Dell PowerSwitch S6000 Configuration Guide for the S6000 System 9.100.1
Dell PowerSwitch S6000 Manual
View all Dell PowerSwitch S6000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S6000 manual content summary:
- Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1
Dell Configuration Guide for the S6000 System 9.10(0.1) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 3
Contents 1 About this Guide...32 Audience...32 Conventions...32 Related Documents...32 2 Configuration Fundamentals...33 Accessing the Command Line...33 CLI Modes...33 Navigating CLI Modes...35 The do - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 4
a UNIX Logging Facility Level...67 Synchronizing Log Messages...68 Enabling Timestamp on Syslog Messages...68 File Transfer Services...69 Configuration Task List for File Transfer Services 69 Enabling the FTP Server...69 Configuring FTP Server Parameters...70 Configuring FTP Client Parameters...70 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 5
5 802.1X...79 Port-Authentication Process...81 EAP over RADIUS...82 Configuring 802.1X...82 Related Configuration Tasks...82 Important Points to Remember...82 Enabling 802.1X...83 Configuring dot1x Profile ...84 Configuring MAC addresses for a do1x Profile...85 Configuring the Static MAB and MAB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 6
Route Maps...123 Implementation Information...123 Flow-Based Monitoring Support for ACLs...123 Behavior of Flow-Based Monitoring...124 BGP...146 Configure BFD for VRRP...153 Configuring Protocol Liveness...155 Troubleshooting BFD...155 9 Border Gateway Protocol IPv4 (BGPv4)...157 Autonomous Systems - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 7
(MEDs)...164 Origin...165 AS Path...165 Next Hop...166 Multiprotocol BGP...166 Implement BGP with Dell Networking OS...167 Additional Path (Add-Path) Support...167 Advertise IGP Cost as MED for Redistributed Routes 167 Ignore Router-ID in Best-Path Calculation...168 Four-Byte AS Numbers...168 AS4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 8
213 CAM Allocation...213 Test CAM Usage...215 View CAM Profiles...215 View CAM-ACL Settings...216 View CAM Usage...217 CAM Optimization...218 Troubleshoot CAM Profiling...218 QoS CAM Region Limitation...218 Syslog Error When the Table is Full...218 Syslog Warning Upon 90 Percent Utilization of CAM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 9
of Tagged Packets...241 Configuration Example for DSCP and PFC Priorities 241 SNMP Support for PFC and Buffer Statistics Tracking 242 Performing PFC Using DSCP Bits ...251 Propagation of DCB Information...252 Auto-Detection and Manual Configuration of the DCBx Version 252 DCBx Example...252 DCBx - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 10
Paths...292 Creating an ECMP Group Bundle...292 Modifying the ECMP Group Threshold...292 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table 293 Support for ECMP in host table...293 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes 294 RTAG7...294 Flow-based - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 11
VLANs...325 Setting the FRRP Timers...326 Clearing the FRRP Counters...327 Viewing the FRRP Configuration...327 Viewing the FRRP Information...327 Troubleshooting FRRP...327 Configuration Checks...327 Sample Configuration and Topology...328 18 GARP VLAN Registration Protocol (GVRP 330 Contents 11 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 12
Important Points to Remember...330 Configure GVRP...331 Related Configuration Tasks...331 Enabling GVRP Globally...331 Enabling GVRP on a Layer 2 Interface...332 Configure GVRP Registration...332 Configure a GARP Timer...333 19 Internet Group Management Protocol (IGMP 334 IGMP Implementation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 13
View Basic Interface Information...354 Resetting an Interface to its Factory Default State 356 Enabling a Physical Interface...356 Physical Interfaces...357 Configuration Task List for Physical Interfaces...357 40G to 1G Breakout Cable Adaptor...357 Overview of Layer Modes...358 Configuring Layer 2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 14
Example Scenarios...380 Configuring wavelength for 10-Gigabit SFP+ optics 383 Link Dampening...383 Important Points to Remember...384 Enabling Link Dampening...384 Link Bundle Monitoring...385 Using Ethernet Pause Frames for Flow Control...386 Enabling Pause Frames...386 Configure the MTU Size on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 15
Addresses 409 UDP Helper with No Configured Broadcast Addresses 410 Troubleshooting UDP Helper...410 22 IPv6 Routing...411 Protocol Overview...411 Longest Prefix Match (LPM) Table and IPv6 /65 - /128 support 413 IPv6 Header Fields...414 Extension Header Fields...416 Addressing...417 Implementing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 16
Application of Quality of Service to iSCSI Traffic Flows 434 Information Monitored in iSCSI Traffic IS-IS Addressing...441 Multi-Topology IS-IS...442 Transition Mode...442 Interface Support...442 Adjacencies...443 Graceful Restart...443 Timers...443 Implementation Information...443 Configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 17
Shared LAG State Tracking...468 Configuring Shared LAG State Tracking...468 Important Points about Shared LAG State Tracking 469 LACP Basic Configuration Example...470 Configure a LAG on ALPHA...470 26 Layer 2...479 Manage the MAC Address Table...479 Clearing the MAC Address Table...479 Setting the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 18
Advertising TLVs...502 Viewing the LLDP Configuration...503 Viewing Information Advertised by Adjacent LLDP Agents 504 Configuring LLDPDU Intervals...505 Configuring Transmit and Receive Mode...505 Configuring the Time to Live Value...506 Debugging LLDP...507 Relevant Management Objects...507 28 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 19
Protocol Overview...537 Spanning Tree Variations...538 Implementation Information...538 Configure Multiple Spanning Tree Protocol...538 Related Configuration Tasks...538 Enable Multiple Spanning Tree Globally...539 Adding and Removing Interfaces...539 Creating Multiple Spanning Tree Instances...539 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 20
Interface...597 Redistributing Routes...597 Configuring a Default Route...598 Enabling OSPFv3 Graceful Restart...598 OSPFv3 Authentication Using IPsec...600 Troubleshooting OSPFv3...606 34 Policy-based Routing (PBR)...608 Overview...608 Implementing PBR...609 Configuration Task List for Policy-based - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 21
an EdgePort...651 PVST+ in Multi-Vendor Networks...651 Enabling PVST+ Extend System ID...651 PVST+ Sample Configurations...652 39 Quality of Service (QoS)...654 Implementation Information...656 Port-Based QoS Configurations...656 Setting dot1p Priorities for Incoming Traffic...656 Contents 21 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 22
Priority Queueing...672 Queue Classification Requirements for PFC Functionality 672 Support for marking dot1p value in L3 Input Qos Policy 673 Rate Shaping...678 Configuring Weights and ECN for WRED ...678 Global Service Pools With WRED and ECN Settings 679 Configuring WRED and ECN Attributes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 23
Configuring RMON Collection Statistics...703 Configuring the RMON Collection History...703 42 Rapid Spanning Tree Protocol (RSTP)...705 Protocol Overview...705 Configuring Rapid Spanning Tree...705 Related Configuration Tasks...705 Important Points to Remember...705 RSTP and VLT...706 Configuring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 24
List...735 Secure Shell Authentication...736 Troubleshooting SSH...738 Telnet...739 VTY Line and Access-Class Configuration...739 VTY Line Local Authentication and Authorization 739 VTY Line Remote Authentication and Authorization 740 VTY MAC-SA Filter Support...740 Role-Based Access Control...741 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 25
790 Obtaining a Value for MIB Objects...791 MIB Support to Display the Available Memory Size on Flash 792 Viewing the Available Flash Memory Size... 792 MIB Support to Display the Software Core Files Generated by the System 792 Viewing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 26
End Ports from a Stack...818 Removing a Unit from a Stack...818 Removing Front End Port Stacking...818 Troubleshoot a Stack...819 Recover from Stack Link Flaps...819 Recover from a Card Problem State on a Stack 819 49 Storm Control...821 Configure Storm Control...821 Configuring Storm Control from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 27
STP Guard Configuration...839 51 SupportAssist...840 Configuring SupportAssist Using a Configuration Wizard 841 Configuring SupportAssist Manually...841 Configuring SupportAssist Activity...843 Configuring SupportAssist Company...844 Configuring SupportAssist Person...844 Configuring SupportAssist - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 28
53 Tunneling...858 Configuring a Tunnel...858 Configuring Tunnel Keepalive Settings...859 Configuring a Tunnel Interface...859 Configuring Tunnel Allow-Remote Decapsulation...860 Configuring Tunnel source anylocal Decapsulation...860 Guidelines for Configuring Multipoint Receive-Only Tunnels 861 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 29
-Sparse Mode Support on VLT... VLT Configuration...903 Additional VLT Sample Configurations...906 Troubleshooting VLT...908 Reconfiguring Stacked Switches as VLT...909 Ports to Controller 928 Displaying VXLAN Configurations...929 VXLAN Service nodes for BFD...930 Examples of the show bfd neighbors - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 30
Hardware Watchdog Timer...980 Enabling Environmental Monitoring...980 Recognize an Overtemperature Condition...981 Troubleshoot an Over-temperature Condition...982 Recognize an Under-Voltage Condition...982 Troubleshoot an Under-Voltage Condition...982 Buffer Tuning...983 Deciding to Tune Buffers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 31
Troubleshooting Packet Loss...987 Displaying Drop Counters...988 Dataplane Statistics...989 Display Stack Port Statistics...990 Display Stack Member Counters...990 Enabling Application Core Dumps...993 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 32
including Internet Engineering Task Force (IETF) requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Topics: • Audience • Conventions • Related - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 33
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 34
when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, 10 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 35
QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 36
CLI Command Mode Management Ethernet Interface Null Interface Port-channel Interface Tunnel Interface VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 37
failover-group Dell(conf-pg)# priority-group Dell(config-gvrp)# protocol gvrp Dell(conf-qos-policy-out-ets)# qos-policy-output Dell(support-assist)# support-assist Dell(conf-vlt-domain)# vlt domain Dell(conf-if-interface-type- vrrp-group slot/port-vrid-vrrp-group-id)# Dell=> Press - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 38
-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 39
cd clear clock Change current directory Reset functions Manage the system clock • Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 40
Short-Cut Key Action Combination Esc D Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 41
The no-more command displays the output all at once rather than one screen at a time. This is similar to the terminal length command except that the no-more option affects the output of the specified command only. The save command copies the output to a file for future reference. NOTE: You can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 42
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 43
Console Access The device has two management ports available for system access: a serial RS-232 /RJ-45 console port and an out-of-band (OOB) Ethernet port to manage the switch with an IP address. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 44
Table 2. Pin Assignments Between the Console and a DTE Terminal Server Console Port Signal RJ-45 to RJ-45 Rollover RJ-45 to RJ-45 Rollover RJ-45 to DB-9 Adapter Cable Cable RJ-45 Pinout RJ-45 Pinout DB-9 Pin RTS 1 8 8 NC 2 7 6 TxD 3 6 2 GND 4 5 5 GND 5 4 5 RxD 6 3 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 45
3 Configure a username and password. Configure a Username and Password Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. 1 Enter INTERFACE mode for the Management port. CONFIGURATION mode interface ManagementEthernet slot/port 2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 46
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are three types of enable passwords: • enable password is stored in the running/startup configuration using a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 47
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 48
the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on the device. Refer to your system's Release Notes for a list of approved USB vendors. Example of Copying a File to current File System - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 49
period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems. To view a list of files or the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 50
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drw- 32768 Jan 01 1980 00:00:00 . 2 drwx 512 Jul 23 2007 00:38:44 .. 3 drw- 8192 Mar 30 1919 10:31:04 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 51
keyword startup-config. • To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 52
NOTE: If the HTTP service is not VRF-aware, then it uses the global routing same as the published software image. This validation procedure, and the verify {md5 | sha256} command to support it, prevents the installation of corrupted or modified images. The verify {md5 | sha256} command calculates - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 53
MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin Getting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 54
and the Logging Configuration • Configuring a UNIX Logging Facility Level • Synchronizing Log Messages • Enabling Timestamp on Syslog Messages • File Transfer Services • Terminal Lines • Setting Timeout for EXEC Privilege Mode • Using Telnet to get to Another Network Device • Lock CONFIGURATION Mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 55
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 56
• moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3, which is the configured level for VTY 0 • allows access to CONFIGURATION mode with the banner command • allows access to INTERFACE tengigabitethernet and LINE modes are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 57
linecard Set line card type Dell(conf)#interface ? fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port-channel Port-channel interface range Configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 58
• any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 59
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 60
The following describes the two log messages formats: • 0 - Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol • 1 - Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 61
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 62
logging {ip-address | ipv6-address | hostname} {{udp {port}} | {tcp {port}}} You can export system logs to an external server that is connected through a different VRF. Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 63
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 64
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin User: admin Last login time: 12 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 65
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 66
• Specify the minimum severity level for logging to the logging buffer. CONFIGURATION mode logging buffered level • Specify the minimum severity level for logging to the console. CONFIGURATION mode logging console level • Specify the minimum severity level for logging to terminal lines. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 67
%CHMGR-5-CARDDETECTED: Line card 10 present %CHMGR-5-CARDDETECTED: Line card 12 present %TSM-6-SFM_DISCOVERY: Found SFM 0 %TSM-6-SFM_DISCOVERY: Found SFM 1 %TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 68
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 69
application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. The FTP and TFTP services are enhanced to support the VRF-aware functionality. If you want the FTP or TFTP server to use a VRF table that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 70
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 71
Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system. The console line (console) connects you through the console port in the route processor modules (RPMs). The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 72
! Dell(conf)# Dell(conf)#line vty 0 0 Dell(config-line-vty)#access-class testv6deny ipv6 Dell(config-line-vty)#access-class testvpermit ipv4 Dell(config-line-vty)#show c line vty 0 exec-timeout 0 0 access-class testpermit ipv4 access-class testv6deny ipv6 ! Configuring Login Authentication for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 73
reaches this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system during downtime. • Telnet 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 74
mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set autolock, every time a user is in CONFIGURATION mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 75
, set the system parameter to ignore the enable password and reload the system: BOOT_USER# ignore enable-password BOOT_USER# reload NOTE: You must manually enter each CLI command. The system rejects a command if you copy and paste it in the command line. 5 Configure a new password. CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 76
BOOT_USER# boot change primary You are prompted to enter a valid boot device (for example, ftp o r tftp or flash) and a path or filename for the Dell Networking OS image that you want to use. 4 (Optional) Set the secondary and default boot locations by entering the following commands: BOOT_USER mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 77
Restoring Factory Default Environment Variables The Boot line determines the location of the image that is used to boot up the chassis after restoring factory default settings. Ideally, these locations contain valid images, using which the chassis boots up. When you restore factory-default settings, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 78
BOOT_USER # interface management ethernet ip address ip_address_with_mask For example, 10.16.150.106/16. 5 Assign an IP address as the default gateway for the system. default-gateway gateway_ip_address For example, 10.16.150.254. 6 The environment variables are auto saved. 7 Reload the system. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 79
-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 80
Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 81
• Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: 1 When the authenticator senses a link state change, it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 82
in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Attribute 41 Attribute 61 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 83
• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 84
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.1X configuration information for an interface, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 85
Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses. • Configure a list of MAC addresses for a dot1x profile. DOT1X PROFILE CONFIG (conf- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 86
Auth-Fail VLAN id: 200 Auth-Fail Max-Attempts:3 Critical VLAN: Enable Critical VLAN id: 300 Mac-Auth-Bypass Only: Disable Static-MAB: Enable Static-MAB Profile: Sample Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 30 seconds Server Timeout: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 87
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 88
The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 89
Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: 3600 seconds 10 SINGLE_HOST Initialize Initialize Initialize Initialize Re-Authenticating a Port You can configure the authenticator for periodic re-authentication. After the supplicant has - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 90
