Dell PowerSwitch S6000 Configuration Guide for the S6000 System 9.100.0
Dell PowerSwitch S6000 Manual
View all Dell PowerSwitch S6000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S6000 manual content summary:
- Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1
Dell Configuration Guide for the S6000 System 9.10(0.0) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 3
Contents 1 About this Guide...32 Audience...32 Conventions...32 Related Documents...32 2 Configuration Fundamentals...33 Accessing the Command Line...33 CLI Modes...33 Navigating CLI Modes...35 The do - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 4
a UNIX Logging Facility Level...67 Synchronizing Log Messages...68 Enabling Timestamp on Syslog Messages...69 File Transfer Services...69 Configuration Task List for File Transfer Services 69 Enabling the FTP Server...70 Configuring FTP Server Parameters...70 Configuring FTP Client Parameters...70 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 5
5 802.1X...79 Port-Authentication Process...81 EAP over RADIUS...82 Configuring 802.1X...82 Related Configuration Tasks...82 Important Points to Remember...82 Enabling 802.1X...83 Configuring dot1x Profile ...84 Configuring MAC addresses for a do1x Profile 85 Configuring the Static MAB and MAB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 6
Route Maps...124 Implementation Information...124 Flow-Based Monitoring Support for ACLs...124 Behavior of Flow-Based Monitoring...125 BGP...147 Configure BFD for VRRP...154 Configuring Protocol Liveness...156 Troubleshooting BFD...156 9 Border Gateway Protocol IPv4 (BGPv4)...158 Autonomous Systems - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 7
(MEDs)...165 Origin...166 AS Path...166 Next Hop...167 Multiprotocol BGP...167 Implement BGP with Dell Networking OS...168 Additional Path (Add-Path) Support...168 Advertise IGP Cost as MED for Redistributed Routes 168 Ignore Router-ID in Best-Path Calculation 169 Four-Byte AS Numbers...169 AS4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 8
215 CAM Allocation...215 Test CAM Usage...217 View CAM Profiles...217 View CAM-ACL Settings...218 View CAM Usage...219 CAM Optimization...220 Troubleshoot CAM Profiling...220 CAM Profile Mismatches...220 QoS CAM Region Limitation...220 Syslog Error When the Table is Full...221 Syslog Warning Upon 90 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 9
of Tagged Packets...243 Configuration Example for DSCP and PFC Priorities 244 SNMP Support for PFC and Buffer Statistics Tracking 244 Performing PFC Using DSCP Bits ...254 Propagation of DCB Information...255 Auto-Detection and Manual Configuration of the DCBx Version 255 DCBx Example...255 DCBx - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 10
Paths...295 Creating an ECMP Group Bundle...295 Modifying the ECMP Group Threshold...295 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table 296 Support for ECMP in host table...297 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes 297 RTAG7...297 Flow-based - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 11
Adding the Member VLANs 329 Setting the FRRP Timers...330 Clearing the FRRP Counters...330 Viewing the FRRP Configuration...330 Viewing the FRRP Information...330 Troubleshooting FRRP...331 Configuration Checks...331 Sample Configuration and Topology...331 Contents 11 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 12
18 GARP VLAN Registration Protocol (GVRP 333 Important Points to Remember...333 Configure GVRP...334 Related Configuration Tasks...334 Enabling GVRP Globally...334 Enabling GVRP on a Layer 2 Interface...335 Configure GVRP Registration...335 Configure a GARP Timer...336 19 Internet Group Management - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 13
Advanced Interface Configuration...357 Interface Types...358 View Basic Interface Information...358 Resetting an Interface to its Factory Default State 360 Enabling a Physical Interface...360 Physical Interfaces...361 Configuration Task List for Physical Interfaces 361 40G to 1G Breakout Cable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 14
Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port 383 Important Points to Remember...384 Example Scenarios...384 Configuring wavelength for 10-Gigabit SFP+ optics 388 Link Dampening...388 Important Points to Remember...388 Enabling Link Dampening...388 Link Bundle Monitoring...390 Using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 15
Addresses 414 UDP Helper with No Configured Broadcast Addresses 415 Troubleshooting UDP Helper...415 22 IPv6 Routing...416 Protocol Overview... 417 Longest Prefix Match (LPM) Table and IPv6 /65 - /128 support 418 IPv6 Header Fields...419 Extension Header Fields...421 Addressing...422 Implementing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 16
Monitoring iSCSI Traffic Flows...438 Application of Quality of Service to iSCSI Traffic Flows 439 Information Monitored in iSCSI ...446 Multi-Topology IS-IS...447 Transition Mode...447 Interface Support...448 Adjacencies...448 Graceful Restart...448 Timers...448 Implementation Information... - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 17
Setting the LACP Long Timeout...472 Monitoring and Debugging LACP...472 Shared LAG State Tracking...473 Configuring Shared LAG State Tracking...473 Important Points about Shared LAG State Tracking 474 LACP Basic Configuration Example...475 Configure a LAG on ALPHA...475 26 Layer 2...484 Manage the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 18
Enabling LLDP on Management Ports...507 Disabling and Undoing LLDP on Management Ports 507 Advertising TLVs...508 Viewing the LLDP Configuration...509 Viewing Information Advertised by Adjacent LLDP Agents 509 Configuring LLDPDU Intervals...510 Configuring Transmit and Receive Mode...511 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 19
30 Multiple Spanning Tree Protocol (MSTP)...544 Protocol Overview...544 Spanning Tree Variations...545 Implementation Information...545 Configure Multiple Spanning Tree Protocol...545 Related Configuration Tasks...545 Enable Multiple Spanning Tree Globally...546 Adding and Removing Interfaces...546 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 20
Interface...604 Redistributing Routes...605 Configuring a Default Route...605 Enabling OSPFv3 Graceful Restart...605 OSPFv3 Authentication Using IPsec...607 Troubleshooting OSPFv3...613 34 Policy-based Routing (PBR)...615 Overview...615 Implementing PBR...616 Configuration Task List for Policy-based - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 21
+ Parameters...657 Configuring an EdgePort...658 PVST+ in Multi-Vendor Networks...658 Enabling PVST+ Extend System ID...658 PVST+ Sample Configurations...659 39 Quality of Service (QoS)...662 Contents 21 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 22
Priority Queueing...680 Queue Classification Requirements for PFC Functionality 681 Support for marking dot1p value in L3 Input Qos Policy 681 Rate Shaping...686 Configuring Weights and ECN for WRED ...686 Global Service Pools With WRED and ECN Settings 687 Configuring WRED and ECN Attributes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 23
Fault Recovery...710 Setting the RMON Alarm...711 Configuring an RMON Event...711 Configuring RMON Collection Statistics...712 Configuring the RMON Collection History 712 42 Rapid Spanning Tree Protocol (RSTP)...714 Protocol Overview...714 Configuring Rapid Spanning Tree...714 Related Configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 24
Cipher List...746 Secure Shell Authentication...746 Troubleshooting SSH...749 Telnet...749 VTY Line and and Authorization 751 VTY MAC-SA Filter Support...751 Role-Based Access Control...751 Overview Display Information About User Roles...761 45 Service Provider Bridging...763 VLAN Stacking...763 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 25
Statistics 802 Obtaining a Value for MIB Objects...802 MIB Support to Display the Available Memory Size on Flash 803 Viewing the Available Flash Memory Size 803 MIB Support to Display the Software Core Files Generated by the System 804 Viewing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 26
...813 MAC Addressing on Stacks...813 Stacking LAG...815 Supported Stacking Topologies...815 High Availability on Stacks...815 Management 829 Removing Front End Port Stacking...830 Troubleshoot a Stack...830 Recover from Stack Link Flaps...830 Recover from a Card Problem State on a Stack 831 49 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 27
STP Guard Configuration...850 51 SupportAssist...851 Configuring SupportAssist Using a Configuration Wizard 852 Configuring SupportAssist Manually...852 Configuring SupportAssist Activity...854 Configuring SupportAssist Company...855 Configuring SupportAssist Person...855 Configuring SupportAssist - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 28
Setting Daylight Saving Time Once...867 Setting Recurring Daylight Saving Time...867 53 Tunneling...870 Configuring a Tunnel...870 Configuring Tunnel Keepalive Settings...871 Configuring a Tunnel Interface...871 Configuring Tunnel Allow-Remote Decapsulation 872 Configuring Tunnel source anylocal - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 29
Delayed Restoration...896 PIM-Sparse Mode Support on VLT...896 VLT Routing VLT Configuration...915 Additional VLT Sample Configurations...918 Troubleshooting VLT...920 Reconfiguring Stacked Switches as VLT... VXLAN Configurations...941 VXLAN Service nodes for BFD...942 Examples of the show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 30
Hardware Watchdog Timer...992 Enabling Environmental Monitoring...992 Recognize an Overtemperature Condition 993 Troubleshoot an Over-temperature Condition 994 Recognize an Under-Voltage Condition...994 Troubleshoot an Under-Voltage Condition 994 Buffer Tuning...995 Deciding to Tune Buffers...996 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 31
Using a Pre-Defined Buffer Profile...998 Sample Buffer Profile Configuration...999 Troubleshooting Packet Loss...999 Displaying Drop Counters...1000 Dataplane Statistics...1001 Display Stack Port Statistics...1002 Display Stack Member Counters...1003 Enabling Application Core Dumps...1005 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 32
including Internet Engineering Task Force (IETF) requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Topics: • Audience • Conventions • Related - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 33
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 34
when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, 10 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 35
PRIORITY-GROUP PROTOCOL GVRP QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 36
CLI Command Mode Loopback Interface Management Ethernet Interface Null Interface Port-channel Interface Tunnel Interface VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 37
failover-group Dell(conf-pg)# priority-group Dell(config-gvrp)# protocol gvrp Dell(conf-qos-policy-out-ets)# qos-policy-output Dell(support-assist)# support-assist Dell(conf-vlt-domain)# vlt domain Dell(conf-if-interface-type- vrrp-group slot/port-vrid-vrrp-group-id)# Dell=> Press - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 38
-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 39
• Enter ? after a command prompt to list all of the available keywords. The output of this command is the same as the help command. Dell#? bmp cd clear clock BMP commands Change current directory Reset functions Manage the system clock • Enter ? after a partial keyword lists all of the keywords - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 40
Short-Cut Key Action Combination CNTL-X Deletes the line. CNTL-Z Ends continuous scrolling of command outputs. Esc B Moves the cursor back one word. Esc F Moves the cursor forward one word. Esc D Deletes all characters from the cursor to the end of the word. Command History The Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 41
The find keyword displays the output of the show command beginning from the first occurrence of specified text. The following example shows this command used in combination with the show system brief command. Example of the find Keyword The display command displays additional configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 42
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 43
Console Access The device has two management ports available for system access: a serial RS-232 /RJ-45 console port and an out-of-band (OOB) Ethernet port to manage the switch with an IP address. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 44
Table 2. Pin Assignments Between the Console and a DTE Terminal Server Console Port Signal RJ-45 to RJ-45 Rollover Cable RJ-45 Pinout RJ-45 to RJ-45 Rollover Cable RJ-45 Pinout RJ-45 to DB-9 Adapter Terminal Server Device DB-9 Pin Signal RTS 1 8 8 CTS NC 2 7 6 DSR TxD 3 6 2 RxD - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 45
2 Configure a management route with a default gateway. Configure a Management Route 3 Configure a username and password. Configure a Username and Password Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. 1 Enter INTERFACE mode for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 46
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are three types of enable passwords: • enable password is stored in the running/startup configuration using a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 47
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 48
the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on the device. Refer to your system's Release Notes for a list of approved USB vendors. Example of Copying a File to current File System - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 49
period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems. To view a list of files or the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 50
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drw- 32768 Jan 01 1980 00:00:00 . 2 drwx 512 Jul 23 2007 00:38:44 .. 3 drw- 8192 Mar 30 1919 10:31:04 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 51
keyword startup-config. • To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 52
that the local copy is exactly the same as the published software image. This validation procedure, and the verify {md5 | sha256} command to support it, prevents the installation of corrupted or modified images. The verify {md5 | sha256} command calculates and displays the hash of any file on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 53
MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin Getting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 54
and the Logging Configuration • Configuring a UNIX Logging Facility Level • Synchronizing Log Messages • Enabling Timestamp on Syslog Messages • File Transfer Services • Terminal Lines • Setting Timeout for EXEC Privilege Mode • Using Telnet to get to Another Network Device • Lock CONFIGURATION Mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 55
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 56
• removes the resequence command from EXEC mode by requiring a minimum of privilege level 4 • moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3, which is the configured level for VTY 0 • allows access to CONFIGURATION mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 57
line Configure a terminal line linecard Set line card type Dell(conf)#interface ? fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port-channel Port-channel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 58
• console and terminal lines • any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 59
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 60
The following describes the two log messages formats: • 0 - Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol • 1 - Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 61
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 62
CONFIGURATION mode logging {ip-address | ipv6-address | hostname} {{udp {port}} | {tcp {port}}} You can export system logs to an external server that is connected through a different VRF. Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 63
Example of Configuring Login Activity Tracking The following example enables login activity tracking. The system stores the login activity details for the last 30 days. Dell(config)#login statistics enable The following example enables login activity tracking and configures the system to store the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 64
Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 30 day(s): 3 Successful login attempt(s) in last 30 day(s): 2 Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 65
Configuring Concurrent Session Limit To configure concurrent session limit, follow this procedure: • Limit the number of concurrent sessions for all users. CONFIGURATION mode login concurrent-session limit number-of-sessions Example of Configuring Concurrent Session Limit The following example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 66
5 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]: Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 67
Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system, use the show logging command in EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 68
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 69
application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. The FTP and TFTP services are enhanced to support the VRF-aware functionality. If you want the FTP or TFTP server to use a VRF table that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 70
Enabling the FTP Server To enable the system as an FTP server, use the following command. To view FTP configuration, use the show running-config ftp command in EXEC privilege mode. • Enable FTP on the system. CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 71
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. CONFIGURATION mode ip ftp source-interface interface • Configure a password. CONFIGURATION mode ip ftp password password • Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 72
Example of an ACL that Permits Terminal Access Example Configuration To view the configuration, use the show config command in LINE mode. Dell(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 73
CONFIGURATION mode login authentication {method-list-name | default} 3 If you used the line authentication method in the method list you applied to the terminal line, configure a password for the terminal line. LINE mode password Example of Terminal Line Authentication In the following example, VTY - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 74
limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system 0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 75
, set the system parameter to ignore the enable password and reload the system: BOOT_USER# ignore enable-password BOOT_USER# reload NOTE: You must manually enter each CLI command. The system rejects a command if you copy and paste it in the command line. 5 Configure a new password. CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 76
4 Set the system parameters to ignore the enable password when the system reloads. BOOT_USER# ignore enable-password BOOT_USER# reload 5 Reload the system. BOOT_USER mode reset 6 Configure a new enable password. CONFIGURATION mode enable {password | secret | sha256-password} 7 Save the running- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 77
Important Points to Remember • When you restore all the units in a stack, these units are placed in standalone mode. • When you restore a single unit in a stack, only that unit is placed in standalone mode. No other units in the stack are affected. • When you restore the units in standalone mode, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 78
boot device : flash file name : systema BOOT_USER # To boot from flash partition B: BOOT_USER # boot change primary boot device : flash file name : systemb BOOT_USER # To boot from network: BOOT_USER # boot change primary boot device : tftp file name : FTOS-SI-9-5-0-169.bin Server IP address : 10.16 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 79
-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-overRADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 80
Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 81
• Configuring Timeouts • Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: 1 When the authenticator senses a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 82
in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 83
server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 84
Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 85
Dell#show dot1x profile 802.1x profile information Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses. • Configure a list of MAC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 86
Untagged VLAN id: None Guest VLAN: Enable Guest VLAN id: 100 Auth-Fail VLAN: Enable Auth-Fail VLAN id: 200 Auth-Fail Max-Attempts:3 Critical VLAN: Enable Critical VLAN id: 300 Mac-Auth-Bypass Only: Disable Static-MAB: Enable Static-MAB Profile: Sample Tx Period: 90 seconds - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 87
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 88
Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an unresponsive supplicant • re-transmits an EAP Request - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 89
Dot1x Status: Port Control: Port Auth Status: Re-Authentication: Untagged VLAN id: Tx Period: Quiet Period: ReAuth Max: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: Enable FORCE_AUTHORIZED UNAUTHORIZED - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 90
Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: SINGLE_HOST Initialize Initialize Initialize Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 91
Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 92
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 93
Example of Configuring Maximum Authentication Attempts Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 94
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 95
on the hardware specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 96
