Dell PowerSwitch S5000 9.80.0 Configuration Guide for the S5000 Switch
Dell PowerSwitch S5000 Manual
View all Dell PowerSwitch S5000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S5000 manual content summary:
- Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 1
Dell 9.8(0.0) Configuration Guide for the S5000 Switch - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 2
of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright, 2009 - 2015 Dell Inc. All rights reserved. This product is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 3
Contents 1 About this Guide...35 Audience...35 Conventions...35 Related Documents...35 2 Configuration Fundamentals 36 Accessing the Command Line...36 CLI Modes...36 Navigating CLI Modes...37 Port Numbering - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 4
Logging Buffer and the Logging Configuration 73 Configuring a UNIX Logging Facility Level...74 Synchronizing Log Messages...75 Enabling Timestamp on Syslog Messages...75 File Transfer Services...76 Configuration Task List for File Transfer - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 5
CFM SNMP Traps...92 Displaying Ethernet CFM Statistics...93 6 802.1X...95 The Port-Authentication Process...96 EAP over RADIUS...97 RADIUS Attributes for 802.1 Support...98 Configuring 802.1X...98 Related Configuration Tasks...98 5 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 6
Important Points to Remember...98 Enabling 802.1X...99 Configuring Request Identity Re-Transmissions...100 Configuring a Quiet Period after a Failed Authentication 101 Forcibly Authorizing or Unauthorizing a Port...102 Re-Authenticating a Port...102 Configuring Timeouts...103 Configuring Dynamic - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 7
BFD for Static Routes...150 Configure BFD for OSPF...151 Configure BFD for IS-IS...154 Configure BFD for BGP...157 Configuring Protocol Liveness...163 Troubleshooting BFD...163 10 Border Gateway Protocol IPv4 (BGPv4 165 Autonomous Systems (AS)...165 7 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 8
(MEDs)...172 Origin...173 AS Path...173 Next Hop...174 Multiprotocol BGP...174 Implement BGP with Dell Networking OS...174 Additional Path (Add-Path) Support...174 Advertise IGP Cost as MED for Redistributed Routes 175 Ignore Router-ID for Some Best-Path Calculations 175 Four-Byte AS Numbers...175 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 9
for Egress ACLs...234 Testing CAM Usage for QoS Policies...234 Displaying CAM-ACL Settings...235 Displaying CAM-ACL-Egress Settings...235 CAM Optimization...236 Troubleshoot CAM Profiling...236 13 Control Plane Policing (CoPP 237 9 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 10
Operation...261 DCBx Operation...261 DCBx Port Roles...261 DCB Configuration Exchange...263 Configuration Source Election...263 Propagation of DCB Information...264 Auto-Detection and Manual Configuration of the DCBx Version 264 DCBx Example...264 DCBx Prerequisites and Restrictions...265 10 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 11
DHCP Server...288 Configure a Method of Hostname Resolution...288 Creating Manual Binding Entries...289 Debugging the DHCP Server...289 Using DHCP Clear Commands Threshold...301 17 Fabric Services...303 Configuring Switch Mode to Fabric Services...304 Name Server...304 Link State Database...305 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 12
Inter Switch Link (ISL)...305 Principal Switch Selection and Domain ID Assignment 305 Route Table...306 Zoning...306 Creating Zone and Adding Members...306 Creating Zone Alias and Adding Members...306 Creating Zonesets...307 Activating a Zoneset...307 Zone Merge (within ISL)...307 Configuring - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 13
347 Setting the FRRP Timers...348 Clearing the FRRP Counters...349 Viewing the FRRP Configuration...349 Viewing the FRRP Information...349 Troubleshooting FRRP...349 Configuration Checks...349 Sample Configuration and Topology...350 22 GARP VLAN Registration Protocol (GVRP 352 Important Points to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 14
and Standby Units 358 Forcing an Stack Unit Failover...359 Specifying an Auto-Failover Limit...359 Disabling Auto-Reboot...359 Manually Synchronizing Management and Standby Units 359 24 Internet Group Management Protocol (IGMP 360 IGMP Implementation Information...360 IGMP Protocol Overview - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 15
Advanced Interface Configuration...378 Interface Types...378 View Basic Interface Information...379 Enabling a Physical Interface...380 Physical Interfaces...381 Configuration Task List for Physical Interfaces...381 Overview of Layer Modes...381 Configuring Layer 2 (Data Link) Mode...382 Configuring - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 16
Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port 399 Important Points to Remember...399 Example Scenarios...399 Link Dampening...403 Important Points to Remember...403 Enabling Link Dampening...404 Link Bundle Monitoring...405 Using Ethernet Pause Frames for Flow Control...405 Enabling Pause - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 17
with Subnet Broadcast Addresses...430 UDP Helper with Configured Broadcast Addresses...430 UDP Helper with No Configured Broadcast Addresses 431 Troubleshooting UDP Helper...431 28 IPv6 Routing...432 Protocol Overview...432 Extended Address Space...432 Stateless Autoconfiguration...432 IPv6 Headers - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 18
Monitoring iSCSI Traffic Flows...448 Application of Quality of Service to iSCSI Traffic Flows 448 Information Monitored in iSCSI ...455 Multi-Topology IS-IS...456 Transition Mode...456 Interface Support...456 Adjacencies...456 Graceful Restart...457 Timers...457 Implementation Information... - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 19
LACP Basic Configuration Example...482 Configure a LAG on ALPHA...482 32 Layer 2...490 Manage the MAC Address Table...490 Clearing the MAC Address Table...490 Setting the Aging Time for Dynamic Entries...490 Configuring a Static MAC Address...490 Displaying the MAC Address Table...491 MAC Learning - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 20
Debugging LLDP...516 Relevant Management Objects...516 34 Microsoft Network Load Balancing 521 NLB Unicast Mode Scenario...521 NLB Multicast Mode Scenario...521 Limitations of the NLB Feature...522 Microsoft Clustering...522 Enable and Disable VLAN Flooding ...522 Configuring a Switch for NLB ... - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 21
a Join...567 38 NPIV Proxy Gateway 568 Benefits of an NPIV Proxy Gateway...568 NPIV Proxy Gateway Operation...568 NPIV Proxy Gateway: Protocol Services...570 NPIV Proxy Gateway Functionality...570 NPIV Proxy Gateway: Terms and Definitions...570 DCB Maps...571 FCoE Maps...571 Configure an NPIV Proxy - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 22
Track IPv4 and IPv6 Routes...584 Set Tracking Delays...585 VRRP Object Tracking...586 Object Tracking Configuration...586 Tracking a Layer 2 Interface...586 Tracking a Layer 3 Interface...587 Track an IPv4/IPv6 Route...588 Displaying Tracked Objects...591 40 Open Shortest Path First (OSPFv2 594 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 23
Overriding Bootstrap Router Updates...645 Configuring a Designated Router...645 Creating Multicast Boundaries and Domains...645 43 PIM Source-Specific Mode (PIM-SSM 647 Implementation Information...647 Important Points to Remember...647 Configure PIM-SMM...647 Related Configuration Tasks...647 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 24
yellow" with single traffic class 708 Applying Layer 2 Match Criteria on a Layer 3 Interface 709 Applying DSCP and VLAN Match Criteria on a Service Queue 709 Classifying Incoming Packets Using ECN and Color-Marking 710 Guidelines for Configuring ECN for Classifying and Color-Marking Packets 712 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 25
48 Routing Information Protocol (RIP 716 Protocol Overview...716 RIPv1...716 RIPv2...716 Implementation Information...716 Configuration Information...717 Configuration Task List...717 RIP Configuration Example...722 RIP Configuration on Core2...722 Core 2 RIP Output...722 RIP Configuration on Core3 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 26
-Based SSH Authentication...761 Troubleshooting SSH...761 Telnet...761 VTY Line and Access-Class Configuration...762 VTY Line Local Authentication and Authorization...762 VTY Line Remote Authentication and Authorization 763 VTY MAC-SA Filter Support...763 53 Service Provider Bridging 764 VLAN - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 27
TFTP 798 Copy a Binary File to the Startup-Configuration...799 Additional MIB Objects to View Copy Statistics...799 Obtaining a Value for MIB Objects...800 MIB Support to Display the Available Memory Size on Flash 800 Viewing the Available Flash Memory Size...801 MIB - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 28
SNMP...805 Deriving Interface Indices...806 Monitor Port-Channels...807 Troubleshooting SNMP Operation...808 56 Stacking...809 Stacking S5000 Switches...809 Tasks...813 Stack Unit and Stack Group Numbering...818 Supported Stacking Topologies...819 Configuring an S5000 Switch Stack...820 Stack - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 29
Failure Scenarios...835 Upgrading a Switch Stack...838 Upgrading a Single Stack Unit...839 57 Storm Control...840 Configure Storm Control...840 Configuring Storm Control from INTERFACE Mode 840 Configuring Storm Control from CONFIGURATION Mode 840 58 Spanning Tree Protocol (STP 841 Protocol - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 30
Setting the Timezone...862 Set Daylight Saving Time...862 Setting Daylight Saving Time Once...863 Setting Recurring Daylight Saving Time...863 60 Tunneling...865 Configuring a Tunnel...865 Configuring Tunnel Keepalive Settings...866 Configuring a Tunnel Interface...866 Configuring Tunnel Allow- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 31
...898 VLT Port Delayed Restoration...899 PIM-Sparse Mode Support on VLT...899 RSTP Configuration...901 Preventing Forwarding Loops Connection to a VLT Domain (From an Attached Access Switch 919 Troubleshooting VLT...921 Reconfiguring Stacked Switches as VLT...922 Specifying VLT Nodes in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 32
Configuring a VLT VLAN or LAG in a PVLAN...925 Creating a VLT LAG or a VLT VLAN...926 Associating the VLT LAG or VLT VLAN in a PVLAN 926 Proxy ARP Capability on VLT Peer Nodes...927 Working of Proxy ARP for VLT Peer Nodes...928 VLT Nodes as Rendezvous Points for Multicast Resiliency 929 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 33
an Under-Voltage Condition...985 Buffer Tuning...985 Deciding to Tune Buffers...987 Sample Buffer Profile Configuration...989 Troubleshooting Packet Loss...989 Displaying Drop Counters...990 Dataplane Statistics...991 Display Stack Port Statistics...992 Display Stack Member Counters...992 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 34
Multicast...1000 Network Management...1000 MIB Location...1004 34 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 35
protocols, refer to other documentation including IETF Requests for Comment (RFCs). The instructions in this guide cite relevant RFCs, and the Standards Compliance chapter contains a complete list of the supported RFCs and Management Information Base files (MIBs). Audience This document is intended - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 36
2 Configuration Fundamentals The Dell Networking OS command line interface (CLI) is a text-based interface that you use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 37
• INTERFACE sub-mode - is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (management interface, 10-Gigabit Ethernet, 40-Gigabit Ethernet, or 2/4/8-Gigabit Universal Port) or logical (Loopback, Null, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 38
Table 1. Dell Networking OS Command Modes CLI Command Mode Prompt EXEC Dell> EXEC Privilege Dell# CONFIGURATION Dell(conf)# Access Command Access the router through the console or Telnet. • From EXEC mode, enter the enable command. • From any other mode, use the end command. • From EXEC - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 39
for pluggable modules on the S5000 I/O panel. You can also use the 40GbE ports in 4 × 10GbE mode. Figure 1. Port Numbering Convention The S5000 supports the following possible modules: • Twelve-Port Ethernet module (1G/10G speeds) • Twelve-Port Universal Port module (2G/4G/8G/10G speeds) You can - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 40
• 1GbE: Ports from 0 to 47 • 10GbE: Ports from 0 to 63 • 40GbE: Ports 48, 52, 56, and 60 • Universal Port: Ports from 0 to 47 • Management: Port 0 • Fibre Channel: Ports from 0 to 11 The do Command You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 41
interface TenGigabitEthernet 5/1 no ip address shutdown Dell(conf-if-te-5/1)# Layer 2 protocols are disabled by default. Enable them using the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree. Obtaining Help Obtain a list of keywords and a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 42
Short-Cut Key Combination CNTL-A CNTL-B CNTL-D CNTL-E CNTL-F CNTL-I CNTL-K CNTL-L CNTL-N CNTL-P CNTL-R CNTL-U CNTL-W CNTL-X CNTL-Z Esc B Esc F Esc D Action Moves the cursor to the beginning of the command line. Moves the cursor back one character. Deletes character at cursor. Moves the cursor to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 43
• show run | grep Ethernet ignore-case returns instances containing both "Ethernet" and "ethernet." The grep command displays only the lines containing specified text. The following example shows this command used in combination with the do show stack-unit all stack-ports all pfc details | grep 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 44
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 45
3 Getting Started This chapter helps you get started using the S5000. Accessing Ports The S5000 has two management ports available for system access - a console port and a universal serial bus (USB)-B port. The USB-B port acts the same as the console port. The terminal settings are the same for both - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 46
secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with S4810, S4048-ON, S3048-ON, S4820T, and Z9000 switches and provides a reliable, safe communication mechanism. Entering CLI commands Using an SSH - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 47
SSH-related scripts. • To avoid denial of service (DoS) attacks, a rate-limit of 10 when certain show commands such as show tech-support produce large volumes of output, sometimes few characters installation procedure in the S5000 Getting Started Guide, the switch boots up. The following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 48
S5000 Boot Selector Label 1.3.0.0m CPU0: P2020, Version: 2.1, (0x80e20021) Core: E500, Version: 5.1, (0x80211051) . . Board: S5000 Dell CPU CPLD: S5000 CPLD Rev 41 Board Revision 1 . . Boot Selector set to Bootflash Partition A image... Verifying Copyright Information - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 49
Release Image Created 2013/4/15 - 18:11:28 SOFTWARE IMAGE HEADER DATA Software Image[1] Img file Name : CPRPLP-RPM-AP-9-0-1-0.bin Software Image[2] Img file Name : NBSDPCPRPLP-RPM-AP-9-0-1-0.bin . Starting Dell Networking application 00:00:38: %STKUNIT0-M:CP %RAM-6-ELECTION_ROLE: - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 50
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 51
Default Configuration A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI. Configuring Layer 2 (Data Link) Mode To - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 52
no shutdown Configure a Management Route Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route, use the following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 53
To view which interfaces are tagged or untagged and to view which VLAN the interfaces belong, use the show vlan command. To view just the interfaces that are in Layer 2 mode, use the show interfaces switchport command in EXEC Privilege mode or EXEC mode. To tag frames leaving an interface in Layer 2 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 54
source-file-url destination-file-url. NOTE: For a detailed description of the copy command, refer to the Dell Networking OS Command Line Reference Guide. • To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 55
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 56
User name to login remote host: mashutosh Password to login remote host: ! Example of Copying to NFS Mount Dell#copy flash://test.txt nfsmount:/// Destination file name [test.txt]: ! 15 bytes successfully copied Dell#copy flash://ashu/capture.txt.pcap nfsmount:/// Destination file name [test. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 57
Viewing Files You can only view file information and content on local file systems. To view a list of files or the contents of a file, use the following commands. • View a list of files on the internal flash. EXEC Privilege mode dir flash: • View a list of files on the usbflash. EXEC Privilege mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 58
11.200.241/kp-diablo ! redundancy auto-synchronize full ! service timestamps log datetime ! hostname Dell ! enable password 7 b125455cf679b208e79b910e85789edf all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 59
int vlan 2 no ip address no shut int vlan 3 tagged te 1/1 no ip address shut int te 1/1 no ip address switchport shut int te 1/2 no ip address shut Dell# show running-config ! interface TenGigabitEthernet 1/1 no ip address switchport shutdown ! interface TenGigabitEthernet 1/2 no ip - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 60
interface TenGigabitEthernet 1/34 ip address 2.1.1.1/16 shutdown ! interface Vlan 2 no ip address no shutdown ! interface Vlan 3 tagged te 1/1 no ip address shutdown ! interface Vlan 4 tagged te 1/1 no ip address shutdown ! interface Vlan 5 tagged te 1/1 no ip address shutdown ! interface Vlan 100 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 61
by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Managing the File System The S5000 switch can use the internal - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 62
capability. You can activate VRF application on a device by using the feature vrf command in CONFIGURATION mode. NOTE: The no feature vrf command is not supported on any of the platforms. To enable the VRF feature and cause all VRF-related commands to be available or viewable in the CLI interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 63
default is to use the flash drive. You can just enter the image file name. • hash-value: (Optional). Specify the relevant hash published on i-Support. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification MD5 Dell - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 64
-config. • To copy a file on the external FLASH, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services are enhanced to support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 65
4 Switch Management This chapter explains the different protocols or services used to manage the S5000 switch. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 66
level level command. In the command, specify the privilege level of the user or terminal line and specify all the keywords in the command to which you want to allow access. Allowing Access to the Following Modes This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 67
[telnet output omitted] Dell#show priv Current privilege level is 3. Dell#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 68
Line mode privilege level level NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 69
CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Sending System Messages to a Syslog Server To send system messages to a syslog server by specifying the server, use the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 70
login statistics enable After enabling login statistics, the system stores the login activity details for the last 30 days. 2. (Optional) Configure the number of days for which the system stores the user login statistics. The range is from 1 to 30. CONFIGURATION mode login statistics time-period - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 71
User: admin Last login time: Mon Feb 16 04:40:00 2015 Last login location: Line vty0 ( 10.14.1.97 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 11 day(s): 3 Limit Concurrent Login Sessions Dell Networking OS enables you to limit the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 72
Connected to 10.11.178.14. Escape character is '^]'. Login: admin Password: Current sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 Clear existing session? [line number/Enter to cancel]: When you try to create more than the permitted number of sessions, the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 73
logging buffered size • Specify the number of messages that Dell Networking OS saves to its logging history table. CONFIGURATION mode logging history size size To view the logging buffer and configuration, use the show logging command in EXEC privilege mode, as shown in the example for Display the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 74
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 75
when the error or message was created. To enable timestamp, use the following command. • Add timestamp to syslog messages. CONFIGURATION mode service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] Specify the following optional parameters: - You can add the localtime - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 76
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 77
- password: enter a text string. NOTE: You cannot use the change directory (cd) command until you have configured ftp-server topdir. To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode. Configuring FTP Client Parameters To configure FTP client parameters, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 78
Example of an ACL that Permits Terminal Access To view the configuration, use the show config command in LINE mode. Dell(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config line vty 0 access- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 79
IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Switch Management 79 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 80
CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set auto-lock, every time a user is in CONFIGURATION - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 81
NOTE: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is unconfigured. View the Configuration Lock Status If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which user has control of CONFIGURATION mode using the show - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 82
to another boot location. For more information about the Boot User commands, refer to the Boot User chapter in the Dell Networking Command Line Reference Guide for the S5000. 1. Power-cycle the chassis (pull the power cord and reinsert it). 2. Press any key to abort the boot process and enter Boot - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 83
operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM - IEEE 802.1ag connectivity fault management (CFM) • Link layer OAM - IEEE - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 84
Maintenance Domains Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in the following illustration. A CFM maintenance domain is a management space on a network that a single management entity owns and operates. The network administrator assigns a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 85
Figure 4. Maintenance Points Maintenance End Points A maintenance end point (MEP) is a logical entity that marks the end point of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP - monitors the forwarding path internal to a bridge on the customer or provider - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 86
. EXEC Privilege mode show ethernet cfm domain [name | brief] Example of Viewing Configured Maintenance Domains Dell# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 86 802.1ag - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 87
Creating a Maintenance Association A maintenance association (MA) is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a virtual area network (VLAN). An MA is associated with a VLAN ID. • Create maintenance association. ECFM DOMAIN mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 88
entity (ME). An ME is a point-to-point relationship between two MEPs within a single domain. An MIP is not associated with any MA or service instance, and it belongs to the entire MD. 1. Create a MIP. INTERFACE mode ethernet cfm mip domain {name | level } ma-name name 2. Display configured MEPs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 89
Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: Dell MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active Setting the MP Database Persistence To set the database persistence, use the following command. • Set the amount of time - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 90
• Loss of three consecutive CCMs from any of the remote MEP, which indicates a network failure. • Reception of a CCM with an incorrect CCM transmission interval, which indicates a configuration error. • Reception of a CCM with an incorrect MEP ID or MAID, which indicates a configuration or cross- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 91
Sending Linktrace Messages and Responses Linktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frame transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 92
• Set the size of the Link Trace Cache. ETHERNET CFM mode traceroute cache size entries The default is 100. The range is from 1 to 4095 entries. • Display the Link Trace Cache. EXEC Privilege mode show ethernet cfm traceroute-cache • Delete all Link Trace Cache entries. EXEC Privilege mode clear - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 93
