notifications, use the following commands. 1. Configure the Dell Networking system to send notifications to an SNMP server. CONFIGURATION mode snmp-server host ip-address [traps | - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 791
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 792
than or equal to 5 minutes. This restriction also applies to the console message. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, the SNMP trap is not sent. To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 793
SMI::enterprises.6027.3.30.1.1.1 SNMPv2-SMI::enterprises.6027.3.30.1.1 = STRING: "NOT_REACHABLE: Syslog server 10.11.226.121 (port: 9140) is not reachable" SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 2 Following is the sample audit log message that other syslog servers that are - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 794
MIB Object copySrcFileName copyDestFileType copyDestFileLocation copyDestFileName copyServerAddress copyUserName copyUserPassword OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 .1.3.6.1.4.1.6027.3.5.1.1.1.1.6 .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 .1.3.6.1.4.1.6027.3.5.1.1.1.1.8 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 795
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 796
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 797
Example of Copying Configuration Files via TFTP From a UNIX Machine .snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.4 i 3 copyDestFileType.4 i 1 copyDestFileLocation.4 i 3 copyDestFileName.4 s /home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 798
-v 2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 799
.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 800
enterprises.6027.3.10.1.2.10.1.3.1.2 = "Fri Nov 8 08:11:16 2013" enterprises.6027.3.10.1.2.10.1.3.1.3 = "Fri May 23 05:05:16 2014" enterprises.6027.3.10.1.2.10.1.3.2.1 = "Tue Jun 17 14:19:26 2014" enterprises.6027.3.10.1.2.10.1.4.1.1 = 0 enterprises.6027.3.10.1.2.10.1.4.1.2 = 1 enterprises.6027.3.10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 801
LineSpeed auto ARP type: ARPA, ARP Timeout 04:00:00 To display the ports in a VLAN, send an snmpget request for the object dot1qStaticEgressPorts using the interface index as the instance number, as shown for an S-Series. The following example shows viewing VLAN ports using SNMP with no ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 802
• To add an untagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects. NOTE: Whether adding a tagged or untagged port, specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts. Example of Adding an Untagged Port to a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 803
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 804
In the following example, R1 has one dynamic MAC address, learned off of port TenGigabitEthernet 1/21, which a member of the default VLAN, VLAN 1. The SNMP walk returns the values for dot1dTpFdbAddress, dot1dTpFdbPort, and dot1dTpFdbStatus. Each object comprises an OID concatenated with an instance - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 805
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command. Starting from the least - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 806
of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 807
• When you query an icmpStatsInErrors object in the icmpStats table by using the snmpget or snmpwalk command, the output for IPv4 addresses may be incorrectly displayed. To correctly display this information under IP and ICMP statistics, use the show ip traffic command. • When you query an IPv4 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 808
also called the master unit. • Standby - secondary management unit. • Stack units - the remaining units in the stack, also called stack members. The system supports up to six stack units. • Stack group - Each set of four 10G ports or each individual 40G port correspond to a stack-group. To configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 809
after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6-address | dhcp} Stacking 809 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 810
Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology. The standby unit detects the loss of peering communication and takes ownership of the stack management, switching from the standby role to the master role. The distributed forwarding tables - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 811
path selection inside the stack: If multiple paths exist between two units in the stack, the shortest path is used. Supported Stacking Topologies The device supports stacking in a ring or a daisy chain topology. Dell Networking recommends the ring topology when stacking the switches to provide - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 812
Figure 123. Supported Stacking Topologies High Availability on Stacks Stacks have master and standby management units analogous to Dell Networking route processor modules (RPM). The master unit synchronizes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 813
Failover Count: 0 Last failover timestamp: None Last failover Reason: None Last failover type: None -- Last Data Block Sync Record: -- stack-unit Config: succeeded Nov 25 2014 15:29:58 Start-up Config: succeeded Nov 25 2014 15:29:58 Runtime Event Log: succeeded Nov 25 2014 15: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 814
stack is running Dell Networking OS version 8.3.12.0 and the new unit is running an earlier software version, the new unit is put into a card problem state. • If the unit is running Dell Networking OS version 8.3.10.x, it is upgraded to use the same Dell Networking OS version as the stack - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 815
if the software version of the new unit predates Dell Networking OS version 8.3.12.0 , the management unit puts the new unit into a card problem state and generates a syslog that identifies the unit, its Dell Networking OS version, and its incompatibility for firmware synchronization. NOTE: You must - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 816
in the stack. 2. Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3. Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack-unit-number - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 817