FP blocks for ACL VLAN optimization. CONFIGURATION mode cam-acl-vlan vlanaclopt 4 View the number of FP blocks that is allocated for the different VLAN services. Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) 96 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 97
EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 ACL | 206 | 9 | 197 Codes: * - cam usage is above 90%. Viewing CAM Usage View the amount of CAM space available, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 98
for VLAN Processes The VLAN contentaware processor (VCAP) application is a pre-ingress CAP that modifies the VLAN settings before packets are forwarded. To support ACL CAM optimization, the CAM carving feature is enhanced. A total of four VCAP groups are present: two fixed groups and two dynamic - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 99
To display the number of FP blocks that is allocated for the different VLAN services, use the show cam-acl-vlan command. After you configure the ACL VLAN groups, reboot the system to store the settings in nonvolatile storage. During - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 100
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 101
IP Prefix Lists • ACL Resequencing • Route Maps • Flow-Based Monitoring Support for ACLs • Configuring UDF ACL IP Access Control Lists (ACLs) In more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 102
CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create a class map with all the required ACL rules, then execute the test - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 103
Ingress Access list • L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. Assigning ACLs to to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 104
Dell(conf)#interface te 10/1 Dell(conf-if-te-10/1)#service-policy input pmap Important Points to Remember • For route-maps with more than one match clause: • Two or more match clauses within the same route- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 105
map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found. The following is an example with two instances of a route map. The following example shows matching instances of a route-map. Dell#show route-map route-map zakho, permit, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 106
Dell(config-route-map)#match tag 2000 Dell(config-route-map)#match tag 3000 Example of the match Command to Match All Specified Values In the next example, there is a match only if a route has both of the specified characteristics. In this example, there a match only if the route has a tag value of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 107
match ipv6 address prefix-list-name • Match next-hop routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip next-hop {access-list-name | prefix-list prefix-list-name} • Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 108
CONFIG-ROUTE-MAP mode set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value} • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 109
with the fragments keyword for all Layer 3 rules applicable to all Layer protocols (permit/deny ip/tcp/udp/icmp). • Both standard and extended ACLs support IP fragments. • Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments. If the packet is to be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 110
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 111
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1 Enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 112
seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.0 /16 Dell# The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 25 was configured before filter 15, but the show config command displays the filters - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 113
seq 50 permit tcp 10.8.0.0 /16 10.50.188.118 /31 eq 49 seq 55 permit udp 10.15.1.0 /24 10.50.188.118 /31 range 1812 1813 To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the no seq sequence-number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 114
CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 115
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 116
CONFIGURATION mode interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3 Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in} [implicit-permit] [vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 117
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 118
Dell#configure terminal Dell(conf)#interface te 1/2 Dell(conf-if-te-1/2)#ip vrf forwarding blue Dell(conf-if-te-1/2)#show config ! interface TenGigabitEthernet 1/2 ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)#end Dell# Applying Egress - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 119
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 120
The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 121
Viewing Prefix Lists To view all configured prefix lists, use the following commands. • Show detailed information about configured prefix lists. EXEC Privilege mode show ip prefix-list detail [prefix-name] • Show a table of summarized information about configured Prefix lists. EXEC Privilege mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 122
If you enter the name of a non-existent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name out [interface | connected | static | ospf] Example of Viewing Configured Prefix Lists (ROUTER RIP mode) To view the configuration, use the show config command in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 123
You can resequence IPv4 and IPv6 ACLs, prefixes, and MAC ACLs. No CAM writes happen as a result of resequencing, so there is no packet loss; the behavior is similar Hot-lock ACLs. NOTE: ACL resequencing does not affect the rules, remarks, or order in which they are applied. Resequencing merely - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 124
or no set commands. When there is no match command, all traffic matches the route map and the set command applies. Flow-Based Monitoring Support for ACLs Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 125
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 126
on TenGigabitEthernet 1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S6000 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 127
ip access-group testflow in shutdown Dell(conf-if-te-1/1)#exit Dell(conf)#do show ip accounting access-list testflow ! Extended Ingress IP access list testflow on TenGigabitEthernet 1/1 Total cam count 4 seq 5 permit icmp any any monitor count bytes (0 packets 0 bytes) seq 10 permit ip 102.1.1.0/24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 128
fedgovacl : 0 0 nlbclusteracl: 0 0 -- stack-unit 0 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 2 FcoeAcl : 4 iscsiOptAcl : 0 ipv4pbr : 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 129
CONFIGURATION-UDF TCAM mode udf-qualifier-value name Dell(conf-udf-tcam)# udf-qualifier-value ipnip_val1 10 Assign a value to a UDF ID. CONFIGURATION-UDF-Qualifier-Value Profile mode udf-id 1-12 value mask Dell(conf-udf-tcam-qual-val)#udf-id 1 aa ff 11 Associate the UDF qualifier value with a UDF - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 130
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 131
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Bidirectional Forwarding Detection (BFD) 131 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 132
The minimum rate at which the local system would like to receive echo packets. RX NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 133
inquiries from the Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State Administratively Down Down Init Up Description - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 134
Figure 10. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD) 134 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 135
system, the session state on the local system changes to Init. Figure 11. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 136
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 137
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1 Enter interface mode. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 138
Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 139
To disable and re-enable BFD on an interface, use the following commands. • Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 % - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 140
Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 13. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 141
ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD, all static route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 142
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 143
BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Bidirectional Forwarding Detection (BFD) 143 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 144
Configuring BFD for OSPFv3 is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 145
Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 146
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 147
of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 148
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1 Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2 Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 149
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 150
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 151
Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 152
Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 153
2.2.2.2 1 273 273 0 3.3.3.2 1 282 281 0 0 (0) 04:32:26 0 0 0 00:38:12 0 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 154
Peer active in peer-group outbound optimization ... Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 155
Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to establish an individual VRRP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 156
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 157
debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24 (diag: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 158
BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are 2 (the transit AS) to connect to Router 4. Internet service providers (ISPs) are always transit ASs, Border Gateway Protocol IPv4 (BGPv4) 158 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 159
network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When connectivity and accessibility. Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 160
Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 161
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 162
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 163
but different local preferences. BGP sees that the Weight criteria results in two potential "best paths" and moves to local preference to reduce the options. If a number of best paths is determined, this selection criteria is applied to group's best to determine the ultimate best path. In non- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 164
a An AS_SET has a path length of 1, no matter how many ASs are in the set. b A path with no AS_PATH configured has a path length of 0. c AS_CONFED_SET is not included in the AS_PATH length. d AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5 Prefer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 165
path through Router A is shorter (one hop instead of two), the LOCAL_PREF settings have the preferred path go through Router B and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 22. BGP Local Preference Multi-Exit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 166
Figure 23. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 167
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 168
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 169
allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 170
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 171
Dell(conf-router_bgp)#no bgp four-octet-as-support Dell(conf-router_bgp)#sho conf ! router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 172
Figure 24. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the "no prepend" option, the Local-AS does not prepend to the updates received from the eBGP peer. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 173
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 174
at system boot reads the entire configuration file prior to sending messages to start BGP peer sessions) The following are not yet supported: • auto-summarization (the default is no auto-summary) • synchronization (the default is no synchronization) BGP Configuration To enable the BGP process and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 175
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 176
Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN format. b Enable IPv4 multicast or IPv6 mode. CONFIG-ROUTER-BGP mode address-family [ipv4 | ipv6} vrf Use this command to enter BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF). 2 Add - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 177
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 178
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 179
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 180
NOTE: Sample Configurations for enabling peer groups are found at the end of this chapter. 1 Create a peer group by assigning a name to it. CONFIG-ROUTERBGP mode neighbor peer-group-name peer-group 2 Enable the peer group. CONFIG-ROUTERBGP mode neighbor peer-group-name no shutdown By default, all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 181
A neighbor may keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's and if the neighbor's configuration does not affect outgoing updates. NOTE: When you configure a new set of BGP policies for a peer group, always reset the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 182
10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, a BGP session is governed by the hold time. BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 183
Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 184
prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 185
network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter- 10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 186
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 187
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 188
You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION mode. AS-PATH ACL mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Use a configured AS-PATH ACL for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 189
Regular Expression ^ (caret) $ (dollar) . (period) * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 190
Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 191
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1 Create - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 192
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 193
deny 14551:666 Dell# Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1 Enter the ROUTE-MAP mode and assign a name to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 194
CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 195
*>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 195.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 100 0 100 0 100 0 100 0 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 196
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 197
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 198
3 Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the configured prefix list. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 199
Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes. To view the BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 200
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. To configure a route reflector, use the following commands. • Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 201
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 202
default is 60 minutes. • route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 203
The following example shows how to configure values to reuse or restart a route. In the following example, default = 15 is the set time before the value decrements, bgp dampening 2 ? is the set re-advertise value, bgp dampening 2 2000 ? is the suppress value, and bgp dampening 2 2000 3000 ? is the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 204
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 205
You can enable the MBGP feature per router and/or per peer/peergroup. The default is IPv4 Unicast routes. When you configure a peer to support IPv4 multicast, Dell Networking OS takes the following actions: • Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 206
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 207
EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] • Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp {ip-address | peer-group-name} soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 208
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 209
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 210
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 211
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 212
R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config ! interface TengigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 213
BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 214
R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 215
10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 216
The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 512 entries. Even though you can perform CAM carving to allocate the maximum - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 217
mode show cam-acl 4 Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 218
cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing CAM-ACL Settings Dell(conf)#do show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) Next Boot(in block - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 219
L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 0 -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 220
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting this case, manually adjust the the non-EG line cards enter a problem state. • Before moving a card to supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 221
By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables. The other supported UFT modes are scaled-l3-hosts (UFT mode 3) and scaledl3-routes (UFT mode 4). Table 12. UFT Modes -Table Size UFT Mode L2 MAC Table - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 222
Dell(conf)#hardware forwarding-table mode scaled-l3-hosts Hardware forwarding-table mode is changed. Save the configuration and reload to take effect. Dell(conf)#end Dell#write mem ! 01:13:36: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config in flash by default Dell(conf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 223
11 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 224
Figure 27. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 225
input name cpu-qos class-map name qos-policy name 7 Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8 Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 226
CONTROL-PLANE mode service-policy rate-limit-protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL. Dell(conf)#ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 227
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1 Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 228
applied to each queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 229
Example of Viewing Queue Mapping for IPv6 Protocols Dell#show ipv6 protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ Q6 CP _ ICMP any any _ Q6 CP _ VRRP any any _ Q7 CP _ Dell# Control Plane Policing (CoPP) 229 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 230
Configuring PFC in a DCB Map • Configuring PFC without a DCB Map • Behavior of Tagged Packets • Configuration Example for DSCP and PFC Priorities • SNMP Support for PFC and Buffer Statistics Tracking • Performing PFC Using DSCP Bits Instead of 802.1p Bits • PFC and ETS Configuration Examples • Using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 231
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 232
DCBx • During DCBx negotiation with a remote peer: • DCBx communicates with the remote peer by LLDP TLV to determine current policies, such as PFC support and ETS bandwidth allocation. • If DCBx negotiation is not successful (for example, a version or TLV mismatch), DCBx is disabled and PFC or ETS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 233
Traffic Groupings Group ID Group bandwidth Group transmission selection algorithm (TSA) In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: • PFC enabled or disabled • No bandwidth limit or no ETS processing Description A 4-bit identifier - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 234
with peer devices. Exchanged parameters are sent in organizationally specific TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters ETS parameters PFC Configuration TLV and Application Priority Configuration TLV. ETS Configuration TLV and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 235
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 236
into account the following default settings: DCB is enabled. The PFC memory buffer supports up to 52 (not 64) PFC-enabled ports and two lossless queues links for Storage Area Network (SAN) traffic that requires nodrop service, while retaining packet-drop congestion management for Local Area Network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 237
PFC and link-level flow control at the same time on an interface. Dell Networking OS does not support MACsec Bypass Capability (MBC). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 238
port-pipe command. NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays. Data - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 239
to create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packetdrop congestion management for LAN to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 240
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 241
Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when a port. • A limit of two lossless queues is supported on a port. If the number of lossless queues configured exceeds the maximum supported limit per port (two), an error message is displayed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 242
the port queues that still function as nodrop queues for lossless traffic. For the dot1p-queue assignments. The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 243
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 244
for each frame priority. The goal of this mechanism is to ensure zero loss under congestion in DCB networks. Dell Networking OS provides SNMP support for monitoring PFC and BST counters, and statistics. The enhancement is made on DELL-NETWORKING-FPSTATS-MIB with additional tables to display the PFC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 245
to classify these untagged packets from the server based on their DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 246
ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 247
(refer to Configuring Bandwidth Allocation for DCBx CIN) and dot1p-queue mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 248
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 249
the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Configuring ETS in a DCB Map A switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure ETS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 250
Dell Networking OS de-queues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve to data queues, not to control queues. • Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 251
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 252
is enabled end-toend). For more information about how these features are implemented and used, refer to: • Configure Enhanced Transmission Selection DCBx supports the following versions: CIN, CEE, and IEEE2.5. Prerequisite: For DCBx, enable LLDP on all DCB devices. DCBx Operation DCBx performs the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 253
configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual The port is configured to operate only with administrator-configured settings and does not autoconfigure with DCB settings received from a DCBx - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 254
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 255
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 256
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link a configuration-source role. 4 Configure ports to operate in a manual role. 1 Enter INTERFACE Configuration mode. CONFIGURATION mode interface type - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 257
administer-configured DCB parameters. The port does not accept a DCB configuration received from a peer or a local configuration source. The default is Manual. 5 On manual ports only: Configure the PFC and ETS TLVs advertised to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 258
4 Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | the Application Priority TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-appln- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 259
[no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7 Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 260
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 19. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 261
priority-list 4 set-pgid 2 The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 262
Table 20. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 263
0 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1 ets summary Interface TenGigabitEthernet 1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled PG-grp Priority# BW-% BW-COMMITTED - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 264
The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : Admin is enabled TC-grp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 265
interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 266
-unit all stack-ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 267
port role: auto-upstream, autodownstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used . In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 268
global switch level (refer to Default dot1p to Queue Mapping) using the service-class dynamic dot1p command in INTERFACE configuration mode. Layer 2 class maps the following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 269
default PFC total buffer size is 3088. 3 Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured depends on the buffer. The default number of PFC queues in the system is one. For each priority, you can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 270
7 Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default buffer-threshold setting. INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold 8 Configuring Global total buffer size on stack ports. CONFIGURATION mode dcb - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 271
Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 272
1 Enabling DCB Dell(conf)#dcb enable 2 Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p 3 Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth 50 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 273
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 274
Option Subnet Mask Number and Description Option 1 Specifies the client's subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client's default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 275
client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. A server sends this message to the client if it is not able to fulfill - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 276
configurations that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For Management Responding To Client Requests Providing Administration Services Description DHCP servers are the owners of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 277
1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands Dynamic Host Configuration Protocol (DHCP) 277 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 278
Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses in a DHCP address pool are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To exclude an address, follow this step. • Exclude an address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 279
for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to recommends specifying clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address and the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 280
stored on the server. For more information, refer to Configuring the Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported on Ethernet, VLAN, and port-channel interfaces. • The public out-of-band management interface and default VLAN 1 are configured by default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 281
a new IP address, use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 282
using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 283
DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows: • If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface, the trust port, source MAC address, and snooping table validations are not performed on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 284
ip dhcp relay information-option [trust-downstream] For routers between the relay agent and the DHCP server, enter the trust-downstream option. • Manually reset the remote ID for Option 82. CONFIGURATION mode ip dhcp relay information-option remote-id DHCP Snooping DHCP snooping protects networks - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 285
DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer 2 interfaces does require a relay agent. Binding table entries are deleted when a lease expires or when the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 286
Adding a Static IPV6 DHCP Snooping Binding Table To add a static entry in the snooping database, use the following command. • Add a static entry in the snooping binding table. EXEC Privilege mode ipv6 dhcp snooping binding mac address vlan-id vlan-id ipv6 ipv6-address interface interfacetype | - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 287
Snooping packets processed on L2 vlans DHCP Binding File Details Invalid File Invalid Binding Entry Binding Entry lease expired List of Trust Ports List of DHCP Snooping Enabled Vlans List of DAI Trust ports : 142 : 0 : 0 : 0 :Te 1/4 :Vl 10 :Te 1/4 Displaying the Contents of the DHCPv6 Binding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 288
ip dhcp relay secondary-subnet 2 Sample Configuration: Dell(conf)#ip dhcp relay secondary-subnet Dell(conf)#interface TenGigabitEthernet 0/0 Dell(conf-if-te-0/0)#ip address 10.1.1.1/24 Dell(conf-if-te-0/0)#ip address 11.1.1.1/24 secondary Dell(conf-if-te-0/0)#ip helper-address 2.1.1.1 Dell(conf-if- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 289
a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 290
an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 291
To enable IP source address validation, use the following command. NOTE: If you enable IP source guard using the ip dhcp source-address-validation command and if there are more entries in the current DHCP snooping binding table than the available CAM space, SAV may not be applied to all entries. To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 292
• Enable IP+MAC SAV with VLAN option. INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 293
14 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 294
Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 295
Te 1/1 Up 36 Te 1/1 Up 52 Managing ECMP Group Paths To avoid path degeneration, configure the maximum number of paths for an ECMP route that the L3 CAM can hold. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 296
Host table since it cannot be written in LPM table, and IPv4 0/32 route entries are written in LPM table itself to support the ECMP since ECMP was not supported in Host table. On the system, unified forwarding table (UFT) is enabled, and the host table size is bigger compared to the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 297
host table can have ECMP. For other platforms, only the IPv6 /128 prefix route entries is stored in the L3 host table without ECMP support. The software supports a command to program IPv6 /128 route prefixes in the host table. The output of show IPv6 cam command has been enhanced to include the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 298
ipv6-over-gre-ipv6 Payload header mac-in-mac header based hashing is disabled TcpUdp Load Balancing Enabled Dell(conf)# • Packet Header parameters for the first portion of the RTAG7 hash can be controlled. By default, all the listed parameters from the Packet header are considered for hash - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 299
as the hash algorithm. Configuration and Benefits The preceding anti-polarization techniques require some coordinated configuration of network nodes to solve the problem and these techniques are not scalable when the number of tiers in the network is high. Flow based hashing specifically addresses - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 300
xor1 of xor1 xor2 of xor2 xor4 of xor4 xor8 of xor8 xor16 CRC16_BISYNC_AND_XOR1 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR2 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR4 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR8 - Upper 8 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 301
works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. In addition, DCB provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 302
• Allow transit Ethernet bridges to efficiently monitor FIP frames passing between FCoE end-devices and an FCF. To dynamically configure ACLs on the bridge to only permit traffic authorized by the FCF, use the FIP snooping data. FIP enables FCoE devices to discover one another, initialize and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 303
Figure 37. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 304
, solicitations, FLOGI/FDISC requests and responses, FLOGO requests and responses, keep-alive packets, and clear virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: FIP Snooping 304 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 305
FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure port must continue to operate with untagged frames. FIP snooping is not supported on a port that is configured for non-default untagged VLAN membership - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 306
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 307
trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 308
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 309
NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 27. Displaying FIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 310
The following table describes the show fip-snooping sessions command fields. Table 28. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 311
The following table describes the show fip-snooping fcf command fields. Table 30. show fip-snooping fcf Command Description Field FCF MAC FCF Interface VLAN FC-MAP ENode Interface FKA_ADV_PERIOD No of ENodes FC-ID Description MAC address of the FCF. Slot/port number of the interface to which the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 312
Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 313
Field Number of FLOGI Accepts Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Description - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 314
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 39. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 315
Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# portmode hybrid Dell(conf-if-te-1/1)# switchport Dell(conf-if-te-1/1)# protocol lldp Dell(conf-if-te-1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 316
with the Flex Hash mechanism. Keep the following points in mind when you configure the flex hash capability: • A maximum of eight flex hash entries is supported. • A maximum of 4 bytes can be extracted from the start of the L4 header. • The offset range is 0 - 30 bytes from the start of the L4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 317
With the reduced time that is taken to reboot the switch, upon a manually-initiated reload or an expected restart of the device, there is minimal servers in that rack. This functionality of minimized reload time is supported in a network deployment in which the servers are connected through - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 318
Symmetric Multiprocessing (SMP) utility that is enabled on the Intel CPU on the device to enhance the speed of the system startup. SMP is supported on the device. For the fast boot feature to reduce the traffic disruption significantly, the following conditions apply: 1 When LACP is used between the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 319
with an uplink speed of 40 Gigabit Ethernet per second. Interoperation of Applications with Fast Boot and System States This functionality is supported on the S6000 platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 320
boot and actions specific to this mode will not be performed. Software Upgrade When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases that were maintained in the older release from when you performed the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 321
computed and installed without the need for any manual intervention in any of the following conditions: Converged Ethernet (RoCE) Overview This functionality is supported on the S6000 platform. RDMA is a lossless nature of disk input and output services. • Lossless connectivity: VMs require - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 322
for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the S6000 platform. All the frames in a Layer 2 VLAN are identified using a tag defined in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 323
against any single link/switch failure and thus provides for greater network uptime. Topics: • Protocol Overview • Implementing FRRP • FRRP Configuration • Troubleshooting FRRP • Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology. You can configure up to 255 rings - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 324
has been temporarily blocked and places it into a pre- forwarding state. When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the previously blocked ring ports on the newly restored port. Then the Transit node - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 325
Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP group and a Transit for another FRRP group, or it can be a Transit node for both rings. In the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 326
• The Master node transmits ring status check frames at specified intervals. • You can run multiple physical rings on the same switch. • One Master node per ring - all other nodes are Transit. • Each node has two member interfaces - primary and secondary. • There is no limit to the number of nodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 327
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 328
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 329
no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter. Be sure to follow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 330
Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds • Hello-Interval: the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 331
Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 332
tagged TenGigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 2/14 secondary TenGigabitEthernet 2/31 control-vlan 101 member-vlan 201 mode transit no disable Example of R3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 333
to register and de-register attribute values, such as VLAN IDs, with each other. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 334
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 335
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 336
interface TenGigabitEthernet 1/21 no ip address switchport gvrp enable gvrp registration fixed 34-35 gvrp registration forbidden 45-46 no shutdown Dell(conf-if-te-1/21)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 337
IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports an unlimited number of groups. • Dell Networking systems cannot serve as an IGMP host or an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 338
time. A host joins and leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 339
period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 340
Figure 44. IGMP Version 3-Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1 The first unsolicited report from the host indicates that it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 341
Figure 45. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1 Host 1 sends a message indicating it is leaving group 224.1.1.1 and that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 342
Figure 46. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1 Enable multicast routing using the ip multicast-routing command. 2 Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 343
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 344
Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1 225.1.2.1 TenGigabitEthernet 1/1 Mode IGMPV2 IGMPV2 Uptime 00:11:19 00:10:19 Expires 00:01:50 00:01:50 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 345
• Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 346
ip igmp snooping enable • View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 347
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 348
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 349
confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported Supported If you configure a source interface is for any EIS management - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 350
NOTE: Egress Interface Selection (EIS) works only with IPv4 routing. When the feature is enabled using the management egress-interface-selection command, the following events are performed: • The CLI prompt changes to the EIS mode. • In this mode, you can run the application and no application - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 351
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 352
• Management application packet counter is incremented if EIS route lookup succeeds and packet is sent out of the management port. • If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management application drop counter is incremented. • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 353
Traffic type / Application type Switch initiated traffic Switch-destined traffic Transit Traffic destination uses the front-end port selected based on route lookup in EIS port to management default route only. No change in table. If the management port is down or the port is blocked the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 354
Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected. Table 34. Behavior of Various Applications for Switch-Initiated Traffic Protocol Behavior when EIS is Enabled dns EIS Behavior ftp EIS Behavior ntp EIS Behavior radius EIS Behavior - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 355
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 356
ip igmp snooping mrouter interface Internet Group Management Protocol (IGMP) 356 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 357
and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state. Basic Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 358
• Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting 40G Ports without Reload • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 359
.10.10.1 TenGigabitEthernet 1/7 unassigned TenGigabitEthernet 1/8 unassigned TenGigabitEthernet 1/9 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 360
shutdown ! interface TenGigabitEthernet 2/7 no ip address shutdown ! interface TenGigabitEthernet 2/8 no ip address shutdown ! interface TenGigabitEthernet 2/9 no ip address shutdown Resetting an Interface to its Factory Default State You can reset the configurations applied on an interface to its - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 361