MA-Index MA-Name VLAN CC-Int X-CHK Status 1 test 0 1s enabled Domain Name: Your_Name MD Index: 2 Level: 2 Total Service: 1 Services MA-Index MA-Name VLAN CC-Int X-CHK Status 1 test 100 1s enabled Displaying Ethernet CFM Statistics To display Ethernet CFM statistics, use the following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 94
Received: 0 Rcvd Out Of Order: 0 Received Bad MSDU: 0 Transmitted: 0 Dell#show ethernet cfm port-statistics interface tengigabitethernet 0/5 Port statistics for port: Te 0/5 RX Statistics Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 95
-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server. NOTE: The Dell Networking operating system (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 96
Figure 8. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 97
6. If the identity information the supplicant provides is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 98
802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 99
Enabling 802.1X Enable 802.1X globally. Figure 11. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 100
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 101
The default is 30. • Configure a maximum number of times that a Request Identity frame is re-transmitted by the authenticator. INTERFACE mode dot1x max-eap-req number The range is from 1 to 10. The default is 2. The example in Configuring a Quiet Period after a Failed Authentication shows - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 102
Auth PAE State: Backend State: Initialize Initialize Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized - an authorized state. A device connected to this port in this state is never subjected to the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 103
• Configure the authenticator to periodically re-authenticate the supplicant. INTERFACE mode dot1x reauthentication [interval] seconds The range is from 1 to 65535. The default is 3600. • Configure the maximum number of times that the supplicant can be re-authenticated. INTERFACE mode dot1x reauth- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 104
Auth Type: Auth PAE State: Backend State: SINGLE_HOST Initialize Initialize Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 105
Figure 12. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations. 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface is assigned. 4. Connect the supplicant to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 106
• If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the authentication process begins. Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, the system assumes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 107
View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest and Authentication-Fail Configurations Dell (conf-if-te 2/1)#dot1x port-control - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 108
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) virtual local area network (VLAN) group and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 109
on the hardware specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 110
FP blocks for ACL VLAN optimization. CONFIGURATION mode cam-acl-vlan vlanaclopt 4. View the number of FP blocks that is allocated for the different VLAN services. 110 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 111
EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 ACL | 206 | 9 | 197 Codes: * - cam usage is above 90%. Viewing CAM Usage View the amount of CAM space available, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 112
ingress CAP that modifies the VLAN settings before packets are forwarded. To support ACL CAM optimization, the CAM carving feature is enhanced. A total display the number of FP blocks that is allocated for the different VLAN services, use the show cam-acl-vlan command. After you configure the ACL - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 113
the ACL, the packet is dropped (implicit deny). The number of ACLs supported on a system depends on your content addressable memory (CAM) size. For about ACL options, refer to the Dell Networking OS Command Line Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria on - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 114
in this chapter. Test CAM Usage The test cam-usage command is supported on the S5000 platforms. This command applies to both IPv4 and IPv6 CAM ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 115
this command. The status column indicates whether you can enable the policy. Example of the test cam-usage Command Dell#test cam-usage service-policy input TestPolicy stack-unit all Linecard|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status 2| 1| IPv4Flow| 232| 0|Allowed - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 116
Example of Viewing CAM-ACL Settings NOTE: If you change the cam-acl setting from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. The default values for the show cam-acl command are: Dell#show cam-acl -- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 117
flow region. 2. Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 118
4 class-map cmap2 Dell(conf-policy-map-in)#exit Dell(conf)#interface gig 1/0 Dell(conf-if-gi-1/0)#service-policy input pmap IP Fragment Handling The Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets, specifically second and subsequent packets. It extends the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 119
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 120
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1. Enter - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 121
Example of Viewing the Rules of a Specific ACL on an Interface Example of the seq Command to Order Filters Dell#show ip accounting access-list ToOspf interface gig 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 122
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. Example of Viewing Standard ACL Filter Sequence for an Interface Dell#show ip accounting access example interface tengig 4/12 Extended IP access list example seq 10 deny tcp any any eq 111 seq 15 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 123
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five. To configure a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 124
• When Dell Networking OS switches the packets, the egress L3 ACL does not filter the packet. For the following features, if you enable counters on rules that have already been configured and a new rule is either inserted or prepended, all the existing counters are reset: • L2 ingress access list - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 125
3. Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-range] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 126
Dell(conf-if-te-0/0)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2 Dell(config-ext-nacl)#end Dell#show ip accounting access-list ! Extended Ingress IP access - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 127
so on, Effective filtering of Layer 3 traffic from Layer 3 routers reduces the risk of attack. NOTE: Loopback ACLs are supported only on ingress traffic. Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 128
NOTE: You can only apply ACLs for Loopback to incoming traffic. To apply ACLs on Loopback, use the ip access-group command in INTERFACE mode. This example shows the interface configuration status, adding rules to the access group, and displaying the list of rules in the ACL. Example of Applying ACL - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 129
supports prior to implementing prefix-lists. NOTE: The S5000 platform does not support all protocols. It is important to know which protocol you are supporting prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 130
! ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a "permit all" statement. By including this line in a prefix list, you specify that all routes not matching any - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 131
Example of the show ip prefix-list detail Command Example of the show ip prefix-list summary Command Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 132
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 133
Rules Rules After Resequencing: Resquencing seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 134
Dell(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 135
• Creating a Route Map (mandatory) • Configure Route Map Filters (optional) • Configure a Route Map for Route Redistribution (optional) • Configure a Route Map for Route Tagging (optional) Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 136
Dell#show route-map route-map zakho, permit, sequence 20 Match clauses: interface GigabitEthernet 0/1 Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 137
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 138
• Match source routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 route-source {access-list-name | prefix-list prefix-list-name} • Match routes with a specific value. CONFIG-ROUTE-MAP mode match metric metric-value • Match BGP routes based on the ORIGIN attribute. CONFIG- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 139
set next-hop ip-address • Assign an IPv6 address as the route's next hop. CONFIG-ROUTE-MAP mode set ipv6 next-hop ip-address • Assign an ORIGIN attribute. CONFIG-ROUTE-MAP mode set origin {egp | igp | incomplete} • Specify a tag for the redistributed routes. CONFIG-ROUTE-MAP mode set tag tag-value • - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 140
Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged. The tag is passed along with the route as it passes through different routing - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 141
BFD at Layer 3 and with user datagram protocol (UDP) encapsulation. BFD functionality will be implemented in phases. On the S5000 platform, BFD is supported on dynamic routing protocols such as OSPF, IS-IS, and BGP. How BFD Works Two neighboring systems running BFD establish a session using a three - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 142
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 143
The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS does - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 144
Administratively Down Down Init Up The local system does not participate in a particular session. The remote system is not sending control packets or at least not within the detection time for a particular session. The local system is communicating. Both systems are exchanging control packets. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 145
Figure 14. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD) 145 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 146
system, the session state on the local system changes to Init. Figure 15. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 147
• Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 148
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 16. Establishing a BFD Session on Physical Ports 1. Enter interface mode. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 149
Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from neighbor: 1775 Number of packets sent to neighbor: 1775 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 150
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 151
ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 152
Related Configuration Tasks • Changing OSPF Session Parameters • Disabling BFD for OSPF Enabling BFD Globally You must enable BFD globally on both routers. To enable the BFD globally, use the following command. • Enable BFD globally. CONFIGURATION mode bfd enable Example of Verifying that BFD is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 153
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 18. Establishing Sessions with - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 154
The bold line shows the OSPF BFD sessions. Dell(conf-router_ospf)#bfd all-neighbors Dell(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 155
Configuring BFD for IS-IS is a two-step process: 1. Enable BFD globally. 2. Establish sessions for all or particular IS-IS neighbors. Related Configuration Tasks • Changing IS-IS Session Parameters • Disabling BFD for IS-IS Establishing Sessions with IS-IS Neighbors BFD sessions can be established - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 156
The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 157
BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, portchannel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, first configure the following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 158
only on directly-connected BGP neighbors and only in BGP IPv4 networks. On the S5000, up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 159
Disabling BFD for BGP You can disable BFD for BGP. To disable a BFD for BGP session with a specified neighbor, use the first command. To remove the disabled state of a BFD for BGP session with a specified neighbor, use the second command. The BGP link with the neighbor returns to normal operation - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 160
• Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. EXEC Privilege mode show ip bgp neighbors [ip-address] Example of Verifying BGP Configuration Example of Viewing All BFD Neighbors Example of Viewing BFD Neighbor Detail Example of Viewing Configured BFD - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 161
Uptime: 00:07:55 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 162
The bold line shows the message displayed when you enable BFD for BGP connections. Dell# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 163
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 164
The following example displays hexadecimal output from the debug bfd packet command. RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:13 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 165
4 (BGPv4) is supported on Dell Networking OS This chapter provides a general description of BGPv4 as it is supported in the Dell Networking from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 166
Figure 21. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the path that updated information - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 167
Figure 22. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two endpoints of that session are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 168
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 169
Figure 23. BGP Router Rules 1. Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. 2. Router C receives the advertisement but does not advertise it to any peer because its only other - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 170
which they were received from the neighbors because MED may or may not get compared between the adjacent paths. In deterministic mode, Dell Networking OS compares MED between the adjacent paths within an AS group because all paths in the AS group are from the same AS. The following illustration - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 171
7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. 9. Dell Networking OS deems the paths as equal and does not perform - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 172
Figure 25. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 173
Figure 26. Multi-Exit Discriminators Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE. Origin Type Description IGP Indicates the prefix originated from information learned through an interior gateway - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 174
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The Add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 175
peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 176
asnotation Command ASDOT Dell(conf-router_bgp)#bgp asnotation asdot Dell(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 24901, local router ID - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 177
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 178
Figure 27. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the "no prepend" option, the Local-AS does not prepend to the updates received from the eBGP peer. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 179
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 180
at system boot reads the entire configuration file prior to sending messages to start BGP peer sessions) The following are not yet supported: • auto-summarization (the default is no auto-summary) • synchronization (the default is no synchronization) BGP Configuration To enable the BGP process and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 181
or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a Four-Byte AS Numbers, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process. NOTE: This command is OPTIONAL. Enable if you want to use - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 182
CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group name} remote-as as-number • peer-group name: 16 characters • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format) Formats: IP Address A.B.C.D You must Configuring Peer Groups before - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 183
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS 18508, external link BGP version 4, remote router ID 10.20.20 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 184
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 185
18508 12182 7018 46164 i Dell(conf-router_bgp)#bgp asnotation asdot+ Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 186
neighbor peer-group-name no shutdown By default, all peer groups are disabled. 3. Create a BGP neighbor. CONFIG-ROUTERBGP mode neighbor ip-address remote-as as-number 4. Enable the neighbor. CONFIG-ROUTERBGP mode neighbor ip-address no shutdown 5. Add an enabled neighbor to the peer group. CONFIG- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 187
NOTE: When you configure a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer-group peer-group-name command in EXEC Privilege mode. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. When you create a peer - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 188
10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, the hold time governs a BGP session. BGP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 189
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 190
to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configuring Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 191
.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Name 24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Name - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 192
stale paths. CONFIG-ROUTER-BGP mode bgp graceful-restart [stale-path-time time-in-seconds] The default is 360 seconds. • Local router supports graceful restart as a receiver only. CONFIG-ROUTER-BGP mode bgp graceful-restart [role receiver-only] Enabling Neighbor Graceful Restart BGP graceful restart - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 193
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 194
AS-PATH ACL mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} If you assign a non-existent or empty AS- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 195
Regular Expression * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches 0 or more sequences of the immediately previous character or pattern. Matches 1 or more sequences of the immediately previous character or pattern. Matches 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 196
deny 32$ Dell# Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create an AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2. Create an AS-PATH ACL filter with a deny or permit action. AS-PATH - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 197
group to send/receive multiple path advertisements. CONFIG-ROUTER-BGP mode neighbor add-path 3. Configure the maximum number of parallel routes (multipath support) BGP supports. CONFIG-ROUTER-BGP mode max-path number The range is from 2 to 64. NOTE: The path-count parameter controls the number of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 198
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 199
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 200
route-map map-name [permit | deny] [sequence-number] 2. Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 201
Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. • Enable MED comparison in the paths from neighbors with different ASs. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 202
5. Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 203
• Enable multiple parallel paths. CONFIG-ROUTER-BGP mode maximum-paths {ebgp | ibgp} number The number range is from 1 to 16. The default is 1. Filtering BGP Routes Using Route Maps To filter routes using a route map, use these commands. 1. Create a route map and assign it a name. CONFIGURATION - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 204
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: With Dell Networking OS, you can create inbound and outbound policies - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 205
ip prefix-list prefix-name 2. Create multiple prefix list filters with a deny or permit action. CONFIG-PREFIX LIST mode seq sequence-number {deny | permit} {any | ip-prefix [ge | le] } • ge: minimum prefix length to match. • le: maximum prefix length to match. For information about configuring - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 206
CONFIG-ROUTE-MAP mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 207
To forward all routes not meeting the AS-PATH ACL criteria, include the permit .* filter in your AS-PATH ACL. Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 208
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 209
default is 60 minutes. - route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 210
bgp non-deterministic-med NOTE: When you change the best path selection method, path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privilege mode. Example of Configuring a Route for Reuse or Restart Example of Viewing the Number of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 211
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 212
- neighbor-address: Clears the neighbor with this IP address. - AS Numbers: Peers' AS numbers to clear. - ipv4: Clears information for the IPv4 address family. - peer-group-name: Clears all members of the specified peer group. • Enable soft-reconfiguration for the BGP neighbor specified. CONFIG- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 213
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 214
• View information about BGP route being dampened. EXEC Privilege mode debug ip bgp dampening [in | out] • View information about local BGP state changes and other BGP events. EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] events [in | out] • View information about BGP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 215
, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40MB (the default) and 100MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 216
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 217
Figure 28. Sample Configurations Example of Enabling BGP (Router 1) Example of Enabling BGP (Router 2) Dell# conf Dell(conf)#int loop 0 Dell(conf-if-lo-0)#ip address 192.168.128.1/24 Dell(conf-if-lo-0)#no shutdown Dell(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 218
Dell(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 Dell(conf-router_bgp)#neighbor 192.168.128.3 remote 100 Dell(conf-router_bgp)#neighbor 192.168.128.3 no shut Dell(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 Dell(conf-router_bgp)#show config ! router bgp 99 network - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 219
router bgp 99 bgp router-id 192.168.128.2 network 192.168.128.0/24 bgp graceful-restart neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 220
router bgp 100 network 192.168.128.0/24 neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown Dell(conf)#end Dell# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 221
BGP neighbor is 192.168.128.2, remote AS 99, internal link Member of peer-group AAA for session parameters BGP version 4, remote router ID 192.168.128.2 BGP state ESTABLISHED, in this state for 00:00:37 Last read 00:00:36, last write 00:00:36 Hold time is 180, keepalive interval is 60 seconds - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 222
Last reset 00:00:54, due to user reset Dell# Example of Enabling Peer Groups (Router 2) Dell#conf Dell(conf)#router bgp 99 Dell(conf-router_bgp)# neighbor CCC peer-group Dell(conf-router_bgp)# neighbor CC no shutdown Dell(conf-router_bgp)# neighbor BBB peer-group Dell(conf-router_bgp)# neighbor BBB - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 223
Dell(conf-router_bgp)# neighbor AAA peer-group Dell(conf-router_bgp)# neighbor AAA no shutdown Dell(conf-router_bgp)# neighbor CCC peer-group Dell(conf-router_bgp)# neighbor CCC no shutdown Dell(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB Dell(conf-router_bgp)# neighbor 192.168.128.2 no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 224
Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 2, neighbor version 2 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 6; - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 225
Auto-Configuration mode, refer to the Open Automation Guide. BMP eases configuration by providing the following you use BMP 2.0 to auto-configure a supported Dell Networking switch, first configure a DHCP server Management IP and Management Interface be configured manually. This mode is set with the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 226
assign an IP address to the switch and specify the files to download. For more information, refer to the Dell Networking OS Configuration Guide, the Dynamic Host Configuration Protocol chapter. Configure one or more of the following parameters on the DHCP server: 226 Bare Metal Provisioning (BMP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 227
