Dell PowerSwitch S6000 Configuration Guide for the S6000 System 9.80.0
Dell PowerSwitch S6000 Manual
View all Dell PowerSwitch S6000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S6000 manual content summary:
- Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 1
Dell Configuration Guide for the S6000 System 9.8(0.0) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 3
Contents 1 About this Guide...32 Audience...32 Conventions...32 Related Documents...32 2 Configuration Fundamentals 33 Accessing the Command Line...33 CLI Modes...33 Navigating CLI Modes...35 The do - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 4
a UNIX Logging Facility Level...66 Synchronizing Log Messages...67 Enabling Timestamp on Syslog Messages...68 File Transfer Services...68 Configuration Task List for File Transfer Services...68 Enabling the FTP Server...68 Configuring FTP Server Parameters...69 Configuring FTP Client Parameters...69 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 5
The Port-Authentication Process...78 EAP over RADIUS...79 Configuring 802.1X...80 Related Configuration Tasks...80 Important Points to Remember...80 Enabling 802.1X...81 Configuring Request Identity Re-Transmissions...82 Configuring a Quiet Period after a Failed Authentication 83 Forcibly - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 6
136 Configure BFD for VRRP...142 Configuring Protocol Liveness...145 Troubleshooting BFD...145 8 Border Gateway Protocol IPv4 (BGPv4 147 Implement BGP with Dell Networking OS...157 Additional Path (Add-Path) Support...157 Advertise IGP Cost as MED for Redistributed Routes 157 Ignore Router - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 7
AS Number Migration...160 BGP4 Management Information Base (MIB)...161 Important Points to Remember...161 Configuration Information...162 BGP Configuration...162 Enabling BGP...163 Configuring AS4 Number Representations...166 Configuring Peer Groups...168 Configuring BGP Fast Fall-Over...170 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 8
CAM-ACL Settings...207 View CAM Usage...209 CAM Optimization...209 Troubleshoot CAM Profiling...209 CAM Profile Mismatches...209 QoS CAM Region Limitation... ...230 Configuration Example for DSCP and PFC Priorities...231 SNMP Support for PFC and Buffer Statistics Tracking 231 Performing PFC Using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 9
Gateway...265 Configure a Method of Hostname Resolution...265 Using DNS for Address Resolution...265 Using NetBIOS WINS for Address Resolution...265 Creating Manual Binding Entries...265 Debugging the DHCP Server...266 Using DHCP Clear Commands...266 Configure the System to be a DHCP Client...266 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 10
Paths...280 Creating an ECMP Group Bundle...281 Modifying the ECMP Group Threshold...281 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table 282 Support for ECMP in host table...282 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes 283 14 FCoE Transit...284 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 11
310 Setting the FRRP Timers...311 Clearing the FRRP Counters...311 Viewing the FRRP Configuration...311 Viewing the FRRP Information...311 Troubleshooting FRRP...312 Configuration Checks...312 Sample Configuration and Topology...312 17 GARP VLAN Registration Protocol (GVRP 314 Important Points to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 12
IGMP Protocol Overview...318 IGMP Version 2...318 IGMP Version 3...319 Configure IGMP...322 Related Configuration Tasks...322 Viewing IGMP Enabled Interfaces...323 Selecting an IGMP Version...323 Viewing IGMP Groups...323 Viewing IGMP Snooping Groups...324 Adjusting Timers...324 Adjusting Query and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 13
Configuring Layer 3 (Interface) Mode...341 Egress Interface Selection (EIS)...342 Important Points to Remember...342 Configuring EIS...342 Management Interfaces...343 Configuring Management Interfaces...343 Configuring Management Interfaces on the S-Series 343 VLAN Interfaces...344 Loopback - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 14
Configure the MTU Size on an Interface...367 Port-Pipes...368 Auto-Negotiation on Ethernet Interfaces...368 Setting the Speed and Duplex Mode of Ethernet Interfaces 368 Set Auto-Negotiation Options...369 View Advanced Interface Information...370 Configuring the Interface Sampling Size...371 Dynamic - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 15
with No Configured Broadcast Addresses 391 Troubleshooting UDP Helper...392 21 IPv6 Routing (LPM) Table and IPv6 /65 - /128 support 394 IPv6 Header Fields...395 Extension Header Fields...397 Traffic Flows...414 Application of Quality of Service to iSCSI Traffic Flows 414 Information Monitored - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 16
System 422 IS-IS Protocol Overview...422 IS-IS Addressing...422 Multi-Topology IS-IS...423 Transition Mode...423 Interface Support...423 Adjacencies...423 Graceful Restart...424 Timers...424 Implementation Information...424 Configuration Information...425 Configuration Tasks for IS-IS...425 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 17
Configure a LAG on ALPHA...451 25 Layer 2...459 Manage the MAC Address Table...459 Clearing the MAC Address Table...459 Setting the Aging Time for Dynamic Entries...459 Configuring a Static MAC Address...459 Displaying the MAC Address Table...460 MAC Learning Limit...460 Setting the MAC Learning - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 18
Configuring Transmit and Receive Mode...484 Configuring a Time to Live...485 Debugging LLDP...486 Relevant Management Objects...486 27 Microsoft Network Load Balancing 491 NLB Unicast Mode Scenario...491 NLB Multicast Mode Scenario...491 Limitations of the NLB Feature...492 Microsoft Clustering... - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 19
Configure Multiple Spanning Tree Protocol...520 Related Configuration Tasks...520 Enable Multiple Spanning Tree Globally...521 Adding and Removing Interfaces...521 Creating Multiple Spanning Tree Instances...521 Influencing MSTP Root Selection...522 Interoperate with Non-Dell Networking OS Bridges - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 20
-Interface...578 Redistributing Routes...579 Configuring a Default Route...579 Enabling OSPFv3 Graceful Restart...579 OSPFv3 Authentication Using IPsec...582 Troubleshooting OSPFv3...588 33 Policy-based Routing (PBR 589 Overview...589 Implementing Policy-based Routing with Dell Networking OS 590 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 21
629 Configuring an EdgePort...630 PVST+ in Multi-Vendor Networks...630 Enabling PVST+ Extend System ID...631 PVST+ Sample Configurations...631 38 Quality of Service (QoS 634 Implementation Information...635 Port-Based QoS Configurations...636 Setting dot1p Priorities for Incoming Traffic...636 21 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 22