configure on the management optic ports alone. Without any optic, if you configure the speed, the configuration is assigned as the port speed to support Provisioning through BMP. User viewable Logs: Logs for optic insertion and removal are same as QSFP optics. You can use the show inventory media - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 362
show interface transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id QSFP 0 Ext Id QSFP 0 Connector QSFP 0 Transceiver Code QSFP 0 Encoding QSFP 0 Length(SFM) Km QSFP 0 Length(OM3) 2m QSFP 0 Length(OM2) 1m QSFP 0 Length(OM1) 1m QSFP 0 Length(Copper) 1m QSFP 0 Vendor Rev = 0x0d = 0x00 = 0x0c = 0x04 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 363
no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 364
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 365
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 366
• must not match the virtual IP address and must not be in the same subnet as the virtual IP. If there are 2 RPMs on the system, each Management interface must be configured with a different IP address. Unless the management route command is configured, you can only access the Management interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 367
Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet. To configure an IP address for the port, use the following commands. There is no separate management routing table, so configure all routes in the IP routing table ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 368
Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP loopback number • Delete a Loopback interface. CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface. Interfaces 368 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 369
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 370
As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel. Member ports of a LAG are added and programmed into the hardware in a predictable order based on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 371
Creating a Port Channel You can create up to 4096 port channels with up to 16 port members per group on the platform. To configure a port channel, use the following commands. 1 Create a port channel. CONFIGURATION mode interface port-channel id-number 2 Ensure that the port channel is active. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 372
Examples of the show interfaces port-channel Commands To view the port channel's status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example. Dell#show int port brief LAG Mode Status Uptime Ports 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 373
Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 374
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3 Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 375
Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged Name: TenGigabitEthernet 1/1 802.1QTagged: True Vlan membership: Q - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 376
-value For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change to another algorithm. CONFIGURATION mode Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 377
Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 378
Create a Multiple-Range The following is an example of multiple range. Example of the interface range Command (Multiple Ranges) Dell(conf)#interface range tengigabitethernet 1/5 - 10 , tengigabitethernet 1/1 , vlan 1 Dell(conf-if-range-te-1/1,te-1/5-10,vl-1)# Exclude Duplicate Entries The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 379
To define an interface-range macro, use the following command. • Defines the interface-range macro and saves it in the running configuration file. CONFIGURATION mode Define the Interface Range The following example shows how to define an interface-range macro named "test" to select Ten Gigabit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 380
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 381
,92,100,108,116,124) . These ports can be changed to 40G to 10G mode or vice-versa without reload. • When a non-supported profile release is upgraded to a supported profile release, the fan-out configured ports get automatically included in the profile. In fan-out mode, if a system is upgraded with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 382
40GBASE-SR4 4829455N01XP Yes Splitting QSFP Ports to SFP+ Ports The platform supports splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). Interfaces 382 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 383
no stack-unit stack-unit-number port port-number portmode quad command. Important Points to Remember • Splitting a 40G port into four 10G ports is supported on standalone and stacked units. • You cannot use split ports as stack-link to stack a system. To verify port splitting, use the show system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 384
can use a copper SFP module on QSFP ports using a QSA adapter. Important Points to Remember • Starting from Dell OS 9.7(0.0), as part of dynamic fan-out support, only 96 ports can be split into 10G mode. Remaining eight ports stay in 40G. For more information, see Fanning out 40G Ports Dynamically - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 385
NOTE: In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 386
Dell#show interfaces tengigabitethernet 0/7 transceiver SFP 0 Serial ID Base Fields SFP 0 Id = 0x0d SFP 0 Ext Id = 0x00 SFP 0 Connector = 0x23 SFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding = 0x00 Dell#show interfaces tengigabitethernet 0/8 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 387
LineSpeed 10000 Mbit Dell#show interfaces tengigabitethernet 0/3 tengigabitethernet 0/1 is up, line protocol is down Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP+ type is 10GBASE-SX .......... LineSpeed 10000 Mbit Dell#show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 388
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 389
Dell#show interfaces dampening Tengigabitethernet 1/1 Interface Supp Flaps Penalty Half-Life Reuse State Te 1/1 Up 0 0 1 2 Dell# Suppress 3 Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 390
link bundle monitoring status. show link-bundle-distribution Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 391
. To allow fullduplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 392
• Number of flow-control packet pointers: the range is from 1 to 2047 (default = 75). • Flow-control buffer threshold in KB: the range is from 1 to 2013 (default = 49KB). • Flow-control discard threshold in KB: the range is from 1 to 2013 (default = 75KB). • Buffer threshold limit for generating - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 393
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 394
no negotiation auto If the speed was set to 1000, do not disable auto-negotiation. 8 Verify configuration changes. INTERFACE mode show config Example of the show interfaces status Command to View Link Status NOTE: The show interfaces status command displays link status, but not administrative - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 395
refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive . The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 396
rate-interval Example of the rate-interval Command The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 1/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 397
the configuration files. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 398
You can create groups of VLANs using the interface group command. This command will create nonexistent VLANs specified in a range. On successful command execution, the CLI switches to the interface group context. The configuration commands inside the group context will be the similar to that of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 399
no ip address shutdown ! interface TenGigabitEthernet 1/10 no ip address shutdown ! interface TenGigabitEthernet 1/34 ip address 2.1.1.1/16 shutdown ! interface Vlan 2 no ip address no shutdown ! interface Vlan 3 tagged te 1/1 no ip address shutdown ! interface Vlan 4 tagged te 1/1 no ip address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 400
flash by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Interfaces 400 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 401
21 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 402
Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 403
-if)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.11.1.1/24 no shutdown ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 404
Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, Te 5/1 S 6.1.2.2/32 via 6.1.20.2, Te 5/1 S 6.1.2.3/32 via 6.1.20.2, Te 5/1 S - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 405
is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages. feature is not supported on significantly high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 406
command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature >show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 407
tomm-3 gxr f00-3 Dell> (perm, OK) - IP (perm, OK) - IP (perm, OK) - IP 192.68.99.2 192.71.18.2 192.71.23.1 To view the current configuration, use the show running-config resolve command. Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 408
related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • Configuring Static ARP Entries ( dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 409
Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 410
In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. Enabling ARP Learning via Gratuitous ARP To enable ARP learning via gratuitous ARP, use the following command. • Enable ARP learning via gratuitous ARP. CONFIGURATION mode arp learn- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 411
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 412
To view if ICMP unreachable messages are sent on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. UDP Helper User datagram protocol (UDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 413
ip udp-broadcast-address Examples of Configuring and Viewing a Broadcast Address Dell(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 Dell(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged TenGigabitEthernet 1/2 no shutdown To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 414
Figure 49. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 415
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 416
IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended address space • Stateless autoconfiguration • Header format simplification • Improved - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 417
of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 418
/65 prefixlength) or 3K IPv6 route entries (greater than /64 prefix-length). You can configure the LPM table with one of the following partitions to support the IPv4 and IPv6 prefix route entries: • Partition 1: IPv6 128-bit LPM entries can be stored in this partition. IPv4 and 64-bit IPv6 entries - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 419
The optimized booting functionality does not use Openflow and therefore SDN support is not available. LPM partitioning might have a slight impact on the number of SDN-programmed L3 entries because the LPM space becomes reduced. IPv6 Header - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 420
Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 421
the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet's Source IP Address identifying the unknown option type. IPv6 Routing 421 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 422
send an ICMP Parameter Problem, Code 2 message to to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 423
::/64 subnet. Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your Commands in the Dell Networking OS Command Line Interface Reference Guide. Extended Address Space IPv6 Neighbor Discovery Stateless Autoconfiguration Path - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 424
client support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 425
messages. The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 426
used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 54. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 427
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 428
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 429
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 430
Telnet connection from the router. NOTE: Telnet to link local addresses is supported on the system. • Enter the IPv6 Address for the device. EXEC mode and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 431
• snmp-server group access-list-name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options. EXEC mode or EXEC Privileged mode show ipv6 ? Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 432
Advertised by: fe80::201:e8ff:fe8b:3166 412::/64 onlink autoconfig Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::1:ff8b:386e ND MTU is 0 ICMP redirects are not sent DAD is enabled, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 433
Destination Dist/Metric, Gateway, Last Change C 600::/64 [0/0] Direct, Te 1/24, 00:34:42 C 601::/64 [0/0] Direct, Te 1/24, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 1/24, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00:34:42 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 434
• ipv6 address: the format is x:x:x:x::x. • mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 435
10 Set the router lifetime. POLICY LIST CONFIGURATION mode router-lifetime value The router lifetime range is from 0 to 9,000 seconds. 11 Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12 Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 436
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing 436 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 437
provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies on iSCSI traffic. When enabled, iSCSI optimization allows to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 438
• iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier of congestion that would otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported. The following illustration shows iSCSI optimization between servers and a storage array in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 439
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 440
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 441
Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 442
addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 443
in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2. You cannot disable LLDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 444
• remark: marks incoming iSCSI packets with the configured dot1p or DSCP value when they egress the switch. The default is: the dot1 and DSCP values in egress packets are not changed. 8 (Optional) Set the aging time for iSCSI session monitoring. CONFIGURATION mode [no] iscsi aging time time. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 445
3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0 Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0 Target: iqn. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 446
-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS- called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 447
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 448
a redundant configuration) should not necessarily interrupt data packet forwarding. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into or by setting a specific amount of time manually. Intermediate System to Intermediate System 448 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 449
Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 450
Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 451
the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 452
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 453
Use this command for IPv6 route computation only when you enable multi-topology. If using single-topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. 4 Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 454
} • adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. • manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 455
LSP Interval: 33 Next IS-IS LAN Level-1 Hello in 4 seconds Next IS-IS LAN Level-2 Hello in 6 seconds LSP Interval: 33 Restart Capable Neighbors: 2, In Start: 0, In Restart: 0 Dell# Changing LSP Attributes IS-IS routers flood link state PDUs (LSPs) to exchange routing information. LSP attributes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 456
and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the : System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 457
Distance: 115 Generate narrow metrics: level-1-2 Accept narrow metrics: level-1-2 Generate wide metrics: none Accept wide metrics: none Dell# Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 458
Changing the IS-Type To change the IS-type, use the following commands. You can configure the system to act as a Level 1 router, a Level 1-2 router, or a Level 2 router. To change the IS-type for the router, use the following commands. • Configure IS-IS operating level for a router. ROUTER ISIS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 459
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Distribute Routes Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 460
ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and the interface information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 461
redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: • process-id the range is from 1 to 65535. • level-1, level-1-2, or level-2: assign all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 462
mode domain-password [encryption-type | hmac-md5] password The Dell OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 463
eljefe.01-00 * 0x00000001 0x68DF 1108 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1099 0/0/0 Force10.00-00 0x00000002 0xD1A7 1088 0/0/0 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000006 0xC38A 1110 0/0/0 eljefe.00-00 * 0x0000000E - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 464
0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 465
to transition metric style. NOTE: A truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. default value (10) if the original value is greater than 63. A message is sent to the console. original value original value original value original - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 466
Moving to transition and then to another metric style produces different results. Table 45. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style wide transition truncated value wide wide transition - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 467
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 468
interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 469
25 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 470
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 471
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 472
... Dell(conf)#interface TenGigabitethernet 4/16 Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 473
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 474
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 475
• If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 476
0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 477
Figure 61. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP) 477 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 478
Figure 62. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 478 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 479
Figure 63. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 480
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 481
Figure 64. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP) 481 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 482
Figure 65. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 482 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 483
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 484
26 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 485
Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 486
NOTE: The CAM-check failure message beginning in Dell Networking OS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 487
mac learning-limit station-move The mac learning-limit station-move command allows a MAC address already in the table to be learned from another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 488
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 489
Disabling MAC Address Learning on the System You can configure the system to not learn MAC addresses from LACP and LLDP BPDUs. To disable source MAC address learning from LACP and LLDP BPDUs, follow this procedure: • Disable source MAC address learning from LACP BPDUs. CONFIGURATION mode mac-address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 490
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 491
dynamic LAG, the backup interface can be a static or dynamic LAG In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 492
-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-3/41-42)#interface tengig 3/41 Dell(conf-if-te-3/41)#shutdown 00:24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 493
the interface to bring it back to an FEFD operational state. When you enable Aggressive mode on an interface in the same state, manual intervention is required to reset the interface. FEFD enabled systems (comprised of one or more interfaces) automatically switches between four different states - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 494
not received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface] Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 495
ip address ip address, switchport 2 Enable the necessary ports administratively. INTERFACE mode no shutdown 3 Enable fefd globally. CONFIGURATION mode fefd-global {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 496