server where the Image and Configurations file are placed. The address is assumed to be a TFTP address unless it is given as a URL. The switch supports TFTP, HTTP, and FTP protocols, as well as files stored in Flash. If TFTP is used, you can add Option 66 or Option 150. • Domain - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 228
After 10 minutes of rediscovery attempts, the server IP address is blacklisted as shown in the system log: 00:05:45:%STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/ 47. 00:05:45:%STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Ma 0/0. 00:05:45:% - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 229
and the host name is not resolved from the network-config file on the switch. For more information, refer to the Dell Networking OS Configuration Guide, the IPv4 Addressing chapter. Switch Boot and Set-up Behavior in Jumpstart Mode When the switch boots up in Jumpstart mode all ports, including the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 230
00:01:31: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/5. 00:01:31: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/6. 00:01:47: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/8. 00:01:47: %STKUNIT0-M:CP %JUMPSTART - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 231
c. If the configuration file is downloaded from the server, any saved startup-configuration on the flash is ignored. If no configuration file is downloaded from the server or if you disabled the config-download parameter, the startupconfiguration file on the flash is loaded as in normal reload. 6. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 232
, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation User-configurable CAM allocation is supported on the S5000 switch in separate partitions for ingress and egress ACLs and QoS policies. You can re-allocate memory space: • For - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 233
in the CLI configuration; the other Blocks must be in factors of 2. For example, a CLI configuration of 5+4+2+1+1 Blocks is not supported; a configuration of 6+4+2+1 Blocks is supported. You must save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 234
): 1 • IPv6 L3 ACL (ipv6acl): 2 The total egress CAM ACL space must equal four memory blocks. The ranges of supported FP memory blocks are: • L2 ACL(l2acl): from 1 to 4 • L3 ACL (ipv4acl): from 1 to 4 • IPv6 created in QoS service-policies, use this command. 234 Content Addressable Memory (CAM) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 235
Example of the test cam-usage Command Dell# test cam-usage service-policy input TestPolicy stack-unit all Stack_Unit| Portpipe| CAM Partition| CAM ACL settings for each ingress region, the show cam-acl command is supported on the S5000. The default ingress CAM ACL allocation settings on an S5000 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 236
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting this case, manually adjust the the non-EG line cards enter a problem state. • Before moving a card to supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 237
13 Control Plane Policing (CoPP) Control plane policing (CoPP) is supported on Dell Networking OS. Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 238
-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. 238 Control Plane Policing (CoPP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 239
and QoS rules creates with the cpu-qos keyword. CONTROL-PLANE mode service-policy rate-limit-protocols Example of Creating the IP/IPv6/MAC Extended ACL QoS Class Map to the QoS Policy Example of Creating the Control Plane Service Policy Dell(conf)#ip access-list extended ospf cpu-qos Dell(conf-ip - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 240
-map class-ipv6 qos-policy rate_limit_200k Dell(conf-policy-map-in-cpuqos)#exit Dell(conf)#control-plane-cpuqos Dell(conf-control-cpuqos)#service-policy rate-limit-protocols egressFP_rate_policy Dell(conf-control-cpuqos)#exit Configuring CoPP for CPU Queues Controlling traffic on the CPU queues does - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 241
a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1. Create a QoS input policy for the Assigning the QoS Policy to the Queues Example of Creating the Control Plane Service Policy Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 242
Q5 Q6 Q7 Dell# 400 400 1100 Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 243
that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and transport storage traffic, data center Ethernet must provide nodrop service with lossless links. InterProcess Communication (IPC) traffic within - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 244
capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 245
available bandwidth allocated to a priority group. Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: - PFC enabled or disabled - No bandwidth limit or no ETS processing • ETS uses the DCB MIB - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 246
specific TLVs in LLDP data units. For more information, refer to Link Layer Discovery Protocol (LLDP). The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters PFC Configuration TLV and Application Priority Configuration TLV. ETS parameters ETS Configuration TLV and ETS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 247
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 248
: NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3) to manage links for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network (LAN) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 249
peer devices. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 250
to create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packet-drop congestion management for a peer. The IEEE802.1Qbb, CEE and CIN versions of PFC TLV are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 251
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 252
map has been applied or which is already configured for lossless queues (pfc no-drop queues command). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface. The configuration - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 253
as no-drop pfc no-drop INTERFACE queues for lossless traffic. For the dot1p-queue assignments. queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has Data Center - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 254
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 255
class-maps to Queues Queue assignment to be based on the below table . NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3)to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic. Table 14 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 256
classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802 mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 257
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 258
group configured with a scheduler type is treated as a strict-priority group and is given the priority-group (TCG) ID 15. - The CIN version supports two types of strict-priority scheduling: * Group strict priority: Use this to increase its bandwidth usage to the bandwidth total of the priority group - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 259
on an S5000 interface. This functionality is supported on the S5000 platform. ETS Configuration Notes ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 260
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 261
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 262
configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual The port is configured to operate only with administrator-configured settings and does not auto-configure with DCB settings received from a DCBx - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 263
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 264
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 265
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link a configuration-source role. 4. Configure ports to operate in a manual role. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 266
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6. On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 267
, use the DCBx port-role command in INTERFACE Configuration mode (Step 3). 4. Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [etsconf | ets-reco | pfc - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 268
[no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 269
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 15. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 270
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 271
Table 16. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 272
following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 273
TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 274
ets detail Command Description Field Interface Description Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. 274 Data Center Bridging (DCB - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 275
Field Admin mode Admin Parameters Remote Parameters Local Parameters Operational status (local port) Description ETS mode: on or off. ETS configuration on local port, including priority groups, assigned dot1p priorities, and bandwidth allocation. ETS configuration on remote peer port, including - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 276
5 - - 6 - - 7 - - 8 - - Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Admin is Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 277
port role: auto-upstream, auto-downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used . In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 278
state of DCBx protocol: ACK or IN-SYNC. DCBx version advertised in Control TLVs received from peer device. Highest DCBx version supported in Control TLVs received from peer device. Sequence number transmitted in Control TLVs received from peer device. Acknowledgement number transmitted in Control - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 279
Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 280
following section describes QoS dot1P traffic classification and assignments. DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that level (refer to Default dot1p to Queue Mapping) using the service-class dynamic dot1p command in INTERFACE configuration mode. You can use dot1p priorities - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 281
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 282
> in KB(default LC=7488/SFM=7596) 3. Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured will depend on the buffer. The default number of PFC queues in the system is two for S4810 and Z9500 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 283
configuration parameters to network endstations (hosts) based on configuration policies that network administrators determine. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 284
Option Domain Name Server Number and Description Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via DNS. IP Address Lease Time Option 51 Specifies the amount of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 285
client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. A server sends this message to the client if it is not able to fulfill - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 286
entries. • The S5000 supports Dynamic ARP Inspection on renewing, and terminating leases. Providing Administration Services DHCP servers include functionality that allows an Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server 286 Dynamic - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 287
• Using DHCP Clear Commands Configuring the Server for Automatic Address Allocation Automatic address allocation is an address assignment method by which the DHCP server leases an IP address to a client from a pool of available addresses. An address pool is a range of IP addresses that the DHCP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 288
Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP default-router address Enabling the DHCP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 289
NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 290
Using DHCP Clear Commands To clear DHCP binding entries, address conflicts, and server counters, use the following commands. • Clear DHCP binding entries for the entire binding table. EXEC Privilege mode clear ip dhcp binding • Clear a DHCP binding entry for an individual IP address. EXEC Privilege - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 291
Figure 38. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command Dell#show ip int tengig 1/3 TenGigabitEthernet 1/3 is up, line protocol is down Internet address is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 292
DHCP snooping, ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted. 292 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 293
When you enable DHCP snooping, the relay agent builds a binding table - using DHCPACK messages - containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on a trusted port, it adds an entry to the table. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 294
inject false IP-toMAC mappings into the ARP cache of a network device. It is used to launch man-in-the-middle (MITM), and denial-of-service (DoS) attacks, among others. 294 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 295
result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 296
To see how many valid and invalid ARP packets have been processed, use the show arp inspection statistics command. Dell#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests : 1000 Invalid ARP Replies - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 297
• Enable IP source address validation. INTERFACE mode ip dhcp source-address-validation • Enable IP source address validation with VLAN option. INTERFACE mode ip dhcp source-address-validation vlan vlan-id NOTE: Before enabling SAV With VLAN option, allocate at least one FP block to the ipmacacl CAM - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 298
To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-addressvalidation [interface] command in EXEC Privilege mode. Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source-address-validation discard-counters - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 299
16 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on Dell Networking OS. ECMP for Flow-Based Affinity IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 300
ipv6 ecmp-deterministic Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 301
Managing ECMP Group Paths Configure the maximum number of paths for an ECMP route that the L3 CAM can hold to avoid path degeneration. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum number of paths, use the following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 302
The default is 60%. • Display details for an ECMP group bundle. EXEC mode show link-bundle-distribution ecmp-group ecmp-group-id The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index generates automatically for each unique ecmp-group when you configure multipath routes to the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 303
The following example shows how fabric services operate. 17 Figure 39. Fabric Services Example The Fabric-Services mode supports the following configurations: • Maximum number of alias : 2,000 • Maximum number of zones : 2,000 • Maximum number of zonesets : 256 • Maximum zone members : 10,000 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 304
Services To configure switch mode to Fabric services, use the following commands. 1. Configure Switch mode to Fabric Services. CONFIGURATION mode fc switch-mode fabric-services FCoE and FC parameter settings (refer to FCoE Maps). Manually apply the fcoe-map default_full_fabric to any Ethernet ports - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 305
switch. The following configurations are applicable only after configuring the switch mode to fabric services using the fc switch-mode fabric-services command. When you set Switch mode to Fabric Services, the Fibre Channel interfaces are set to shutdown and the fcoe-map default_full_fabric applies - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 306
established routes between server and target ports, use the show fc route command. Zoning The zoning configurations are supported for Fabric Services operation on the S5000. In Fabric Services, the fcoe-map default_full_fabrichas the default Zone mode set to deny. This setting denies all the fabric - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 307
the switches are identical. Both switches retain their active zoneset name. To view the merged active zones, use the show fc zoneset merged command. Fabric Services 307 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 308
Configuration Dell#configure terminal Dell(conf)#fcoe-map default_full_fabric Dell(conf-fcoe-default_full_fabric)#fc-fabric Dell(conf-fmap-default_full_fabric-fcfabric)#domain-id-lock 308 Fabric Services - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 309
-fabric Fabric Id 1002 Vlan Id 1002 Vlan priority 3 FC-MAP 0efc00 FKA-ADV-Period 8 Fcf Priority 128 Config-State ACTIVE Oper-State UP Fabric Services 309 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 310
1 LinkCost 125 NeighborID 3 LocalPort 3 RemotePort 3 LinkCost 125 Switch Name 10:00:5c:f9:dd:ef:16:80 DomainId 3 Switch Port 3 Hops 1 Cost 125 310 Fabric Services - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 311
7c:ff:17:f8:01 Node Name 20:00:8c:7c:ff:17:f8:01 Class of Service 8 Symbolic Port Name Brocade-1860 | 3.0.3.0 | DV-SP-SERVER2 | | Symbolic Node Name :00:00:88 Node Name 22:11:0e:fc:00:00:00:88 Class of Service 8 Symbolic Port Name (NULL) Symbolic Node Name (NULL) Port Type N_Port Switch - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 312
zone ZoneName ZoneMember brcd_sanb brcd_cna1_wwpn1 sanb_p2tgt1_wwpn Dell# Example of the show fc alias Command Dell#show fc alias No Zone Aliases configured Dell# 312 Fabric Services - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 313
Example of the show fc switch Command Dell#show fc switch Switch Mode : Fabric-Services Switch WWN : 10:00:5c:f9:dd:ef:0a:00 Dell# Example of the show fc topology Command Dell#show fc topology Port Port :dd:ef:24:40 32:11:0e:fc:00:00:00:66 22:11:0e:fc:00:00:00:66 02:00:00 Fabric Services 313 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 314
the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces, in an S5000 switch stack, or on links between such as LAN and SAN, according to 802.1p priority classes of service. For more information, refer to the Data Center Bridging (DCB) chapter - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 315
Table 21. FIP Functions FIP Function FIP VLAN discovery FIP discovery Initialization Maintenance Description FCoE devices (ENodes) discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic. FCoE end-devices and FCFs are automatically discovered. FCoE devices learn ENodes from - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 316
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to transmit between an FCoE end-device and an FCF. An Ethernet - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 317
Figure 41. FIP Snooping on an S5000 Switch The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 318
. The FC-MAP value checks the first 24 bits in the MAC address in incoming FCoE frames. 4. Configure the maximum number of FIP-snooping sessions supported ont eh switch for an ENode MAC address. 5. Configure FCF mode for a FIP snooping bridge-to-FCF link. NOTE: The FCoE-Trusted Port mode used - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 319
per-VLAN and FIP snooping configuration is stored. The configuration is re-applied the next time you enable the FIP snooping feature. • To support FIP-Snooping and set CAM-ACL in the Z9500 switch, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 fcoeacl - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 320
-enabled VLAN is 12. • On an S5000 switch not configured as an NPIV proxy gateway: - A maximum of eight VLANs are supported for FIP snooping. - The maximum number of FCFs supported on a FIP snooping-enabled VLAN is 12. NOTE: When you enable FCoE transit, FIP solicitation responses from an FCF may be - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 321
used to connect to another FIP snooping bridge (bridge-bridge link) is not supported on the S5000 switch. FCoE traffic is allowed on the port only after and FIP snooping is enabled on all or individual VLANs. FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 322
on all or individual VLANs. Link aggregation group (LAG) FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is configured as an NPIV proxy gateway is eight. • The maximum number of FCFs supported on a FIP snooping-enabled VLAN: - on an S5000 NPIV proxy gateway is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 323
fc-map fc-map-value The valid values are from 0EFC00 to 0EFCFF. The default is 0x0EFC00. 4. Configure the maximum number of FIP-snooping sessions supported on the switch for an ENode MAC address. CONFIGURATION mode fip-snooping max-sessions-per-enodemac max-value Valid values are from 1 to 64. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 324
Displaying FIP Snooping Information To display information on FIP snooping, use the following show commands. Table 24. Displaying FIP Snooping Information Command Output show fip-snooping sessions [interface vlan vlan-id] Displays information on FIP-snooped sessions on all VLANs or a specified - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 325
The following table describes the show fip-snooping sessions command fields. Table 25. show fip-snooping sessions Command Description Field ENode MAC Description MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 326
Table 27. show fip-snooping fcf Command Description Field FCF MAC FCF Interface VLAN FC-MAP ENode Interface FKA_ADV_PERIOD No of ENodes Description MAC address of the FCF. Slot/port number of the interface to which the FCF is connected. VLAN ID number the session uses. FC-Map value the FCF - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 327
The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 328
Field Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Description Number of FIP FDISC accept frames received on the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 329
FCoE Transit Configuration Example The following illustration shows an S5000 switch enabled for FCoE transit and used as a FIP snooping bridge for FCoE traffic between an ENode (server CNA) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 42. Configuration Example - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 330
Dell(conf-if-te-0/1)# switchport Dell(conf-if-te-0/1)# protocol lldp Dell(conf-if-te-0/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Dell(conf)# interface tengigabitethernet 0/50 Dell(conf-if-te-0/50)# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 331
19 FIPS Cryptography This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 332
server, a new RSA host key-pair is generated automatically. You can also manually create this key- pair using the crypto key generate command. NOTE: Under the Security chapter of the Dell Networking OS Command Line Reference Guide. Monitoring FIPS Mode Status To view the status of the current - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 333
-- Unit 0 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : S4810 - 52-port GE/TE/FG (SE) Current Type : S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 7 hr, 3 min Dell Networking OS Version : 4810-8-3-7- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 334
, 4G, and 8G speed. By default, FC ports have autosensing speed enabled to use or negotiate port speed with a peer SAN switch. The S5000 switch supports two FC switch modes: NPIV proxy gateway (NPG) and Fabric Services. When you enable the Fibre Channel, the default FC switch mode is NPG. The switch - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 335
INTERFACE FIBRE_CHANNEL mode speed {auto | 2G | 4G | 8G} The valid values are: 2, 4 Gbps or 8 Gbps or autosensing. The default is an FC port autosenses the speed of a peer FC port. 3. Enable the Fibre Channel port. INTERFACE FIBRE_CHANNEL mode no shutdown Displaying Fibre Channel Information To - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 336
The FC port type is fixed at N (end node port) in NPG mode and are automatically set to F (fabric port) or E (extended port) in Fabric Services. The maximum number of buffer-to-buffer (BB) credits available is fixed at 16. WWN, FC-ID Factory-provided world-wide name (WWN) of FC - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 337
show running-config | grep switch-mode Command Dell#Show running-config | grep switch-mode fc switch-mode fabric-services Dell# Troubleshooting Fibre Channel Operation To investigate problems in the FC interface operation, use the following commands. Examples of the show command follow this table - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 338
Command create fcdump-support change fctrace-level number Description Gather information about the Fibre Channel operation and store the FC dump file in flash/ CORE_DUMP_DIR. Generates Syslog messages at - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 339
: S5000 FC CPU CPLD: S5000 CPLD Rev 41 I2C: ready SPI: ready DRAM: Detected RDIMM VL33B5263F-K9S Detected 4096 MB of memory This U-Boot only supports < 4G of DDR You could rebuild it with CONFIG_PHYS_64BIT 2 GiB (DDR3, 64-bit, CL=6, ECC off) --More-- Configuring the Fibre Channel Port Group in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 340
Example of the show system stack-unit Command Dell#show system stack-unit 0 port-group portmode PortGroupId Ports Mode(Curr Boot) Mode(Next Boot) 0 0,1 FC FC 1 2,3 FC FC 2 4,5 ETH FC 3 6,7 FC ETH 4 8,9 FC FC 5 10,11 FC FC Dell# 340 Fibre Channel Interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 341
21 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 342