Priority Queueing...650 Queue Classification Requirements for PFC Functionality 650 Support for marking dot1p value in L3 Input Qos Policy 651 Rate Shaping...655 Configuring Weights and ECN for WRED ...656 Global Service Pools With WRED and ECN Settings 656 Configuring WRED and ECN Attributes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 23
Configuring an RMON Event...679 Configuring RMON Collection Statistics...680 Configuring the RMON Collection History...680 41 Rapid Spanning Tree Protocol (RSTP 682 Protocol Overview...682 Configuring Rapid Spanning Tree...682 Related Configuration Tasks...682 Important Points to Remember...682 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 24
List...710 Secure Shell Authentication...710 Troubleshooting SSH...713 Telnet...713 VTY Line and Access-Class Configuration...713 VTY Line Local Authentication and Authorization...713 VTY Line Remote Authentication and Authorization 714 VTY MAC-SA Filter Support...714 Role-Based Access Control - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 25
...763 Obtaining a Value for MIB Objects...764 MIB Support to Display the Available Memory Size on Flash 765 Viewing the Available Flash Memory Size... 765 MIB Support to Display the Software Core Files Generated by the System 765 Viewing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 26
MAC Addressing on S-Series Stacks...775 Stacking LAG...776 Supported Stacking Topologies...777 High Availability on S-Series Stacks...777 Front End Port Stacking...792 Troubleshoot an S-Series Stack...792 Recover from Stack Link Flaps...793 Recover from a Card Problem State on an S-Series Stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 27
Related Configuration Tasks...796 Important Points to Remember...796 Configuring Interfaces for Layer 2 Mode...797 Enabling Spanning Tree Protocol Globally...798 Adding an Interface to the Spanning Tree Group...800 Modifying Global Parameters...800 Modifying Interface STP Parameters...801 Enabling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 28
...842 RSTP and VLT...843 VLT Bandwidth Monitoring...843 VLT and IGMP Snooping...843 VLT IPv6...843 VLT Port Delayed Restoration...844 PIM-Sparse Mode Support on VLT...844 VLT Routing ...846 Non-VLT ARP Sync...848 RSTP Configuration...848 Preventing Forwarding Loops in a VLT Domain...848 Sample RSTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 29
(VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer 2)Verifying a PortChannel Connection to a VLT Domain (From an Attached Access Switch 866 Troubleshooting VLT...868 Reconfiguring Stacked Switches as VLT...869 Specifying VLT Nodes in a PVLAN...869 Association of VLTi as a Member of a PVLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 30
Buffer Tuning...937 Deciding to Tune Buffers...938 Using a Pre-Defined Buffer Profile...941 Sample Buffer Profile Configuration...941 Troubleshooting Packet Loss...942 Displaying Drop Counters...942 Dataplane Statistics...945 Display Stack Port Statistics...946 Display Stack Member Counters...946 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 31
Enabling TCP Dumps...952 60 Standards Compliance 953 IEEE Compliance...953 RFC and I-D Compliance...954 General Internet Protocols...954 General IPv4 Protocols...954 General IPv6 Protocols...955 Border Gateway Protocol (BGP)...956 Open Shortest Path First (OSPF)...956 Intermediate System to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 32
protocols, refer to related documentation, including IETF requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Audience This document is intended - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 33
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 34
configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, or 10 Gigabit Ethernet, or synchronous optical network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 35
uBoot ROUTER OSPFV3 ROUTER RIP SPANNING TREE TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 36
CLI Command Mode VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE Plus PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 37
CLI Command Mode ECMP EIS FRRP LLDP LLDP MANAGEMENT INTERFACE LINE MONITOR SESSION OPENFLOW INSTANCE PORT-CHANNEL FAILOVER-GROUP PRIORITY GROUP PROTOCOL GVRP QOS POLICY VLT DOMAIN VRRP u-Boot UPLINK STATE GROUP Prompt Access Command Dell(conf-ecmp-group-ecmpgroup-id)# ecmp-group Dell(conf-mgmt- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 38
Reload-Type : normal-reload [Next boot : normal-reload] -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 39
Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • To list the keywords available in the current mode, enter ? at the prompt or after a keyword. • Enter ? after a prompt lists all of the available keywords. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 40
Short-Cut Key Combination CNTL-N CNTL-P CNTL-R CNTL-U CNTL-W CNTL-X CNTL-Z Esc B Esc F Esc D Action Return to more recent commands in the history buffer after recalling commands with CTRL-P or the UP arrow key. Recalls commands, beginning with the last command. Re-enters the previous command. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 41
Example of the except Keyword Dell#show system brief | except 0 Slot Status NxtBoot ReqTyp CurTyp Version Ports 2 not present 3 not present 4 not present 5 not present 6 not present The find keyword displays the output of the show command beginning from the first occurrence of specified text. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 42
• On the system that telnets into the switch, this message appears: % Warning: The following users are currently configuring the system: User "" on line console0 • On the system that is connected over the console, this message appears: % Warning: User "" on line vty0 "10.11.130 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 43
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 44
• 8 data bits • 1 stop bit • No flow control Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 45
• You can manage all Dell Networking products in-band via the front-end data ports through interfaces assigned an IP address as well. Accessing the System Remotely Configuring the system for remote access is a three-step process, as described in the following topics: 1. Configure an IP address for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 46
* 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 47
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 48
the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on the device. Refer to your system's Release Notes for a list of approved USB vendors. Example of Copying a File to current File System - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 49
after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide. Viewing Files You can only view file information and content on local file systems. To view a list of files or the contents of a file - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 50
2 drwx 512 Jul 23 2007 00:38:44 .. 3 drw- 8192 Mar 30 1919 10:31:04 TRACE_LOG_DIR 4 drw- 8192 Mar 30 1919 10:31:04 CRASH_LOG_DIR 5 drw- 8192 Mar 30 1919 10:31:04 NVTRACE_LOG_DIR 6 drw- 8192 Mar 30 1919 10:31:04 CORE_DUMP_DIR 7 d--- 8192 Mar 30 1919 10:31:04 ADMIN_DIR 8 -rw- 33059550 Jul - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 51