no shutdown 3 INTERFACE mode fefd {disable | interval | mode} Example of Viewing FEFD Configuration Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal 3 Unknown - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 497
02-05-2009 12:40:38 Local7.Debug 10.16.151.12 Feb 5 07:06:19: %RPM1-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 1/45 02-05-2009 12:40:38 Local7.Debug 10.16.151.12 Feb 5 07:06:19: %RPM1-P:CP %FEFD-5-FEFD-BIDIRECTION-LINK-DETECTED: Interface Te 1/45 has bidirectional link with its peer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 498
27 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 499
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 72. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 500
, DOCSIS cable device, end station only, or other. Indicates the network address of the management interface. Dell Networking OS does not currently support this TLV. On Dell Networking systems, indicates the untagged VLAN to which a port belongs. On Dell Networking systems, indicates the tagged VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 501
framework. • LLDP-MED Network Connectivity Device - any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 502
MED TLVs it supports • LLDP device class Indicates the application type, VLAN ID, Layer 2 Priority, and DSCP value. Indicates that the physical location of the device expressed in one of three possible formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN Indicates power - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 503
- LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • The value of the LLDP-MED capabilities field in the TLV is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 504
Streaming Video Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 505
Figure 75. LLDP-MED Policies TLV Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 506
Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 507
Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2 Enable LLDP. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 508
3 Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 509
Figure 77. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 510
Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 511
! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 512
R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring the Time to Live Value The information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 513
use the no debug lldp command. Figure 78. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 514
MIB Object Category Basic TLV Selection LLDP Statistics LLDP Variable LLDP MIB Object Description txInfoTTL mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable statsAgeoutsTotal statsFramesDiscardedTotal statsFramesInErrorsTotal statsFramesInTotal statsFramesOutTotal statsTLVsDiscardedTotal - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 515
TLV MIB Objects TLV Type TLV Name TLV Variable 127 Port-VLAN ID PVID 127 Port and Protocol VLAN port and protocol VLAN ID supported System Local Remote Local Remote port and protocol VLAN enabled Local Remote PPVID Local Remote 127 VLAN Name VID Local Remote VLAN name length - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 516
TLV Type TLV Name TLV Variable VLAN name System Remote Local Remote Table 57. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 1 LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote LLDP-MED Class Type Local Remote 2 Network Policy Application Type Local - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 517
TLV Sub-Type 3 TLV Name Location Identifier TLV Variable Location Data Format System Local Remote Location ID Data Local Remote 4 Extended Power via MDI Power Device Type Local Remote Power Source Local Remote Power Priority Local Remote Power Value Local Remote LLDP-MED MIB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 518
28 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 519
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering To provide transparent failover or balancing, Microsoft clustering allows multiple servers using Microsoft Windows to be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 520
CONFIGURATION mode ip vlan-flooding There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets that use these ARP entries. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 521
29 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 522
Figure 80. MSDP SA Message Format Topics: • Anycast RP • Implementation Information • Configure Multicast Source Discovery Protocol • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 523
each RP is aware of the active sources in the area of the other RPs. If any of the RPs fail, IP routing converges and one of the RPs becomes the active RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 524
Figure 81. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP) 524 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 525
Figure 82. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 525 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 526
Figure 83. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) 526 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 527
Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP. CONFIGURATION mode ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 528
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 529
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries. Clearing the Source- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 530
Figure 85. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP) 530 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 531
Figure 86. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 531 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 532
Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 533
GroupAddr 229.0.50.2 229.0.50.3 229.0.50.4 SourceAddr 24.0.50.2 24.0.50.3 24.0.50.4 RPAddr 200.0.0.50 200.0.0.50 200.0.0.50 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.2 Expire 73 73 73 UpTime 00:13:49 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 534
MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 LearnedFrom local Reason Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 535
! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 536
Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 537
MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: • traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 538
Figure 88. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1 In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2 Make - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 539
CONFIGURATION mode ip msdp peer 5 Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 540
! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 541
interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 542
network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 MSDP Sample Configuration: R2 Running-Config ip multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 543
ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 544
30 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 545
and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. Configure Multiple Spanning Tree Protocol Configuring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 546
• Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 547
• Create an MSTI. PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 548
spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 549
• Change the region revision number. PROTOCOL MSTP mode revision number Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 550
The default is 20 seconds. 4 Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20. Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 551
To change the port cost or priority of an interface, use the following commands. 1 Change the port cost of an interface. INTERFACE mode spanning-tree msti number cost cost The range is from 0 to 200000. For the default, refer to the default values shown in the table.. 2 Change the port priority of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 552
of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 90. MSTP with Three VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 553
MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 1/21 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/31 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 554
interface Vlan 300 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown Router 3 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 555
spanning-tree MSTi vlan 2 300 (Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 556
• Is the Region name blank? That may mean that a name was configured on one router and but was not configured or was configured differently on another router (spelling and capitalization counts). • MSTP Instances. • To verify the VLAN to MSTP instance mapping, use the show commands. • Are there " - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 557
across default and non-default virtual routing and forwarding (VRFs). The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Topics: • Enabling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 558
5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 559
NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 560
Figure 91. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 60. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 561
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 562
ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the system. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 563
Figure 92. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 62. Preventing a Source from Transmitting to a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 564
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 565
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 566
objects of interest, monitor their state, and report to a client when a change in an object's state occurs. The following tracked objects are supported: • Link status of Layer 2 interfaces • Routing status of Layer 3 interfaces (IPv4 and IPv6) • Reachability of IP hosts • Reachability of IPv4 and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 567
Figure 93. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 568
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 569
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 570
To configure object tracking on the status of a Layer 2 interface, use the following commands. 1 Configure object tracking on the line-protocol state of a Layer 2 interface. CONFIGURATION mode track object-id interface interface line-protocol Valid object IDs are from 1 to 65535. 2 (Optional) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 571
• The status of an IPv6 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IPv6 address. • The Layer 3 status of an IPv6 interface goes DOWN when its Layer 2 status goes down (for a Layer 3 VLAN, all VLAN ports must be down) or the IPv6 address is removed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 572
Track an IPv4/IPv6 Route You can create an object that tracks the reachability or metric of an IPv4 or IPv6 route. You specify the route to be tracked by its address and prefix-length values. Optionally, for an IPv4 route, you can enter a VRF instance name if the route is part of a VPN routing and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 573
CONFIGURATION mode track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} reachability [vrf vrf-name] Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format; valid IPv4 prefix lengths are from / 0 to /32. Enter an IPv6 address in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 574
Reachability is Down (route not in route table) 2 changes, last change 00:03:03 Tracking a Metric Threshold Use the following commands to configure object tracking on the metric threshold of an IPv4 or IPv6 route. To remove object tracking, use the no track object-id command. 1 (Optional) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 575
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 576
IP routing is Up 3 changes, last change 00:03:30 Tracked by: Example of the show track brief Command Router# show track brief ResId Resource State LastChange 1 IP route reachability Parameter 10.16.0.0/16 Example of the show track resolution Command Dell#show track resolution IP Route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 577
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 578
Figure 94. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 579
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 580
Figure 95. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 581
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 582
• Type 8: Link LSA (OSPFv3) - This LSA carries the IPv6 address information of the local links. • Type 9: Link Local LSA (OSPFv2), Intra-Area-Prefix LSA (OSPFv3) - For OSPFv2, this is a link-local "opaque" LSA as defined by RFC2370. For OSPFv3, this LSA carries the IPv6 prefixes of the router and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 583
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 584
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 585
impact adjacency stability in larger topologies. Multi-Process OSPFv2 with VRF Multi-process OSPF with VRF is supported on the Dell Networking OS. Only one OSPFv2 process per VRF is supported. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 586
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 587
Examples of Setting and Viewing a Dead Interval In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell(conf)#int tengigabitethernet 2/2 Dell(conf-if-te-2/2)#ip ospf hello-interval 20 Dell(conf-if-te-2/2)#ip ospf dead-interval 80 Dell(conf-if-te-2/2)# In the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 588
• Troubleshooting OSPFv2 1 Configure a physical interface. Assign an IP address, physical or of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 589
using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 590
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 591
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 592
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 593
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 594
Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 595
• Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds • seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 596
. CONFIG-ROUTEROSPF- id mode graceful-restart helper-reject router-id • Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to force the primary RPM over to the secondary RPM. During a planned - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 597
For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 598
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 599
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 600
Figure 97. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 - Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 601
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 602
Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 603
tasks - the router ospf command to create the OSPF process, then the network area command to enable OSPFv2 on an interface. NOTE: The OSPFv2 network area command enables OSPFv2 on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 604
router-id {number} • number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id vrf {vrf-name} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf [vrf vrf-name] - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 605
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 606
-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] • Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 607
of OSPFv3 packets between IPsec-enabled routers. IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: transport and tunnel. Open Shortest Path First (OSPFv2 and OSPFv3) 607 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 608
ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the because the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 609
for full confidentiality. • 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted keys are supported. NOTE: To encrypt all keys on a router, use the service password-encryption command in Global Configuration mode. However, this command does not provide a high - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 610
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 611
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 612
• Display the configuration of IPsec encryption policies on the router. show crypto ipsec policy Displaying OSPFv3 IPsec Security Policies To display the configuration of IPsec authentication and encryption policies, use the following commands. • Display the AH and ESP parameters configured in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 613
: ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 614
the routes in the OSPF database? • Did you include the OSPF routes in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events and/or packets • show ipv6 neighbors • show ipv6 routes Viewing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 615
34 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 616
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 617
PBR Exceptions (Permit) To create an exception to a redirect list, use thepermit command. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. The Dell Networking OS assigns the first available sequence number to a rule configured without - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 618
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 619
and the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirectgroup IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 620
redirect-group xyz shutdown Dell(conf-if-gi-1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 621
to give you a guidance with typical configurations. You can copy and paste from these examples to your CLI. Make the necessary changes to support your own IP addresses, interfaces, names, and so on. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 622
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 623
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 624
seq 25 redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144, Track 4 [up], Next-hop reachable (via Vl 20) Applied interfaces: Te 2/28 Dell# Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 625
Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 626
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 627
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 628
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 629
TenGigabitEthernet 1/11 TenGigabitEthernet 2/13 (10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11 TenGigabitEthernet 1/12 TenGigabitEthernet 2/13 --More-- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 630
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 631
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 632
protocol overhead. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if multiple applications use . • The default range is always supported, so range can never be smaller than the default. PIM Source-Specific Mode (PIM-SSM) 632 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 633
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 634
If you do not specify the group option, the display is a list of groups currently in the IGMP group table that has a group-tosource mapping. To display the list of sources mapped to a group currently in the IGMP group table, use the show ip igmp groups group detail command. Configuring PIM-SSM with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 635
R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:07 Never Member Ports: Te 1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 636
port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 637
must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The platform supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 638
Example of Viewing a Monitoring Session In the example below, 0/25 and 0/26 belong to Port-pipe 1. This port-pipe has the same restriction of only four destination ports, new or used. Dell(conf-mon-sess-300)#do show mon session SessionID Source Destination Direction Mode Type ---- 0 Te 1/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 639
MONITOR SESSION mode source Example of Viewing Port Monitoring Configuration To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#$source ten 1/1 dest ten 1/2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 640
Figure 99. Port Monitoring Example Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. 1 Configure monitor QoS multicast queue ID. CONFIGURATION mode monitor multicast-queue queue-id Dell(conf)#monitor multicast-queue 7 2 Verify information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 641
port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a timesaving and efficient way. In a remote-port be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 642
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 643
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 644
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 645
Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 646
Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 647
Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6 Dell(conf-mon-sess-3)#tagged destination te 1/6 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ----------- 1 remote-vlan 10 Te 1/4 N/A N/A N/A 2 remote-vlan 20 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 648
direction. • A flow-based source VLAN is monitored only for ingress traffic (not egress traffic). direction. Changes to Default Behavior • Rate-limiting ïs not supported for ERSPAN traffic. • You can configure the same port as both source and destination in an ERSPAN session. • You can configure TTL - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 649
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1-3 mac access-group flow in Only ingress packets are supported for mirroring shutdown Port Monitoring 649 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 650