Figure 43. Normal Operating FRRP Topology A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. 342 Force10 Resilient Ring Protocol (FRRP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 343
table and sends a control frame to all other ring nodes, instructing them to clear their routing tables as well. Immediately after clearing ; multiple rings can be connected with a common link. The S5000 system supports up to 32 rings on a system (including stacked units). Member VLAN Spanning - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 344
FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 44. Example of Multiple Rings Connected by a Single Switch Important FRRP Points FRRP provides a convergence time that can generally range - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 345
• Ring health frames (RHF) - Hello RHF: sent at 500 ms (hello interval); Only the Master node transmits and processes Hello RHF. - Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The following table lists some important FRRP concepts. Concept Ring ID - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 346
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 347
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 348
• All VLANS must be in Layer 2 mode. • Tag control VLAN ports. Member VLAN ports, except the Primary/Secondary interface, can be tagged or untagged. • The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 349
the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary The ring ID range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 350
• There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only. • Spanning Tree (if you enable it globally) must be disabled on both Primary and Secondary interfaces when you enable FRRP. - When the interface ceases to be a part of any FRRP process, if - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 351
no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 2/14 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 352
GVRP) Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given the show gvrp statistics {interface interface | summary} command. • The S5000 supports Per-VLAN Spanning Tree (PVST+) and allows GVRP and MSTP to be enabled - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 353
Figure 46. Global GVRP Configuration Example Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2. Enabling GVRP on a Layer 2 Interface Related Configuration Tasks • Configure GVRP Registration • Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 354
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 355
no shutdown Dell(conf-if-te-1/21)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join - A GARP device reliably transmits Join messages to other devices by sending each Join message two times - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 356
of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change. Dell Networking OS supports graceful restart for the following protocols: • Border gateway protocol • Open shortest path first 356 High Availability (HA) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 357
• Protocol independent multicast - sparse mode • Intermediate system to intermediate system Software Resiliency During normal operations, Dell Networking OS monitors the health of both hardware and software components in the background to identify potential failures, even before these failures - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 358
Redundancy Dell Networking systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit. Dell Networking OS fails over - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 359
auto-reboot, use the following command. • Prevent a failed stack unit from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot Manually Synchronizing Management and Standby Units To manually synchronize Management and Standby units at any time, use the following command - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 360
information in IGMP messages to discover which groups are active and to populate the multicast routing table. IGMP Implementation Information • Dell Networking operating system (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 361
Figure 47. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 362
• To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered. An additional query type, the Group-and-Source-Specific Query, keeps track of state changes, while the Group-Specific and General queries still refresh the existing state. • - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 363
3. The host's third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts. There are no other - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 364
Figure 51. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 365
querying router is 10.87.3.2 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 366
• View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-if-te-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime Expires Last - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 367
packets. IGMP Snooping Implementation Information • IGMP snooping on Dell Networking OS uses IP multicast addresses not MAC addresses. • GMP snooping is supported on all S5000 stack members. • IGMP snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 368
Related Configuration Tasks • Enabling IGMP Immediate-Leave • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 369
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 370
table describes the association between applications and their port numbers. Table 29. Association Between Applications and Port Numbers Application Name SSH Port Number 22 Client Supported Server Supported Sflow-Collector 6343 Supported 370 Internet Group Management Protocol (IGMP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 371
port for confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 372
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 373
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 374
applications takes a preference for ip1 as source IP and uses the management network to reach the destination. If the management port is down or the route lookup in EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the destination. The fallback route between the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 375
Switch-Destined Traffic This phenomenon occurs where traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch. The switch accepts all traffic destined to the switch, which is received on management or front-end data port. Response traffic with - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 376
Protocol telnet tftp icmp (ping and traceroute) Behavior when EIS is Enabled EIS Behavior EIS Behavior EIS Behavior for ICMP Behavior when EIS is Disabled Default Behavior Default Behavior Default Behavior Behavior of Various Applications for Switch-Destined Traffic This section describes the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 377
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 378
, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the platform. Basic Interface Configuration • Interface Types • View Basic Interface Information • Enabling a Physical Interface • Physical Interfaces - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 379
Interface Type Port Channel VLAN Modes Possible L2, L3 L2, L3 Default Mode L3 L2 Fibre Channel Interface TF, F, E- TF- Port port Requires Creation Yes Yes (except default) No Default State Shutdown (disabled) L2 - Shutdown (disabled) L3 - No Shutdown (enabled) Shutdown View Basic Interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 380
.10.10.1 TenGigabitEthernet 1/7 unassigned TenGigabitEthernet 1/8 unassigned TenGigabitEthernet 1/9 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 381
a single RJ-45 Fast Ethernet port on each unit of the The interface provides dedicated management access to the system. Stack-unit interfaces support Layer 2 and Layer 3 traffic over the 10/100/1000 and 10-Gigabit Ethernet interfaces. Synchronous optical network technologies interfaces with point-to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 382
Type of Interface VLAN Possible Modes Layer 3 Layer 2 Layer 3 Requires Creation Default State Yes, except for the default VLAN. No shutdown (disabled for Layer 2) Shutdown (active for Layer 3 ) Configuring Layer 2 (Data Link) Mode Do not configure switching or Layer 2 protocols such as - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 383
no shutdown Example of Error Due to Issuing a Layer 3 Command on a Layer 2 Interface If an interface is in the incorrect layer mode for a given command, an error message is displayed (shown in bold). In the following example, the ip address command triggered an error message because the interface is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 384
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 385
The slot range is 0. • Configure an IP address and mask on a Management interface. INTERFACE mode ip address ip-address mask - ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in /prefix format (/x). Configuring Management Interfaces on the S-Series You can - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 386
internets: MIB-II (RFC 1213). NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 387
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 388
As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel. Member ports of a LAG are added and programmed into the hardware in a predictable order based on the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 389
• Deleting or Disabling a Port Channel (optional) • Load Balancing Through Port Channels (optional) Creating a Port Channel You can create up to 512 port channels with up to 16 port members per group on the platform. To configure a port channel, use the following commands. 1. Create a port channel. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 390
INTERFACE PORT-CHANNEL mode show config Examples of the show interfaces port-channel Commands To view the port channel's status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example. Dell#show int port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 391
Dell(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Te 1/6. Dell(conf-if)# Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 392
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3. Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 393
When you disable a port channel, all interfaces within the port channel are operationally down also. Load Balancing Through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 394
|xor16}| seed ] For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value. By default hash seed is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 395
The interface range prompt offers the interface (with slot and port information) for valid interfaces. The maximum size of an interface range prompt is 32. If the prompt size exceeds this maximum, it displays (...) at the end of the output. NOTE: Non-existing interfaces are excluded from the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 396
Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. handles overlapping port ranges. Example of the Interface-Range Prompt for Overlapping Port Ranges - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 397
Example of Using a Macro to Change the Interface Range Configuration Mode The following example shows how to change to the interface-range configuration mode using the interface-range macro named "test." Dell(config)# interface range macro test Dell(config-if)# Monitoring and Maintaining Interfaces - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 398
becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). To - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 399
• The quad port must be in a default configuration before you can split it into 4x10G ports. The 40G port is lost in the configuration when the port is split; be sure that the port is also removed from other L2/L3 feature configurations. Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port You can - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 400
• QSFP port 0 is connected to a QSA with SFP+ optical cables plugged in. • QSFP port 4 is connected to a QSA with SFP optical cables plugged in. • QSFP port 8 in fanned-out mode is plugged in with QSFP optical cables. • QSFP port 12 in 40 G mode is plugged in with QSFP optical cables. For these - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 401
SFP 0 Temp High Alarm threshold SFP 0 Voltage High Alarm threshold SFP 0 Bias High Alarm threshold = 0.000C = 0.000V = 0.000mA NOTE: In the following show interfaces tengigbitethernet transceiver commands, the ports 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 402
QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V QSFP 0 Bias High Alarm threshold = 0.000mA Dell#show interfaces tengigabitethernet 0/0 tengigabitethernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 403
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 404
Command Dell# clear dampening interface Te 1/1 Dell# show interfaces dampening TenGigabitEthernet1/1 InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Te 1/1Up00205001500300 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 405
. To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet Pause - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 406
the egress port of the peer device. If the negotiate command is not used, pause-negotiation is disabled. 40 gigabit Ethernet interfaces do not support pause-negotiation. Configure the MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 407
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 408
auto. Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization, and to manually synchronize them if necessary, use the following command sequence. 1. Determine the local interface status. Refer to the following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 409
details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface sends - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 410
displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TenGigabitEthernet - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 411
Example of the rate-interval Command The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 1/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9 Internet - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 412
for that interface. Dell#clear counters te 1/1 Clear counters on TenGigabitEthernet 1/1 [confirm] Dell# Enhanced Validation of Interface Ranges This functionality is supported on the platform. You can avoid specifying spaces between the range of interfaces, separated by commas, that you configure by - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 413
in between the ranges. You can associate multicast MAC or hardware addresses to an interface range and VLANs by using the macaddress-table static multicast-mac-address vlan vlan-id output-range interface command. Interfaces 413 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 414
. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and file transfer protocols (FTPs). It supports two operational modes: Transport and Tunnel. • Transport mode - (default) Use to encrypt only the payload of the packet. Routing information is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 415
CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth encrypt session-key outbound esp 257 auth encrypt match 0 tcp a::1 /128 0 a::2 / - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 416
27 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 417
addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 418
ip route [vrf vrf-name] ip-address mask {ip-address | interface [ip-address]} [distance] [permanent] [tag tag-value] [vrf vrf-name] Use the following required and optional parameters: - vrf vrf-name : use the VRF option after the ip route keyword to configure a static route on that particular VRF, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 419
S 6.1.2.17/32 via 6.1.20.2, Gi 5/1 1/0 00:02:30 S 11.1.1.0/24 Direct, Nu 0 0/0 00:02:30 Direct, Lo 0 --More-- Dell#show ip route static Destination Gateway Dist/Metric Last Change S 2.1.2.0/24 Direct, Nu 0 0/0 00:02:30 S 6.1.2.0/24 via 6.1.20.2, Te 5/1/1 1/0 00:02:30 S - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 420
PMTD to function correctly, you must enter the ip unreachables command on a VLAN interface to enable the generation of ICMP unreachable messages. PMTD is supported on all the layer 3 VLAN interfaces. Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN subinterfaces are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 421
to Establish a TCP Connection This functionality is supported on the platform. You can configure the amount established to a significantly high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the device. You - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 422
To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 423
Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute, use the following commands. • Enable dynamic resolution of host names. CONFIGURATION mode ip domain-lookup • Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ... ip- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 424
the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 425
Clearing ARP Cache To clear the ARP cache of dynamically learnt ARP information, use the following command. • Clear the ARP caches for all interfaces or for a specific interface by entering the following information. EXEC privilege clear arp-cache [interface | ip ip-address] [no-refresh] - ip ip- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 426
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 427
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 428
UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper Configuring Dell Networking OS to direct UDP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 429
! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged GigabitEthernet 1/2 no shutdown To view the configured broadcast address for an interface, use show interfaces command. R1_E600(conf)#do show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 430
Figure 54. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 431
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 432
description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, network - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 433
The router redirect functionality in the neighbor discovery protocol (NDP) is similar to IPv4 router redirect messages. NDP uses ICMPv6 redirect messages (Type 137) to inform nodes that a better router exists on the link. IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This fixed length - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 434
itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 435
Code 2 message to the packet's Source IP Address identifying the unknown option type. 11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet's Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 436
be shortened to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to Internet. Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic IPv6 addresses - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 437
and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is Time Exceeded and Parameter Problem messages. • Informational messages OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 438
NOTE: If a neighboring node does not have an IPv6 address assigned, it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 439
• Clearing IPv6 Routes Adjusting Your CAM-Profile Although adjusting your CAM-profile is not a mandatory step, if you plan to implement IPv6 ACLs, adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, but the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 440
Null interface, enter the keyword null then the Null interface number. Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 441
Networking OS SNMP-server commands for IPv6 have been extended to support IPv6. For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server community - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 442
- For a Loopback interface, enter the keyword loopback then the Loopback number. - For a port-channel interface, enter the keywords port-channel then the port-channel number. - For a VLAN interface, enter the keyword vlan then the VLAN ID. Example of the show ipv6 interface Command Dell#show ipv6 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 443
static 0 0 Total 5 0 The following example shows the show ipv6 route command. Dell#show ipv6 route Codes: C - connected, L - local, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 444
Clearing IPv6 Routes To clear routes from the IPv6 routing table, use the following command. • Clear (refresh) all or a specific route from the IPv6 routing table. EXEC mode clear ipv6 route {* | ipv6 address prefix-length} - *: all routes. - ipv6 address: the format is x:x:x:x::x. - mask: the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 445
match ra{ipv6-access-list name | ipv6-prefix-list name | mac-access-list name} 8. Enable verification of the advertised other configuration parameter. POLICY LIST CONFIGURATION mode other-config-flag {on | off} 9. Enable verification of the advertised default router preference value. The preference - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 446
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, refer to Dell Networking OS Command Line Reference Guide. 446 IPv6 Routing - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 447
its ports. • Manual configuration to detect Dell Compellent storage arrays where auto-detection is not supported. • Automatic configuration of iSCSI session information. • iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 448
or a combination of port number and target IP address, and you can remove the well-known port numbers from monitoring. Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 449
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 450
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 451
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 32. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 452
• ip-address specifies the IP address of the iSCSI target. When you enter the no form of the command, and the TCP port to be deleted is one bound to a specific IP address, the IP address value must be included in the command. 3. Set the QoS policy that is applied to the iSCSI flows. CONFIGURATION - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 453
Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • Display the currently configured iSCSI settings. show iscsi • Display information on active iSCSI sessions on the switch. show iscsi sessions • Display detailed information on - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 454
VLT PEER2 Session 0: Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 455
(IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. The IS-IS addressing called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 456
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 457
recovery (the minimum of all the Remaining Time values the neighbors advertise) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You can configure the system as a Level 1 router, a Level 2 router, or - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 458
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 459
• Setting the Overload Bit • Debugging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 460
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 461
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 462
} - adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. - manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 463
T3 Timer T3 Timeout Value T2 Timeout Value T1 Timeout Value Adjacency wait time : Manual : 30 : 30 (level-1), 30 (level-2) : 5, retry count: 1 : 30 Operational Timer Value Current Mode/State : Normal/RUNNING T3 Time left : 0 T2 Time left : 0 (level-1), 0 (level-2) Restart - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 464
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, change the metric style of the IS-IS process. For example, if you configure the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 465
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 466
• Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] - default-metric: the range is from 0 to 63 for narrow and transition metric styles. The range is from 0 to 16777215 for wide metric styles. The default is 10. The default level is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 467
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 468
- level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. - metric-value the range is from 0 to 16777215. The default is 0. - metric-type: choose either external or internal. The default is internal. - map-name: enter the name of a configured route map. • - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 469
password [encryption-type | hmac-md5] password The Dell Networking OS supports both DES and HMAC-MD5 authentication methods. This password is inserted continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 470
B233.00-00 0x00000003 0x07BF 1074 0/0/0 eljefe.00-00 * 0x0000000A 0xF963 1196 0/0/1 eljefe.01-00 * 0x00000001 0x68DF 1108 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1099 0/0/0 Force10.00-00 0x00000002 0xD1A7 1088 0/0/0 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 471
63 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is from 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 472
to transition metric style. NOTE: A truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. default value (10) if the original value is greater than 63. A message is sent to the console. original value original value original value original - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 473
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value config commands and is used if you change back to transition metric style. Moving to transition and then to another metric style produces different results. Table 36. Metric Value when the Metric Style Changes Multiple Times - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 474