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. You can configure the amount of time the authenticator waits for a response. To terminate the authentication process, use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 91
Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 92
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 93
! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 94
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 95
on the hardware specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 96
FP blocks for ACL VLAN optimization. CONFIGURATION mode cam-acl-vlan vlanaclopt 4 View the number of FP blocks that is allocated for the different VLAN services. 96 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 97
EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 ACL | 206 | 9 | 197 Codes: * - cam usage is above 90%. Viewing CAM Usage View the amount of CAM space available, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 98
ingress CAP that modifies the VLAN settings before packets are forwarded. To support ACL CAM optimization, the CAM carving feature is enhanced. A total display the number of FP blocks that is allocated for the different VLAN services, use the show cam-acl-vlan command. After you configure the ACL - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 99
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 100
IP Prefix Lists • ACL Resequencing • Route Maps • Flow-Based Monitoring Support for ACLs • Configuring UDF ACL IP Access Control Lists (ACLs) In more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 101
for IPv6 ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create a Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. Access Control Lists (ACLs) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 102
is a standard or extended ACL. Determine the Order in which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). As shown in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 103
• Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation. • If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 104
interface TenGigabitEthernet 1/1 Set clauses: tag 35 level stub-area Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax. Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route-map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 105
Also, if there are different instances of the same route-map, then it's sufficient if a permit match happens in any instance of that routemap. Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(config-route-map)#match metric 2000 In the following example, instance 10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 106
• Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source {access-list-name | prefix-list prefix-list-name - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 107
• Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route's next hop. CONFIG-ROUTE-MAP mode set next-hop ip-address • Assign an IPv6 address as the route's next hop. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 108
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 109
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 110
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1 Enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 111
ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log Dell(config-std-nacl)# To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 112
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. The traffic passes through the filter in the order of the filter's sequence and hence you can configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 113
Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence numbers to filters, you may have to insert a new filter. To prevent reconfiguring multiple - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 114
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 115
interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3 Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 116
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 117
ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)#end Dell# Applying Egress Layer 3 ACLs (Control-Plane) By default, packets originated from the system are not filtered by egress ACLs. For example, if you initiate a ping session from the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 118
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 119
ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a "permit all" statement. By including this line in a prefix list, you specify that all routes not matching any criteria - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 120
Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 121
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 122
Rules Rules After Resequencing: Resquencing seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 123
or no set commands. When there is no match command, all traffic matches the route map and the set command applies. Flow-Based Monitoring Support for ACLs Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 124
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 125
kar on TenGigabitEthernet 1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S6000 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 126
0 Te 1/1 ----------Te 1/2 Configuring UDF ACL rx Flow N/A -------N/A To configure a User Defined Field (UDF) ACL: 1 Enable UDF ACL feature on a switch. CONFIGURATION mode feature udf-acl Dell(conf)#feature udf-acl 2 Change the default CAM allocation settings or reconfigure new CAM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 127
FcoeAcl : 4 0 iscsiOptAcl : 0 0 ipv4pbr : 0 0 vrfv4Acl : 0 0 Openflow : 0 0 fedgovacl : 0 0 nlbclusteracl: 0 0 Dell# 4 Create a UDF packet format in the UDF TCAM table. CONFIGURATION mode udf-tcam name seq number Dell(conf)#udf-tcam ipnip seq 1 5 Configure a UDF ID to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 128
CONFIGURATION-STANDARD-ACCESS-LIST mode CONFIGURATION-EXTENDED-ACCESS-LIST mode permit ip {source mask | any | host ip-address} {destination mask | any | host ip-address} udf-pkt-format name udf-qualifier-value name Dell(config-ext-nacl)#permit ip any any udf-pkt-format ipinip udf-qualifier-value - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 129
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 130
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 131
The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS does - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 132
A session can have four states: Administratively Down, Down, Init, and Up. State Administratively Down Down Init Up Description The local system does not participate in a particular session. The remote system is not sending control packets or at least not within the detection time for a particular - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 133
Figure 10. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD) 133 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 134
system, the session state on the local system changes to Init. Figure 11. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 135
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 136
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1 Enter interface mode. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 137
Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 138
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 139
To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 140
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent notifies the BFD manager, which in turn notifies the OSPF protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 141
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 142
BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. 142 Bidirectional Forwarding Detection (BFD) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 143
Configuring BFD for OSPFv3 is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 144
To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 145
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 146
of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 147
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1 Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2 Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 148
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 149
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 150
Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 151
Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 152
2.2.2.2 1 273 273 0 3.3.3.2 1 282 281 0 0 (0) 04:32:26 0 0 0 00:38:12 0 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 153
Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ... Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 154
vrrp bfd all-neighbors Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 155
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 156
CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 157
chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol connections from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates inside - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 158
with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 159
Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 160
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 161
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 162
preferences. BGP sees that the Weight criteria results in two potential "best paths" and moves to local preference to reduce the options. If a number of best paths is determined, this selection criteria is applied to group's best to determine the ultimate best path. In non-deterministic mode (the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 163
c AS_CONFED_SET is not included in the AS_PATH length. d AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5 Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6 Prefer the path with the lowest multi- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 164
Figure 22. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 165
Figure 23. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 166
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 167
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 168
allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 169
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 170
router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 171
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 172
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 173
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 174
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 175
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 176
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 177
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 178
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 179
• neighbor next-hop-self • neighbor route-map out • neighbor route-reflector-client • neighbor send-community A neighbor may keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's and if the neighbor's configuration does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 180
10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 181
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 182
prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 183
24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura 24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 184
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 185
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 186
You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION mode. AS-PATH ACL mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Use a configured AS-PATH ACL for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 187
Regular Expression ^ (caret) $ (dollar) . (period) * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 188
Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 189
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1 Create - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 190
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 191
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1 Enter the ROUTE-MAP mode and assign a name to a route map. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 192
route-map map-name [permit | deny] [sequence-number] 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 193
*>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 205.171.0.16 205.171.0.16 100 0 100 0 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 194
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 195
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 196
• le: maximum prefix length to me matched. For information about configuring prefix lists, refer to Access Control Lists (ACLs). 3 Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 197
5 Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • map-name: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 198
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 199
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 200
default is 60 minutes. • route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 201
NOTE: When you change the best path selection method, path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privilege mode. Examples of Configuring a Route and Viewing the Number of Dampened Routes To view the BGP configuration, use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 202
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 203
neighbor {ip-address | peer-group-name} soft-reconfiguration inbound BGP stores all the updates received by the neighbor but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. Outbound BGP soft reconfiguration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 204
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 205
debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] • View information about BGP updates and filter by prefix name. EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] • Enable soft-reconfiguration debug. EXEC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 206
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 207
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 208
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 209
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 210
R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config ! interface TengigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 211
BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 212
R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 213
10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 214
. The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 1024 entries. Even though you can perform CAM carving to allocate the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 215
mode show cam-acl 4 Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 216
cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing CAM-ACL Settings Dell(conf)#do show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) Next Boot(in block - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 217
L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 0 -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 218
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting. QoS CAM Region Limitation To store QoS service policies Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 219
. By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables. The other supported UFT modes are scaled-l3-hosts (UFT mode 3) and scaled-l3-routes (UFT mode 4). Table 12. UFT Modes - Table Size UFT Mode L2 MAC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 220
show hardware forwarding-table mode Dell#show hardware forwarding-table mode Current Settings Mode : Default L2 MAC Entries : 160K L3 Host Entries : 144K L3 Route Entries : 16K Dell# Next Boot Settings scaled-l3-routes 32K 16K 128K 220 Content Addressable Memory (CAM) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 221
11 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 222
-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. 222 Control Plane Policing (CoPP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 223
input name cpu-qos class-map name qos-policy name 7 Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8 Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 224
Dell(conf-policy-map-in-cpuqos)#exit The following example shows creating the control plane service policy. Dell(conf)#control-plane-cpuqos Dell(conf-control-cpuqos)#service-policy rate-limit-protocols egressFP_rate_policy Dell(conf-control-cpuqos)#exit 224 Control Plane Policing (CoPP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 225
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1 Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 226
applied to each queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 227
Example of Viewing Queue Mapping for IPv6 Protocols Dell#show ipv6 protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ Q6 CP _ ICMP any any _ Q6 CP _ VRRP any any _ Q7 CP _ Dell# Control Plane Policing (CoPP) 227 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 228
Configuring PFC in a DCB Map • Configuring PFC without a DCB Map • Behavior of Tagged Packets • Configuration Example for DSCP and PFC Priorities • SNMP Support for PFC and Buffer Statistics Tracking • Performing PFC Using DSCP Bits Instead of 802.1p Bits • PFC and ETS Configuration Examples • Using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 229
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 230
DCBx • During DCBx negotiation with a remote peer: • DCBx communicates with the remote peer by LLDP TLV to determine current policies, such as PFC support and ETS bandwidth allocation. • If DCBx negotiation is not successful (for example, a version or TLV mismatch), DCBx is disabled and PFC or ETS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 231
Traffic Groupings Traffic Groupings Group ID Group bandwidth Group transmission selection algorithm (TSA) In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: • PFC enabled or disabled • No bandwidth limit or no ETS processing • ETS uses the DCB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 232
TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters ETS parameters PFC Configuration center network. DCB is disabled by default. It must be enabled to support CEE. • Priority-based flow control • Enhanced transmission selection • Data center - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 233
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 234
into account the following default settings: DCB is enabled. The PFC memory buffer supports up to 52 (not 64) PFC-enabled ports and two lossless queues per for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 235
PFC and link-level flow control at the same time on an interface. Dell Networking OS does not support MACsec Bypass Capability (MBC). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 236
-set port-pipe command. NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays. In - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 237
to create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packet-drop congestion management for to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 238
-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. command). Command Mode CONFIGURATION INTERFACE Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 239
as no-drop pfc no-drop INTERFACE queues for lossless traffic. For the dot1p-queue assignments. queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 240
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 241
This default behavior is impacted if you modify the total buffer available for PFC or assign static buffer configurations to the individual PFC queues. Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 242
to classify these untagged packets from the server based on their DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 243
PRIORITY to PG mapping (PRIO2PG) is on the ingress for each port. By default, all priorities are mapped to PG7. A priority for which PFC has to be generated is assigned to a PG other than PG7 (say PG6) and buffer watermark is set on PG6 so as to generate PFC. In ingress, the buffers are accounted at - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 244
classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802 mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 245
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 246
increase to the maximum link bandwidth and allow a flow in any priority group. NOTE: CIN supports only the dot1p priority-queue assignment in a priority group. To configure a dot1p priority flow in . INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 246 Data Center Bridging (DCB) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 247
.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p to data queues, not to control queues. • Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 248
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 249
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 250
configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual The port is configured to operate only with administrator-configured settings and does not auto-configure with DCB settings received from a DCBx - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 251
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 252
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 253
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link a configuration-source role. 4 Configure ports to operate in a manual role. 1 Enter INTERFACE Configuration mode. CONFIGURATION mode interface type - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 254
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6 On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 255
4 Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | the Application Priority TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-appln- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 256
[no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7 Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 257
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 19. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 258
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 259
Table 20. show interface pfc summary Command Description Fields Interface Description Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 260
0 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1 ets summary Interface TenGigabitEthernet 1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled PG-grp Priority# BW-% BW-COMMITTED - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 261
The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : Admin is enabled TC-grp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 262
interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 263
-unit all stack-ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 264
port role: auto-upstream, auto-downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used . In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 265
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 266
is from 0 to 3399. Default is 3088. 3 Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured depends on the buffer. The default number of PFC queues in the system is one. For each priority, you can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 267
7 Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default bufferthreshold setting. INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold 8 Configuring Global total buffer size on stack ports. CONFIGURATION mode dcb - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 268
Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 269
1 Enabling DCB Dell(conf)#dcb enable 2 Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p 3 Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth 50 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 270
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 271
Option Subnet Mask Number and Description Option 1 Specifies the client's subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client's default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 272
client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. A server sends this message to the client if it is not able to fulfill - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 273
configurations that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For Management Responding To Client Requests Providing Administration Services Description DHCP servers are the owners of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 274
1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands 274 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 275
Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses in a DHCP address pool are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To exclude an address, follow this step. • Exclude an address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 276
for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to recommends specifying clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address and the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 277
stored on the server. For more information, refer to Configuring the Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported on Ethernet, VLAN, and port-channel interfaces. • The public out-of-band management interface and default VLAN 1 are configured by default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 278
a new IP address, use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 279
using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 280
The following criteria determine packets destined for the DHCP client: • DHCP is enabled on the interface. • The user data protocol (UDP) destination port in the packet is 68. • The chaddr (change address) in the DHCP header of the packet is the same as the interface's MAC address. • An entry in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 281
agent and the DHCP server, enter the trust-downstream option. • Manually reset the remote ID for Option 82. CONFIGURATION mode ip dhcp the relay agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer 2 interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 282
Enabling DHCP Snooping To enable DHCP snooping, use the following commands. 1 Enable DHCP snooping globally. CONFIGURATION mode ip dhcp snooping 2 Specify ports connected to DHCP servers as trusted. INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust 3 Enable DHCP snooping on a VLAN. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 283
ipv6 dhcp snooping binding mac address vlan-id vlan-id ipv6 ipv6-address interface interfacetype | interface-number lease value Clearing the Binding Table To clear the binding table, use the following command. • Delete all of the entries in the binding table. EXEC Privilege mode clear ip dhcp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 284
Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table, use the following command. • Display the contents of the binding table. EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 285
false IP-to-MAC mappings into the ARP cache of a network device. It is used to launch man-in-the-middle (MITM), and denial-of-service (DoS) attacks, among others. A spoofed ARP message is one in which the MAC address in the sender hardware address field and the IP address in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 286
Denial of service An attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 287
an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 288
INTERFACE mode ip dhcp source-address-validation vlan vlan-id NOTE: Before enabling SAV With VLAN option, allocate at least one FP block to the ipmacacl CAM region. DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet's source hardware address against - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 289
Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source-address-validation discard-counters command displays the number of SAV dropped packets. Dell>show ip dhcp snooping source-address-validation discard-counters deny access-list on TenGigabitEthernet 1/1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 290
14 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 291
Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 292
Te 1/1 Up 36 Te 1/1 Up 52 Managing ECMP Group Paths To avoid path degeneration, configure the maximum number of paths for an ECMP route that the L3 CAM can hold. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 293
the IPv4 /32 route prefix entry in host table, more space is obtained that can be utilized for other route prefix entries. Support for ECMP in host table ECMP support in the L3 host table is available on the system. IPv6 /128 prefix route entries and IPv4 /32 prefix entries which are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 294
::1 00:00:20:d5:ec:a0 [ 132] 20::1 00:00:20:d5:ec:a1 Port Vid EC Fo 1/4 0 1 Fo 1/8 0 1 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes The software supports a command to program IPv6 /128 route prefixes in the route table. You can define IPv6 /128 route prefixes in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 295
ipv6 dest-ipv6 vlan protocol L4-source-port L4-dest-port) mac Set the mac key fields to use in hash computation(default = source- mac dest-mac vlan ethertype) tcp-udp Option to use TCP/UDP ports in packet for ECMP/LAG hashing tunnel Set the tunnel key fields to use in hash computation(default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 296
as the hash algorithm. Configuration and Benefits The preceding anti-polarization techniques require some coordinated configuration of network nodes to solve the problem and these techniques are not scalable when the number of tiers in the network is high. Flow based hashing specifically addresses - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 297
of xor1 xor2 of xor2 xor4 of xor4 xor8 of xor8 xor16 CRC16_BISYNC_AND_XOR2 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR4 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CR16 - 16 bit XOR] Example to view - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 298
works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. In addition, DCB provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 299
FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 300
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 301
, solicitations, FLOGI/FDISC requests and responses, FLOGO requests and responses, keep-alive packets, and clear virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: FIP Snooping 301 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 302
Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure on all VLANs, enable FIP snooping globally on a switch. • A switch can support a maximum eight VLANs. Configure at least one FCF/bridge-to-bridge port mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 303
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 304
trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 305
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 306
NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 27. Displaying FIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 307
Table 28. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 308
Table 30. show fip-snooping fcf Command Description Field FCF MAC FCF Interface VLAN FC-MAP ENode Interface FKA_ADV_PERIOD No of ENodes FC-ID Description MAC address of the FCF. Slot/port number of the interface to which the FCF is connected. VLAN ID number used by the session. FC-Map value - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 309
The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 310
Field Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Description Number of FIP FDISC reject frames received on the interface. Number of FIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 311
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 39. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 312
Dell(conf-if-te-1/1)# switchport Dell(conf-if-te-1/1)# protocol lldp Dell(conf-if-te-1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Dell(conf)# interface tengigabitethernet 1/5 Dell(conf-if-te-1/5)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 313
with the Flex Hash mechanism. Keep the following points in mind when you configure the flex hash capability: • A maximum of eight flex hash entries is supported. • A maximum of 4 bytes can be extracted from the start of the L4 header. • The offset range is 0 - 30 bytes from the start of the L4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 314
With the reduced time that is taken to reboot the switch, upon a manually-initiated reload or an expected restart of the device, there is minimal servers in that rack. This functionality of minimized reload time is supported in a network deployment in which the servers are connected through - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 315
Symmetric Multiprocessing (SMP) utility that is enabled on the Intel CPU on the device to enhance the speed of the system startup. SMP is supported on the device. For the fast boot feature to reduce the traffic disruption significantly, the following conditions apply: 1 When LACP is used between the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 316
Interoperation of Applications with Fast Boot and System States This functionality is supported on the S6000 platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior to the system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 317
boot and actions specific to this mode will not be performed. Software Upgrade When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases that were maintained in the older release from when you performed the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 318
computed and installed without the need for any manual intervention in any of the following conditions: Converged Ethernet (RoCE) Overview This functionality is supported on the S6000 platform. RDMA is a lossless nature of disk input and output services. • Lossless connectivity: VMs require - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 319
for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the S6000 platform. All the frames in a Layer 2 VLAN are identified using a tag defined in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 320
against any single link/switch failure and thus provides for greater network uptime. Topics: • Protocol Overview • Implementing FRRP • FRRP Configuration • Troubleshooting FRRP • Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology. You can configure up to 255 rings - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 321
has been temporarily blocked and places it into a pre- forwarding state. When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the previously blocked ring ports on the newly restored port. Then the Transit node - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 322
In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 323
• Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) • Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. • Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 324
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 325
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 326
• The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1 Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 327
the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 328
• There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only. • Spanning Tree (if you enable it globally) must be disabled on both Primary and Secondary interfaces when you enable FRRP. • When the interface ceases to be a part of any FRRP process, if - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 329
Example of R3 TRANSIT interface TenGigabitEthernet 3/14 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 330
to register and deregister attribute values, such as VLAN IDs, with each other. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 331
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 332
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 333
no ip address switchport gvrp enable gvrp registration fixed 34-35 gvrp registration forbidden 45-46 no shutdown Dell(conf-if-te-1/21)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join - - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 334
IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports an unlimited number of groups. • Dell Networking systems cannot serve as an IGMP host or an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 335
leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 336
still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 337
Figure 44. IGMP Version 3-Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1 The first unsolicited report from the host indicates that it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 338
Figure 45. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1 Host 1 sends a message indicating it is leaving group 224.1.1.1 and that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 339
Figure 46. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1 Enable multicast routing using the ip multicast-routing command. 2 Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 340
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 341
Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1 225.1.2.1 TenGigabitEthernet 1/1 Mode IGMPV2 IGMPV2 Uptime 00:11:19 00:10:19 Expires 00:01:50 00:01:50 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 342
• Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 343
• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 344
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 345
association between applications and their port numbers. Table 32. Association Between Applications and Port Numbers Application Name Port Number SSH 22 Sflow-Collector 6343 Client Supported Supported Server Supported Internet Group Management Protocol (IGMP) 345 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 346
port for confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 347
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 348
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 349
• If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management application drop counter is incremented. • Whenever IP address is assigned to the management port, it is stored in a global variable in the IP stack, which is used for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 350
• EIS is enabled implies that EIS feature is enabled and the application might or might not be configured as a management application • EIS is disabled implies that either EIS feature itself is disabled or that the application is not configured as a management application Transit Traffic This - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 351
Protocol radius Sflow-collector Snmp (SNMP Mib response and SNMP Traps) ssh syslog tacacs telnet tftp icmp (ping and traceroute) Behavior when EIS is Enabled EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior for ICMP Behavior when EIS is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 352
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 353
and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state. Basic Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 354
• Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting 40G Ports without Reload • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 355
.10.10.1 TenGigabitEthernet 1/7 unassigned TenGigabitEthernet 1/8 unassigned TenGigabitEthernet 1/9 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 356
no ip address shutdown ! interface TenGigabitEthernet 2/7 no ip address shutdown ! interface TenGigabitEthernet 2/8 no ip address shutdown ! interface TenGigabitEthernet 2/9 no ip address shutdown Resetting an Interface to its Factory Default State You can reset the configurations applied on an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 357
configure on the management optic ports alone. Without any optic, if you configure the speed, the configuration is assigned as the port speed to support Provisioning through BMP. User viewable Logs: Logs for optic insertion and removal are same as QSFP optics. You can use the show inventory media - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 358
show interface transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id QSFP 0 Ext Id QSFP 0 Connector QSFP 0 Transceiver Code QSFP 0 Encoding QSFP 0 Length(SFM) Km QSFP 0 Length(OM3) 2m QSFP 0 Length(OM2) 1m QSFP 0 Length(OM1) 1m QSFP 0 Length(Copper) 1m QSFP 0 Vendor Rev = 0x0d = 0x00 = 0x0c = 0x04 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 359
Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 mode, use the show interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 360
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 361
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 362
If there are 2 RPMs on the system, each Management interface must be configured with a different IP address. Unless the management route command is configured, you can only access the Management interface from the local LAN. To access the Management interface from another LAN, the management route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 363
Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet. To configure an IP address for the port, use the following commands. There is no separate management routing table, so configure all routes in the IP routing table ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 364
show interface loopback number • Delete a Loopback interface. CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface. Null Interfaces The Null interface is another virtual interface. There is only one Null - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 365
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 366
Each port channel must contain interfaces of the same interface type/speed. Port channels can contain a mix of 1G/10G/40G. The interface speed that the port channel uses is determined by the first port channel member that is physically up. Dell Networking OS disables the interfaces that do not match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 367
interface port-channel id-number 2 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode. To place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 368
Dell# Te 1/13 (Up) Te 1/14 (Up) The following example shows the port channel's mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port-channel 20 Port- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 369
INTERFACE PORT-CHANNEL mode no channel-member interface 2 Change to the second port channel INTERFACE mode. INTERFACE PORT-CHANNEL mode interface port-channel id number 3 Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 370
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3 Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 371
Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command. • Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 372
-value For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change to another algorithm. CONFIGURATION mode Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 373
The show range command is available under Interface Range mode. This command allows you to display all interfaces that have been validated under the interface range context. The show configuration command is also available under Interface Range mode. This command allows you to display the running - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 374
Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface-range prompt. Example of the Interface-Range Prompt for Multiple Port Ranges Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigab 2/1 - 10 Dell(conf-if-range-te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 375
• Selects the interfaces range to be configured using the values saved in a named interface-range macro. CONFIGURATION mode interface range macro name Example of Using a Macro to Change the Interface Range Configuration Mode The following example shows how to change to the interface-range - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 376
unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the mode or viceversa without reload. • When a non-supported profile release is upgraded to a supported profile release, the fan-out configured ports get - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 377
The defaults ports are: 0,8,16,24,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,100,108,116,124 Example: stack-unit stack-unit-number quad-port-profile [default | list of ports] To display the Fan-out capability profile, use the following show command: show system stack-unit quad-port-profile - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 378
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: When you split a 40G port (such as fo 1/4) into four 10G ports, the 40G interface configuration is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 379
can use a copper SFP module on QSFP ports using a QSA adapter. Important Points to Remember • Starting from Dell OS 9.7(0.0), as part of dynamic fan-out support, only 96 ports can be split into 10G mode. Remaining eight ports stay in 40G. For more information, see Fanning out 40G Ports Dynamically - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 380
Example Scenarios Consider the following scenarios: • QSFP port 0 is connected to a QSA with SFP+ optical cables plugged in. • QSFP port 4 is connected to a QSA with SFP optical cables plugged in. • QSFP port 8 in fanned-out mode is plugged in with QSFP optical cables. • QSFP port 12 in 40 G mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 381
SFP 0 Diagnostic Information SFP 0 Rx Power measurement type SFP 0 Temp High Alarm threshold SFP 0 Voltage High Alarm threshold SFP 0 Bias High Alarm threshold = OMA = 0.000C = 0.000V = 0.000mA NOTE: In the following show interfaces tengigbitethernet transceiver commands, the ports 5,6, and 7 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 382
QSFP 0 Rx Power measurement type = OMA QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V QSFP 0 Bias High Alarm threshold = 0.000mA Dell#show interfaces tengigabitethernet 0/0 tengigabitethernet 0/0 is up, line protocol is up Hardware is DellEth, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 383
Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE LineSpeed 1000 Mbit Dell#show interfaces tengigabitethernet 0/8 TenGigabitEthernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 384
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 385
Dell#show interfaces dampening Tengigabitethernet 1/1 Interface Supp Flaps Penalty Half-Life Reuse State Te 1/1 Up 0 0 1 2 Dell# Suppress 3 Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 386
To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 387
The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause frames on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 388
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 389
5 Set the local port speed. INTERFACE mode speed {10 | 100 | 1000 | 10000 | auto} NOTE: If you use an active optical cable (AOC), you can convert the QSFP+ port to a 10 Gigabit SFP+ port or 1 Gigabit SFP port. You can use the speed command to enable the required speed. 6 Optionally, set full- or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 390
For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 391
displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Configuring the Interface Sampling Size Although you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 392
more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 393
the configuration files. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 394
! interface TenGigabitEthernet 1/2 no ip address shutdown ! interface TenGigabitEthernet 1/3 no ip address shutdown ! interface TenGigabitEthernet 1/4 no ip address shutdown ! interface TenGigabitEthernet 1/10 no ip address shutdown ! interface TenGigabitEthernet 1/34 ip address 2.1.1.1/16 shutdown - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 395
flash by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Interfaces 395 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 396
21 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 397
Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 398
if)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.11.1.1/24 no shutdown ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 399
----------S 2.1.2.0/24 S 6.1.2.0/24 S 6.1.2.2/32 S 6.1.2.3/32 S 6.1.2.4/32 S 6.1.2.5/32 S 6.1.2.6/32 S 6.1.2.7/32 S 6.1.2.8/32 S 6.1.2.9/32 S 6.1.2.10/32 S 6.1.2.11/32 S 6.1.2.12/32 S 6.1.2.13/32 S 6.1.2.14/32 S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- ------ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 400
is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages. feature is not supported on significantly high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 401
To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 402
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 403
the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 404
Internet 10.1.2.4 17 Dell# 08:00:20:b7:bd:32 Ma 1/1 Enabling Proxy ARP - CP By default, Proxy ARP is enabled. To disable Proxy ARP, use the no proxy-arp command in the interface mode. To re-enable Proxy ARP, use the following command. • Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 405
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 406
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 407
UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 408
! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged TenGigabitEthernet 1/2 no shutdown To view the configured broadcast address for an interface, use show interfaces command. Dell#show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 409
Figure 49. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 410
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 411
IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended address space • Stateless autoconfiguration • Header format simplification • Improved - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 412
of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 413
prefix-length) or 3K IPv6 route entries (greater than /64 prefix-length). You can configure the LPM table with one of the following partitions to support the IPv4 and IPv6 prefix route entries: • Partition 1: IPv6 128-bit LPM entries can be stored in this partition. IPv4 and 64-bit IPv6 entries - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 414
the header itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. 414 IPv6 Routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 415
Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 416
the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet's Source IP Address identifying the unknown option type. 416 IPv6 Routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 417
send an ICMP Parameter Problem, Code 2 message to to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 418
fe80::/64 subnet. Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system in the Dell Networking OS Command Line Interface Reference Guide. Extended Address Space IPv6 Neighbor Discovery Stateless Autoconfiguration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 419
support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting Problem - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 420
Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages assigned, it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 421
Figure 54. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 422
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 423
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 424
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 425
Telnet connection from the router. NOTE: Telnet to link local addresses is supported on the system. • Enter the IPv6 Address for the device. EXEC mode and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 426
Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options. EXEC mode or EXEC Privileged mode show ipv6 ? Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting information cam IPv6 CAM Entries fib IPv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 427
412::/64 onlink autoconfig Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::1:ff8b:386e ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 428
Destination Dist/Metric, Gateway, Last Change C 600::/64 [0/0] Direct, Te 1/24, 00:34:42 C 601::/64 [0/0] Direct, Te 1/24, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 1/24, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00:34:42 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 429
• mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 430
POLICY LIST CONFIGURATION mode router-lifetime value The router lifetime range is from 0 to 9,000 seconds. 11 Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12 Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value 13 Set the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 431
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing 431 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 432
provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies on iSCSI traffic. When enabled, iSCSI optimization allows to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 433
• iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier of congestion that would otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported. The following illustration shows iSCSI optimization between servers and a storage array in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 434
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 435
: %STKUNIT0-M:CP %LLDP-5-LLDP_EQL_DETECTED: EqualLogic Storage Array detected on interface Te 1/ 43 • At the first detection of an EqualLogic array, the maximum supported MTU is enabled on all ports and port-channels (if it has not already been enabled). • Spanning-tree portfast is enabled on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 436
Synchronizing iSCSI Sessions Learned on VLT-Lags with VLTPeer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 437
addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 438
in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2. You cannot disable LLDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 439
• remark: marks incoming iSCSI packets with the configured dot1p or DSCP value when they egress the switch. The default is: the dot1 and DSCP values in egress packets are not changed. 8 (Optional) Set the aging time for iSCSI session monitoring. CONFIGURATION mode [no] iscsi aging time time. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 440
3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0 Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0 Target: iqn. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 441
-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS- called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 442
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 443
recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You can configure the system as a Level 1 router, a Level 2 router, or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 444
Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 445
Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 446
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 447
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 448
} • adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. • manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 449
Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value Current Mode/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 450
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 451
wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs. Cost Range Supported on IS-IS Interfaces 0 to 63 0 to 16777215 0 to 63 0 to 63 0 to : System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 452
• default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 453
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 454
Enter the type of interface and the interface information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 455
• static: for user-configured routes. • bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 456
and Partial SNPs. • Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password The Dell OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 457
new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER ISIS mode set-overload-bit This setting prevents other routers from using it as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 458
the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 459
to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is but set back to 63 because the higher value is not supported. wide wide narrow narrow narrow narrow transition transition transition narrow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 460
Beginning Metric Style transition narrow transition narrow transition narrow transition narrow transition wide transition wide transition wide transition wide transition Final Metric Style wide transition wide narrow wide transition transition wide narrow narrow transition transition Moving to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 461
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 462
Figure 57. IPv6 IS-IS Sample Topography IS-IS Sample Configuration - Congruent Topology IS-IS Sample Configuration - Multi-topology IS-IS Sample Configuration - Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 463
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 464
25 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 465
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 466
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 467
Dell(conf-if-te-4/15-lacp)#port-channel 32 mode active ... Dell(conf)#interface TenGigabitethernet 4/16 Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 468
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 469
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 470
• If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 471
0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 472
Figure 61. Inspecting the LAG Configuration 472 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 473
Figure 62. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 473 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 474
Figure 63. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 475
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 476
Figure 64. Inspecting a LAG Port on BRAVO Using the show interface Command 476 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 477
Figure 65. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 477 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 478
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 479
26 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 480
Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 481
NOTE: The CAM-check failure message beginning in Dell Networking OS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 482
mac learning-limit station-move The mac learning-limit station-move command allows a MAC address already in the table to be learned from another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 483
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 484
mac-address-table disable-learning lacp • Disable source MAC address learning from LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning lldp • Disable source MAC address learning from LACP and LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning If you don't use any option, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 485
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 486
dynamic LAG, the backup interface can be a static or dynamic LAG In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 487
-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-3/41-42)#interface tengig 3/41 Dell(conf-if-te-3/41)#shutdown 00:24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 488
the interface to bring it back to an FEFD operational state. When you enable Aggressive mode on an interface in the same state, manual intervention is required to reset the interface. FEFD enabled systems (comprised of one or more interfaces) automatically switches between four different states - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 489
not received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface] Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 490
no shutdown 3 Enable fefd globally. CONFIGURATION mode fefd-global {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode. Dell#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is ' - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 491