-config. • To copy a file on the external FLASH, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services are enhanced to support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 52
even if no VRF is configured on that interface NOTE: If the HTTP service is not VRF-aware, then it uses the global routing table to perform You can compare the displayed hash against the appropriate hash published on i-Support. Optionally, the published hash can be included in the verify {md5 | - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 53
Examples: Without Entering the Hash Value for Verification MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin SHA256 hash for FTOS-SE-9.5.0.0.bin: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 54
4 Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 55
level level command. In the command, specify the privilege level of the user or terminal line and specify all the keywords in the command to which you want to allow access. Allowing Access to the Following Modes This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 56
Dell#show priv Current privilege level is 3. Dell#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 57
Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level NOTE: When you assign a privilege level between 2 and 15, access to the system begins - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 58
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 59
line vty0 ( 10.14.1.91 ) Clearing Audit Logs To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is enabled, only the system administrator user role can issue this command. Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 60
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 61
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 62
- Add line on a 5.7 SunOS UNIX system. local7.debugging /var/adm/ftos.log In the previous lines, local7 is the logging facility level and debugging is the severity level. Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 63
Last login location: Line vty0 ( 10.14.1.97 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 30 day(s): 3 Example of the show login statistics all command The show login statistics all command displays the successful and failed login details - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 64
Configuring Concurrent Session Limit To configure concurrent session limit, follow this procedure: • Limit the number of concurrent sessions for all users. CONFIGURATION mode login concurrent-session limit number-of-sessions Example of Configuring Concurrent Session Limit The following example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 65
5 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]: Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 66
Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 67
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 68
application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. The FTP and TFTP services are enhanced to support the VRF-aware functionality. If you want the FTP or TFTP server to use a VRF table that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 69
ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 70
To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server. Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 71
seq 15 permit ip any any ! ipv6 access-list testv6deny seq 10 deny ipv6 3001::/64 any seq 15 permit ipv6 any any ! Dell(conf)# Dell(conf)#line vty 0 0 Dell(config-line-vty)#access-class testv6deny ipv6 Dell(config-line-vty)#access-class testvpermit ipv4 Dell(config-line-vty)#show c line vty 0 exec- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 72
logout of 10 Telnet sessions, 12 times in a minute. If the system reaches this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system during downtime. • Telnet to the peer RPM. You do not need to configure the management port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 73
0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10.11 any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 74
If any user is already in CONFIGURATION mode when while a lock is in place, the following appears on their terminal (message 2): % Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ). NOTE: The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 75
When you use the Network boot procedure to boot the device, the boot loader checks if the primary partition contains a valid image. If a valid image exists on the primary partition and the secondary partition does not contain a valid image, then the primary boot line is set to A: and the secondary - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 76
5. Assign an IP address as the default gateway for the system. default-gateway gateway_ip_address For example, 10.16.150.254. 6. The environment variables are auto saved. 7. Reload the system. BOOT_USER # reload 76 Management - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 77
-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 78
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 79
6. If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 80
802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 81
Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 82
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 83
• Configure a maximum number of times the authenticator re-transmits a Request Identity frame. INTERFACE mode dot1x max-eap-req number The range is from 1 to 10. The default is 2. The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 84
Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized - an authorized state. A device connected to this port in this state is never subjected to the authentication process, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 85
INTERFACE mode dot1x reauthentication [interval] seconds The range is from 1 to 65535. The default is 3600. • Configure the maximum number of times that the supplicant can be re-authenticated. INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2. Example of Re- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 86
Enter the tasks the user should do after finishing this task (optional). Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 87
Figure 7. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 88
• If the supplicant fails authentication a specified number of times, the authenticator places the port in the Authentication-fail VLAN. • If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the authentication process begins. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 89
Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. 802.1x information on Te 2/1: Dot1x Status: Enable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 90
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 91