address (Port D's ip address) on the sniffer. The Header that gets attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 651
• Some tools support options to edit the capture file. We can make use of such features (for example: editcap ) and chop the ERPM header part and save it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 652
38 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree - developed by a third party - that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 653
three other variations of spanning tree, as shown in the following table. Table 65. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 654
2 Place the interfaces in VLANs. 3 Enable PVST+. 4 Optionally, for load balancing, select a nondefault bridge-priority for a VLAN. Related Configuration Tasks • Modifying Global PVST+ Parameters • Modifying Interface PVST+ Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 655
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 656
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 657
The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 658
The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 659
To keep both ports in a Forwarding state, use extend system ID. Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST+ does not detect a loop and both ports can remain in a Forwarding state. Figure 104. PVST+ with Extend System ID • Augment the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 660
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 2/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 661
protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+) 661 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 662
how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 67. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 663
Ingress Egress Egress Egress Egress Egress Figure 105. Dell Networking QoS Architecture Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations Quality of Service (QoS) 663 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 664
Strict-Priority Queueing • Queue Classification Requirements for PFC Functionality • Support for marking dot1p value in L3 Input Qos Policy • Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 665
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 666
rate shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate shape 500 50 Dell(conf-if-te-1/1)#end Quality of Service (QoS) 666 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 667
. Figure 106. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 668
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4 Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 669
4 Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class -maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 670
example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 671
should be reconfigured to the default dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: • ACK • FIN • SYN • PSH • scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 672
or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p queue number takes precedence. Allocating Bandwidth to Queue Quality of Service (QoS) 672 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 673
Default Bandwidth Percentage for 8- Queue System 1% 2% 3% 4% 5% 10% 25% 50% NOTE: The system supports 8 data queues. When you assign a percentage to one queue, note that this change also affects the amount bandwidth-percentage percentage 3 Configure the rate shape. Quality of Service (QoS) 673 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 674
Map • Displaying Color Maps • Display Color Map Configuration Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 675
information on an interface interface: Enter the name of the interface that has the color policy configured. Examples for Displaying a DSCP Color Policy Quality of Service (QoS) 675 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 676
To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 677
POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets -63 53-63 53-63 32-47 16-23 32-47 16-23 16-31 16-31 0-15 0-15 8-15 8-15 0-7 0-7 Quality of Service (QoS) 677 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 678
Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 679
an ACL exists in the CAM rather than writing it to the CAM multiple times. • Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps 1 Create an output policy map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 680
, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast the strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue- based rate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 681
as PFC is not enabled on dot1p priority 5. Support for marking dot1p value in L3 Input Qos Policy PFC will be based on that dot1p priority. Support is added to mark the dot1p value in You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 682
threshold, for example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. Quality of Service (QoS) 682 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 683
Ingress Packets), all traffic defaults to green drop precedence. • Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred Quality of Service (QoS) 683 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 684
command measures the size of the specified policy-map and compares it to the available CAM space in a partition for a specified port-pipe. Quality of Service (QoS) 684 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 685
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) Specifying - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 686
random early detection (WRED) and Explicit Congestion Notification (ECN) functionality for backplane ports is supported on the Additionally, the feature to configure a weight for WRED and ECN functionality for front-end causing WRED to drop them when the threshold value is Quality of Service (QoS) 686 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 687
shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. The platform supports four global service-pools in the egress direction. Two service pools are used- one for loss-based queues and the other for lossless (priority-based flow control (PFC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 688
that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the factor for the WRED and ECN functionality for backplane ports is supported on the platform. Additionally, the functionality to configure a weight - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 689
multiple queues when the minimum guaranteed buffers for the queue are consumed. The platform supports four global service-pools in the egress direction. mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 690
access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 691
at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the match ip dscp • match ip precedence • match ip vlan Quality of Service (QoS) 691 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 692
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 693
Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Managing Hardware Buffer Statistics The memory management MMU space is shared across a maximum of 104 logical ports to support the egress admission-control functionality to implement scheduling and shaping on per - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 694
of the shared buffer for the queues you want. In this example, this setting is configured for queues 5 and 7. Dell(conf-if-te-1/1)#Service-class buffer shared-threshold-weight queue5 4 queue7 6 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 695
: 0 port: 1 (interface Fo 0/0) Q# TYPE Q# TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 Quality of Service (QoS) 695 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 696
MCAST MCAST MCAST MCAST MCAST MCAST MCAST 2 0 3 0 4 0 5 0 6 0 7 0 8 0 Quality of Service (QoS) 696 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 697
variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 698
suited for small, homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List The following is , refer to the Dell Networking OS Command Reference Interface Guide. Routing Information Protocol (RIP) 698 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 699
Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands. 1 Enter ROUTER RIP mode and enable the RIP process on Dell Networking OS. CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 700
192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 192.162.3.0/24 auto-summary Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 701
You can use this command multiple times to exchange RIP information with as many RIP networks as you want. • Disable a specific interface from sending or receiving RIP routing information. ROUTER RIP mode passive-interface interface Assigning a Prefix List to RIP Routes Another method of controlling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 702
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 703
The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 704
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 705
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 706
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 707
10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)#router rip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 708
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- R 10.11.10.0/24 via 10.11.20.2, Te 3/21 120/1 00:01:14 C 10.11.20.0/24 Direct, Te 3/21 0/0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 709
router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/1 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/2 ip address 10.11.20.1/24 no shutdown ! interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 710
is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Remote Monitoring (RMON) 710 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 711
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value eventnumber] falling-threshold - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 712
[no] rmon event number [log] [trap community] [description string] [owner string] • number: assigned event number, which is identical to the eventIndex in the eventTable in the RMON MIB. The value must be an integer from 1 to 65,535 and be unique in the RMON Event Table. • log: (Optional) generates - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 713
[no] rmon collection history {controlEntry integer} [owner ownername] [buckets bucket-number] [interval seconds] • controlEntry: specifies the RMON group of statistics using a value. • integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 714
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 75. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 715
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 716
Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • Only one path from any - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 717
Figure 109. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 718
Number of transitions to forwarding state 1 BPDU : sent 121, received 5 The port is not in the Edge port mode Port 380 (TenGigabitEthernet 2/4) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.380 Designated root has priority 32768, address 0001.e801.cbb4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 719
The following table displays the default values for RSTP. Table 76. RSTP Default Values RSTP Parameter Forward Delay Hello Time Max Age Port Cost: • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • 40-Gigabit Ethernet interfaces • Port Channel with 100 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 720
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. • Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 721
PROTOCOL SPANNING TREE RSTP mode bridge-priority priority-value • priority-value The range is from 0 to 65535. The lower the number assigned, the more likely this bridge becomes the root bridge. The default is 32768. Entries must be multiples of 4096. Example of the bridge-priority Command A console - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 722
no ip address switchport spanning-tree rstp edge-port shutdown Dell(conf-if-te-2/1)# Configuring Fast Hellos for Link State Detection Use RSTP fast hellos to achieve sub-second link-down detection so that convergence is triggered faster. The standard RSTP link-state detection mechanism does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 723
43 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN) 723 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 724
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 725
process request. • stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 726
actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 727
whether you configure RADIUS authorization. NOTE: RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS and TACACS groups and to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 728
LINE mode login authentication {method-list-name | default} To view the configuration, use the show config command in LINE mode or the show running-config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 729
-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and keys, use the following command. • Turn on the obscuring of passwords and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 730
to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 731
username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level][secret] Configure the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL. • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 732
CONFIGURATION mode username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password Secret] Configure the optional and required parameters: • name: Enter a text string up to 63 characters(maximum) long. • access-class access-list-name: Restrict access - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 733
Dell(conf)#end Dell#show running-config Current Configuration ... ! hostname Force10 ! enable password level 8 notjohn enable password Force10 ! username admin password 0 admin username john password 0 john privilege 8 ! The following example shows the Telnet session for user john. The show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 734
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 735
ACL, and a message is logged. NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can configure the system through the RADIUS server to automatically execute a command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 736
listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 737
Specifying a RADIUS Server Host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server host and configure its communication parameters, use the following command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 738
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 739
Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2 Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 740
use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 741
a countermeasure to the problem. This countermeasure is and other secure network services over an insecure network. Command Line Interface Reference Guide. Dell Networking OS supported for secure copying between a PC and a Dell Networking OS-based system. Unix-based SCP client software is supported - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 742
ssh {hostname} [-l username | -p port-number | -v {1 | 2}| -c encryption cipher | -m HMAC algorithm hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in dotted decimal format (A.B.C.D). • SSH V2 is enabled by default on all the modes. • Display SSH - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 743
Example of Using SCP to Copy from an SSH Server on Another Switch The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to the local switch. Other SSH related command include: • crypto key generate : generate keys for the SSH - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 744
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 745
how to configure a HMAC algorithm list. Dell(conf)# ip ssh mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 746
cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 747
• Enable SSH password authentication. CONFIGURATION mode ip ssh password-authentication enable Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable Dell(conf)#ip ssh password- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 748
Configuring Host-Based SSH Authentication Authenticate a particular host. This method uses SSH version 2. To configure host-based authentication, use the following commands. 1 Configure RSA Authentication. Refer to Using RSA Authentication of SSH. 2 Create shosts by copying the public RSA key to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 749
-l User name option -m HMAC algorithm to use (for v2 clients only) -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 750
, local, or remote. Table 77. VTY Access Authentication Method Line Local TACACS+ RADIUS VTY access-class support? YES NO YES Username access-class support? NO YES NO YES NO Remote authorization support? NO NO YES (with Dell Networking OS version 5.2.1.0 and later) YES (with Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 751
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 752
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 753
Configuring Role-based Only AAA Authorization You can configure authorization so that access to commands is determined only by the user's role. If the user has no user role, access to the system is denied as the user will not be able to login successfully. When you enable role-based only AAA - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 754
System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: • Network Operator (netoperator) - This user role - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 755
Consider the following when creating a user role: • Only the system administrator and user-defined roles inherited from the system administrator can create roles and user names. Only the system administrator, security administrator, and roles inherited from these can use the "role" command to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 756
The following output displays the modes available for the role command. Dell (conf)#role ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 757
Dell(conf)#do show role mode ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell(conf)#do show role mode configure line Role access:sysadmin - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 758
they do not have a role. For information about role only mode, see Configuring Role-based Only AAA Authorization. NOTE: Authentication services only validate the user ID and password combination. To determine which commands are permitted for users, configure authorization. For information about how - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 759
privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 760
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. Force10-avpair= "shell:priv-lvl=15" Example for Creating a AVP Pair for System Defined or User-Defined Role The following section shows you how to create an AV pair - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 761
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 762
Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line Role access: netadmin,sysadmin Displaying - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 763
only 802.1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated, and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network. Even under ideal conditions, customers and the provider - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 764
Figure 110. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured . 1 Creating Access and Trunk Ports 2 Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). Service Provider Bridging 764 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 765
provider bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3 Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 766
101 as tagged, and VLAN 103, which is a stacking VLAN. Dell(conf)#interface tenigabitethernet 1/1 Dell(conf-if-te-1/1)#portmode hybrid Dell(conf-if-te-1/1)#switchport Service Provider Bridging 766 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 767
system drops the frame. For example, as shown in the following, the frame originating from Building A is tagged VLAN RED, and then double-tagged VLAN Service Provider Bridging 767 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 768
the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Service Provider Bridging 768 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 769
Figure 111. Single and Double-Tag TPID Match Service Provider Bridging 769 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 770
Figure 112. Single and Double-Tag First-byte TPID Match Service Provider Bridging 770 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 771
Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 772
Privilege mode. Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence Te 1/1 0 Green Te 1/1 1 Yellow Te 2/9 1 Red Te 2/10 0 Yellow Service Provider Bridging 772 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 773
CFI/DEI Te 1/1 Green 0 Te 1/1 Yellow 1 Te 2/9 Yellow 0 Te 2/10 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 774
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 775
traverse the intermediate network might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). Service Provider Bridging 775 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 776
MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Service Provider Bridging 776 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 777
2 protocol tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode Service Provider Bridging 777 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 778
processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Service Provider Bridging 778 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 779
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 780
any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling rate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 781
in the sFlow datagram depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional information in the sFlow are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 782
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 783
Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum header second bold lines indicate sFlow is enabled on Te 1/16 and Te 1/17 Dell#show sflow sFlow services are enabled sFlow 783 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 784
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 785
sampling-rate until the CPU condition is cleared. This is as per sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the actual sampling-rate of an interface may differ from its configured - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 786
depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 787
only if the route is learned via BGP and it is reachable via the ingress interface of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points are summarized in following table. Table 79. Extended Gateway Summary IP SA - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 788
• MIB Support to Display the Software Core Files Generated by the System • Manage VLANs using SNMP • Managing Overload on Startup • Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Deriving Interface Indices • Monitor Port-Channels • Troubleshooting SNMP Operation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 789
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC 3826. The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 790
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 791
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 792
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 793
The following example shows reading the value of the next managed object. > snmpgetnext -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1.3.0 SNMPv2-MIB::sysContact.0 = STRING: > snmpgetnext -v 2c -c mycommunity 10.11.131.161 sysContact.0 The following example shows reading the value of the many - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 794
also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Dell Networking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 795
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 796
temperature is within threshold of %dC) envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan tray %d are down FAN_OK: Minor alarm cleared: all fans in fan tray %d are good vlt Enable VLT traps - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 797
than or equal to 5 minutes. This restriction also applies to the console message. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, the SNMP trap is not sent. To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 798
Copy Configuration Files Using SNMP To do the following, use SNMP from a remote client. • copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 799
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 800
NOTE: You can use the entire OID rather than the object name. Use the form: OID.index i object-value. To view more information, use the following options in the snmpset command. • -c: View the community, either public or private. • -m: View the MIB files for the SNMP command. • -r: Number of retries - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 801
The following example shows how to copy configuration files from a UNIX machine using OID. >snmpset -c public -v 2c 10.11.131.162 .1.3.6.1.4.1.6027.3.5.1.1.1.1.2.8 i 3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5.8 i 2 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.2.8 = INTEGER: 3 SNMPv2-SMI::enterprises.6027 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 802
filename copyDestFileType.index i 3 copyServerAddress.index a server-ip-address copyUserName.index s server-login-id copyUserPassword.index s server-login-password Example of Copying a Binary File From the Server to the Startup-Configuration via FTP > snmpset -v 2c -c private -m ./f10-copy-config. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 803
2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 804
MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 805
enterprises.6027.3.10.1.2.10.1.5.1.3 = "vrrp" Hex: 76 72 72 70 enterprises.6027.3.10.1.2.10.1.5.2.1 = "sysd" Hex: 73 79 73 64 The output above displays that the software core files generated by the system. Manage VLANs using SNMP The qBridgeMIB managed objects in Q-BRIDGE-MIB, defined in RFC 2674, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 806
NOTE: Whether adding a tagged or untagged port, specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts. Example of Adding an Untagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as an untagged member of VLAN 10. >snmpset -v2c -c mycommunity 10. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 807
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 808
Each object comprises an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 809
the final, unused bit are not given. The interface is physical, so represent this type of interface by a 0 bit, and the unused bit is always 0. These 2 bits are not given because they are the most significant bits, and leading zeros are often omitted. To display the interface number, use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 810
of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 811
• Remove Units or Front End Ports from a Stack • Troubleshoot a Stack Stacking Overview Dell Networking OS elects a management (master - the remaining units in the stack, also called stack members. The system supports up to six stack units. • Stack group - Each individual 40G port correspond - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 812
• Switch failure • Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Stack Master Election The stack elects a master and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 813
after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6-address | dhcp} Failover Roles If the stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 814
Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S6000 1-0 (0-3387) 128 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present [output omitted] Standalone#show system | grep priority - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 815
path selection inside the stack: If multiple paths exist between two units in the stack, the shortest path is used. Supported Stacking Topologies The device supports stacking in a ring or a daisy chain topology. Dell Networking recommends the ring topology when stacking the switches to provide - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 816
Example of Stack Manager Redundancy Management Access on Stacks You can access the stack via the console port or VTY line. • Console access - You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 817
the stack is running Dell Networking OS version9.7.0.0and the new unit is running an earlier software version, the new unit is put into a card problem state. • If the unit is running Dell Networking OS version 9.7.0.0 it is upgraded to use the same Dell Networking OS version as the stack, rebooted - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 818
the stack. 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3 Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack-unit-number renumber - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 819
Renumbering causes the unit to reboot. The stack-unit default for all new units is stack-unit 0. 4 Configure the switch priority for each unit to make management unit selection deterministic. CONFIGURATION mode stack-unit stack-unit-number priority priority 5 Assign a stack group for each unit. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 820
• Configure the final stack-group on unit 1 to complete the stack: stack-unit 1 stack-group 31 When the stack-group configuration is complete, the system prints a syslog for reload. Dell#configure Dell(conf)#stack-unit 4 stack-group 13 Dell(conf)#02:39:12: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 821
adding units to an existing stack, you can either: • allow Dell Networking OS to automatically assign the new unit a position in the stack, or • manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it. • If you add a unit that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 822
4 Member not present 5 Management online S6000 S6000 1-0(0-3666) 128 The following example shows adding a stack unit with a conflicting stack number (after). Dell#show system brief Stack MAC Reload-Type : 90:b1:1c:f4:a7:c7 : normal-reload [Next boot : normal-reload] -- Stack Info -- Unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 823
• If you configure the new unit with a stack number that is already assigned to a stack member, the stack avoids a numbering conflict by assigning the new switch the first available stack number. • If the stack has been provisioned for the stack number that is assigned to the new unit, the pre- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 824
EXEC Privilege mode stack-unit old-unit-number renumber new-unit-number Renumbering the stack manager triggers the whole stack to reload, as shown in the message below. When the stack comes back online, the master unit remains the management unit. Dell#stack-unit 2 renumber 1 Renumbering master unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 825
Num Ports : 128 Up Time : 4 hr, 25 min Dell Networking OS Version : 1-0(0-3387) Jumbo Capable : yes POE Capable : no FIPS Mode : disabled Burned In MAC : 90:b1:1c:f4:9b:88 No Of MACs : 3 -- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) 2 0 up AC up 6656 2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 826
3 Member not present 4 Member not present 5 Management online S6000 S6000 S6000 1-0(0-3387) 128 -- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) 2 0 up AC up 6720 2 1 up AC up 6688 5 0 up AC up 6688 5 1 down UNKNOWN down 0 -- Fan Status -- Unit Bay - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 827
stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. • Display redundancy Privilege mode reset-self • Reset a stack-unit when the unit is in a problem state. EXEC Privilege mode reset stack-unit unit-number {hard} Verify a Stack Configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 828
Number : 08R4VK Rev X00 Vendor Id : ZP Date Code : 01012011 Country Code : TW Piece Part ID : TW-08R4VK-75412-111-2941 PPID Revision : X00 Service Tag : NA Expr Svc Code : NA Auto Reboot : disabled Burned In MAC : 90:b1:1c:f4:a7:c7 No Of MACs : 3 -- Power Supplies -- Unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 829
Dell# Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions. • Removing a Unit from a Stack • Removing Front End Port Stacking Removing a Unit from a Stack The running-configuration and startup-configuration are synchronized - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 830
reboots. The units come up as standalone units after the reboot completes. Troubleshoot a Stack To troubleshoot a stack, use the following recovery tasks. • Recover from Stack Link Flaps • Recover from a Card Problem State on a Stack Recover from Stack Link Flaps Stack link integrity monitoring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 831
on a Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error. To recover, disconnect the new unit from the stack, change the Dell Networking OS version to match the stack, and then reconnect it to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 832
control unknown-unicast [interface] command. EXEC Privilege Topics: • Configure Storm Control • PFC Storm Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 833
mode you can configure storm control for ingress and egress traffic. Do not apply per-virtual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on an interface or globally). • Configure storm control. CONFIGURATION mode • Configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 834
traffic through other ports and priorities are not affected. For more information about the above commands, see the Dell Networking OS Command Line Reference Guide. Restore Queue Drop State You can restore the queue drop triggered due to the storm control PFC detection to the normal state. Once the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 835
Te 0/1 3 4 5 6 Te 0/2 3 4 5 6 Te 0/3 3 4 5 6 Te 0/4 3 4 5 6 Te 0/5 3 4 5 6 Te 0/80 3 4 5 6 Normal Normal Normal Normal Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Normal Normal Normal Normal 0 0 0 0 14880 14880 14880 14780 14780 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 836
three other variations of spanning tree, as shown in the following table. Table 88. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 837
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 838
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 120. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 839
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 840
Figure 121. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 841
Root Port is 289 (TenGigabitEthernet 2/1), cost of root path is 4 Topology change flag not set, detected flag not set Number of topology changes 3 last change occurred 0:16:11 ago from TenGigabitEthernet 2/3 Timers: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Times: hello 0, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 842
Table 89. STP Default Values STP Parameters Forward Delay Hello Time Max Age Port Cost • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • Port Channel with 100 Mb/s Ethernet interfaces • Port Channel with 1-Gigabit Ethernet interfaces • Port Channel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 843
The default values are listed in Modifying Global Parameters. To change the port cost or priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree 0 cost cost The range is from 0 to 65535. The default values are listed in Modifying - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 844
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 845
Figure 122. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. • drops the BPDU after it reaches the RP and generates a console - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 846
Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 847
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 848
• mstp: enables root guard on an MSTP-enabled port. • rstp: enables root guard on an RSTP-enabled port. • pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no spanning-tree 0 rootguard command in an interface configuration mode. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 849
Enable STP loop guard on a per-port or per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. Spanning Tree Protocol (STP) 849 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 850
• Loop guard is supported on a port or port-channel in any spanning tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 851
troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support information on SmartScripts, see Dell Networking Open Automation guide. Figure 125. SupportAssist NOTE: SupportAssist is Wizard • Configuring SupportAssist Manually • Configuring SupportAssist - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 852
data entry. Enable the SupportAssist service. CONFIGURATION mode support-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 853
. NOTE: This step is not mandatory and you can configure SupportAssist manually without performing this step. Even before you accept or reject the EULA activities and servers for the SupportAssist service. SUPPORTASSIST mode enable all Dell(conf)#support-assist Dell(conf-supportassist)#enable all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 854
mac-address-table" "show trace" "show command-history" "show logging" "show tech-support" } : "alarms_records", : "arp_records", : "ip_route_records", : "mac-address-table_records", : "trace_records", : "command_history_records", : "system_logging_records", : "tech-support_records" 3 Configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 855
allows you to configure name, address and territory information of the company. SupportAssist Company configurations are optional for the SupportAssist service. To configure SupportAssist company, use the following commands. 1 Configure the contact information for the company. SUPPORTASSIST mode [no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 856
[no] contact-person [first ] last Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 2 Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 857
feature status including any activities, status of communication, last time communication sent, and so on. EXEC Privilege mode show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 858
save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure. Dell SupportAssist also collects and stores - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 859
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF. Topics - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 860
Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 861
Figure 126. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 862
Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 863
CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 864
in dotted decimal format (A.B.C.D). • ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. • key keyid : Configure a text string as the key exchanged between the NTP server and the client. • prefer: Enter the keyword prefer to set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 865
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 866
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 867
CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 868
To set a recurring daylight saving time, use the following command. • Set the clock to the appropriate timezone and adjust to daylight saving time every year. CONFIGURATION mode clock summer-time time-zone recurring start-week start-day start-month start-time end-week end-day end-month end-time [ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 869
7 2009" to "Summer time starts 02:00:00 Pacific Sun Mar 8 2009;Summer time ends 02:00:00 pacific Sun Nov 1 2009" System Time and Date 869 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 870
. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • Configuring a Tunnel • Configuring Tunnel Keepalive Settings • Configuring a Tunnel Interface • Configuring Tunnel Allow-Remote Decapsulation • Configuring Tunnel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 871
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 872
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 873
ReceiveOnly Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination. • The IP MTU configured on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 874
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 875
VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 portbased VLANs and one default VLAN, as specified in IEEE Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 876
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 877
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 878
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 879
Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf ! interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 880
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 881
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 882
the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: • Proxy Gateway in VLT Domains • Configuring a Static VLT Proxy Gateway • Configuring an LLDP VLT Proxy Gateway Proxy Gateway in VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 883
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 884
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 885
• You must configure the interface proxy gateway LLDP to enable or disable a proxy-gateway LLDP TLV on specific interfaces. • The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 886
Figure 129. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 887
Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address exclude-vlan 10 • Packet duplication may happen with "Exclude-VLAN" configuration - Assume you used the exclude-vlan option (called VLAN 10) in C - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 888
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 889
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 890
Figure 131. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 891
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 892
. • A VLT interconnect over 1G ports is not supported. • The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. • The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. • VLT peer switches operate as separate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 893
switches with VLT peer switches, you use a VLT port channel, as shown in Overview. Up to 96 port-channels are supported; up to 16 member links are supported in each port channel between the VLT domain and an access device. • The discovery protocol running between VLT peers automatically generates - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 894
. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). • In a VLT domain, ingress and egress QoS policies are supported on physical VLT ports, which can be members of VLT port channels in the domain. • Ingress and egress QoS policies applied on VLT ports must - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 895
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 896
, the dynamically learned groups and multicast router ports are automatically learned on the VLT peer node. VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync - Entries learned on non-VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 897
Figure 132. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 898