Example of Viewing FEFD Configuration Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal 3 Unknown Debugging FEFD To debug FEFD, use the first command. To provide - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 492
with its peer 492 Layer 2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 493
27 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 494
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 72. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 495
to which a port belongs if the port is in Hybrid mode). Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV. Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the result of auto - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 496
LLDPMED framework. • LLDP-MED Network Connectivity Device - any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 497
formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 4 Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. 5 6 7 8 9 10 11 12-255 Location Identification - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 498
Capabilities 1 Network Policy 2 Location Identification 3 Extended Power via MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 52. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 499
8 9-255 Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 500
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 501
advertise disable end exit hello mode multiplier no show Advertise TLVs Disable LLDP protocol globally Exit from configuration mode Exit from LLDP configuration mode LLDP hello configuration LLDP mode configuration (default = rx and tx) LLDP multiplier configuration Negate a command or set its - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 502
management-interface 3 Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2 Enter LLDP management-interface mode. LLDP- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 503
• softphone-voice • streaming-video • video-conferencing • video-signaling • voice • voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 77. Configuring LLDP Viewing the LLDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 504
PDT 1999-2014 Existing System Capabilities: Repeater Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled 504 Link Layer Discovery Protocol (LLDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 505
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 506
! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 507
use the no debug lldp command. Figure 78. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 508
Table 54. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus msgTxHold msgTxInterval rxInfoTTL txInfoTTL Basic TLV Selection mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal statsFramesDiscardedTotal - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 509
TLV Type TLV Name TLV Variable 127 Port-VLAN ID PVID 127 Port and Protocol VLAN ID port and protocol VLAN supported System Local Remote Local Remote port and protocol VLAN enabled Local Remote PPVID Local LLDP MIB Object lldpLocPortDesc lldpRemPortDesc lldpLocSysName lldpRemSysName - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 510
TLV Type 127 TLV Name VLAN Name TLV Variable VID VLAN name length VLAN name System Remote Local Remote Local Remote Local Remote Table 57. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 1 LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote LLDP-MED Class Type - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 511
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System Local Remote Local Remote Local Remote Local Remote Local Remote Power Priority Local Remote Power Value Local - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 512
28 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 513
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering To provide transparent failover or balancing, Microsoft clustering allows multiple servers using Microsoft Windows to be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 514
There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets that use these ARP entries. Enabling a Switch for Multicast NLB To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 515
29 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 516
Figure 80. MSDP SA Message Format Topics: • Anycast RP • Implementation Information • Configure Multicast Source Discovery Protocol • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 517
active sources in the area of the other RPs. If any of the RPs fail, IP routing converges and one of the RPs becomes the active RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 518
Figure 81. Configuring Interfaces for MSDP 518 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 519
Figure 82. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 519 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 520
Figure 83. Configuring PIM in Multiple Routing Domains 520 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 521
Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP. CONFIGURATION mode ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 522
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 523
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the SA cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 524
Figure 85. MSDP Default Peer, Scenario 2 524 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 525
Figure 86. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 525 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 526
Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 527
229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 73 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 528
UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1 OPTIONAL: Cache sources that the SA filter denies in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 529
ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache MSDP Source-Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 530
SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 531
• traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for the group must, at least initially, travel over the same part of the network. You can load balance source registration between multiple RPs by strategically mapping groups to RPs, but this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 532
CONFIGURATION mode interface loopback 2 Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3 In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 533
interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 534
neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.11 ip msdp originator-id Loopback 1 ! ip route 192.168.0.3/32 10.11.0. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 535
no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 536
MSDP Sample Configuration: R3 Running-Config ip multicast-routing ! interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 1/1 ip address 10. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 537
30 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 538
and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. Configure Multiple Spanning Tree Protocol Configuring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 539
• Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 540
PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 541
spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 542
Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 543
The range is from 1 to 40. The default is 20. Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 544
For the default, refer to the default values shown in the table.. 2 Change the port priority of an interface. INTERFACE mode spanning-tree msti number priority priority The range is from 0 to 240, in increments of 16. The default is 128. To view the current values for these interface parameters, use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 545
of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 90. MSTP with Three VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 546
no shutdown ! interface TenGigabitEthernet 1/31 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 547
Router 3 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs. (Step 1) protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 548
no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 549
• Are there "extra" MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp ! protocol spanning-tree mstp name - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 550
across default and non-default virtual routing and forwarding (VRFs). The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Topics: • Enabling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 551
5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 552
NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 553
Figure 91. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 60. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 554
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 555
ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the system. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 556
Figure 92. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 62. Preventing a Source from Transmitting to a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 557
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 558
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 559
objects of interest, monitor their state, and report to a client when a change in an object's state occurs. The following tracked objects are supported: • Link status of Layer 2 interfaces • Routing status of Layer 3 interfaces (IPv4 and IPv6) • Reachability of IP hosts • Reachability of IPv4 and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 560
Figure 93. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 561
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 562
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 563
track object-id interface interface line-protocol Valid object IDs are from 1 to 65535. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 564
To configure object tracking on the routing status of a Layer 3 interface, use the following commands. 1 Configure object tracking on the routing status of an IPv4 or IPv6 interface. CONFIGURATION mode track object-id interface interface {ip routing | ipv6 routing} Valid object IDs are from 1 to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 565
In order for an route's reachability or metric to be tracked, the route must appear as an entry in the routing table. A tracked route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table. For example, when - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 566
(Optional) E-Series only: For an IPv4 route, you can enter a VRF name to specify the virtual routing table to which the tracked route belongs. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked route. OBJECT TRACKING mode delay {[up seconds] [down - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 567
track resolution {ip route | ipv6 route} {isis resolution-value | ospf resolution-value} The range of resolution values is: • ISIS routes - 1 to 1000. The default is 1. • OSPF routes - 1 to 1592. The efault is 1. 2 Configure object tracking on the metric of an IPv4 or IPv6 route. CONFIGURATION mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 568
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv6 route: Dell(conf)#track 8 ipv6 route 2::/64 metric threshold Dell(conf-track-8)#threshold metric up 30 Dell(conf-track-8)#threshold metric down 40 Displaying - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 569
IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 570
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 571
Figure 94. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 572
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 573
Figure 95. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 574
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 575
• Type 8: Link LSA (OSPFv3) - This LSA carries the IPv6 address information of the local links. • Type 9: Link Local LSA (OSPFv2), Intra-Area-Prefix LSA (OSPFv3) - For OSPFv2, this is a link-local "opaque" LSA as defined by RFC2370. For OSPFv3, this LSA carries the IPv6 prefixes of the router and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 576
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 577
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 578
impact adjacency stability in larger topologies. Multi-Process OSPFv2 with VRF Multi-process OSPF with VRF is supported on the Dell Networking OS. Only one OSPFv2 process per VRF is supported. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 579
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 580
-Convergence • Changing OSPFv2 Parameters on Interfaces • Enabling OSPFv2 Authentication • Creating Filter Routes • Applying Prefix Lists • Redistributing Routes • Troubleshooting OSPFv2 1 Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 581
(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 582
using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 583
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 584
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 585
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 586
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 587
Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 588
• Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds • seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 589
router-id • Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to force the primary RPM , refer to the Dell Networking OS Command Line Reference Guide. Open Shortest Path First (OSPFv2 and OSPFv3) 589 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 590
Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following. Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 591
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 592
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 593
Figure 97. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 - Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 594
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 595
ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a packet on an interface. INTERFACE mode ipv6 ospf interface-cost • interface-cost:The range is from 1 to 65535. Default cost is based on the bandwidth - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 596
• process-id: the process ID number assigned. • area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 597
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 598
• bgp | connected | static: enter one of the keywords to redistribute those routes. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. • route-map map-name: enter a name of a configured - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 599
graceful-restart mode [planned-only | unplanned-only] • Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM. During a planned - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 600
IPsec-compliant device decrypts each packet. NOTE: Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec. With IPsec The ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the IP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 601
refer to RFC 4303. In OSPFv3 communication, IPsec provides security services between a pair of communicating hosts or security gateways using either the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 602
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. 602 Open Shortest Path First (OSPFv2 and OSPFv3) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 603
• key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AESCBC - 32 or 64 hex digits for AES-128 and 48 or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 604
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 605
::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N Open Shortest Path First (OSPFv2 and OSPFv3) 605 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 606
: ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 607
Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 608
34 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 609
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 610
PBR Exceptions (Permit) To create an exception to a redirect list, use thepermit command. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. The Dell Networking OS assigns the first available sequence number to a rule configured without - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 611
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 612
the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 613
redirect-group xyz shutdown Dell(conf-if-gi-1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 614
to give you a guidance with typical configurations. You can copy and paste from these examples to your CLI. Make the necessary changes to support your own IP addresses, interfaces, names, and so on. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 615
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 616
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 617
seq 25 redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144, Track 4 [up], Next-hop reachable (via Vl 20) Applied interfaces: Te 2/28 Dell# Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 618
Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 619
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 620
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 621
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 622
TenGigabitEthernet 2/13 (10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11 TenGigabitEthernet 1/12 TenGigabitEthernet 2/13 --More-- Configuring S,G Expiry Timers By - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 623
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 624
INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 625
. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default. Configure PIM-SSM Configuring PIM-SSM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 626
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 627
Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 628
239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Never Member Ports: Te 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 629
port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 630
must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The platform supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 631
Example of Viewing a Monitoring Session In the example below, 0/25 and 0/26 belong to Port-pipe 1. This port-pipe has the same restriction of only four destination ports, new or used. Dell(conf-mon-sess-300)#do show mon session SessionID Source Destination Direction Mode Type ---- 0 Te 1/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 632
MONITOR SESSION mode source Example of Viewing Port Monitoring Configuration To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#$source ten 1/1 dest ten 1/2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 633
Figure 99. Port Monitoring Example Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. 1 Configure monitor QoS multicast queue ID. CONFIGURATION mode monitor multicast-queue queue-id Dell(conf)#monitor multicast-queue 7 2 Verify information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 634
port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 635
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 636
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 637
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 638
Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 639
Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 640
Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6 Dell(conf-mon-sess-3)#tagged destination te 1/6 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ----------- 1 remote-vlan 10 Te 1/4 N/A N/A N/A 2 remote-vlan 20 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 641
direction. • A flow-based source VLAN is monitored only for ingress traffic (not egress traffic). direction. Changes to Default Behavior • Rate-limiting ïs not supported for ERSPAN traffic. • You can configure the same port as both source and destination in an ERSPAN session. • You can configure TTL - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 642
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1-3 mac access-group flow in Only ingress packets are supported for mirroring shutdown 642 Port Monitoring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 643
attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM bytes of the header needs to be ignored/ chopped off. • Some tools support options to edit the capture file. We can make use of such features ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 644
b Using Python script • Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and forward - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 645
38 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree - developed by a third party - that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 646
three other variations of spanning tree, as shown in the following table. Table 65. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term Spanning Tree Protocol (STP) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 647
2 Place the interfaces in VLANs. 3 Enable PVST+. 4 Optionally, for load balancing, select a nondefault bridge-priority for a VLAN. Related Configuration Tasks • Modifying Global PVST+ Parameters • Modifying Interface PVST+ Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 648
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 649
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 650
The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 651
The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 652
Figure 104. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 653
no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 2/12 no ip address switchport no shutdown ! interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 654
how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 67. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 655
Ingress Egress Egress Egress Egress Egress Figure 105. Dell Networking QoS Architecture Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations Quality of Service (QoS) 655 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 656
Strict-Priority Queueing • Queue Classification Requirements for PFC Functionality • Support for marking dot1p value in L3 Input Qos Policy • Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 657
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 658
shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate shape 500 50 Dell(conf-if-te-1/1)#end 658 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 659
. Figure 106. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 660
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4 Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 661
4 Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class -maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 662
example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 663
should be reconfigured to the default dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: • ACK • FIN • SYN • PSH • scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 664
or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p Bandwidth to Queue Specifying WRED Drop Precedence 664 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 665
- Default Bandwidth Percentage for 8- Queue System 1% 2% 3% 4% 5% 10% 25% 50% NOTE: The system supports 8 data queues. When you assign a percentage to one queue, note that this change also affects the amount of bandwidth rate shape. rate-shape value committed value Quality of Service (QoS) 665 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 666
Map • Displaying Color Maps • Display Color Map Configuration Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 667
information on an interface interface: Enter the name of the interface that has the color policy configured. Examples for Displaying a DSCP Color Policy Quality of Service (QoS) 667 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 668
To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 669
POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on . The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Quality of Service (QoS) 669 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 670
Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 671
an ACL exists in the CAM rather than writing it to the CAM multiple times. • Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps 1 Create an output policy map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 672
, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast the strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue-based - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 673
for priority 2 which will be honored in switch A. You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 5 % Error: Dot1p marking is -in)#set ip-dscp 5 Dell Dell(conf-qos-policy-in)# Quality of Service (QoS) 673 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 674
, for example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. 674 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 675
Ingress Packets), all traffic defaults to green drop precedence. • Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred Quality of Service (QoS) 675 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 676
measures the size of the specified policy-map and compares it to the available CAM space in a partition for a specified port-pipe. 676 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 677
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) Specifying - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 678
random early detection (WRED) and Explicit Congestion Notification (ECN) functionality for backplane ports is supported on the Additionally, the feature to configure a weight for WRED and ECN functionality for front- . This best-effort network deployment is not suitable 678 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 679
shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. The platform supports four global service-pools in the egress direction. Two service pools are used- one for loss-based queues and the other for lossless (priority-based flow control (PFC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 680
SP-T Queue-based ECN marking above queue threshold. ECN marking to shared buffer limits of the service-pool and then packets are tail dropped. SP-T < Q-T Same as above but ECN marking queue are consumed. The platform supports four global service-pools in the egress direction. 680 Quality of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 681
in the egress direction. INTERFACE mode Dell(conf-if-te-0/8)#Service-class buffer shared-threshold-weight Guidelines for Configuring ECN for of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • ACK • FIN • SYN • PSH - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 682
! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map " through one or more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet. As - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 683
, all packets are considered as 'green' (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as 'yellow' alone will be provided. By default Dell Networking can be achieved using either of the two approaches. Quality of Service (QoS) 683 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 684
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 685
entire MMU space is shared across a maximum of 104 logical ports to support the egress admission-control functionality to implement scheduling and shaping on per-port system processes a PFC PAUSE frame. You can use the service-class buffer shared-threshold-weight queue0 ... queue7 number command in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 686
of the shared buffer for the queues you want. In this example, this setting is configured for queues 5 and 7. Dell(conf-if-te-1/1)#Service-class buffer shared-threshold-weight queue5 4 queue7 6 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 687
0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 Quality of Service (QoS) 687 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 688
variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 689
homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 690
CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange routing information. ROUTER RIP mode network ip-address Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 691
[120/1] via 29.10.10.12, 00:01:22, Fa 1/49 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 12.0.0.0/8 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 692
Assigning a Prefix List to RIP Routes Another method of controlling RIP (or any routing protocol) routing information is to filter the information through a prefix list. A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 693
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 694
The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 695
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 696
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 697
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 698
10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 699
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- R 10.11.10.0/24 via 10.11.20.2, Te 3/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 700
no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/1 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/2 ip address 10.11.20.1/24 no shutdown ! - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 701
is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Remote Monitoring (RMON) 701 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 702
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value eventnumber] falling-threshold - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 703
• number: assigned event number, which is identical to the eventIndex in the eventTable in the RMON MIB. The value must be an integer from 1 to 65,535 and be unique in the RMON Event Table. • log: (Optional) generates an RMON log entry when the event is triggered and sets the eventType in the RMON - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 704
• integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in the RMON History Table. • owner: (Optional) specifies the name of the owner of the RMON group of statistics. The default is a null-terminated string. • ownername: (Optional) records - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 705
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 75. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 706
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 707
• Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1 Enter PROTOCOL SPANNING TREE RSTP mode. CONFIGURATION mode protocol spanning-tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 708
Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.cbb4 Number of topology changes 4, last change occurred 00:02:17 ago on Te 1/26 Port 377 ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 709
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 710
• Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 711
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 712
• Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). • Disable global spanning tree (the no spanning-tree command in CONFIGURATION mode). To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface. INTERFACE mode spanning- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 713
43 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN) 713 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 714
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 715
process request. • stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 716
actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 717
For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to five authentication methods to a method list. Dell Networking OS evaluates the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 718
NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 719
-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and keys, use the following command. • Turn on the obscuring of passwords and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 720
to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 721
Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 722
CONFIGURATION mode enable password [level level] [encryption-mode] password Configure the optional and required parameters: • level level: specify a level from 0 to 15. Level 15 includes all levels. • encryption-type: enter 0 for plain text or 7 for encrypted text. • password: enter a string up to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 723
Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC no Negate a command show Show running system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 724
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 725
a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 726
Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list. Default method lists do not need to be explicitly applied to the line, so they are not mandatory. To create a method list, use the following commands. • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 727
• retransmit retries: the range is from 0 to 100. Default is 3. • timeout seconds: the range is from 0 to 1000. Default is 5 seconds. • key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 728
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 729
use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 730
closes the Telnet session immediately. The following example demonstrates how to configure the access-class from a TACACS+ server. This configuration ignores the configured access-class on the VTY line. If you have configured a deny10 ACL on the TACACS+ server, the system downloads it and applies it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 731
proposes a countermeasure to the problem. This countermeasure is configured into remote login and other secure network services over an insecure network. Dell Networking Networking OS Command Line Interface Reference Guide. Dell Networking OS SCP, which SCP client software is supported. To use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 732
RSA Authentication : disabled. Vty Encryption HMAC Dell(conf)# Remote IP To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 733
User name to login remote host: admin Password to login remote host: Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 734
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 735
cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 736
The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc. Example of Configuring a Cipher List The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 737
Using RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. 1 On the SSH client (Unix machine), generate an RSA key, as shown in the following example. 2 Copy the public key id_rsa.pub to the Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 738
-l User name option -m HMAC algorithm to use (for v2 clients only) -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 739
you use - line, local, or remote. Table 77. VTY Access Authentication Method Line Local TACACS+ RADIUS VTY access-class support? YES NO YES YES Username access-class support? NO YES NO NO Dell Networking OS provides several ways to configure access classes for VTY lines, including: • VTY Line - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 740
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 741
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 742
NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need to enter an enable password because you will be automatically placed in EXEC Priv mode. For greater security, the ability to view event, audit, and security system log is associated with user roles. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 743
login authentication test authorization exec test exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 744
permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles. Important Points to Remember - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 745
When you modify a command for a role, you specify the role, the mode, and whether you want to restrict access using the deleterole keyword or grant access using the addrole keyword followed by the command you are controlling access. For information about how to create new roles, see also Creating a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 746
The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode. Dell(conf)#role configure deleterole secadmin ? LINE Initial keywords of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 747
for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 748
privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 749
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 750
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 751
line route-map router Line Configuration mode Route map configuration mode Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 752
only 802.1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated, and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network. Even under ideal conditions, customers and the provider - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 753
Figure 110. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are Trunk Ports 2 Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3 Enabling VLAN-Stacking for a VLAN. Service Provider Bridging 753 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 754
provider bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3 Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 755
-1/1)#portmode hybrid Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)#vlan-stack trunk Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address Service Provider Bridging 755 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 756
at R4. The TPID on the outer tag is 0x9100. R2's TPID must also be 0x9100, and it is, so R2 forwards the frame. 756 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 757
the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Service Provider Bridging 757 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 758
Figure 111. Single and Double-Tag TPID Match 758 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 759
Figure 112. Single and Double-Tag First-byte TPID Match Service Provider Bridging 759 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 760
Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 761
Privilege mode. Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence Te 1/1 0 Green Te 1/1 1 Yellow Te 2/9 1 Red Te 2/10 0 Yellow Service Provider Bridging 761 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 762
CFI/DEI Te 1/1 Green 0 Te 1/1 Yellow 1 Te 2/9 Yellow 0 Te 2/10 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 763
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 764
the intermediate network might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). 764 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 765
MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Service Provider Bridging 765 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 766
tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode 766 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 767
processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Service Provider Bridging 767 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 768
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 769
any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling rate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 770
datagram depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 770 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 771
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 772
Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum header second bold lines indicate sFlow is enabled on Te 1/16 and Te 1/17 Dell#show sflow sFlow services are enabled 772 sFlow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 773
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 774
sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 775
output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 776
Table 79. Extended Gateway Summary IP SA IP DA static/connected/IGP static/connected/IGP static/connected/IGP BGP BGP static/connected/IGP BGP BGP srcAS and srcPeerAS - 0 - Exported Exported dstAS and dstPeerAS - Exported - Exported Exported Description Extended gateway data is not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 777