Example of a Syslog Figure 125. Creating a New Stack In the above example, stack unit 1 is the master management unit, stack unit 2 is the standby unit. The cables are connected to each unit. Configure the stack groups on the units in the following order: • Configure the first stack group on unit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 818
up up 1/3 1/3 10 up up Add Units to an Existing Stack You can add units to an existing stack in one of three ways. • By manually assigning a new unconfigured unit a position in an existing stack. • By adding a configured unit to an existing stack. • By merging two stacks. If you are adding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 819
a type mismatch error. After the new unit loads, it synchronizes its running and startup configurations with the stack. Manually Assigning a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps. 1. On the stack, determine the next - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 820
Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 8-3-7-13 64 1 Member online S4810 S4810 8-3-7-13 64 2 Member not present 3 Standby online S4810 S4810 8-3-7-13 64 4 Member not present 5 Member not present 6 Member not present 7 Member not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 821
• If the stack has been provisioned for the stack number that is assigned to the new unit, the pre-configured provisioning must match the switch type. If there is a conflict between the provisioned switch type and the new unit, a mismatch error message is displayed. Merge Two Stacks You may merge - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 822
Renumbering the stack manager triggers the whole stack to reload, as shown in the message below. When the stack comes back online, the master unit remains the management unit. Dell#stack-unit 2 renumber 1 Renumbering master unit will reload the stack. WARNING: Interface configuration for current - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 823
Num Ports : 64 Up Time : 57 min, 0 sec Dell Networking OS Version : 8-3-7-13 Jumbo Capable : yes POE Capable : no Burned In MAC : 00:01:e8:8a:df:e6 No Of MACs : 3 -- Power Supplies -- Unit Bay Status Type FanStatus 0 0 absent absent 0 1 up AC up -- Fan Status -- Unit Bay - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 824
a member unit. • Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. • Display redundancy information. 824 Stacking - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 825
-unit unit-number • Reload a member unit, from the unit itself. EXEC Privilege mode reset-self • Reset a stack-unit when the unit is in a problem state. EXEC Privilege mode reset stack-unit unit-number {hard} Verify a Stack Configuration The light of the LED status indicator on the front panel of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 826
: 44C Voltage : ok Serial Number : H1DL104400018 Part Number : Rev Vendor Id : Date Code : Country Code : Piece Part ID : N/A PPID Revision : N/A Service Tag : N/A Expr Svc Code : N/A Auto Reboot : disabled Burned In MAC : 00:01:e8:8c:53:32 No Of MACs : 3 -- Power Supplies - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 827
up up Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions. • Removing a Unit from a Stack • Removing Front End Port Stacking Removing a Unit from a Stack The running-configuration and startup-configuration are synchronized - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 828
reboots. The units come up as standalone units after the reboot completes. Troubleshoot a Stack To troubleshoot a stack, use the following recovery tasks. • Recover from Stack Link Flaps • Recover from a Card Problem State on a Stack Recover from Stack Link Flaps Stack link integrity monitoring - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 829
on a Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error. To recover, disconnect the new unit from the stack, change the Dell Networking OS version to match the stack, and then reconnect it to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 830
-unicast configuration, use the show storm-control unknown-unicast [interface] command. EXEC Privilege Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 831
mode you can configure storm control for ingress and egress traffic. Do not apply per-virtual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on an interface or globally). • Configure storm control. CONFIGURATION mode • Configure the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 832
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 833
• All ports in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the spanning tree topology at the time you enable the protocol. • To add interfaces to the spanning tree topology after you enable STP, enable the port and configure it for Layer - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 834
INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 835
protocol spanning-tree 0 2. Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 836
Te 1/1 8.496 8 Te 1/2 8.497 8 Te 1/3 8.513 8 Te 1/4 8.514 8 Dell# 4 DIS 0 4 DIS 0 4 FWD 0 4 FWD 0 32768 0001.e80d.2462 32768 0001.e80d.2462 32768 0001.e80d.2462 32768 0001.e80d.2462 8.496 8.497 8.513 8.514 Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 837
NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. the default is 2 seconds. • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 838
state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 839
- Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). - Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). - Disabling global spanning tree (the no spanning-tree in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 840
No Dell(conf-if-te-1/7)#do show ip interface brief tengigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 841
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 842
spanning-tree {0 | mstp | rstp | pvst} rootguard - 0: enables root guard on an STP-enabled port assigned to instance 0. - mstp: enables root guard on an MSTP-enabled port. - rstp: enables root guard on an RSTP-enabled port. - pvst: enables root guard on a PVST-enabled port. To disable STP root guard - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 843
on a per-port or per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: Spanning Tree Protocol (STP) 843 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 844
- Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 845
troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support SupportAssist Configuring SupportAssist Using a Configuration Wizard You are guided through a series of queries to configure SupportAssist. service. CONFIGURATION mode SupportAssist 845 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 846
-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands. 1. Accept the end-user license agreement (EULA). CONFIGURATION mode eula - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 847
a maximum of two servers: • default server • custom user configured server 6. Enable all activities and servers for the SupportAssist service. SUPPORTASSIST mode enable all Dell(conf)#support-assist Dell(conf-supportassist)#enable all 7. Trigger an activity event immediately. EXEC Privilege mode - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 848
mac-address-table" "show trace" "show command-history" "show logging" "show tech-support" } : "alarms_records", : "arp_records", : "ip_route_records", : "mac-address-table_records", : "trace_records", : "command_history_records", : "system_logging_records", : "tech-support_records" 3. Configure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 849
, email addresses, phone, method and time zone for contacting the person. SupportAssist Person configurations are optional for the SupportAssist service. To configure SupportAssist person, use the following commands. 1. Configure the contact name for an individual. SUPPORTASSIST mode [no] contact - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 850
[no] email-address primary email-address [alternate email-address] Dell(conf-supportassist-pers-john_doe)#email-address primary [email protected] Dell(conf-supportassist-pers-john_doe)# 3. Configure phone numbers of the contact person. SUPPORTASSIST PERSON mode [no] phone primary phone [alternate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 851
including any activities, status of communication, last time communication sent, and so on. EXEC Privilege mode show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com Server: chennai - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 852
save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure. Dell SupportAssist also collects and stores - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 853
the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 854
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 855
• Specify the NTP server to which the Dell Networking system synchronizes. CONFIGURATION mode ntp server ip-address Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 856
• Configure a source IP address for NTP packets. CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - For a 40-Gigabit Ethernet interface - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 857
in dotted decimal format (A.B.C.D). - ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. - key keyid : Configure a text string as the key exchanged between the NTP server and the client. - prefer: Enter the keyword prefer to set - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 858
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 859
:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. System Time and Date 859 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 860
Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following command. • Set the clock to the appropriate timezone and daylight saving time. CONFIGURATION - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 861
- start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. - start-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 862
, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 863
Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.1/24 Dell(conf-if-tu-3)#ipv6 address 3::1/64 Dell(conf-if-tu-3)#no shutdown Dell(conf-if-tu-3)#show config ! interface Tunnel 3 ip address 3.1.1.1/24 ipv6 address 3::1/64 tunnel - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 864
Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip unnumbered TenGigabitEthernet 1/1 ipv6 unnumbered - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 865
58 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 866
Figure 133. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 867
Figure 134. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 868
• If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error. The order in which downstream ports are disabled is from the lowest - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 869
is automatically enabled in an uplink-state group. To re-enable upstream-link tracking, use the enable command. Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 870
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 871
- For a port channel interface, enter the keywords port-channel then a number. If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 872
ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:25:46 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 873
00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1 Dell(conf-uplink-state-group-3)# description Testing UFD feature Dell(conf-uplink-state-group-3)# show config ! uplink-state-group 3 description Testing UFD feature downstream disable links 2 downstream - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 874
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 875
VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 portbased VLANs and one default VLAN, as specified in IEEE Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 876
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 877
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 878
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 879
NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1 Po1(So 0/0-1) Te 1/2 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If the tagged - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 880
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 881
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 882
gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined for VLT peers in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 883