more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria on enabled by default and support both standard and extended ACLs and on all platforms. NOTE: Hot lock ACLs are supported for Ingress ACLs only. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 92
whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM • L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher the field and have not encountered problems so far. ACL Optimization If - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 93
to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to policy-map-input pmap Dell(conf-policy-map-in)#service-queue 7 class-map cmap1 Dell(conf-policy-map-in)#service-queue 4 class-map cmap2 Dell(conf-policy-map- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 94
• Configure a route map for route tagging (optional) Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 95
The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command. Dell#show route-map dilling route-map dilling, permit, sequence - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 96
Configuring Match Routes To configure match criterion for a route map, use the following commands. • Match routes with the same AS-PATH numbers. CONFIG-ROUTE-MAP mode match as-path as-path-name • Match routes with COMMUNITY list attributes in their path. CONFIG-ROUTE-MAP mode match community - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 97
match origin {egp | igp | incomplete} • Match routes specified as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated. CONFIG-ROUTE-MAP mode match route-type {external [type-1 | type-2] | internal | level-1 | level-2 | local } • Match routes with a specific tag. CONFIG- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 98
CONFIG-ROUTE-MAP mode set tag tag-value • Specify a value as the route's weight. CONFIG-ROUTE-MAP mode set weight value To create route map instances, use these commands. There is no limit to the number of set commands per route map, but the convention is to keep the number of set filters in a route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 99
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 100
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. 100 Access Control Lists (ACLs) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 101
A standard IP ACL uses the source IP address as its match criterion. 1. Enter IP ACCESS LIST mode by naming a standard IP access list. CONFIGURATION mode ip access-list standard access-listname 2. Configure a drop or forward filter. CONFIG-STD-NACL mode seq sequence-number {deny | permit} {source [ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 102
ip access-list standard access-list-name 2. Configure a drop or forward IP ACL filter. CONFIG-STD-NACL mode {deny | permit} {source [mask] | any | host ip-address} [count [byte] [dscp] [order] [fragments] When you use the log keyword, the CP logs details about the packets that match. Depending on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 103
CONFIG-EXT-NACL mode seq sequence-number {deny | permit} {ip-protocol-number | icmp | ip | tcp | udp} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator port [port]] [count [byte]] [order] [fragments] When you use the log keyword, the CP logs details about the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 104
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five. To configure a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 105
• L2 egress access list If a rule is simply appended, existing counters are not affected. Table 6. L2 and L3 Filtering on Switched Packets L2 ACL Behavior Deny L3 ACL Behavior Deny Deny Permit Permit Deny Permit Permit Decision on Targeted Traffic L3 ACL denies. L3 ACL permits. L3 ACL denies - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 106
4. Apply rules to the new ACL. INTERFACE mode ip access-list [standard | extended] name To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 107
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an egress the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 108
seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Dell#configure terminal Dell(conf)#interface te 1/2 Dell(conf-if-te-1/2)#ip vrf forwarding blue Dell(conf-if-te-1/2)#show config ! interface TenGigabitEthernet 1/2 ip vrf forwarding blue no ip address shutdown Dell(conf-if-te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 109
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 110
The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 111
EXEC Privilege mode show ip prefix-list detail [prefix-name] • Show a table of summarized information about configured Prefix lists. EXEC Privilege mode show ip prefix-list summary [prefix-name] Examples of the show ip prefix-list detail and show ip prefix-list summary Commands The following example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 112
Example of Viewing Configured Prefix Lists (ROUTER RIP mode) To view the configuration, use the show config command in ROUTER RIP mode, or the show running-config rip command in EXEC mode. Dell(conf-router_rip)#show config ! router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 113
Table 7. ACL Resequencing Rules Rules Before Resequencing: Rules After Resequencing: Resquencing seq 5 permit any host 1.1.1.1 seq 6 permit any host 1.1.1.2 seq 7 permit any host 1.1.1.3 seq 10 permit any host 1.1.1.4 seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 114
When there is no match command, all traffic matches the route map and the set command applies. Flow-Based Monitoring Support for ACLs Flow-based monitoring is supported on the S6000 platform. Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 115
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 116
on TenGigabitEthernet 1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S6000 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 117
seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 packets 0 bytes) seq 15 deny udp any any count bytes (0 packets 0 bytes) seq 20 deny tcp any any count bytes (0 packets 0 bytes) Dell(conf)#do show monitor session 0 ct-maa-s4820-2(conf-mon-sess-0)#do show monitor session 0 SessID Source - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 118
L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 2 FcoeAcl : 4 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 nlbclusteracl: 0 Dell# 4. Create a context for UDF TCAM. CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 119
udf-qualifier-value name Dell(conf-udf-tcam)# udf-qualifier-value ipnip_val1 10. Assign value for each configured UDF ID in the given UDF TCAM profile. CONFIGURATION-UDF-Qualifier-Value Profile mode udf-id 1-12 value mask Dell(conf-udf-tcam-qual-val)#udf-id 1 aa ff 11. Associate the UDF in IP access - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 120
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 121
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 122
The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS does - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 123