• MIB Support to Display the Software Core Files Generated by the System • Manage VLANs using SNMP • Managing Overload on Startup • Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Deriving Interface Indices • Monitor Port-Channels • Troubleshooting SNMP Operation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 778
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC 3826. The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 779
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 780
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 781
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 782
The following example shows reading the value of the many managed objects at one time. > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Real Time Operating System Software Dell Operating System Version: 1.0 Dell Application Software Version: E_MAIN4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 783
also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Dell Networking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 784
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 785
than or equal to 5 minutes. This restriction also applies to the console message. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, the SNMP trap is not sent. Simple Network Management Protocol (SNMP) 785 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 786
To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following command: CONFIGURATION MODE snmp-server enable traps snmp syslog-unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity, enter the following command: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 787
MIB Object copySrcFileLocation copySrcFileName copyDestFileType copyDestFileLocation copyDestFileName copyServerAddress copyUserName OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 .1.3.6.1.4.1.6027.3.5.1.1.1.1.6 .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 788
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 789
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 790
a 11.11.11.11 copyUserName.110 s mylogin copyUserPassword.110 s mypass FTOS-COPY-CONFIG-MIB::copySrcFileType.110 = INTEGER: runningConfig(2) FTOS-COPY-CONFIG-MIB::copyDestFileName.110 = STRING: /home/startup-config FTOS-COPY-CONFIG-MIB::copyDestFileLocation.110 = INTEGER: ftp(4) FTOS-COPY-CONFIG-MIB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 791
MIB Object copyTimeStarted copyTimeCompleted copyFailCause copyEntryRowStatus OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13 .1.3.6.1.4.1.6027.3.5.1.1.1.1.14 .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Values 3 = failed Time value Time value 1 = bad filename 2 = copy in progress 3 = - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 792
2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 793
MIB Object chSysCoresStackUnitNumber chSysCoresProcess OID 1.3.6.1.4.1.6027.3.10.1.2.10.1.4 1.3.6.1.4.1.6027.3.10.1.2.10.1.5 Description Contains information that includes which stack unit or processor the core file was originated from. Contains information that includes the process names that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 794
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 795
Example of Adding a Tagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as a tagged member of VLAN 10. >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 796
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 797
Example of Fetching MAC Addresses Learned on a Port-Channel Using SNMP Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number. MAC Addresses on Force10 System Dell( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 798
= INTEGER: 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 799
: IF-MIB::linkUp IF-MIB::ifIndex.1107755009 = INTEGER: 1107755009 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 800
• Remove Units or Front End Ports from a Stack • Troubleshoot a Stack Stacking Overview Dell Networking OS elects a management (master - the remaining units in the stack, also called stack members. The system supports up to six stack units. • Stack group - Each individual 40G port correspond - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 801
• Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Stack Master Election The stack elects a master and standby unit at - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 802
after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6-address | dhcp} Failover Roles If the stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 803
2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present [output omitted] Standalone#show system | grep priority Master priority : 0 -----------STACK BEFORE CONNECTION Stack#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 804
path selection inside the stack: If multiple paths exist between two units in the stack, the shortest path is used. Supported Stacking Topologies The device supports stacking in a ring or a daisy chain topology. Dell Networking recommends the ring topology when stacking the switches to provide - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 805
Example of Stack Manager Redundancy Management Access on Stacks You can access the stack via the console port or VTY line. • Console access - You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 806
the stack is running Dell Networking OS version9.7.0.0and the new unit is running an earlier software version, the new unit is put into a card problem state. • If the unit is running Dell Networking OS version 9.7.0.0 it is upgraded to use the same Dell Networking OS version as the stack, rebooted - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 807
the stack. 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3 Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack-unit-number renumber - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 808
CONFIGURATION mode stack-unit stack-unit-number priority priority 5 Assign a stack group for each unit. CONFIGURATION mode stack-unit stack-unit-id stack-group stack-group-id Begin with the first port on the management unit. Next, configure both ports on each subsequent unit. Finally, return to the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 809
up 6971 Speed in RPM Add Units to an Existing Stack You can add units to an existing stack in one of three ways. • By manually assigning a new unconfigured unit a position in an existing stack. • By adding a configured unit to an existing stack. • By merging two stacks. If you are adding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 810
a type mismatch error. After the new unit loads, it synchronizes its running and startup configurations with the stack. Manually Assigning a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps. 1 On the stack, determine the next - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 811
4 Member not present 5 Management online S6000 S6000 1-0(0-3666) 128 Adding a Configured Unit to an Existing Stack To add a configured unit to an existing stack, use the following commands. If a stack unit goes down and is removed from the stack, the logical provisioning configured for that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 812
• Dell Networking OS selects a master stack manager from the two existing managers based on the priority of the stack. • Dell Networking OS resets all the units in the losing stack; they all become stack members. • If there is no unit numbering conflict, the stack members retain their previous unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 813
Creating a Virtual Stack Unit on a Stack Use virtual stack units to configure ports on the stack before adding a new unit. • Create a virtual stack unit. CONFIGURATION mode stack-unit stack-unit-number provision S4048-ONS6000 Displaying Information about a Stack To display information about the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 814
2 0 up AC up 6656 2 1 up AC up 6688 -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 2 0 up up 7021 up 7072 2 1 up up 7021 up 7072 2 2 up up 7021 up 7021 Speed in RPM -- Unit 5 -- Unit Type : Management Unit Status : online Next Boot : online - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 815
-- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 2 0 up up 7072 up 6971 2 1 up up 7021 up 7021 2 2 up up 7021 up 6971 5 0 up up 7021 up 7123 5 1 up up 6971 up 7021 5 2 up up 7021 up 6971 Speed in RPM The following example shows the show system stack- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 816
stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. • Display redundancy Privilege mode reset-self • Reset a stack-unit when the unit is in a problem state. EXEC Privilege mode reset stack-unit unit-number {hard} Verify a Stack Configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 817
Number : 08R4VK Rev X00 Vendor Id : ZP Date Code : 01012011 Country Code : TW Piece Part ID : TW-08R4VK-75412-111-2941 PPID Revision : X00 Service Tag : NA Expr Svc Code : NA Auto Reboot : disabled Burned In MAC : 90:b1:1c:f4:a7:c7 No Of MACs : 3 -- Power Supplies -- Unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 818
up up Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions. • Removing a Unit from a Stack • Removing Front End Port Stacking Removing a Unit from a Stack The running-configuration and startup-configuration are synchronized - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 819
reboots. The units come up as standalone units after the reboot completes. Troubleshoot a Stack To troubleshoot a stack, use the following recovery tasks. • Recover from Stack Link Flaps • Recover from a Card Problem State on a Stack Recover from Stack Link Flaps Stack link integrity monitoring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 820
Example of Card Problem Error on a Stack - Different Dell Networking OS Versions Dell#show system brief Stack MAC Reload-Type : 90:b1:1c:f4:a7:c7 : normal-reload [Next - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 821
storm-control unknown-unicast [interface] command. EXEC Privilege Topics: • Configure Storm Control • PFC Storm Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 822
mode you can configure storm control for ingress and egress traffic. Do not apply per-virtual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on an interface or globally). • Configure storm control. CONFIGURATION mode • Configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 823
traffic through other ports and priorities are not affected. For more information about the above commands, see the Dell Networking OS Command Line Reference Guide. Restore Queue Drop State You can restore the queue drop triggered due to the storm control PFC detection to the normal state. Once the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 824
6 Te 0/3 3 4 5 6 Te 0/4 3 4 5 6 Te 0/5 3 4 5 6 Te 0/80 3 4 5 6 Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Normal Normal Normal Normal 14780 14780 14760 14760 14760 14760 14760 14740 14740 14740 14640 14540 14540 0 0 0 0 8686064 8682775 8690918 8690786 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 825
three other variations of spanning tree, as shown in the following table. Table 88. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 826
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 827
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 120. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 828
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 829
Figure 121. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 830
Topology change flag not set, detected flag not set Number of topology changes 3 last change occurred 0:16:11 ago from TenGigabitEthernet 2/3 Timers: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Times: hello 0, topology change 0, notification 0, aging Normal Port 289 ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 831
Table 89. STP Default Values STP Parameters Forward Delay Hello Time Max Age Port Cost • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • 40-Gigabit Ethernet interfaces • Port Channel with 100 Mb/s Ethernet interfaces • Port Channel with 1-Gigabit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 832
• Port priority - influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The default values are listed in Modifying Global Parameters. To change the port cost or priority of an interface, use the following commands. • Change the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 833
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 834
Figure 122. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. • drops the BPDU after it reaches the RP and generates a console - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 835
Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 836
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 837
• mstp: enables root guard on an MSTP-enabled port. • rstp: enables root guard on an RSTP-enabled port. • pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no spanning-tree 0 rootguard command in an interface configuration mode. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 838
per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 839
• Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 840
troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support information on SmartScripts, see Dell Networking Open Automation guide. Figure 125. SupportAssist NOTE: SupportAssist is Wizard • Configuring SupportAssist Manually • Configuring SupportAssist - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 841
data entry. Enable the SupportAssist service. CONFIGURATION mode support-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 842
. NOTE: This step is not mandatory and you can configure SupportAssist manually without performing this step. Even before you accept or reject the EULA activities and servers for the SupportAssist service. SUPPORTASSIST mode enable all Dell(conf)#support-assist Dell(conf-supportassist)#enable all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 843
mac-address-table" "show trace" "show command-history" "show logging" "show tech-support" } : "alarms_records", : "arp_records", : "ip_route_records", : "mac-address-table_records", : "trace_records", : "command_history_records", : "system_logging_records", : "tech-support_records" 3 Configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 844
allows you to configure name, address and territory information of the company. SupportAssist Company configurations are optional for the SupportAssist service. To configure SupportAssist company, use the following commands. 1 Configure the contact information for the company. SUPPORTASSIST mode [no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 845
[no] contact-person [first ] last Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 2 Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 846
feature status including any activities, status of communication, last time communication sent, and so on. EXEC Privilege mode show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 847
save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure. Dell SupportAssist also collects and stores - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 848
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF. Topics - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 849
Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 850
Figure 126. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 851
Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 852
CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 853
in dotted decimal format (A.B.C.D). • ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. • key keyid : Configure a text string as the key exchanged between the NTP server and the client. • prefer: Enter the keyword prefer to set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 854
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 855
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 856
CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 857
• Set the clock to the appropriate timezone and adjust to daylight saving time every year. CONFIGURATION mode clock summer-time time-zone recurring start-week start-day start-month start-time end-week end-day end-month end-time [offset] • time-zone: Enter the three-letter name for the time zone. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 858
. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • Configuring a Tunnel • Configuring Tunnel Keepalive Settings • Configuring a Tunnel Interface • Configuring Tunnel Allow-Remote Decapsulation • Configuring Tunnel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 859
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 860
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 861
Receive-Only Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination. • The IP MTU configured on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 862
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 863
VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-based VLANs and one default VLAN, as specified in Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 864
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 865
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 866
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 867
interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1 Po1(So 0/0-1) Te 1/2 Po1(So 0/0-1) When you remove a tagged interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 868
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 869
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 870
the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: • Proxy Gateway in VLT Domains • Configuring a Static VLT Proxy Gateway • Configuring an LLDP VLT Proxy Gateway Proxy Gateway in VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 871
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 872
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 873
• The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. • You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 874
Figure 129. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 875
Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address exclude-vlan 10 • Packet duplication may happen with "Exclude-VLAN" configuration - Assume you used the exclude-vlan option (called VLAN 10) in C - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 876
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 877
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 878
Figure 131. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 879
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 880
. • A VLT interconnect over 1G ports is not supported. • The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. • The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. • VLT peer switches operate as separate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 881
. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). • In a VLT domain, ingress and egress QoS policies are supported on physical VLT ports, which can be members of VLT port channels in the domain. • Ingress and egress QoS policies applied on VLT ports must - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 882
ports: 802.1p, LLDP, flow control, IPv6 dynamic routing, port monitoring, and jumbo frames. • Software features not supported with VLT • In a VLT domain, the following software features are not supported on VLT ports: 802.1x, DHCP snooping, FRRP, GVRP, ERSPAN, RSPAN, VXLAN, ingress and egress QOS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 883
node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or the VLT peer node. VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 884
that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 885
Figure 132. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 886
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 887
vlt domain domain-id 2 Enable peer-routing. VLT DOMAIN mode peer-routing 3 Configure the peer-routing timeout. VLT DOMAIN mode peer-routing-timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 888
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 889
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the address. 3 Configure a backup link for the VLT domain. 4 (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 890
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 891
back-up destination {ipv4-address | ipv6-address} [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. VLT DOMAIN CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 892