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 884
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 885
• You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy Gateway LLDP configuration: • You must globally enable LLDP. • You cannot have interface-level LLDP disable commands on the interfaces configured for proxy gateway and you must - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 886
• The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method. For VLT Proxy Gateway to work in this - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 887
Sample Static Configuration on C switch or C1 switch Switch_C#conf Switch_C(conf)#vlt domain 1 Switch_C(conf-vlt-domain1)#proxy-gateway static Switch_C(conf-vlt-domain1-pxy-gw-static)#remote-mac-address .... VLT Proxy Gateway 887 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 888
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 889
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 890
Figure 139. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 891
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 892
. - A VLT interconnect over 1G ports is not supported. - The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. - The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. - VLT peer switches operate as separate - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 893
switches with VLT peer switches, you use a VLT port channel, as shown in Overview. Up to 48 port-channels are supported; up to 16 member links are supported in each port channel between the VLT domain and an access device. - The discovery protocol running between VLT peers automatically generates - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 894
. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). - In a VLT domain, ingress and egress QoS policies are supported on physical VLT ports, which can be members of VLT port channels in the domain. * Ingress and egress QoS policies applied on VLT ports must - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 895
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 896
, the dynamically learned groups and multicast router ports are automatically learned on the VLT peer node. VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync - Entries learned on non-VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 897
Figure 140. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 898
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 899
peer-routing 3. Configure the peer-routing timeout. VLT DOMAIN mode peer-routing-timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT Multicast Routing provides resiliency to multicast routed - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 900
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 901
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the VLTi . 3. Configure a backup link for the VLT domain. 4. (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 902
channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 4. Ensure - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 903
lacp ungroup member-independent {vlt | port-channel port-channel-id} LACP on VLT ports (on a VLT switch or access device), which are members of the virtual link trunk, is not brought up until the VLT domain is recognized on the access device. 6. Repeat Steps 1 to 4 on the VLT peer switch to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 904
Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. After you configure a VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 905
no ip address 3. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 4. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 906
interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the Enabling VLT and Creating a VLT Domain. 2. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 907
Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer switch reboots. 8. Configure enhanced VLT. Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 908
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. s4810-2(conf)#vlt domain 5 s4810 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 909
1. You can configure the LACP/static LAG between the peer units (not shown). 2. Configure the peer-link port-channel in the VLT domains of each peer unit. Dell-2(conf)#interface port-channel 1 Dell-2(conf-if-po-1)#channel-member TenGigabitEthernet 1/4-7 Dell-4(conf)#interface port-channel 1 Dell-4( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 910
interface TenGigabitEthernet 1/8 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface tengigabitethernet 1/30 ! interface TenGigabitEthernet 1/30 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 911
PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 912
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example, you are configuring two domains. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4, as shown in the following example. In Domain 1, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 913
Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer2(conf) #vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a: - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 914
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 915
• Display detailed information about the VLT-domain configuration, including local and peer port-channel IDs, local VLT switch status, and number of active VLANs on each port channel. EXEC mode show vlt detail • Display the VLT peer status, role of the local VLT switch, VLT system MAC address and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 916
The following example shows the show vlt brief command. Dell#show vlt brief VLT Domain Brief Domain ID Role Role Priority ICL Link Status HeartBeat Status VLT Peer Status Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : 1 : Secondary : 32768 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 917
Dell_VLTpeer2# show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.20 The following example shows the show vlt statistics command. Dell_VLTpeer1# show vlt statistics VLT Statistics HeartBeat Messages Sent: 987 HeartBeat Messages Received: 986 ICL - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 918