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 475
IS-IS Sample Configuration - Congruent Topology The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 476
31 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, provides both load-sharing and port redundancy across stack units. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP The unique benefit of a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 477
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 478
LACP Configuration Tasks The following are LACP configuration tasks. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP Creating a LAG To create a dynamic port channel (LAG), use the following command. First you define the LAG - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 479
Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channelmember configuration in LAG 32. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 480
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 481
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. Message 1 logs this effect, in which a console message declares down both LAGs at the same time. Figure 64. Configuring Shared LAG State Tracking The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 482
LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 65. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 483
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 484
Figure 67. Inspecting Configuration of LAG 10 on ALPHA 484 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 485
Figure 68. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 486
Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/ - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 487
Figure 69. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP) 487 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 488
Figure 70. Inspecting LAG 10 Using the show interfaces port-channel Command 488 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 489
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 490
32 Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. 490 Layer 2 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 491
• Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table. EXEC Privilege mode show mac-address-table [address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 492
mac learning-limit Dynamic The MAC address table is stored on the Layer 2 forwarding information base (FIB) region of the CAM. The Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC address entries. When you enable MAC learning limit, entries created on this port are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 493
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 494
Figure 72. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 495
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 496
redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 497
Te 3/42 Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned NO Manual administratively down down TenGigabitEthernet 3/42 unassigned YES Manual up up [output omitted] Example of Configuring Redundant Pairs on a Port-Channel on the S5000 Dell#show interfaces - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 498
FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface] command in EXEC privilege mode (it can be done globally or - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 499
• You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. Configuring FEFD You can configure FEFD for all interfaces from - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 500
INTERFACE Te 1/1 Te 1/2 Te 1/3 Te 1/4 MODE INTERVAL (second) Normal 3 Normal 3 Normal 3 Normal 3 Dell#show run fefd ! fefd-global mode normal fefd-global interval 3 STATE Bi-directional Admin Shutdown Admin Shutdown Admin Shutdown Enabling FEFD on an Interface To enable, change, or disable FEFD - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 501
Debugging FEFD To debug FEFD, use the first command. To provide output for each packet transmission over the FEFD enabled connection, use the second command. • Display output whenever events occur that initiate or disrupt an FEFD enabled connection. EXEC Privilege mode debug fefd events • Provide - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 502
33 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices. 802.1AB ( - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 503
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 77. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 504
implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation. 127 Power via MDI Dell Networking supports the LLDP-MED protocol, which recommends that Power via MDI TLV be not implemented, and therefore Dell Networking implements Extended Power via - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 505
framework. • LLDP-MED Network Connectivity Device - any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 506
• Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 127 Inventory Management TLVs 127 127 127 127 127 127 127 the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 507
TLV LLDP-MED Capabilities Network Policy Location Identification Extended Power via MDI-PSE Extended Power via MDI-PD Inventory reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 43. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint Class 1 Endpoint - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 508
8 9-255 Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 509
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 510
no show Negate a command or set its defaults Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 0/3 Dell(conf-if-te-0/3)#protocol lldp Dell(conf-if-te-0/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface end Exit from - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 511
Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2. Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3. Enter the disable - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 512
- voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 82. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 513
Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 514
hello Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 515
tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 516
entire LLDPDU. debug lldp detail Figure 83. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 517
Table 45. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus msgTxHold msgTxInterval rxInfoTTL txInfoTTL Basic TLV Selection mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal statsFramesDiscardedTotal - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 518
TLV MIB Objects TLV Type 127 TLV Name Port-VLAN ID TLV Variable PVID 127 Port and Protocol VLAN port and protocol VLAN ID supported System Local Remote Local Remote port and protocol VLAN enabled Local Remote 518 Link Layer Discovery Protocol (LLDP) LLDP MIB Object lldpLocPortDesc - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 519
TLV Type TLV Name 127 VLAN Name TLV Variable PPVID VID VLAN name length VLAN name System Local Remote Local Remote Local Remote Local Remote Table 48. LLDP-MED System MIB Objects TLV Sub-Type 1 TLV Name LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote LLDP-MED - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 520
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System Remote Local Remote Local Remote Local Remote Local Remote Local Remote Power Priority Local Remote Power Value - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 521
34 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 522
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 523
Configuring a Switch for NLB To enable a switch for Unicast NLB mode, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across all the member ports of that VLAN. CONFIGURATION mode ip vlan- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 524
35 Multicast Source Discovery Protocol (MSDP) Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 525
Figure 85. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 526
3. Enable MSDP. 4. Peer the RPs in each routing domain with each other. Refer to Enable MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Limiting the Source - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 527
Figure 86. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP) 527 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 528
Figure 87. Configuring OSPF and BGP for MSDP 528 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 529
Figure 88. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) 529 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 530
Figure 89. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 531
To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing table until there is a local receiver for the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 532
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the source-active cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 533
Figure 90. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP) 533 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 534
Figure 91. MSDP Default Peer, Scenario 2 534 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 535
Figure 92. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 535 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 536
Figure 93. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 537
GroupAddr 229.0.50.2 229.0.50.3 229.0.50.4 SourceAddr 24.0.50.2 24.0.50.3 24.0.50.4 RPAddr 200.0.0.50 200.0.0.50 200.0.0.50 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.2 Expire 73 73 73 UpTime 00:13:49 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 538
seq 10 deny ip any any R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Reason Redistribute - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 539
Example of Verifying that the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 540
SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none [Router 1] R1_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 541
03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.3, Input (S,G) filter: none Output (S,G) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 542
CONFIGURATION mode ip msdp originator-id Examples of R1, R2, and R3 Configuration for MSDP with Anycast RP The following example shows an R1 configuration for MSDP with Anycast RP. ip multicast-routing ! interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 543
! interface Loopback 1 ip address 192.168.0.22/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 544
! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 545
interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 546
interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 547
36 Multiple Spanning Tree Protocol (MSTP) MSTP - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 548
Related Configuration Tasks The following are the related configuration tasks for MSTP. • Creating Multiple Spanning Tree Instances • Adding and Removing Interfaces • Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Modifying Global Parameters • Modifying the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 549
To remove an interface from the MSTP topology, use the no spanning-tree 0 command. Creating Multiple Spanning Tree Instances To create multiple spanning tree instances, use the following command. A single MSTI provides no more benefit than RSTP. To take full advantage of MSTP, create multiple MSTIs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 550
-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Networking OS Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 551
Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges. • Forward-delay - the amount of time an interface waits in the Listening state and the Learning state before it transitions to the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 552
Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp ! protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 forward-delay 16 MSTI 2 bridge-priority 4096 Dell(conf)# Modifying the Interface Parameters - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 553
Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode, an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 554
of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from SFTOS systems. Figure 95. MSTP with Three VLANs Mapped to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 555
Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs. (Step 1) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 556
no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown Router 3 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 557
1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs. (Step 1) spanning-tree spanning-tree configuration name Tahiti spanning-tree - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 558
To monitor and verify that the MSTP configuration is connected and communicating as desired, use the debug spanning-tree mstp bpdu command. Key items to look for in the debug report include: • MSTP flags indicate communication received from the same region. - As shown in the following, the MSTP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 559
The following example shows viewing the debug log of an unsuccessful MSTP configuration. 4w0d4h : MSTP: Received BPDU on Gi 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region (Indicates MSTP routers are in different regions and are not communicating with each other.) CIST Root - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 560
:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. 560 Multicast Features - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 561
First Packet Forwarding for Lossless Multicast All initial multicast packets are forwarded to receivers to achieve lossless multicast. In previous versions, when the Dell Networking system is an RP, all initial packets are dropped until PIM creates an (S,G) entry. When the system is an RP and a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 562
NOTE: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 563
Figure 96. Preventing a Host from Joining a Group Table 50. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface TenGigabitEthernet 1/31 • ip pim - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 564
Location 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no shutdown • Interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 565
Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and group, use the following command. If the source DR never sends register packets to the RP, no hosts can ever discover the source and create a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 566
Table 51. Preventing a Source from Transmitting to a Group - Description Location 1/21 Description • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 567
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 568
SAN fabrics. Using an NPIV proxy gateway (NPG) helps resolve the following problems in a storage area network: • Fibre Channel storage networks typically consist of IDs, which may surpass the upper limit of 239 domain IDs supported in the SAN network. An NPG avoids the need for additional domain - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 569
Figure 98. NPIV Proxy Gateway Example An S5000 FC port is configured as an N (node) port that logs in to an F (fabric) port on the upstream FC core switch and creates a channel for N-port identifier virtualization. NPIV allows multiple N-port fabric logins at the same time on a single, physical - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 570
to perform: - Virtualization of FC N ports on an NPG so that they appear as FCoE FCFs to downstream servers. - NPIV service to perform the association and aggregation of FCoE servers to upstream F ports on core switches (through N ports on the NPG). Conversion of server FLOGIs and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 571
the master name database and the zone/zone set database. DCB Maps To configure DCB functionality, such as PFC and ETS, on Ethernet ports that support CEE traffic, use a data center bridging (DCB) map. DCB maps are DCBx-enabled by default. For more about PFC and ETS, refer to Data Center - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 572
• FIP keepalive (FKA) advertisement timeout. NOTE: In each FCoE map, the fabric ID, FC-MAP value, and FCoE VLAN must be unique. To access one SAN fabric, use one FCoE map. You cannot use the same FCoE map to access different fabrics. When you configure an S5000 as an NPG, FCoE transit with FIP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 573
percentage | strict-priority} pfc {on | off} The sum of all allocated bandwidth percentages must be 100%. Strict-priority traffic is serviced first. Afterward, bandwidth allocated to other priority groups is made available and allocated according to the specified percentages. If a priority group - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 574
NOTE: You cannot apply a DCB map on a port channel. However, you can apply a DCB map on the ports that are members of the port channel. 2. Apply the DCB map on an Ethernet port or port channel. INTERFACE mode dcb-map name The port is configured with the PFC and ETS settings in the DCB map. For - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 575
Applying an FCoE Map on Server-Facing Ethernet Ports You can apply multiple FCoE maps on an Ethernet port or port channel. When you apply an FCoE map on a server-facing port or port channel: • The port is configured to operate in hybrid mode (accept both tagged and untagged VLAN frames). • The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 576
fabric map-name Repeat this step to apply an FCoE map to more than one FC port. For example: Dell# interface fi 0/0 Dell(config-if-fc-0/0)# fabric SAN_FABRIC_A 3. Enable the port for FC transmission. INTERFACE mode or FIBRE_CHANNEL mode no shutdown You can apply a DCB or FCoE map to a range of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 577
Enable an Upstream FC Port Dell(config)# interface fibrechannel 0/0 Dell(config-if-fc-0)# no shutdown Enable a Downstream Ethernet Port Dell(config)#interface tengigabitEthernet 0/0 Dell(conf-if-te-0)# no shutdown Enable a Downstream Port Channel Dell(config)# interface port-channel 0/3 Dell(config- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 578
Te 1/20 Te 1/21 Down Auto Down Auto Auto -Auto -- The following lists the show interfaces status command example field descriptions. Field Port Description Status Description Server-facing 10GbE Ethernet (Te), 40GbE Ethernet (Fo), or fabric-facing Fibre Channel (Fc) port with slot/ port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 579
Field FC-MAP FKA-ADV-period FCF Priority Config-State Description FCoE MAC-address prefix value - The unique 24-bit MAC address prefix that identifies a fabric. Time interval (in seconds) used to transmit FIP keepalive advertisements. The priority a server uses to select an upstream FCoE forwarder. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 580
The following lists the show npiv devices brief command example field descriptions. Field Total NPIV Devices ENode-Intf ENode-WWPN FCoE-Vlan Fabric-Intf Fabric-Map Login Method Description Number of downstream ENodes connected to a fabric over the NPIV proxy gateway. Ethernet interface (slot/port) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 581
Field FCF MAC Fabric Intf FCoE VLAN Description Fibre Channel forwarder MAC: MAC address of FCF interface. Fabric-facing Fibre Channel port (slot/port) on which FCoE traffic is transmitted to the specified fabric. ID of the dedicated VLAN used to transmit FCoE traffic from a server CNA to a fabric - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 582
Field Description Fabric Q Ports Description • Active - Transmitting traffic. • Inactive - Not transmitting traffic. Text description of VLAN. SAN fabric to which Fibre Channel traffic is sent. Ports and port channels that are members of the VLAN. 582 NPIV Proxy Gateway - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 583
link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP. Object Tracking Overview Object tracking allows you to define objects of interest, monitor their state, and report to a client - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 584
Figure 99. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 585
A tracked route matches a route in the routing table only if the exact address and prefix length match an entry in the routing table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact address and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 586
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 587
Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 588
Valid object IDs are from 1 to 65535. 2. (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 589
• By the reachability of the route's next-hop router. The UP/DOWN state of the route is determined by the entry of the next-hop address in the ARP cache. A tracked route is considered to be reachable if there is an ARP cache entry for the route's next-hop address. If the next-hop address in the ARP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 590
The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC Privilege mode show track object-id Example of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 591
Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128. (Optional) E-Series only: For an IPv4 route, you can enter a VRF name. 3. (Optional) Configure the time delay used - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 592
• Display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces, IPv4 or IPv6 routes, and a VRF instance. show track [object-id [brief] | interface [brief] [vrf vrf-name] | ip route [brief] [vrf vrf-name] | resolution | vrf vrf-name [brief] | brief] • Use the show running- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 593
Example of Viewing Object Tracking Configuration Dell#show running-config track track 1 ip route 23.0.0.0/8 reachability track 2 ipv6 route 2040::/64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050::/64 reachability track 4 interface TenGigabitEthernet 1/4 ip - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 594
Open Shortest Path First (OSPFv2) Open Shortest Path First (OSPFv2) is supported on Dell Networking OS. OSPF protocol standards are listed in the Standards Compliance chapter. 40 Protocol Overview OSPF routing is a link-state routing protocol that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 595
Figure 100. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 596
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 597
Figure 101. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 598
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. Dell Networking supports the following LSA types: • Type 1: Router LSA - The router lists links to other routers or networks in the same area. Type 1 LSAs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 599
• 1: point-to-point connection to another router/neighboring router. • 2: connection to a transit network IP address of the DR. • 3: connection to a stub network IP network/subnet number. • 4: virtual link neighboring router ID. LSA Throttling LSA throttling provides configurable interval timers to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 600
and up to 2,000 as inter/intra area routes. The S5000 supports up to 16 processes simultaneously. Dell Networking OS supports Stub areas, Totally Stub (No Summary) and Not So Stubby Areas (NSSAs) and supports the following LSAs: • Router (type 1) • Network (type 2) • Network Summary (type 3) • AS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 601
. This impacts CPU utilization and may impact adjacency stability in larger topologies. Multi-Process OSPFv2 (IPv4 only) Multi-Process OSPF is supported on the S5000 switch for OSPFv2 with IPv4 only. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 602
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is interval as well. To ensure equal intervals between the routers, manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 603
Virtual Links • Creating Filter Routes • Redistributing Routes • Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP , refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 604
• vrf name: enter the keyword VRF and the instance name to tie the OSPF instance to the VRF. All network commands under this OSPF instance are later tied to the VRF instance. The range is from 0 to 65535. The OSPF process ID is the identifying number assigned to the OSPF process. The router ID is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 605
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 606
ospf process-id vrf {vrf-name} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf [vrf vrf-name] process Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 607
Use the keywords no-summary to prevent transmission into the area of summary ASBR LSAs. Area ID is the number or IP address assigned when creating the area. Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 608
Entering the physical interface type, slot, and number enables passive interface on only the identified interface. - For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information (for example, passive-interface gi 2/1). - For a port channel, enter the keywords - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 609
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 610
CONFIG-INTERFACE mode ip ospf hello-interval seconds - seconds: the range is from 1 to 65535 (the default is 10 seconds). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key. CONFIG- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 611
TenGigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100 Backup Designated Router - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 612