Administratively Down Down Init Up The local system does not participate in a particular session. The remote system is not sending control packets or at least not within the detection time for a particular session. The local system is communicating. Both systems are exchanging control packets. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 124
Figure 9. BFD Three-Way Handshake State Changes 124 Bidirectional Forwarding Detection (BFD) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 125
BFD on both ends of a link. • Demand mode, authentication, and the Echo function are not supported. • BFD is not supported on multi-hop and virtual links. • Protocol Liveness is supported for routing protocols only. Configure BFD This section contains the following procedures. • Configuring BFD for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 126
• Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 127
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 11. Establishing a BFD Session on Physical Ports 1. Enter interface mode. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 128
Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from neighbor: 1775 Number of packets sent to neighbor: 1775 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 129
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 130
ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 131
Related Configuration Tasks • Changing OSPF Session Parameters • Disabling BFD for OSPF Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 132
BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. 132 Bidirectional Forwarding Detection (BFD) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 133
Configuring BFD for OSPFv3 is a two-step process: 1. Enable BFD globally. 2. Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 134
no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 135
• Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode bfd all-neighbors • Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 136
internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, portchannel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, you must first configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 137
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 138
Disabling BFD for BGP You can disable BFD for BGP. To disable a BFD for BGP session with a specified neighbor, use the first command. To remove the disabled state of a BFD for BGP session with a specified neighbor, use the second command. The BGP link with the neighbor returns to normal operation - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 139
• Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 140
Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 141
The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 142
BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP neighbor mode BFD configuration Peer active in peer-group outbound optimization ... R2# show ip bgp neighbors 2.2.2.4 BGP neighbor is 2.2.2.4, remote AS 1, external link Member of peer-group pg1 for session parameters BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 143
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 16. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 144
I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1 2.2.5.2 Te 4/25 Down 1000 1000 3 V To view session state information, use the show vrrp command. The bold line shows the VRRP BFD session. Dell(conf-if-te-4/25)#do - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 145
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 146
Version:1, Diag code:0, State:Init, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:6, yourDiscrim:4, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0 00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 147
chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol connections from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates inside - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 148
Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the path that updated information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 149
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 150
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 151
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 152
reduce the options. If a number of best paths is determined, this selection criteria is applied to group's best to determine the ultimate best path. In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 153
b. A path with no AS_PATH configured has a path length of 0. c. AS_CONFED_SET is not included in the AS_PATH length. d. AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 154
Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 155
Figure 22. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 156
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 157
peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 158
4-Byte or 2-Byte identified routers. You cannot mix them. Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 159
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 160
Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 161
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 162
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 163
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 164
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 165
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 166
24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in as 1.10. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If you do not implement 4-Byte AS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 167
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 168
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 169
When you add a peer to a peer group, it inherits all the peer group's configured parameters. A neighbor cannot become part of a peer group if it has any of the following commands configured: • neighbor advertisement-interval • neighbor distribute-list out • neighbor filter-list out • neighbor next- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 170
Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 171
BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5 BGP state ESTABLISHED, in this state for 00:19:15 Last read 00:00:15, last write 00:00:06 Hold time is 180, keepalive interval is 60 seconds - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 172
not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. 172 Border Gateway Protocol IPv4 (BGPv4) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 173
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 174
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 175
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 176
ip as-path access-list as-path-name 2. Enter the parameter to match BGP AS-PATH for filtering. CONFIG-AS-PATH mode {deny | permit} filter parameter This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 177
Regular Expressions as Filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string. For an AS-path access list, as shown in the previous commands, if the AS path matches - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 178
Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 179
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 180
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 181
deny 701:20 deny 702:20 deny 703:20 deny 704:20 deny 705:20 deny 14551:20 deny 701:112 deny 702:112 deny 703:112 deny 704:112 deny 705:112 deny 14551:112 deny 701:667 deny 702:667 deny 703:667 deny 704:666 deny 705:666 deny 14551:666 Dell# Filtering Routes with Community Lists To use an IP community - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 182
To send the COMMUNITY attribute to BGP neighbors, use the following command. • Enable the software to send the router's COMMUNITY attribute to the BGP neighbor or peer group specified. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} send-community To view the BGP configuration, use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 183
Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric * i 3.0.0.0/8 195.171.0.16 *>i 4.2.49.12/30 195.171.0.16 * i 4.21.132.0/23 195.171.0.16 *>i 4.24.118.16/30 195.171.0.16 *>i 4.24.145.0/30 195.171.0.16 *>i 4.24.187.12/30 195.171.0.16 *>i 4.24.202.0/30 195.171.0.16 *>i - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 184
A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2. Change LOCAL_PREF value for routes meeting the criteria of this route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 185
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: With Dell Networking OS, you can create inbound and outbound policies - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 186
• ge: minimum prefix length to be matched. • le: maximum prefix length to me matched. For information about configuring prefix lists, refer to Access Control Lists (ACLs). 3. Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 187
5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • map-name: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 188
With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. To configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 189
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 190
default is 60 minutes. - route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 191
The following example shows how to configure values to reuse or restart a route. In the following example, default = 15 is the set time before the value decrements, bgp dampening 2 ? is the set re-advertise value, bgp dampening 2 2000 ? is the suppress value, and bgp dampening 2 2000 3000 ? is the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 192
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 193
can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes. When you configure a peer to support IPv4 multicast, Dell Networking OS takes the following actions: • Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 multicast as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 194
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 195
debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] • Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp {ip-address | peer-group-name} soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 196
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 197
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 198
Figure 24. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 199
R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 200
R3(conf-if-te-3/11)#show config ! interface TengigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config ! interface TengigabitEthernet 3/21 ip address 10.0.2.3/24 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 201
CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 202
2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 203
Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:18:51 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 204
9 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 205
The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 256 CAM entries. Select 1 to configure 128 entries. Select 2 to configure 256 entries. Even though you can perform CAM carving to allocate the maximum - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 206
mode show cam-acl 4. Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 207
NOTE: If you select the CAM profile from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Example of show running-config cam-profile Command Dell#show running-config cam-profile ! cam-profile default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 208
The default values for the show cam-acl command are: Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 209
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting . In this case, manually adjust the CAM configuration line cards, the non-EG line cards enter a problem state. • Before moving a card to a new Region Limitation To store QoS service policies, the default CAM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 210
flow region. 2. Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 211
scaled-l3-routes Forwarding table mode for scaling L3 route entries Dell(conf)# Dell(conf)#hardware forwarding-table mode scaled-l3-hosts Hardware forwarding-table mode is changed. Save the configuration and reload to take effect. Dell(conf)#end Dell#write mem ! 01:13:36: %STKUNIT0-M:CP % - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 212
10 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 213
-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Control Plane Policing (CoPP) 213 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 214
name cpu-qos class-map name qos-policy name 7. Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8. Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 215
Dell(conf-policy-map-in-cpuqos)#exit The following example shows creating the control plane service policy. Dell(conf)#control-plane-cpuqos Dell(conf-control-cpuqos)#service-policy rate-limit-protocols egressFP_rate_policy Dell(conf-control-cpuqos)#exit Configuring CoPP for CPU Queues - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 216
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1. Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 217
Q6 Q7 Dell# 400 1100 Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ Q6 CP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 218
that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and transport storage traffic, data center Ethernet must provide nodrop service with lossless links. InterProcess Communication (IPC) traffic within - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 219
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 220
), DCBx is disabled and PFC or ETS cannot be enabled. • PFC supports buffering to receive data that continues to arrive on an interface while the MIB IEEE 802.1azd2.5 and PFC MIB IEEE 802.1bb-d2.2 • PFC supports buffering to receive data that continues to arrive on an interface while the remote - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 221