To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. For more information, refer to VLT Port Delayed Restoration. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1 Enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 893
To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the unit ID assigned - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 894
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 Enter the port-channel number that acts as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 895
back-up destination ip-address [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 6 When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 896
port-channel-protocol lacp 14 Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 15 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 897
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 898
2 Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vlt- peer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 899
channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:31 Te 1/18 (Up) PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 900
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 90b1.1cf4.9b79 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 90b1.1cf4.9b79 We are the root of Vlan 1000 Configured hello time 2, max age 20, forward delay 15 Interface Name PortID - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 901
Figure 133. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 902
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 903
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 904
EXEC mode show vlt role • Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode show running-config vlt • Display statistics on VLT operation. EXEC mode show vlt statistics • Display the RSTP configuration on a VLT peer switch, including the status of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 905
Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : 6(3) : 00:01:e8:8a:e9:91 : 00:01:e8:8a:e9:76 : 6(3) : 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 60 seconds : - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 906
HeartBeat Messages Received: 986 ICL Hello's Sent: 148 ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 907
Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 908
-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/48,52 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 909
Description Spanning tree mismatch at global level Behavior at Peer Up All VLT port channels go down on both VLT peers. A syslog error message is generated. Behavior During Run Time No traffic is passed on the port channels. A one-time informational syslog message is generated. Action to Take - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 910
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 911
PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not made a part of that VLAN. MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 912
Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN. • The ARP request packet originates on the primary VLAN for the intended destination IP address. The ARP request received on ICLs are not proxied, even if they are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 913
VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section describe how to configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 914
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 4 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5 To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 915
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 916
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 917
routing timeout value command. You can configure an optimal time for a VLT node to retain synced multicast routes or synced multicast outgoing interface (OIF), after a VLT peer node failure, using the multicast peer-routing-timeout command in VLT DOMAIN mode. Using the bootstrap router (BSR) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 918
no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 919
back-up destination 10.16.151.115 system-mac mac-address 00:00:00:11:11:11 unit-id 1 Dell# Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 920
Dell# V Po1(Te 1/30-32) 920 Virtual Link Trunking (VLT) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 921
58 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN from the NVP Controller GUI • Configuring VxLAN Gateway • Displaying VXLAN Configurations • VXLAN Service nodes for BFD Virtual Extensible LAN (VXLAN) 921 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 922
and logical network based on messages from the NVP. • Advertises MACs learnt on south-facing VXLAN capable-ports to the NVP client. VXLAN Hypervisor Service Node(SN) Legacy TOR It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. It - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 923
Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1 Provides connectivity between a Virtual server infrastructure and a Physical server infrastructure. 2 Provides the functions performed by a VTEP in a virtual server infrastructure. The functions - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 924
• Source Address : It is the source MAC address of the router that routes the packet. • VLAN: It is optional in a VXLAN implementation and will be designated by an ethertype of 0×8100 and has an associated VLAN ID tag. • Ethertype: It is set to 0×0800 because the payload packet is an IPv4 packet. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 925
Hypervisor Figure 137. Edit Hypervisor Figure 138. Create Transport Connector 2 Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 926
Figure 139. Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of the user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 927
For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the 2 vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 928
fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller, use the following command. In - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 929
Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command. Dell# show vxlan vxlan-instance unicast-mac-local Total Local Mac Count: 5 VNI MAC PORT VLAN 4656 4656 4656 4656 4656 00:00:02:00:03:00 00:00:02:00:03:01 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 930
. Dell# show vxlan vxlan-instance unicast-mac-remote Total Local Mac Count: 1 VNI MAC TUNNEL 4656 00:00:01:00:00:01 36.1.1.1 VXLAN Service nodes for BFD When multiple service nodes are available for a given Logical Network, Network Virtualization Overlay (NVO) gateway picks one of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 931
LocalAddr * 1.0.1.1 * 3.3.3.3 * 3.3.3.3 * 3.3.3.3 * 3.3.3.3 * 3.3.3.3 RemoteAddr 1.0.1.2 192.168.122.135 192.168.122.136 192.168.122.137 192.168.122.138 192.168.122.139 Interface State Rx-int Tx-int Mult Clients Te 1/49/1 Up 200 200 3 B Te 1/38 Up 1000 1000 3 VT Te 1/42 Up 1000 1000 3 VT Te 1/43 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 932
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 933
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 934
-VRF ports. Yes Yes No No No No Yes No Yes NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non-default-VRFs also. IPv6 ACLs are supported on default-VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. No Yes Yes No No Yes No No - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 935
IPv6 capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF Yes Yes No No No Yes Yes Yes No No Yes Yes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 936
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 937
the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 938
Task View VRRP command output for the VRF vrf1 Command Syntax vrrp-group 10 virtual-address 10.1.1.100 no shutdown show vrrp vrf vrf1 TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 939
displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route • Configure a static route that points to a management interface. CONFIGURATION management - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 940
Figure 145. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 941
no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 942
interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 943
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 944
----------- C 1.0.0.0/24 O 10.0.0.0/24 C 11.0.0.0/24 ------Direct, Vl 128 via 1.0.0.1, Vl 128 Direct, Te 2/1 ----------0/0 110/2 0/0 ----------00:27:21 00:14:24 00:19:46 Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 945
that particular prefix will fail and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes. The source route will VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRF-Blue but not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 946
3 Configure VRF-red. ip vrf vrf-red interface-type slot/port ip vrf forwarding VRF-red ip address ip-address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4 Configure the import target in VRF-red. ip route-import 1:1 5 Configure the export target in VRF- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 947
ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11 0/0 00:00:10 22:39:59 Dell# show ip route vrf VRF- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 948
• If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG ("Duplicate prefix found %s in the target VRF %d", address, import_vrf_id) with The type/level is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 949
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. Virtual Routing and Forwarding (VRF - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 950
• You can expose a unique set of routes from the Source VRF for Leaking to other VRFs. For example, in VRF-red there is no option for exporting one set of routes (for example, OSPF) to VRF- blue and another set of routes (for example, BGP routes) to some other VRF. Similarly, when two VRFs leak or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 951
the Internet. Router B receives and forwards them on interface TenGigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 952
on the interface. You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet. Z-Series supports a total of 255 VRRP groups on a switch. The total number of VRRP groups per system should be less than 512. The following recommendations shown - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 953
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 954
no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 955
2 Set the master switch to VRRP protocol version 3. Dell_master_switch(conf-if-te-1/1-vrid-100)#version 3 3 Set the backup switches to version 3. Dell_backup_switch1(conf-if-te-1/1-vrid-100)#version 3 Dell_backup_switch2(conf-if-te-1/2-vrid-100)#version 3 Assign Virtual IP addresses Virtual routers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 956
NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 957
same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 958
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 959
• Change the advertisement interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second. • For VRRPv3, change the advertisement centisecs interval setting. INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 960
For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 961
The following example shows verifying the tracking status. Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is TenGigabitEthernet 1/3 Tracked by: VRRP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 962
the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 963
Figure 147. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 964
TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 965
Figure 148. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 966
R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1)#end R2#show vrrp TenGigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 967
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 968
Figure 149. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 969
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 970
VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#no ip address S1(conf-if-te-1/1)#switchport S1(conf-if-te-1/1)#no shutdown ! S1(conf-if-te-1/1)#interface vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 971
VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 1/1 S2(conf-if-te-1/1)#no ip address S2(conf-if-te-1/1)#switchport S2(conf-if-te-1/1)#no shutdown ! S2(conf-if-te-1/1)#interface vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 972
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. 972 Virtual Router Redundancy Protocol (VRRP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 973
NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface tengigabitethernet 1/1 R2(conf-if- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 974
Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 0/0 TenGigabitEthernet 0/0, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 975
Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Virtual Router Redundancy Protocol (VRRP) 975 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 976
61 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 977
3 Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-1.txt Diags completed... Rebooting the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 978
[163]: ERROR: platform cpld cache disabled ioctl failed, rv: 9 S6000 DIAGNOSTICS Board CPU Version Stack Unit Board Temp Stack Unit Number Board Service Tag System Cpld Rev Master Cpld Rev Slave Cpld Rev Image Build Version : S6000 Dell Inc. : Intel Centerton Processor : 32 Degree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 979
Test 5 - Psu Status Monitor Test NOT PRESENT Test 6.000 - Psu0 Fan Speed Monitor Test PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 6.001 - Psu1 Fan Speed Monitor Test NOT PRESENT Test 6 - Psu Fan Speed Monitor Test NOT PRESENT Test 7.000 - Psu0 Fan Status Monitor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 980
a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information directory. NOTE: Non-management member units do not support this functionality. Hardware Watchdog Timer The hardware watchdog command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 981
QSFP 52 Temp High Alarm threshold QSFP 52 Voltage High Alarm threshold QSFP 52 Bias High Alarm threshold QSFP 52 RX Power High Alarm threshold QSFP 52 Temp Low Alarm threshold QSFP 52 Voltage Low Alarm threshold QSFP 52 Bias Low Alarm threshold QSFP 52 RX Power Low Alarm threshold QSFP 52 Temp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 982
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 983
going from the FP to the CSF IDP links. 3 Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 984
• Dynamic Pool= Total Available Pool(16384 cells) - Total Dedicated Pool = 5904 cells • Oversubscription ratio = 10 • Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 151. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 985
BUFFER PROFILE mode buffer dedicated • Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE mode buffer packet-pointers • Apply the buffer profile to a line card. CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 986
256 Using a Pre-Defined Buffer Profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, non-quality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications. You must reload the system for the global buffer profile to take - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 987
profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 988
• show hardware drops interface interface • clear hardware stack-unit stack-unit-number counters • clear hardware stack-unit stack-unit-number unit 0-1 counters • clear hardware stack-unit stack-unit-number cpu data-plane statistics • clear hardware stack-unit stack-unit-number cpu party-bus - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 989
HOL DROPS on COS3 : 0 HOL DROPS on COS4 : 0 HOL DROPS on COS5 : 0 HOL DROPS on COS6 : 0 HOL DROPS on COS7 : 0 HOL DROPS on COS8 : 0 HOL DROPS on COS9 : 0 HOL DROPS on COS10 : 0 HOL DROPS on COS11 : 0 HOL DROPS on COS12 : 0 HOL DROPS on COS13 : 0 HOL DROPS on COS14 : 0 HOL - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 990
rxPkt(UNIT0) :773 transmitted :12698 txRequested :12698 noTxDesc :0 txError :0 txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0 ) :0 txPkt(COS1 ) :0 txPkt(COS2 ) :0 txPkt(COS3 ) :0 txPkt(COS4 ) :0 txPkt(COS5 ) :0 txPkt(COS6 ) :0 txPkt(COS7 ) :0 txPkt(COS8 ) :0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 991
RX - IPV4 L3 Unicast Frame Counter RX - IPV4 L3 routed multicast Packets RX - IPV6 L3 Unicast Frame Counter RX - IPV6 L3 routed multicast Packets RX - Unicast Packet Counter RX - 64 Byte Frame Counter RX - 64 to 127 Byte Frame Counter RX - 128 to 255 Byte Frame Counter RX - 256 to 511 Byte Frame - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 992
RX - Unicast Packet Counter 0 RX - 64 Byte Frame Counter 0 RX - 64 to 127 Byte Frame Counter 0 RX - 128 to 255 Byte Frame Counter 0 RX - 256 to 511 Byte Frame Counter 0 RX - 512 to 1023 Byte Frame Counter 0 RX - 1024 to 1518 Byte Frame Counter 0 RX - 1519 to 1522 Byte Good VLAN Frame - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 993
dumps. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 994
- Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 995
tcpdump cp [capture-duration time | filter expression | max-file-count value | packet-count value | snap-length value | write-to path] Debugging and Diagnostics 995 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 996
describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 997
Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 97. General 2460 Internationalization of the File Transfer Protocol 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 998
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 98. General IPv4 Protocols R Full Name F C # Z-Series 79 Internet Protocol 1 79 Internet Control 2 Message Protocol 82 An Ethernet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 999
a 28 Variant of the Tiny Fragment Attack S-Series 7.6.1 7.6.1 7.7.1 7.8.1 7.8.1 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 99. General IPv6 Protocols RF Full Name C# Z-Series 188 DNS 6 Extensions to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1000
S-Series 7.8.1 8.3.12.0 7.8.1 8.3.12.0 7.8.1 7.8.1 8.3.12.0 8.3.12.0 8.3.12.0 Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 100. Border Gateway Protocol (BGP) RFC# Full Name 1997 BGP ComAmtturnibituitees 2385 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1001
Gateway Protocol 4 (BGP-4) 7.8.1 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 101. Open Shortest Path First (OSPF) RFC# Full Name 1587 The OSPF Not-So-Stubby Area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1002
4191 Default Router Preferences and More-Specific Routes S-Series 7.8.1 7.8.1 8.3.12.0 Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 104. Multicast RFC# Full Name 1112 Host Extensions for IP Multicasting 2236 Internet Group - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1003
Protocol Specification (Revised) S-Series 7.8.1 7.8.1 SSM for IPv4 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 105. Network Management RFC# 1155 1156 1157 1212 1215 1493 1724 1850 1901 2011 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1004
Table, Ethernet History Control Table, Ethernet History Table, Alarm Table, Event Table, Log Table The Interfaces Group MIB 7.6.1 Remote Authentication Dial In User Service (RADIUS) 7.6.1 Remote Network Monitoring Management Information 7.6.1 Base for High Capacity Networks (64 bits): Ethernet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1005
for High Capacity 7.6.1 Alarms, High-Capacity Alarm Table (64 bits) IEEE 802.1X Remote Authentication Dial In User 7.6.1 Service (RADIUS) Usage Guidelines Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) Textual Conventions - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1006
that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) Force10 C-Series Enterprise Chassis MIB Force10 Enterprise IF Extension MIB (extends the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.100.1 - Page 1007
https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance. Standards Compliance 1007
Dell
Configuration
Guide for the S6000 System
9.10(0.1)