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 899
vlt domain domain-id 2 Enable peer-routing. VLT DOMAIN mode peer-routing 3 Configure the peer-routing timeout. VLT DOMAIN mode peer-routing-timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 900
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 901
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the address. 3 Configure a backup link for the VLT domain. 4 (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 902
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 903
back-up destination {ipv4-address | ipv6-address} [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. VLT DOMAIN CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 904
To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. For more information, refer to VLT Port Delayed Restoration. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1 Enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 905
unit-id {0 | 1} To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 906
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 Enter the port-channel number that acts as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 907
back-up destination ip-address [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 6 When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 908
INTERFACE mode port-channel-protocol lacp 14 Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 15 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 909
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 910
1 Configure the static LAG/LACP between the ports connected from VLT peer 1 and VLT peer 2 to the Top of Rack unit. 2 Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 911
channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:31 Te 1/18 (Up) PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 912
Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. When you enable VLT, the show spanning-tree pvst brief command output displays VLT information. Dell#show spanning-tree pvst vlan 1000 brief VLAN 1000 Executing IEEE compatible Spanning Tree Protocol Root ID - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 913
Figure 133. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 914
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 915
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 916
EXEC mode show vlt role • Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode show running-config vlt • Display statistics on VLT operation. EXEC mode show vlt statistics • Display the RSTP configuration on a VLT peer switch, including the status of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 917
Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : 00:01:e8:8a:e9:91 : 00:01:e8:8a:e9:76 : 6(3) : 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 60 seconds : Disabled : 0 seconds : - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 918
ICL Hello's Sent: 148 ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show spanning-tree rstp command. The bold - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 919
Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-0/0)#no shutdown Dell_VLTpeer1(conf-if- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 920
-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/48,52 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 921
Description Spanning tree mismatch at global level Behavior at Peer Up All VLT port channels go down on both VLT peers. A syslog error message is generated. Behavior During Run Time No traffic is passed on the port channels. A one-time informational syslog message is generated. Action to Take - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 922
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 923
information is synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity. For VLT VLANs, the association between primary VLAN and secondary VLANs is examined on both the peers. Only if the association is identical on both the peers, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 924
Interoperation of VLT Nodes in a PVLAN with ARP Requests When an ARP request is received, and the following conditions are applicable, the IP stack performs certain operations. • The VLAN on which the ARP request is received is a secondary VLAN (community or isolated VLAN). • Layer 3 communication - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 925
VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section describe how to configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 926
Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2 Remove an IP address from the interface. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 927
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 928
the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast and broadcast ARP requests. Control packets, other than receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 929
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 930
Dell#show running-config vlt ! vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.116 primary-priority 100 system-mac mac-address 00:00:00:11:11:11 unit-id 0 Dell# Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 931
G - GVRP tagged, M - Vlan-stack i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM Status Description 50 Active Dell# Q Ports M Po10(Te 1/8) M Po20(Te 1/12) V Po1(Te 1/30-32) Sample Configuration of VLAN-Stack Over VLT (Peer 2) Configure the VLT domain Dell(conf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 932
! interface Vlan 50 vlan-stack compatible member Port-channel 10,20 shutdown Dell# Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Dell#show vlan id 50 Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C Community, I - - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 933
58 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN from the NVP Controller GUI • Configuring VxLAN Gateway • Displaying VXLAN Configurations • VXLAN Service nodes for BFD Virtual Extensible LAN (VXLAN) 933 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 934
. The top-level functions of NVP are: • Provide a GUI for creating service gateways. • Manage the VTEPs.: • Binds Port and VLAN • Install VTEP Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. Service Node(SN) It is also another VTEP, but it is fully managed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 935
Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1 Provides connectivity between a Virtual server infrastructure and a Physical server infrastructure. 2 Provides the functions performed by a VTEP in a virtual server infrastructure. The functions - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 936
• Destination Address: Generally, it is a first hop router's MAC address when the VTEP is on a different address. • Source Address : It is the source MAC address of the router that routes the packet. • VLAN: It is optional in a VXLAN implementation and will be designated by an ethertype of 0×8100 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 937
Hypervisor Figure 137. Edit Hypervisor Figure 138. Create Transport Connector 2 Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 938
Figure 139. Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of the user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 939
For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the 2 vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 940
fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller, use the following command. In - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 941
Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command. Dell# show vxlan vxlan-instance unicast-mac-local Total Local Mac Count: 5 VNI MAC PORT VLAN 4656 4656 4656 4656 4656 00:00:02:00:03:00 00:00:02:00:03:01 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 942
. Dell# show vxlan vxlan-instance unicast-mac-remote Total Local Mac Count: 1 VNI MAC TUNNEL 4656 00:00:01:00:00:01 36.1.1.1 VXLAN Service nodes for BFD When multiple service nodes are available for a given Logical Network, Network Virtualization Overlay (NVO) gateway picks one of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 943
* 1.0.1.1 * 3.3.3.3 * 3.3.3.3 * 3.3.3.3 * 3.3.3.3 * 3.3.3.3 1.0.1.2 192.168.122.135 192.168.122.136 192.168.122.137 192.168.122.138 192.168.122.139 Te 1/49/1 Up 200 200 3 B Te 1/38 Up 1000 1000 3 VT Te 1/42 Up 1000 1000 3 VT Te 1/43 Up 1000 1000 3 VT Te 1/38 Up 1000 1000 3 VT Te 1/42 Up 1000 1000 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 944
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 945
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 946
. Yes Yes No No No No Yes No Yes NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non-default-VRFs also. IPv6 ACLs are supported on default-VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. No Yes Yes No No Yes No Virtual Routing and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 947
capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF No Yes Yes No No No Yes Yes Yes No No Yes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 948
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 949
the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 950
Task View VRRP command output for the VRF vrf1 Command Syntax ip vrf forwarding vrf1 ip address 10.1.1.1/24 ! vrrp-group 10 virtual-address 10.1.1.100 no shutdown show vrrp vrf vrf1 TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 951
displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route • Configure a static route that points to a management interface. CONFIGURATION management - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 952
Figure 145. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 953
no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 954
interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 955
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 956
----------- C 1.0.0.0/24 O 10.0.0.0/24 C 11.0.0.0/24 ------Direct, Vl 128 via 1.0.0.1, Vl 128 Direct, Te 2/1 ----------0/0 110/2 0/0 ----------00:27:21 00:14:24 00:19:46 Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 957
that particular prefix will fail and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes. The source route will VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRF-Blue but not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 958
ip route-export 1:1 3 Configure VRF-red. ip vrf vrf-red interface-type slot/port ip vrf forwarding VRF-red ip address ip-address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4 Configure the import target in VRF-red. ip route-import 1:1 5 Configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 959
ip route-export 1:1 ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11 0/0 00:00:10 22:39:59 Dell# show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 960
• If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG ("Duplicate prefix found %s in the target VRF %d", address, import_vrf_id) with The type/level is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 961
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. • You can expose a unique set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 962
to some other VRF. Similarly, when two VRFs leak or export routes, there is no option to discretely filter leaked routes from each source VRF. Meaning, you cannot import one set of routes from VRF-red and another set of routes from VRF-blue. Virtual Routing and Forwarding (VRF) 962 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 963
the Internet. Router B receives and forwards them on interface TenGigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 964
on the interface. You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet. Z-Series supports a total of 255 VRRP groups on a switch. The total number of VRRP groups per system should be less than 512. The following recommendations shown - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 965
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 966
Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te-1/1)#show conf ! - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 967
2 Set the master switch to VRRP protocol version 3. Dell_master_switch(conf-if-te-1/1-vrid-100)#version 3 3 Set the backup switches to version 3. Dell_backup_switch1(conf-if-te-1/1-vrid-100)#version 3 Dell_backup_switch2(conf-if-te-1/2-vrid-100)#version 3 Assign Virtual IP addresses Virtual routers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 968
NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 969
same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 970
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 971
• Change the advertisement interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second. • For VRRPv3, change the advertisement centisecs interval setting. INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 972
For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 973
The following example shows verifying the tracking status. Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is TenGigabitEthernet 1/3 Tracked by: VRRP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 974
the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 975
Figure 147. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 976
TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 977
Figure 148. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 978
R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1)#end R2#show vrrp TenGigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 979
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 980
Figure 149. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 981
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 982
VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#no ip address S1(conf-if-te-1/1)#switchport S1(conf-if-te-1/1)#no shutdown ! S1(conf-if-te-1/1)#interface vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 983
VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 1/1 S2(conf-if-te-1/1)#no ip address S2(conf-if-te-1/1)#switchport S2(conf-if-te-1/1)#no shutdown ! S2(conf-if-te-1/1)#interface vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 984
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. Virtual Router Redundancy Protocol (VRRP) 984 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 985
NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface tengigabitethernet 1/1 R2(conf-if- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 986
00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 0/0 TenGigabitEthernet 0/0, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 987
State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 988
61 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 989
EXEC Privilege mode show system brief 3 Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-1.txt - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 990
[163]: ERROR: platform cpld cache disabled ioctl failed, rv: 9 S6000 DIAGNOSTICS Board CPU Version Stack Unit Board Temp Stack Unit Number Board Service Tag System Cpld Rev Master Cpld Rev Slave Cpld Rev Image Build Version : S6000 Dell Inc. : Intel Centerton Processor : 32 Degree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 991
Test 6.000 - Psu0 Fan Speed Monitor Test PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 6.001 - Psu1 Fan Speed Monitor Test NOT PRESENT Test 6 - Psu Fan Speed Monitor Test NOT PRESENT Test 7.000 - Psu0 Fan Status Monitor Test PASS diagS6000IsPsuGood[954]: ERROR: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 992
a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information directory. NOTE: Non-management member units do not support this functionality. Hardware Watchdog Timer The hardware watchdog command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 993
QSFP 52 Rx Power measurement type QSFP 52 Temp High Alarm threshold QSFP 52 Voltage High Alarm threshold QSFP 52 Bias High Alarm threshold QSFP 52 RX Power High Alarm threshold QSFP 52 Temp Low Alarm threshold QSFP 52 Voltage Low Alarm threshold QSFP 52 Bias Low Alarm threshold QSFP 52 RX Power Low - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 994
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 995
going from the FP to the CSF IDP links. 3 Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 996
You can configure dynamic buffers per port on both 1G and 10G FPs and per queue on CSFs. By default, the FP dynamic buffer allocation is 10 times oversubscribed. For the 48-port 1G card: • Dynamic Pool= Total Available Pool(16384 cells) - Total Dedicated Pool = 5904 cells • Oversubscription ratio = - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 997
buffer-profile csf csqueue • Change the dedicated buffers on a physical 1G interface. BUFFER PROFILE mode buffer dedicated • Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 998
256 Using a Pre-Defined Buffer Profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, non-quality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications. You must reload the system for the global buffer profile to take - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 999
profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1000
• show hardware drops interface interface • show hardware buffer-stats-snapshot resource interface interface • show hardware buffer inteface interface{priority-group { id | all } | queue { id| all} } buffer-info • show hardware buffer-stats-snapshot resource interface interface{priority-group { id | - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1001
Ingress FCSDrops : 0 Ingress MTUExceeds : 0 --- MMU Drops --- Ingress MMU Drops : 0 HOL DROPS(TOTAL) : 0 HOL DROPS on COS0 : 0 HOL DROPS on COS1 : 0 HOL DROPS on COS2 : 0 HOL DROPS on COS3 : 0 HOL DROPS on COS4 : 0 HOL DROPS on COS5 : 0 HOL DROPS on COS6 : 0 HOL DROPS on COS7 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1002
rxPkt(COS4 ) :0 rxPkt(COS5 ) :0 rxPkt(COS6 ) :0 rxPkt(COS7 ) :0 rxPkt(COS8 ) :773 rxPkt(COS9 ) :0 rxPkt(COS10) :0 rxPkt(COS11) :0 rxPkt(UNIT0) :773 transmitted :12698 txRequested :12698 noTxDesc :0 txError :0 txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0 ) :0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1003
Display Stack Member Counters You can use the show hardware command to display internal receive and transmit statistics, based on the selected command option. The following example is a sample of the output for the counters option. Example of Displaying Counter Values for all Interface in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1004
Description RX - IPV4 L3 Unicast Frame Counter RX - IPV4 L3 routed multicast Packets RX - IPV6 L3 Unicast Frame Counter Interface Fo 0/60 : Description RX - IPV4 L3 Unicast Frame Counter RX - IPV4 L3 routed multicast Packets RX - IPV6 L3 Unicast Frame Counter RX - IPV6 L3 routed multicast Packets - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1005
dumps. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1006
- Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1007
You can use the capture-duration timer and the packet-count counter at the same time. The TCP dump stops when the first of the thresholds is met. That means that even if the duration timer is 9000 seconds, if the maximum file count parameter is met first, the dumps stop. To enable a TCP dump, use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1008
describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1009
Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 97. General 2460 Internationalization of the File Transfer Protocol 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1010
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 98. General IPv4 Protocols R Full Name F C # Z-Series 7 Internet Protocol 91 7 Internet Control 9 Message Protocol 2 8 An Ethernet 2 Address Resolution 6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1011
a Variant of the 8 Tiny Fragment Attack S-Series 7.6.1 7.6.1 7.6.1 7.7.1 7.8.1 7.8.1 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 99. General IPv6 Protocols RFC Full Name # Z-Series 188 DNS 6 Extensions to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1012
RFC Full Name # Z-Series (IPv6) Specification 246 IPv6 Stateless 2 Address (Par Autoconfigura tial) tion 246 Transmission 4 of IPv6 Packets over Ethernet Networks 267 IPv6 5 Jumbograms 271 IPv6 Router 1 Alert Option 358 IPv6 Global 7 Unicast Address Format 400 IPv6 Scoped 7 Address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1013
draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 101. Open Shortest Path First (OSPF) RFC# Full Name S-Series/Z-Series 1587 The OSPF Not-So - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1014
System (IS-IS) Pointto-Point Adjacencies 3567 IS-IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1015
(Revised) S-Series 7.8.1 7.8.1 7.8.1 7.8.1 SSM for IPv4 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 105. Network Management RFC# 1155 1156 1157 1212 1215 1493 Full Name Structure and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1016
RFC# 1724 1850 1901 2011 2012 2013 2024 2096 2558 2570 2571 2572 2574 2575 2576 2578 2579 2580 2618 2698 Full Name RIP Version 2 MIB Extension OSPF Version 2 Management Information Base Introduction to Community-based SNMPv2 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1017
Table, Ethernet History Table, Alarm Table, Event Table, Log Table 7.6.1 The Interfaces Group MIB 7.6.1 Remote Authentication Dial In User Service (RADIUS) 7.6.1 Remote Network Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1018
that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) Force10 C-Series Enterprise Chassis MIB Force10 Enterprise IF Extension MIB (extends the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.0 - Page 1019
RFC# FORCE10-PRODUCTS-MIB FORCE10-SS-CHASSIS-MIB FORCE10-SMI FORCE10-SYSTEM-COMPONENTMIB FORCE10-TC-MIB FORCE10-TRAP-ALARM-MIB MIB Location Full Name S4810 Force10 Product Object Identifier MIB 7.6.1 Force10 S-Series Enterprise Chassis MIB 7.6.1 Force10 Structure of Management Information
Dell Configuration Guide for the S6000
System
9.10(0.0)