available bandwidth allocated to a priority group. Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: - PFC enabled or disabled - No bandwidth limit or no ETS processing • ETS uses the DCB MIB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 222
converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE. • Priority-based flow control • Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol (FIP) snooping DCB processes virtual - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 223
groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the taken into account the following default settings: DCB is enabled. The PFC memory buffer supports up to 52 (not 64) PFC-enabled ports and two lossless queues per - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 224
between peer devices. PFC allows network administrators to create zero-loss links for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network (LAN) traffic. To configure PFC, follow these steps: 1. Create a DCB Map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 225
PFC and link-level flow control at the same time on an interface. Dell Networking OS does not support MACsec Bypass Capability (MBC). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 226
to create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packet-drop congestion management for peer. The IEEE802.1Qbb, CEE and CIN versions of PFC TLV are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 227
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 228
map has been applied or which is already configured for lossless queues (pfc no-drop queues command). Command Mode Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 229
function as no-drop queues for lossless traffic. For the dot1p-queue assignments. pfc no-drop queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 230
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 231
is controlled independently for each frame priority. The goal of this mechanism is to ensure zero loss under congestion in DCB networks. The SNMP support for monitoring PFC and BST counters and statistics is introduced in Dell Networking OS 9.3(0.1). The enhancement is made on F10-FPSTATS MIB with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 232
to classify these untagged packets from the server based on their DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 233
ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 234
(refer to Configuring Bandwidth Allocation for DCBx CIN) and dot1p-queue mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 235
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 236
bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Configuring ETS in a DCB Map An S6000 switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 237
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 238
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 239
are not compatibly configured on a peer device and the local switch. Mis-configuration detection is feature-specific because some DCB features support asymmetric configuration. • Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 240
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 241
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 242
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link down a configuration-source role. 4. Configure ports to operate in a manual role. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode 242 Data - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 243
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6. On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 244
, use the DCBx port-role command in INTERFACE Configuration mode (Step 3). 4. Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [etsconf | ets-reco | pfc - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 245
NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-applntlv iscsi. 6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 246
- tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 17. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 247
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 248
Table 18. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 249
following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 250
TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 251
ets detail Command Description Field Interface Description Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Data Center Bridging (DCB) 251 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 252
Field Admin mode Admin Parameters Remote Parameters Local Parameters Operational status (local port) Description ETS mode: on or off. ETS configuration on local port, including priority groups, assigned dot1p priorities, and bandwidth allocation. ETS configuration on remote peer port, including - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 253
5 - - 6 - - 7 - - 8 - - Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Admin is Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 254
port role: auto-upstream, auto-downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used . In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 255
However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 256
and the total buffer size. A maximum of 4 lossless queues are supported. CONFIGURATION mode dcb pfc-shared-buffer-size 4000 dcb pfc-total-buffer CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured will depend on the buffer. The default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 257
INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold 8. Configuring Global total buffer size on stack ports. CONFIGURATION mode dcb pfc-total-buffer-size buffer-size stack-unit all port-set {port-pipe |all} Port-set number range is from 0 to 3. Sample DCB Configuration The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 258
Figure 30. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 259
Enabling DCB Dell(conf)#dcb enable 2. Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p 3. Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth 50 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 260
configuration parameters to network endstations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 261
Option Domain Name Server Number and Description Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via DNS. IP Address Lease Time Option 51 Specifies the amount of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 262
the configuration process over by sending a DHCPDISCOVER. DHCPINFORM A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. DHCPNAK A server sends this message to the client if it is not able - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 263
that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. , renewing, and terminating leases. Providing Administration Services DHCP servers include functionality that allows an administrator - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 264