area area-id virtual-link router-id [hello-interval seconds | retransmit-interval seconds | transmit-delay seconds | dead-interval seconds | authentication-key key | messagedigest-key keyid md5 key] - area ID: assigned earlier (the range is from 0 to 65535 or A.B.C.D). - router ID: IP address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 613
included in the OSPF database? • Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show interfaces • show protocols • debug IP OSPF events and/or packets • show neighbors • show virtual links Open Shortest Path First - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 614
• show routes To help troubleshoot OSPFv2, use the following commands. • View the summary of all OSPF process IDs enables on the router. EXEC Privilege mode show running-config ospf • View - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 615
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 616
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 617
Dell(conf-ipv6-router_ospf)#timer spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ! ipv6 router ospf 1 timers spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#end Dell# Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 618
The range is from 0 to 65535. • Assign the router ID for this OSPFv3 process. CONF-IPV6-ROUTER-OSPF mode router-id {number} - number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 619
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 620
. CONFIG-ROUTEROSPF- id mode graceful-restart helper-reject router-id • Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to force the primary RPM over to the secondary RPM. During a planned - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 621
the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 622
and encrypts both the header and payload. On the receiving side, an IPsec-compliant device decrypts each packet. NOTE: Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec. With IPsec-based authentication, Crypto images are used to include the IPsec secure - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 623
ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the because the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 624
- Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 625
algorithm used with ESP. The valid values are 3DES, DES, AESCBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 626
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 627
show crypto ipsec sa ipv6 [interface interface] To display information on the SAs used on a specific interface, enter interface interface, where interface is one of the following values: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 628
: 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 Use the information in this section to troubleshoot OSPFv3 operation on the switch. NOTE: The following tasks are not a comprehensive; they provide some - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 629
show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] neighbor • View debug messages for all OSPFv3 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 630
41 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router normally decides where to forward the packet based on the destination address in the packet, which is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 631
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: The user can provide - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 632
• Create a Track-id list. For complete tracking information, refer to Object Tracking chapter. • Apply a Redirect-list to an Interface using a Redirect-group PBR Exceptions (Permit) To create an exception to a redirect list, use the permit command. Use exceptions when a forwarding decision is based - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 633
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 634
the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 635
redirect-group xyz shutdown Dell(conf-if-te-1/2)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 636
some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so forth. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 637
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 638
IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER# Configuration Tasks for - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 639
Configuration Tasks for Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 640
IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/ - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 641
on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The S5000 supports a maximum of 96 PIM interfaces and 2K multicast entries including (*,G), and (S,G) entries Join and Prune requests in the same message. • Dell Networking OS supports PIM-SM on physical, virtual local area network (VLAN), and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 642
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 643
Examples of the show ip pim Commands To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface VIFindex Ver/ Nbr Query DR DR Mode Count Intvl Prio 189.87.5.6 Te 4/11 0x2 v2/S 1 30 1 127.87 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 644
The default is 210. 2. Create an extended ACL. CONFIGURATION mode ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only. CONFIG-EXT-NACL mode [seq sequence-number] permit ip source-address/mask | any | host - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 645
! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 646
• Create multicast boundaries and domains by filtering inbound and outbound BSR messages per interface. ip pim bsr-border • Remove candidate RP advertisements. clear ip pim rp-mapping 646 PIM Sparse-Mode (PIM-SM) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 647
. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default. Configure PIM-SMM Configuring PIM-SSM - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 648
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 649
ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 650
Member Ports: Te 1/1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.11.5.2 00 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 651
Port (MG) can be used in multiple sessions. • There can be a maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a VLAN, where the VLAN traffic received on that port pipe where its members are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 652
point to another new destination (for example, 1/4). If you attempt to configure another destination (to create 5 MG port), this message displays: % Error will be thrown in case of RPM and ERPM features. Example of Changing the Destination Port in a Monitoring Session Dell(conf-mon-sess-5)#do show - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 653
Figure 104. Port Monitoring Configurations on the S-Series Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 654
0 Te 1/1 Te 1/2 rx Port N/A Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP 0 Te 1/1 Te 1/2 rx Port N/A 0 Po 10 Te 1/2 rx Port N/A Dell(conf)# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 655
Enabling Flow-Based Monitoring Flow-based monitoring is supported only on the S-Series platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 656
Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote- configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 657
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 658
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 659
Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 660
Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)# - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 661
Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6 Dell(conf-mon-sess-3)#tagged destination te 1/6 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ----------- 1 remote-vlan 10 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 662
packets to the destination ip address specified in the session. Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 663
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1-3 mac access-group flow in Only ingress packets are supported for mirroring shutdown Dell# Port Monitoring 663 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 664
attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM bytes of the header needs to be ignored/ chopped off. - Some tools support options to edit the capture file. We can make use of such features ( - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 665
b. Using Python script - Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 666
VLANs commands chapter in the Dell Networking OS Command Line Reference Guide. A PVLAN partitions a traditional VLAN into subdomains identified by its guests, while stopping direct access between the guest ports. • A service provider can provide Layer 2 security for customers and use the IP addresses - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 667
- There are two types of secondary VLAN - community VLAN and isolated VLAN. PVLAN port types include: • Community port - a port that belongs to a community VLAN and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports. • Host port - in the context of a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 668
the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN. • Creating PVLAN Ports • Creating a Primary VLAN • Creating - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 669
The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1 Dell(conf-if-gi-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-gi-2/2)#switchport mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 670
ip address ip address 7. (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN, the packet is NOT dropped. Creating a Community VLAN A - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 671
INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add ports defined as host to the VLAN. Example of Configuring Private VLAN Members The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 672
is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 673
The following example shows the vlan private-vlan command output from S5000-1. S5000-1#show vlan private-vlan Primary Secondary Type Active Ports 4000 Primary Yes Te 0/0,23,25 4001 Community Yes Te 4/0,23 4002 Community Yes Te 4/24,47 4003 Isolated Yes Te 0/24,47 The following - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 674
switchport switchport mode private-vlan host no shutdown ! interface TenGigabitEthernet 0/25 no ip address switchport switchport mode private-vlan trunk no shutdown ! interface Vlan 4000 private-vlan mode primary private-vlan mapping secondary-vlan 4001-4003 no ip address tagged TenGigabitEthernet - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 675
. For more information about Spanning Tree, refer to Spanning Tree Protocol (STP). Protocol Overview Figure 107. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 53. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 676
Dell Networking Term Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST+) IEEE Specification 802 .1s Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 677
• Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 678
The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 679
The VLAN range is from 1 to 4094. The range is from 4 to 30. The default is 15 seconds. • Change the hello-time parameter. PROTOCOL PVST mode vlan vlan-range hello-time value NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 680
To change the port cost or port priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree pvst vlan vlan-range cost value. The VLAN range is from 1 to 4094. The range is from 0 to 200000. Refer to the table for the default values. • - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 681
- Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). - Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). - Disabling global spanning tree (the no spanning-tree command - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 682
PVST+ Sample Configurations The following examples provide the running configurations for the topology shown in the previous illustration. Example of PVST+ Configuration (R1) interface TenGigabitEthernet 1/22 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/32 no ip address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 683
interface TenGigabitEthernet 3/12 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/22 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 684
Quality of Service (QoS) Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 55. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 685
QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: Quality of Service (QoS) 685 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 686
-class dynamic dot1p entry supersedes any INTERFACE entries. For more information, refer to Mapping dot1p Values to Service Queues. NOTE: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. • Honor dot1p priorities on ingress traffic. INTERFACE mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 687
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When prioritytagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 688
. Figure 111. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 689
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4. Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 690
4. Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 691
-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match-any ClassAF1 match based on their DSCP value by using a DSCP color map. For more information, see DSCP Color Maps. Quality of Service (QoS) 691 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 692
regulate egress traffic. The regulation mechanisms for output QoS policies are bandwidth percentage, scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted and re-added automatically to ensure that the order of the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 693
Input Policy Map Honoring DSCP Values on Ingress Packets Honoring dot1p Values on Ingress Packets 3. Apply the input policy map to an interface. Quality of Service (QoS) 693 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 694
command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an QoS policy to an input policy map. POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 695
after you apply it. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 696
an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 697
EXEC mode. Examples for Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE Quality of Service (QoS) 697 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 698
(CRC): 4 bytes • Inter-frame gap (IFG): (variable) You can optionally include overhead fields in rate metering calculations by enabling QoS rate adjustment. 698 Quality of Service (QoS) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 699
. Enabling Strict-Priority Queueing Strict-priority means that Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage configuration. • A queue with strict priority can starve other queues in the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 700
Packets), all traffic defaults to green drop precedence. • Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred 700 Quality of Service (QoS) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 701
0 0 0 0 6 UCAST 0 0 0 0 7 UCAST 0 0 0 0 8 UCAST 204 13056 0 0 9 MCAST 0 0 0 0 10 MCAST 0 0 0 0 11 MCAST 0 0 0 0 12 MCAST 0 0 0 0 13 MCAST 0 0 0 0 14 MCAST 0 0 0 0 15 MCAST 0 0 0 0 16 MCAST 0 0 0 0 Quality of Service (QoS) 701 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 702
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) 702 Quality of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 703
. You can set up these parameters for both front-end and backplane ports. Global Service Pools With WRED and ECN Settings Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 704
for backplane ports. Also, WRED/ECN is not supported for multicast packets. The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 705
in the egress direction. INTERFACE mode Dell(conf-if-te-0/8)#Service-class buffer shared-threshold-weight Guidelines for Configuring ECN for of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: - ACK - FIN - SYN - PSH - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 706
access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 707
at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn types: • match ip access-group • match ip dscp Quality of Service (QoS) 707 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 708
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 709
in class-map input configuration mode. You can include the class map in a policy map, and apply the class and policy map to a service queue using the service-queue command. In this way, the system applies the match criteria in a class map according to queue priority (queue numbers closer to 0 have - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 710
map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Classifying Incoming ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 711
) at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn 'match-any' logical operator of the class-map. Quality of Service (QoS) 711 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 712
marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: - ACK - FIN - SYN - PSH - RST - URG ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap 712 Quality of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 713
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 714
match ip access-group dscp_50_ecn ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at a global level. The buffer statistics - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 715
0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 Quality of Service (QoS) 715 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 716
addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 717
homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 718
The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode. To view the global RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Dell - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 719
To control the source of RIP route information, use the following commands. • Define a specific router to exchange RIP information between it and the Dell Networking system. ROUTER RIP mode neighbor ip-address You can use this command multiple times to exchange RIP information with as many RIP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 720
Distance: (default is 120) Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 721
The autosummary command requires no other configuration commands. To disable automatic route summarization, enter no autosummary in ROUTER RIP mode. NOTE: If you enable the ip split-horizon command on an interface, the system does not advertise the summarized address. Controlling Route Metrics As a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 722
To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in the following example reflect those names. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 723
• To display Core 2 RIP setup, use the show ip route command. • To display Core 2 RIP activity, use the show ip protocols command. The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 724
TenGigabitEthernet 2/11 2 2 Routing for Networks: 10.300.10.0 10.200.10.0 10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 725
B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 726
! interface TenGigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 727
configurations are saved in the configuration file, and the sampling process continues after the stack unit returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the rmon Alarm To set an alarm on any MIB object - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 728
[no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] OR [no] rmon hc-alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 729
- description string: (Optional) specifies a description of the event, which is identical to the event description in the eventTable of the RMON MIB. The default is a null-terminated string. - owner string: (Optional) owner of this event, which is identical to the eventOwner in the eventTable of the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 730
- interval: (Optional) specifies the number of seconds in each polling cycle. - seconds: (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 731
as Hitless • Enabling SNMP Traps for Root Elections and Topology Changes Important Points to Remember • RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 732
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 733
Figure 114. Example of Configuring Interfaces for Layer 2 Mode 1. If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE mode switchport 3. Enable the interface. INTERFACE mode no shutdown Example of Verifying that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 734
switchport no shutdown Dell(conf-if-gi-1/1)# Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 735
Figure 115. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 736
Number of transitions to forwarding state 1 BPDU : sent 121, received 5 The port is not in the Edge port mode Port 380 (TenGigabitEthernet 2/4) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.380 Designated root has priority 32768, address 0001.e801.cbb4 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 737
The following table displays the default values for RSTP. Table 62. RSTP Default Values RSTP Parameter Forward Delay Hello Time Max Age Port Cost: • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • 40-Gigabit Ethernet interfaces • Port Channel with 1-Gigabit Ethernet interfaces • - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 738
To change the port cost or priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree rstp cost cost The range is from 0 to 65535. The default is listed in the previous table. • Change the port priority of an interface. INTERFACE mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 739
Example of Verifying an EdgePort is Enabled on an Interface To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 740
51 Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. 740 Software-Defined Networking (SDN) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 741
refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 742
process request. - stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. - tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 743
record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through the Security chapter in the Dell Networking OS Command Line Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 744
Configuring AAA Authentication Login Methods To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 745
9 Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration • TACACS+ - When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 746
only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 747
commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system. To configure - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 748
To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 749
Examples of Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp-server commands. Because the snmp-server commands are enable level - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 750
to set. If you enter disable without a level-number, your security level is 1. RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 751
host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication and Authorization Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 752
of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you have - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 753
line {aux 0 | console 0 | vty number [end-number]} • Enable AAA login authentication for the specified RADIUS method list. LINE mode login authentication {method-list-name | default} This procedure is mandatory if you are not using default lists. • To use the method list. CONFIGURATION mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 754
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support chapter in the Dell Networking OS Command Line Reference Guide. Choosing TACACS+ as the Authentication Method One of the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 755
CONFIGURATION mode tacacs-server host {ip-address | host} Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 756
, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication Dell Networking OS takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 757
proposes a countermeasure to the problem. This countermeasure is configured into remote login and other secure network services over an insecure network. Dell Networking OS Command Line Interface Reference Guide. Dell Networking OS SCP, which SCP client software is supported. To use the SSH - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 758
Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands. 1. On Chassis One, set the SSH port number (port 22 by default). CONFIGURATION mode ip ssh server port number 2. On Chassis - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 759
Secure Shell Authentication Secure Shell (SSH) is disabled by default. Enable SSH using the ip ssh server enable command. SSH supports three methods of authentication: • Enabling SSH Authentication by Password • Using RSA Authentication of SSH • Configuring Host-Based SSH Authentication • Using - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 760
5. Bind the public keys to RSA authentication. EXEC Privilege mode ip ssh rsa-authentication my-authorized-keys flash://public_key Example of Generating RSA Keys admin@Unix_client#ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.ssh/ - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 761
Based SSH Authentication Dell#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 762