Po 111 128.112 128 200000 DIS(vlt) 0 0 0001.e88a.dff8 128.112 Po 120 128.121 128 2000 FWD(vlt) 0 0 0001.e88a.dff8 128.121 Additional VLT Sample Configurations To configure VLT, configure a backup link and interconnect trunk, create a VLT domain, configure a backup link and interconnect trunk, and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 919
-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/48,52 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 920
Description Domain ID mismatch Behavior at Peer Up above the 80% threshold and when it drops below 80%. The VLT peer does not boot up. The VLTi is forced to a down state. Behavior During Run Time The VLT peer does not boot up. The VLTi is forced to a down state. Action to Take Verify the domain - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 921
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 922
tagged to any one of the primary or secondary VLANs of a PVLAN, then both the primary and secondary VLANs are considered as VLT VLANs. If you add an ICL or VLTi link as a member of a primary VLAN, the ICL becomes a part of the primary VLAN and its associated secondary VLANs, similar to the behavior - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 923
During the booting phase or when the ICL link attempts to come up, a system logging message is recorded if VLT PVLAN mismatches, PVLAN mode mismatches, PVLAN association mismatches, or PVLAN port mode mismatches occur. Also, you can view these discrepancies if any occur by using the show vlt - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 924
PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section contains the following topics that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 925
Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2. Remove an IP address from the interface. - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 926
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 927
the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast and broadcast ARP requests. Control packets, other than receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 928
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 929
Dell(conf-vlt-domain)#system-mac mac-address 00:00:00:11:11:11 Dell(conf-vlt-domain)#unit-id 0 Dell(conf-vlt-domain)# Dell#show running-config vlt ! vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.116 primary-priority 100 system-mac mac-address 00:00:00:11:11:11 unit-id 0 Dell# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 930
Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Dell#show vlan id 50 Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 931
(Te 1/8) M Po20(Te 1/20) V Po1(Te 1/30-32) IPv6 Peer Routing in VLT Domains Overview Peer routing for IPv6 packets in VLT domains is supported on the S4810, S4820T, S6000, Z9000, and MXL platforms. Virtual Link Trunking (VLT) is a mechanism that enables the physical links between two devices that - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 932
The neighbor entries are typically learned by a node using neighbor solicitation (NS) and ND messages. These NS or neighbor advertisement (NA) messages can be either destined to the VLT node or to any nodes on the same network as the VLT interface. These learned neighbor entries are propagated to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 933
• NA messages are almost always sent in response to an NS message from a node. In this case the solicited NA has the destination address field set to the unicast MAC address of the initial NS sender. This solicited NA need to be tunneled when they reach the wrong peer. Consider a sample scenario in - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 934
Figure 143. Sample Configuration of IPv6 Peer Routing in a VLT Domain Neighbor Solicitation from VLT Hosts Consider a case in which NS for VLT node1 IP reaches VLT node1 on VLT interface and NS for VLT node1 IP reaches VLT node2 due to LAG level hashing in TOR. When VLT node1 receives NS from VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 935
Consider a situation in which NA for VLT node1 reaches VLT node1 on non-VLT interface and NA for VLT node1 reaches VLT node2 on non-VLT interface. When VLT node1 receives NA on VLT interface, it learns the Host MAC address on received interface. This learned neighbor entry is synchronized to VLT - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 936
it consumes the packets. VLT node will drop the RA message if it is received over ICL interface. Upgrading from Releases That Do Not Support IPv6 Peer Routing During an upgrade to Release 9.4(0.0) from earlier releases, VLT peers might contain different versions of FTOS. You must upgrade both the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 937
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 938
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 939
. Yes Yes No No No No Yes No Yes NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non-default-VRFs also. IPv6 ACLs are supported on default-VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. No Yes Yes No No Yes No Virtual Routing and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 940
capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF No Yes Yes No No No Yes Yes Yes No No Yes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 941
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Table 98. Creating a Non-Default VRF Instance Task Create a non-default VRF instance by - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 942
enter a value for vrf-name. show ip vrf [vrf-name] Command Mode EXEC Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer toOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 943
help still displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route To configure a static route, perform the following steps: Virtual Routing and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 944
Table 105. Configuring a Static Route Task Configure a static route that points to a management interface. Command Syntax management route ip-address mask managementethernet ormanagement route ipv6address prefix-length managementethernet NOTE: You can also have the management route to point to a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 945
Figure 146. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 946
ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 947
ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 948
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 949
Dell#show ip ospf 1 neighbor Neighbor ID Pri 1.0.0.1 1 FULL/BDR ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri 2.0.0.1 1 FULL/BDR ! Dell#show ip route vrf blue State Dead Time 00:00:36 State Dead Time 00:00:33 Address 1.0.0.1 Address 2.0.0.1 Interface Vl 128 Interface Vl 192 Area 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 950
that particular prefix will fail and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes. The source route will VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRF-Blue but not - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 951
purpose, routes corresponding VRF-Shared routes are leaked to only VRF-Red and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are leaked to VRF-Shared. For leaking the routes from VRF-Shared to VRF-Red and VRF-Blue, you can configure route-export tag on VRF-shared (source VRF, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 952
ip vrf forwarding VRF-green ip address ip-address mask A non-default VRF named VRF-green is created and the interface is assigned to it. 10. Configure the import target in the source VRF VRF-Shared for reverse communication with VRF-red and VRF-blue. ip vrf vrf-shared ip route-import 2:2 ip - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 953
O 22.2.2.2/32 00:00:11 via 122.2.2.2 110/0 C 122.2.2.0/24 Direct, Te 1/12 0/0 22:39:61 O 44.4.4.4/32 via vrf-shared:144.4.4.4 0/0 00:32:36 C 144.4.4.0/24 Direct, vrf-shared:Te 1/4 0/0 00:32:36 Dell# show ip route vrf VRF-Green O 33.3.3.3/32 00:00:11 via 133.3.3.3 110/0 C 133 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 954
While importing these routes into VRF-blue, you can further specify match conditions at the import end to define the filtering criteria based on which the routes are imported into VRF-blue. You can define a route-map import_ospf_protocol and then specify the match criteria as OSPF using the match - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 955
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. • You can expose a unique set - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 956
the Internet. Router B receives and forwards them on interface TenGigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 957
gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported. Virtual IP addresses can belong to the primary or secondary IP address' subnet configured on the interface. You can ping all the virtual - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 958
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 959
Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te-1/1)#show conf ! - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 960
a total of 120 VRRP groups on a switch with Dell Networking OS or a total of 20 VRRP groups when using SFTOS. The S-Series supports varying number of maximum VRRP groups per interface. For more information, refer to VRRP Implementation. To activate a VRRP group on an interface (so that VRRP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 961
The following example shows how to verify a virtual IP address configuration. NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 962
same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 963
virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 964
• Change the advertisement interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second. • For VRRPv3, change the advertisement centisecs interval setting. INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 965
For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACEVRID mode) before you actually create the tracked object ( - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 966
, the local destination address is not seen on the reloaded node causing suboptimal routing. Set the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. 966 Virtual Router Redundancy Protocol (VRRP) - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 967
directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. The VRRP topology was created using the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 968
Figure 148. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 969
TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 970
Figure 149. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 971
R2(conf-if-te-1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 972
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 973
S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177. S1(conf-if-te-1/1-vrid-101)#priority 100 S1(conf-if-te-1/1-vrid-101)# - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 974
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 975
VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 976
State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Vlan 400, IPv4 VRID: 10, Version: 2, - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 977
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 978
NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs. R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 979
Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp tengigabitethernet 2/8 TenGigabitEthernet 2/8, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 0 default State: Master, Priority: 110, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 980
65 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 981
3. Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-0.txt Diags completed... Rebooting the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 982
10 Member 11 Member not present not present -- Power Supplies -- Unit Bay Status Type FanSpeed(rpm) 0 0 down UNKNOWN 0 0 1 up AC 14000 -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 0 0 up up 13466 up 13466 0 1 up up 13653 up 13466 Speed in RPM The - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 983
are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information for MASTER or directory. NOTE: Non-management member units do not support this functionality. Debugging and Diagnostics 983 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 984
reboots an Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Using the Show Hardware Commands The show hardware command tree consists of commands used with the system. These commands display information - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 985