scheme you use - line, local, or remote. Table 63. VTY Access Authentication Method Line VTY access-class support? YES Username access-class support? NO Remote authorization support? NO Local NO YES NO TACACS+ YES NO YES (with Dell Networking OS version 5.2.1.0 and later) RADIUS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 763
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 764
53 Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad - Provider Bridges, which are an amendment to IEEE 802.1Q - Virtual Bridged Local Area Networks. It enables service providers to use - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 765
Figure 116. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are Trunk Ports 2. Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3. Enable VLAN-Stacking for a VLAN. Service Provider Bridging 765 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 766
bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3. Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 767
Dell(conf-if-te-0/1)#vlan-stack trunk Dell(conf-if-te-0/1)#show config ! interface TenGigabitEthernet 0/1 no ip address portmode hybrid switchport vlan-stack trunk shutdown Service Provider Bridging 767 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 768
Networking systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3). 768 Service Provider Bridging - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 769
the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Service Provider Bridging 769 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 770
Figure 117. Single and Double-Tag TPID Match 770 Service Provider Bridging - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 771
Figure 118. Single and Double-Tag First-byte TPID Match Service Provider Bridging 771 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 772
default VLAN switch to default VLAN switch to VLAN switch to default VLAN switch to default VLAN switch to VLAN switch to default VLAN 772 Service Provider Bridging - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 773
default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 774
CFI/DEI Te 0/1 Green 0 Te 0/1 Yellow 1 Te 8/9 Yellow 0 Te 8/40 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 775
Queue 3 also matches the traffic. This is an expected behavior. Examples of QoS Interface Configuration and Rate Policing policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 ! class-map match-any a layer2 match mac access-group a ! mac access-list standard a seq 5 permit any ! qos - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 776
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 777
MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Service Provider Bridging 777 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 778
. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 778 Service Provider Bridging - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 779
kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Service Provider Bridging 779 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 780
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 781
sFlow The Dell Networking Operating System (OS) supports sFlow version 5. 54 Overview sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 782
on any port specifically, the global sampling rate is downloaded to that port and is to calculate the portpipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 783
when the sflow max-header-size extended is configured globally Dell(conf-if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 784
mode show sflow Example of Viewing sFlow Configuration (Global) The first bold line indicates sFlow is globally enabled. Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 785
The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/16 ! interface TenGigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow enable sflow sample-rate 8192 no shutdown Displaying Show sFlow on a Stack-unit - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 786
sampling-rate until the CPU condition is cleared. This is as per sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the actual sampling-rate of an interface may differ from its configured - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 787
but managed objects also have a textual name called an object descriptor. Implementation Information The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 788
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 789
• auth - password privileges. Select this option to set up a user with password authentication. • priv - password and privacy privileges. Select this option to set up a user with password and privacy privileges. To set up user-based security (SNMPv3), use the following commands. • Configure the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 790
retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that define values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 791
the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • enterpriseSpecific environment - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 792
To configure the system to send SNMP notifications, use the following commands. 1. Configure the Dell Networking system to send notifications to an SNMP server. CONFIGURATION mode snmp-server host ip-address [traps | informs] [version 1 | 2c |3] [community-string] To send trap messages, enter the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 793
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 794
5 minutes, a trap is sent. This restriction applies to the console message also. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, then SNMP trap is not sent successfully. To enable an SNMP agent to send a trap when the syslog server is not reachable, use the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 795
SMI::enterprises.6027.3.30.1.1.1 SNMPv2-SMI::enterprises.6027.3.30.1.1 = STRING: "NOT_REACHABLE: Syslog server 10.11.226.121 (port: 9140) is not reachable" SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 2 Following is the sample audit log message that other syslog servers that are - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 796
MIB Object copySrcFileName copyDestFileType copyDestFileLocation copyDestFileName copyServerAddress copyUserName copyUserPassword OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 .1.3.6.1.4.1.6027.3.5.1.1.1.1.6 .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 .1.3.6.1.4.1.6027.3.5.1.1.1.1.8 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 797
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 798
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 799
Example of Copying Configuration Files via TFTP From a UNIX Machine .snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.4 i 3 copyDestFileType.4 i 1 copyDestFileLocation.4 i 3 copyDestFileName.4 s /home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 800
-v 2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 801
.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 802
enterprises.6027.3.10.1.2.10.1.3.1.2 = "Fri Nov 8 08:11:16 2013" enterprises.6027.3.10.1.2.10.1.3.1.3 = "Fri May 23 05:05:16 2014" enterprises.6027.3.10.1.2.10.1.3.2.1 = "Tue Jun 17 14:19:26 2014" enterprises.6027.3.10.1.2.10.1.4.1.1 = 0 enterprises.6027.3.10.1.2.10.1.4.1.2 = 1 enterprises.6027.3.10 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 803
Interface index is 1107787786 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto ARP type: ARPA, ARP Timeout 04:00:00 To display the ports in a VLAN, send an snmpget request for the object dot1qStaticEgressPorts using the interface index as the instance number, as shown. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 804
• To add a tagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts object. • To add an untagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects. NOTE: Whether adding a tagged or untagged port, specify values for both - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 805
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 806
In the following example, R1 has one dynamic MAC address, learned off of port TenGigabitEthernet 1/21, which a member of the default VLAN, VLAN 1. The SNMP walk returns the values for dot1dTpFdbAddress, dot1dTpFdbPort, and dot1dTpFdbStatus. Each object is comprised of an OID concatenated with an - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 807
• the next 1 bit is 0 for a physical interface and 1 for a logical interface • the next 1 bit is unused For example, the index 72925242 is 100010110001100000000111010 in binary. The binary interface index for TeGigabitEthernet 1/21 of a 48-port 10/100/1000Base-T line card with RJ-45 interface. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 808
of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 809
up to six S5000 switches in a single stack using port cables; no special cabling is required. For information about the High Availability features supported on a stacked S5000 switch, refer to the High Availability (HA) chapter. NOTE: You cannot stack an S5000 switch with other S-Series switches - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 810
Stack Management Roles The stack elects the management units for the stack management. • Stack master - primary management unit, also called the master unit. • Standby - secondary management unit. The master holds the control plane and the other units maintain a local copy of the forwarding - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 811
after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6-address | dhcp} Failover Roles If the stack - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 812
Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 813
STP: SPAN: no block sync done no block sync done Management Access on S-Series Stacks You can access the stack via the console port or VTY line. • Console access - You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 814
, rebooted, and joined the stack. • If the new unit is running an Dell Networking OS version prior to 8.3.10.x , the unit is put into a card problem state, Dell Networking OS is not upgraded, and a syslog message is raised. The unit must be upgraded to Dell Networking OS version 8.3.12.0 before you - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 815
in the stack. 2. Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3. Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack-unit-number - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 816
adding units to an existing stack, you can either: • allow Dell Networking OS to automatically assign the new unit a position in the stack, or • manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it. • If you add a unit that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 817
Assigning a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps. NOTE: For an S50 system, install the stacking modules in the new unit - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 818
to a stack group. Each stack group has 40 GbE of bandwidth. Usage Notes: • Stacking is not supported on Fibre Channel ports. • If you use a Fibre Channel module in an S5000 switch, stacking is not supported on Ethernet ports. • If you use three or more S5000 units in a stack, you can connect up - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 819
for stacking, enter the stack-unit 0 stackgroup 4 command in Global Configuration mode. Figure 126. S5000 Stack-Group Assignments Supported Stacking Topologies The S5000 supports stacking up to six units in a ring or a daisy chain topology. The following illustration shows three stacked S5000 units - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 820
to connect 10GbE ports; use QSFP+ cables to connect 40GbE ports. For more information, refer to the Dell Networking S5000 Installation Guide. • Stacking is supported only with other S5000 switches. You cannot stack an S5000 switch with other S-Series switches. • Only daisy-chain or ring topologies - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 821
For detailed cabling information, refer to the Dell Networking S5000 Installation Guide. NOTE: The S5000 does not require special stacking cables. The steps to cable switches in any of the stacking topologies shown in Supported Stacking Topologies. To attach the port cables, follow these steps: 1. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 822
Global Configuration mode stack-unit priority 2. Revert the management priority of a stack unit to the default value of 0. Global Configuration mode no stack-unit unit-number priority number NOTE: If you reconfigure the priorities of stacked switches in an existing S5000 stack, reload the stack so - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 823
• priority value specifies the management priority. The range is from 1 to 14. The default is 0. The unit with the highest priority is elected stack master. 4. Repeat Steps 1 to 3 on each stack unit to pre-configure the election of master and standby stack units. 5. Assign a number to the stack unit - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 824
S5000-1(conf)#stack-unit 2 stack-group 2 Dell(conf)#Feb 8 17:11:10: %STKUNIT2-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Te 2/8 Te 2/9 Te 2/10 Te 2/11 have been configured as stacking ports. Please save and reload for config to take effect S5000-1(conf)#end S5000-1#Feb 8 17:11:12: %STKUNIT2-M:CP %SYS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 825
The following example displays a stack configuration. S5000-1#show system Stack MAC : 5c:f9:dd:ef:0a:c0 Reload-Type : normal-reload [Next boot : normal-reload] -- Unit 0 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : S5000 - 4-module, 4-port GE/TE/FG (SH) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 826
Required Type : - -- Unit 3 -- Unit Type : Member Unit Status : not present Required Type : - -- Unit 4 -- Unit Type : Member Unit Status : not present Required Type : - -- Unit 5 -- Unit Type : Member Unit Status : not present Required Type : - -- Unit 6 -- Unit Type : Member - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 827
on the new unit takes precedence over the logical provisioning. Converting Four 10 GbE Ports to 40 GbE Ports for Stacking Stacking is not supported on fixed 40 GbE ports operating in 4x10G (quad) mode. 1. Convert a 4x10GbE port to 40GbE mode. CONFIGURATION mode no stack-unit unit-number port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 828
Remove a Switch from a Stack After you remove all ports from an S5000 stack, the switch functions in standalone mode but retains the running and startup configuration that was last synchronized by the master switch while it operated as a stack unit. For more information, refer to Removing a Stack - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 829
OS version performs a similar check. If the stack is running 9.1(1.0) and a new unit is running a different software version, the new unit is put into a card problem state. The new unit is then upgraded to use the same Dell Networking OS version as the stack and is rebooted before joining the stack - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 830
disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. • Display redundancy information. EXEC Privilege Reset a stack-unit when the unit is in a problem state. EXEC Privilege mode reset stack-unit unit-number hard 830 Stacking - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 831
Verify a Stack Configuration The following lists the status of a stacked switch (master, standby master, or member unit) according to the color of the System Status LED on its front panel. Color Meaning Green The switch is online and operating as a master, standby, or member unit in a stack or - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 832
7 0/28,29,30,31 8 0/32,33,34,35 9 0/36,37,38,39 10 0/40,41,42,43 11 0/44,45,46,47 12 0/48 13 0/52 14 0/56 15 0/60 The following example shows the show system stack-ports (ring) command. Dell#show system stack-ports Topology: Ring Interface Connection Link Speed Admin Link Trunk - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 833
2/19 3/4 3/5 3/6 3/7 3/8 3/9 3/10 3/11 3/12 3/13 3/14 3/15 3/16 3/17 3/18 3/19 4/4 4/5 4/6 4/7 4/8 4/9 4/10 4/11 3/11 10 2/12 10 2/13 10 2/14 10 2/15 10 2/16 10 2/17 10 2/18 10 2/19 10 4/4 10 4/5 10 4/6 10 4/7 10 4/8 10 4/9 10 4/10 10 4/11 10 3/12 10 3/13 10 3/ - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 834
a Switch Stack To perform troubleshooting operations on a switch stack, use the following commands on the master switch. Command Output show system stack-ports status Displays the status of stacked ports - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 835
following sections describe some of the common fault conditions that can happen in a switch stack and how they are resolved. Stack Member Fails Problem: A unit that is not the stack master fails in an operational stack. Resolution: If a stack member fails in a daisy chain topology, a split stack - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 836
,56,60, Feb 13 15:26:19: %STKUNIT3-S:CP %IFMGR-1-DEL_PORT: Removed port: Te 2/0-11,20-23, Fo 2/ 48,52,56,60, Unplugged Stacking Cable Problem: A stacking cable is unplugged from a member switch. The stack loses half of its bandwidth from the disconnected switch. Resolution: Intra-stack traffic is re - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 837
of by firmware synchronization, which automatically upgrades the unit to the required Dell Networking OS version. You do not have to manually upgrade the unit. To verify that the problem has been resolved and the stacked switch is back online, use the show system brief command. Example of the Card - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 838
Upgrading a Switch Stack To upgrade all switches in a stack with the same Dell Networking OS version, follow these steps. 1. Copy the new Dell Networking OS image to a network server. 2. Download the Dell networking OS image by accessing an interactive CLI that requests the server IP address and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 839
Upgrading a Single Stack Unit You can manually upgrade the Dell Networking OS image in the boot partition of a member unit from the corresponding partition in the master unit. To upgrade an individual - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 840
and Layer 3 traffic. Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE traffic. Do not apply per-viritual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 841
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 842
• To add interfaces to the spanning tree topology after you enable STP, enable the port and configure it for Layer 2 using the switchport command. • The IEEE Standard 802.1D allows 8 bits for port ID and 8 bits for priority. The 8 bits for port ID provide port IDs for 256 ports. Configuring - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 843
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 844
Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode. Dell(conf)#protocol spanning-tree 0 Dell(config - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 845
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 846
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. the default is 2 seconds. • Change the max-age parameter (the refresh interval for configuration information that is generated by - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 847
state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 848
- Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). - Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). - Disabling global spanning tree (the no spanning-tree in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 849
P2P No Dell(conf-if-gi-0/7)#do show ip int br gi 0/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 0/7 unassigned YES Manual up up Global BPDU Filtering By default, when you enable BPDU filtering globally, it stops transmitting BPDUs on the operational portfast-enabled - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 850
Figure 132. BPDU Filtering Enabled on an Interface Selecting STP Root STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 851
Because any switch in an STP network with a lower priority can become the root bridge, the forwarding topology may not be stable. The location of the root bridge can change, resulting in unpredictable network behavior. The STP root guard feature ensures that the position of the root bridge does not - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 852
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 853
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy ! redundancy protocol xstp Dell# STP Loop Guard The STP loop guard - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 854
. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 855
- If a BPDU is received from a remote device, BPDU guard places the port in an Err-Disabled Blocking state and no traffic is forwarded on the port. - If no BPDU is received from a remote device, loop guard places the port in a Loop-Inconsistent Blocking state and no traffic is forwarded on the port. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 856
59 System Time and Date System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 857
synchronize and serve as a client to the NTP host. As soon as a host-client relationship is established, the networking device propagates the time information throughout its local network. Protocol Overview The NTP messages to one or more servers and processes the replies as received. The server - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 858
ntp server ip-address Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 859
Enter the following keywords and slot/port or number information: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. - For a Loopback interface, - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 860
in dotted decimal format (A.B.C.D). - ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. - key keyid : Configure a text string as the key exchanged between the NTP server and the client. - prefer: Enter the keyword prefer to set - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 861
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 862
:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. 862 System Time and Date - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 863
Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following command. • Set the clock to the appropriate timezone and daylight saving time. CONFIGURATION - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 864
- start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. - start-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 865
, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 866
Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.1/24 Dell(conf-if-tu-3)#ipv6 address 3::1/64 Dell(conf-if-tu-3)#no shutdown Dell(conf-if-tu-3)#show config ! interface Tunnel 3 ip address 3.1.1.1/24 ipv6 address 3::1/64 tunnel - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 867
Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip unnumbered TenGigabitEthernet 1/1 ipv6 unnumbered - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 868
61 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 869
Figure 136. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 870
Figure 137. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number by using the ratio of the upstream port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 871
• If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error. The order in which downstream ports are disabled is from the lowest - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 872
is automatically enabled in an uplink-state group. To re-enable upstream-link tracking, use the enable command. Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 873
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 874
interface specifies one of the following interface types: - 10 Gigabit Ethernet: enter tengigabitethernet slot/port. - 40 Gigabit Ethernet: enter fortygigabitethernet slot/port. - Port channel: enter port-channel {1-512}. If a downstream interface in an uplink-state group is disabled (Oper Down - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 875
Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:25:46 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 876
Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream tengigabitethernet 0/3-4 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Gi 0/1 Dell# 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 877
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 878
speed and can span multiple devices. The Dell Networking operating system (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in Networks. In this guide, also refer to: • Bulk Configuration in theInterfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 879
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 880
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 881
whether the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 882
NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Dell# Ports Po1(So 0/0-1) Te 3/0 Po1(So 0/0-1) Te 3/1 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 883
up to eight secondary IP addresses. Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 884
Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 885
gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, refer to Dell Networking OS Command Line Reference Guide. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined for VLT peers in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 886
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 887
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 888
• You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy Gateway LLDP configuration: • You must globally enable LLDP. • You cannot have interface-level LLDP disable commands on the interfaces configured for proxy gateway and you must - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 889
• The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method. For VLT Proxy Gateway to work in this - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 890
2. Configure remote-mac-address in VLT Domain Proxy Gateway LLDP mode. Configure the system mac-addresses of both C and D in C1 and also in D1 in the remote VLT domain and vice versa. Sample Static Configuration on C switch or C1 switch Switch_C#conf Switch_C(conf)#vlt domain 1 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 891
or ToR. VLT reduces the role of Spanning Tree protocols by allowing LAG terminations on two separate distribution or core switches, and by supporting a loop free topology. (A Spanning Tree protocol is still needed to prevent the initial loop that may occur prior to VLT being established. After - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 892
Figure 139. Virtual Link Trunking on S5000 Switches VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires "horizontal" - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 893
two different VLT domains connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four (4) units, increasing the number of available ports and allowing for dual redundancy of the VLT. The following illustration shows - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 894
Figure 141. Example of a Multiple VLT Configuration VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 895
. - A VLT interconnect over 1G ports is not supported. - The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. - The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. - VLT peer switches operate as separate - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 896
you change the default VLAN ID on a VLT peer switch, the VLT interconnect may flap. - In a VLT domain, the following software features are supported on VLTi: link layer discovery protocol (LLDP), flow control, port monitoring, jumbo frames, and data center bridging (DCB). - When you enable the VLTi - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 897
and egress QoS, ingress and egress ACLs, DCB and Layer 2 control protocols such as RSTP (see Configuring Rapid Spanning Tree). NOTE: PVST+ passthrough is supported in a VLT domain. PVST+ BPDUs does not result in an interface shutdown. PVST+ BPDUs for a nondefault VLAN is flooded out as any other L2 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 898
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 899
that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 900
Figure 142. Example of PIM-Sparse Mode on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 901
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 902
Networking recommends using static LAGs on the VLTi between VLT peers to avoid potential problems if you reboot the VLT peers. 2. Enable VLT and create a VLT 3. Configure a backup link for the VLT domain. 4. (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 903
Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1. Enable VLT on a switch, then configure a VLT domain and enter VLT-Domain Configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 904
3. Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 4. Repeat Steps 1 to 3 on the VLT peer switch. To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. Configuring a VLT Port Delay Period To - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 905
Also, reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. 4. (Optional) When you create a VLT domain on a switch, Dell - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 906
7. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain. 8. On an attached switch or server: To connect to the VLT domain and add port channels to it, configure a port channel. For an example of how to verify the port-channel configuration, refer to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 907
The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 5. Configure the IP address of the management interface on the remote VLT peer to be used as the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 908
2. To verify the configuration of a VLT domain, use any of the show commands described in Verifying a VLT Configuration. PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 909
Configure PVST+ on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree pvst Dell_VLTpeer2(conf-pvst)#no disable Dell_VLTpeer2(conf-pvst)#vlan 1000 bridge-priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 910
In the following sample VLT configuration steps, VLT peer 1 is S5000-2, VLT peer 2 is S5000-4, and the ToR is S60-1. NOTE: To avoid potential problems if the VLT peers are rebooted, if you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers. Configure the VLT - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 911
S5000-2# show interfaces managementethernet 0/0 Internet address is 10.11.206.43/16 S5000-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.43 S5000-4# S5000-4#show running-config interface managementethernet 0/0 ip address 10.11.206.58/16 no shutdown - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 912
s60-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown s60-1# s60-1#show port-channel interface 100 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 100 L2 up 03:33:48 Te 0/48 (Up) Te 0/50 (Up) s60-1# Verify that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 913
Figure 143. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 914
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 915
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 916
• Display detailed information about the VLT-domain configuration, including local and peer port-channel IDs, local VLT switch status, and number of active VLANs on each port channel. EXEC mode show vlt detail • Display the VLT peer status, role of the local VLT switch, VLT system MAC address and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 917
The following example shows the show vlt brief command. Dell_VLTpeer1# show vlt brief VLT Domain Brief Domain ID: 1000 Role: Secondary Role Priority: 32768 ICL Link Status: Up HeartBeat Status: Up VLT Peer Status: Up Local Unit Id: 0 Version: 5(1) Local System MAC address: 00 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 918
System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:e6 Local System Role Priority: 32768 The following example shows the show running-config vlt command. Dell_VLTpeer1# show running-config vlt ! vlt domain 30 peer-link port-channel 60 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 919
Bridge ID Priority 0, Address 0001.e88a.dff8 We are the root Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Po 1 128.2 128 200000 DIS 0 0 0001.e88a.dff8 128.2 Po 3 128.4 128 200000 DIS 0 0 0001.e88a.dff8 128.4 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 920
G - GVRP tagged, M - Vlan-stack, H - Hyperpull tagged NUM Status Description Q Ports 10 Active U Po110(Fo 0/52) T Po100(Fo 0/56,60) Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 921
the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 75. Troubleshooting VLT Description Bandwidth monitoring Domain ID mismatch Behavior at Peer Up Behavior During Run Time Action to Take A syslog error - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 922
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 923
When a VLTi port in trunk mode is a member of symmetric VLT PVLANs, the PVLAN packets are forwarded only if the PVLAN settings of both the VLT nodes are identical. You can configure the VLTi in trunk mode to be a member of non-VLT PVLANs if the VLTi is configured on both the peers. MAC address - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 924
PVLAN Operations When One VLT Peer is Down When a VLT port moves to the Admin or Operationally Down state on only one of the VLT nodes, the VLT Lag is still considered to be up. All the PVLAN MAC entries that correspond to the operationally down VLT LAG are maintained as synchronized entries in the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 925
PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section contains the following topics that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 926
Creating a VLT LAG or a VLT VLAN 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port-channel id-number. Enter the same port-channel number configured with the peer-link port-channel command as described in - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 927
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 928
the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast and broadcast ARP requests. Control packets, other than receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 929
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 930
member port-channel port-channel ID 4. Verify the VLAN-stack configurations. EXEC Privilege show running-config Sample configuration of VLAN-stack over VLT (Peer 1) Configure VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 931
Configure VLAN as VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack compatible Dell(conf-if-vl-50-stack)#member port-channel 10 Dell(conf-if-vl-50-stack)#member port-channel 20 Dell#show running-config interface vlan 50 ! - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 932
(Te 1/8) M Po20(Te 1/20) V Po1(Te 1/30-32) IPv6 Peer Routing in VLT Domains Overview Peer routing for IPv6 packets in VLT domains is supported on the S4810, S4820T, S6000, Z9000, and MXL platforms. Virtual Link Trunking (VLT) is a mechanism that enables the physical links between two devices that - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 933
Peer routing for IPv6 packets in a VLT domain is supported. This mechanism of IPv6 peer routing is supported on all the platforms that are compatible with IPv6 routing and support VLT. This functionality performs the following operations: • Forwarding the control traffic to correct VLT node when the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 934
Tunneling of IPv6 ND in a VLT Domain Tunneling an NA packet from one VLT node to its peer is required because an NA may reach the wrong VLT node instead of arriving at the destined VLT node. This may occur because of LAG hashing at the top of the rack (ToR) switch. The tunneled NA will carry some - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 935
Neighbor Solicitation from VLT Hosts Consider a case in which NS for VLT node1 IP reaches VLT node1 on VLT interface and NS for VLT node1 IP reaches VLT node2 due to LAG level hashing in TOR. When VLT node1 receives NS from VLT VLAN interface, it unicasts NA packet on the VLT interface. When NS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 936
Consider a situation in which NA for VLT node1 reaches VLT node1 on non-VLT interface and NA for VLT node1 reaches VLT node2 on non-VLT interface. When VLT node1 receives NA on VLT interface, it learns the Host MAC address on received interface. This learned neighbor entry is synchronized to VLT - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 937
it consumes the packets. VLT node will drop the RA message if it is received over ICL interface. Upgrading from Releases That Do Not Support IPv6 Peer Routing During an upgrade to Release 9.4(0.0) from earlier releases, VLT peers might contain different versions of FTOS. You must upgrade both the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 938
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 939
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 940
commands introduced or modified LLDP protocol on the port 802.1x protocol on the VLAN port OSPF, RIP, ISIS, BGP on physical and logical interfaces Support Status for Default VRF Yes Yes Yes Yes Dynamic Port-channel (LACP) on VLAN Yes port or a Layer 3 port Static Port-channel as VLAN port - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 941
capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF No Yes Yes No No No Yes Yes Yes No No Yes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 942
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Task Create a non-default VRF instance by specifying a name and VRF ID number, and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 943
VRF 0), do not enter a value for vrf-name. Command Syntax Command Mode Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer toOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 944
help still displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route To configure a static route, perform the following steps: Task Configure a static - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 945
Task Command Syntax Command Mode NOTE: You can also have the management route to point to a front-end port in case of the management VRF. For example: management route 2::/64 te 0/0. To configure a static entry in the IPv6 neighbor discovery, perform the following steps: Task Configure a static - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 946
Figure 146. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 947
ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 948
ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 949
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 950
Dell#show ip ospf 1 neighbor Neighbor ID Pri 1.0.0.1 1 FULL/BDR ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri 2.0.0.1 1 FULL/BDR ! Dell#show ip route vrf blue State Dead Time 00:00:36 State Dead Time 00:00:33 Address 1.0.0.1 Address 2.0.0.1 Interface Vl 128 Interface Vl 192 Area 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 951
or more VRFs. Previous FTOS releases support static route leaking, which enables route leaking and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes . The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 952
purpose, routes corresponding VRF-Shared routes are leaked to only VRF-Red and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are leaked to VRF-Shared. For leaking the routes from VRF-Shared to VRF-Red and VRF-Blue, you can configure route-export tag on VRF-shared (source VRF - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 953
Dell# show ip route vrf VRF-Green O 33.3.3.3/32 via 133.3.3.3 110/0 00:00:11 C 133.3.3.0/24 Direct, Te 1/13 0/0 Dell# show ip route vrf VRF-Shared O 44.4.4.4/32 via 144.4.4.4 110/0 00:00:11 22:39:61 C 144.4.4.0/24 Direct, Te 1/4 0/0 00:32:36 Show routing tables of VRFs( after route- - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 954
Configuring Route Leaking with Filtering When you initalize route leaking from one VRF to another, all the routes are exposed to the target VRF. If the size of the source VRF's RTM is considerablly large, an import operation results in the duplication of the target VRF's RTM with the source RTM - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 955
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. • You can expose a unique set - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 956
to the Internet. Router B receives and forwards them on interface GigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 957
to converge or update routing tables. VRRP Implementation The S5000 supports a total of 255 VRRP groups on a switch. Within a single VRRP group , up to 12 virtual IP addresses are supported. Virtual IP addresses can belong to the primary or secondary IP address' - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 958
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 959
INTERFACE mode no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#int Te 1/1 Dell(conf-if-Te-1/1)#vrrp-group 111 Dell(conf-if-Te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-Te-1/1)#show - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 960
no shutdown Dell(conf-if-te-1/1)# The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets. Dellshow vrrp TenGigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 961
10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 601, Gratuitous ARP sent: 2 Virtual - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 962
• Prevent any BACKUP router with a higher priority from becoming the MASTER router. INTERFACE-VRID mode no preempt Examples of Disabling Preempt Re-enable preempt by entering the preempt command. When you enable preempt, it does not display in the show commands, because it is a default setting. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 963
advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Dell(conf-if-te-1/1-vrid-111)# Track an Interface or Object You can set Dell Networking OS to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 964
show track • (Optional) Display the configuration and the UP or DOWN state of tracked interfaces and objects in VRRP groups, including the time since the last change in an object's state. EXEC mode or EXEC Privilege mode show vrrp • (Optional) Display the configuration of tracked objects in VRRP - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 965
can configure the delay for up to 15 minutes, after which VRRP enables normally. Set the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you configure both CLIs, the later timer rules VRRP enabling. For example, if you set vrrp - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 966
directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. The VRRP topology was created using the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 967
R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TenGigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.3 no shutdown R2(conf-if-te-2/31)#end - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 968
Figure 149. Example of VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 969
virtual-address 1::10 no shutdown R2(conf-if-te-0/0)#end R2#show vrrp TenGigabitEthernet 0/0, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 970
on each VRF instance in order that there is one MASTER and one backup router for each VRF. In VRF-1 and VRF-2, Switch-2 serves as owner-master of the VRRP group and Switch-1 serves as the backup. On VRF-3, Switch-1 is the owner-master and Switch-2 is the backup. In VRF-1 and VRF-2 on Switch-2, the - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 971
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 972
VRRP in VRF: Switch-1 VLAN Configuration VRRP in VRF: Switch-2 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 12/4 S1(conf-if-te-12/4)#no ip address S1(conf-if-te-12/4)#switchport S1(conf-if-te-12/4)#no - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 973
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. Virtual Router Redundancy Protocol (VRRP) 973 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 974
Figure 151. VRRP for IPv6 Topology NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 975
NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs. R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 976
Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp tengigabitethernet 2/8 TenGigabitEthernet 2/8, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 0 default State: Master, Priority: 110, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 977
Displaying VRRP in a VRF Configuration To display information on a VRRP group that is configured on an interface that belongs to a VRF instance, use the following commands. • Display information on a VRRP group that is configured on an interface that belongs to a VRF instance. show running-config - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 978
68 S5000 Debugging and Diagnostics Offline Diagnostics The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 979
show system brief 3. Start diagnostics on the unit. diag When the tests are complete, the system displays the following message and automatically reboots the unit. Diagnostic results are printed to a file in the flash using the filename format TestReport-SU-.txt. Log messages - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 980
-- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed Fan2 Speed Fan3 Speed 0 0 absent or down 0 1 up up 4800 up 4800 up 4800 up 4800 0 2 up up 4800 up 4800 up 4800 up 4800 0 3 absent or down Dell# As shown in the following two examples, log messages differ somewhat when - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 981
are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information for MASTER or standby . NOTE: Non-management member units do not support this functionality. S5000 Debugging and Diagnostics 981 - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 982
reboots an Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Using the Show Hardware Commands These commands display information from a hardware sub-component and from hardware-based feature tables. The - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 983
EXEC Privilege mode show hardware stack-unit {0-11} stack-port {0-64} • View the counters in the field processors of the stack unit. EXEC Privilege mode show hardware stack-unit {0-11} unit {0-0} counters • View the details of the FP Devices and Hi gig ports on the stack-unit. EXEC Privilege mode - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 984
Temperature Limits (deg C) -- Minor Minor Off Major Major Off Shutdown Unit0 57 56 62 61 85 Dell# Troubleshoot an Over-temperature Condition To troubleshoot an over-temperature condition, use the following information. 1. Use the show environment commands to monitor the temperature levels - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 985
Power over Ethernet (PoE). If the under-voltage condition persists, member units are shut down, then the master unit. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 986
going from the FP to the CSF IDP links. 3. Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 987
Figure 152. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 988
buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE mode buffer packet-pointers • Apply the buffer profile to a line card. CONFIGURATION mode buffer fp-uplink linecard • Apply the buffer profile to a CSF to FP link. CONFIGURATION mode buffer csf linecard Examples of - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 989
-fp Dell#sho run int te 0/10 ! interface TenGigabitEthernet 0/10 no ip address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet loss, use the following commands. • show hardware stack-unit cpu data-plane - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 990
• show hardware stack-unit 0-11 drops unit 0-0 port 0-63 • show hardware stack-unit 0-11 stack-port 48-51 • show hardware stack-unit 0-11 unit 0-1 {counters | details | port-stats [detail] | register | execute-shell-cmd | ipmc-replication | table-dump} • show hardware drops interface [range] - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 991
Port bitmap zero Drops : 0 Rx VLAN Drops : 0 --- Ingress MAC counters--- Ingress FCSDrops : 0 Ingress MTUExceeds : 0 --- MMU Drops --- Ingress MMU Drops : 0 HOL DROPS(TOTAL) : 0 HOL DROPS on COS0 : 0 HOL DROPS on COS1 : 0 HOL DROPS on COS2 : 0 HOL DROPS on COS3 : 0 HOL DROPS - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 992
rxPkt(COS3) :0 rxPkt(COS4) :0 rxPkt(COS5) :0 rxPkt(COS6) :0 rxPkt(COS7) :0 rxPkt(UNIT0) :0 rxPkt(UNIT1) :0 rxPkt(UNIT2) :0 rxPkt(UNIT3) :0 transmitted :0 txRequested :0 noTxDesc :0 txError :0 txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0) :0 txPkt(COS1) - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 993
mode. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 994
- Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 995
standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 996
Protocol (MP) √ 1994 PPP Challenge Handshake Authentication √ Protocol (CHAP) 2460 Internationalization of the File Transfer Protocol not supported 2474 Definition of the Differentiated Services Field √ (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over SONET/SDH √ 2698 A Two Rate - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 997
√ Allocation Protection Against a Variant of the Tiny √ Fragment Attack General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 82. General IPv6 Protocols RFC# Full Name Dell networking OS 9.1(1.0) 1886 DNS Extensions - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 998
√ draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP √ Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 84. Open Shortest Path First (OSPF) RFC# 1587 Full Name S-Series/Z-Series The OSPF Not-So-Stubby - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 999
of Generalized MultiProtocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Not supported Intermediate System to Intermediate Systems (IS-ISs) 5306 Restart Signaling for IS-IS Not supported 5308 Routing IPv6 with IS-IS √ draft-ietf-isis-igpp2p- over-lan-06 Point-to - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 1000
Multicast - Sparse Mode √ (PIM-SM): Protocol Specification (Revised) Network Management The following table lists the Dell Networking OS support per platform for network management protocol. RFC# Full Name Dell networking OS 9.1(1.0) 1155 Structure and Identification of √ Management - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 1001
Definitions of Managed Objects for the Synchronous Optical Network/ Synchronous Digital Hierarchy (SONET/ SDH) Interface Type Not supported Introduction and Applicability Statements √ for Internet Standard Management Framework An Architecture for Describing Simple √ Network Management Protocol - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 1002
Table, Ethernet History Table, Alarm Table, Event Table, Log Table The Interfaces Group MIB √ Remote Authentication Dial In User √ Service (RADIUS) Remote Network Monitoring Management √ Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 1003
that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) Dell Networking Enterprise IF Extension √ MIB (extends the Interfaces portion of the MIB - Dell PowerSwitch S5000 | 9.80.0 Configuration Guide for the S5000 Switch - Page 1004
counters displayed in the "show interfaces" output) Dell Networking Enterprise Link √ Aggregation MIB Dell Networking File Copy MIB √ (supporting SNMP SET operation) Dell Networking Monitoring MIB √ Dell Networking Product Object Identifier √ MIB Dell Networking S5000 Enterprise Chassis
Dell 9.8(0.0)
Configuration
Guide for the S5000 Switch