show hardware stack-unit {0-11} buffer unit {0-1} port {1-64} queue {0-14 | all} bufferinfo • View input and output statistics on the party bus, which carries inter-process communication traffic between CPUs. EXEC Privilege mode show hardware stack-unit {0-11} cpu party-bus statistics • View the - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 986
Example of the show interfaces transceiver Command Dell#show interfaces fortyGigE 1/52 transceiver QSFP 52 Serial ID Base Fields QSFP 52 Id = 0x0d QSFP 52 Ext Id = 0x00 QSFP 52 Connector = 0x0c QSFP 52 Transceiver Code = 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 52 Encoding = 0x05 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 987
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 988
forwarding plane statistics containing the packet buffer statistics per COS per port. Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet loss, use the following commands. • show hardware stack-unit stack-unit - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 989
Displaying Drop Counters To display drop counters, use the following commands. • Identify which stack unit and port pipe is experiencing internal drops. show hardware stack-unit stack-unit-number drops [unit unit-number] • Identify which interface is experiencing internal drops. show hardware - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 990
HOL DROPS on COS9 : 0 HOL DROPS on COS10 : 0 HOL DROPS on COS11 : 0 HOL DROPS on COS12 : 0 HOL DROPS on COS13 : 0 HOL DROPS on COS14 : 0 HOL DROPS on COS15 : 0 HOL DROPS on COS16 : 0 HOL DROPS on COS17 : 0 TxPurge CellErr : 0 Aged Drops : 0 --- Egress MAC counters--- Egress - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 991
txDatapathErr :0 txPkt(COS0 ) :0 txPkt(COS1 ) :0 txPkt(COS2 ) :0 txPkt(COS3 ) :0 txPkt(COS4 ) :0 txPkt(COS5 ) :0 txPkt(COS6 ) :0 txPkt(COS7 ) :0 txPkt(COS8 ) :0 txPkt(COS9 ) :0 txPkt(COS10) :0 txPkt(COS11) :0 txPkt(UNIT0) :0 Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 1 cpu - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 992
RX - 512 to 1023 Byte Frame Counter RX - 1024 to 1518 Byte Frame Counter RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048 to 4095 Byte Frame Counter RX - 4096 to 9216 Byte Frame Counter RX - Good Packet Counter RX - Packet/frame Counter RX - Unicast - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 993
RX - 1519 to 1522 Byte Good VLAN Frame Counter 0 RX - 1519 to 2047 Byte Frame Counter 0 RX - 2048 to 4095 Byte Frame Counter 0 RX - 4096 to 9216 Byte Frame Counter 0 RX - Good Packet Counter 0 RX - Packet/frame Counter 0 RX - Unicast Packet Counter 0 RX - Multicast Packet Counter 0 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 994
dumps. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 995
- Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 996
describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 997
Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 110. General the File Transfer Protocol 8.3.12.0 2474 Definition of the Differentiated 7.7.1 Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 998
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 111. General IPv4 Protocols R Full Name F C # Z-Series S-Series 7 Internet Protocol 7.6.1 91 7 Internet Control 7.6.1 9 Message Protocol 2 8 An Ethernet 7.6.1 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 999
per platform for general IPv6 protocols. Table 112. General IPv6 Protocols RF Full Name C# 188 DNS 6 Extensions to support IP version 6 Z-Series S-Series 7.8.1 1981 Path MTU 7.8.1 (Pa Discovery for rtial IP version 6 ) 246 Internet 7.8.1 0 Protocol, Version 6 (IPv6) Specification - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1000
RF Full Name C# Z-Series rtial ) 246 Transmission 4 of IPv6 Packets over Ethernet Networks 267 IPv6 5 Jumbograms 2711 IPv6 Router Alert Option 358 IPv6 Global 7 Unicast Address Format 400 IPv6 Scoped 7 Address Architecture 429 Internet 1 Protocol Version 6 (IPv6) Addressing Architecture 444 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1001
7.8.1 draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 114. Open Shortest Path First (OSPF) RFC# 1587 Full Name S-Series/Z-Series The OSPF Not-So - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1002
(IS-IS) Point-to-Point Adjacencies 3567 IS-IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System (ISIS) Extensions in Support of Generalized MultiProtocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1003
(PIM-SM): Protocol Specification (Revised) 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 118. Network Management RFC# 1155 Full Name Structure and Identification of Management Information - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1004
RFC# 1724 1850 1901 2011 2012 2013 2024 2096 2558 2570 2571 2572 2574 2575 2576 Full Name S4810 RIP Version 2 MIB Extension OSPF Version 2 Management 7.6.1 Information Base Introduction to Community- 7.6.1 based SNMPv2 SNMPv2 Management 7.6.1 Information Base for the Internet Protocol - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1005
, Ethernet History Table, Alarm Table, Event Table, Log Table The Interfaces Group MIB 7.6.1 Remote Authentication Dial In 7.6.1 User Service (RADIUS) Remote Network Monitoring 7.6.1 Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High- Capacity Table - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1006
Extensions for High Capacity Alarms, High-Capacity Alarm Table (64 bits) 3580 IEEE 802.1X Remote 7.6.1 Authentication Dial In User Service (RADIUS) Usage Guidelines 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 4001 - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1007
you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) FORCE10-CS-CHASSIS- Force10 C-Series Enterprise MIB Chassis MIB FORCE10-IFEXTENSION-MIB - Dell PowerSwitch S4810P | Configuration Guide for the S4810 System 9.90.0 - Page 1008
MIB Aggregation MIB FORCE10-CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPY- Force10 File Copy MIB 7.7.1 CONFIG-MIB (supporting SNMP SET operation) FORCE10-MONMIB Force10 Monitoring MIB 7.6.1 FORCE10-PRODUCTS- Force10 Product Object Identifier 7.6.1 MIB MIB FORCE10-SS
Dell
Configuration
Guide for the S4810 System
9.9(0.0)