the Server for Automatic Address Allocation 2. Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands Excluding Addresses from the Address Pool The DHCP server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 265
NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 266
from an address pool stored on the server. For more information, refer to Configuring the Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported only on Ethernet interfaces: 10Gigabit, 40 Gigabit, and 100/1000/10000 Ethernet Interfaces. The DHCP client is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 267
a new IP address, use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 268
added by the DHCP client. If you remove the statically configured IP route using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management routes added by the DHCP client that is removed or replaced by the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 269
new master reinitiates a DHCP packet transaction by sending a DHCP discovery packet on nonbound interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 270
ip dhcp relay information-option [trust-downstream] For routers between the relay agent and the DHCP server, enter the trust-downstream option. • Manually reset the remote ID for Option 82. CONFIGURATION mode ip dhcp relay information-option remote-id DHCP Snooping DHCP snooping protects networks - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 271
When you enable DHCP snooping, the relay agent builds a binding table - using DHCPACK messages - containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on a trusted port, it adds an entry to the table. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 272
ipv6 dhcp snooping trust 3. Enable IPv6 DHCP snooping on a VLAN or range of VLANs. CONFIGURATION mode ipv6 dhcp snooping vlan vlan-id Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table. EXEC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 273
IP DHCP Relay Information-option IP DHCP Relay Trust Downstream Database write-delay (In minutes) DHCP packets information Relay Information-option packets Relay Trust downstream packets Snooping packets Packets received on snooping disabled L3 Ports Snooping packets processed on L2 vlans DHCP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 274
result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 275
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 276
• Specify an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dell Networking OS Behavior: Introduced in Dell Networking OS version 8.2.1.0, DAI was available for Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 277
NOTE: Before enabling SAV With VLAN option, allocate at least one FP block to the ipmacacl CAM region. DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet's source hardware address against the client hardware address field (CHADDR) in the payload. Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 278
Total cam count 1 deny count (0 packets) deny access-list on TenGigabitEthernet 1/2 Total cam count 2 deny vlan 10 count (0 packets) deny vlan 20 count (0 packets) The following output of the show ip dhcp snooping source-address-validation discard-counters interface interface command displays the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 279
13 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. ECMP for Flow-Based Affinity Flow-based affinity includes the following: • Link Bundle Monitoring Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 280
Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only. NOTE: While the seed is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 281
To configure the maximum number of paths, use the following command. NOTE: For the new settings to take effect, save the new ECMP settings to the startup-config (write-mem) then reload the system. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode. ip ecmp-group maximum-paths - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 282
host table can have ECMP. For other platforms, only the IPv6 /128 prefix route entries is stored in the L3 host table without ECMP support. The software supports a command to program IPv6 /128 route prefixes in the host table. The output of show IPv6 cam command has been enhanced to include the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 283
for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes The software supports a command to program IPv6 /128 route prefixes in the route table. You can define IPv6 /128 route prefixes in the route table using the ipv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 284
functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a Fibre Channel over Ethernet FCoE provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 285
Table 23. FIP Functions FIP Function FIP VLAN discovery FIP discovery Initialization Maintenance Logout Description FCoE devices (ENodes) discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic. FCoE end-devices and FCFs are automatically discovered. FCoE devices learn ENodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 286
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows: Port-based ACLs FCoE-generated ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 287
virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 288
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL in the Z9500 switch, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 289
FCF trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 290
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 291
5. Enable FIP snooping on all VLANs or on a specified VLAN. CONFIGURATION mode or VLAN INTERFACE mode. fip-snooping enable 6. Configure the port for bridge-to-FCF links. INTERFACE mode or CONFIGURATION mode fip-snooping port-mode fcf NOTE: To disable the FCoE transit feature or FIP snooping on VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 292
aa:bb:cc:00:00:00 Te 1/42 aa:bb:cc:00:00:00 Te 1/42 aa:bb:cd:00:00:00 Te 1/43 100 aa:bb:cd:00:00:00 Te 1/43 100 FCoE MAC FC-ID Port WWPN Port WWNN 0e:fc:00:01:00:01 01:00:01 31:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 0e:fc:00:01:00:02 01:00:02 41:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 293
The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------- 54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields. Table 28. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 294
Number of FLOGI Rejects :0 Number of FDISC Accepts :0 Number of FDISC Rejects :0 Number of FLOGO Accepts :0 Number of FLOGO Rejects :0 Number of CVL :0 Number of FCF Discovery Timeouts :0 Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 295
Field Number of Multicast Discovery Advertisements Number of Unicast Discovery Advertisements Number of FLOGI Accepts Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 296
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 35. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 297
Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# portmode hybrid Dell(conf-if-te-1/1)# switchport Dell(conf-if-te-1/1)# protocol lldp Dell(conf-if-te-1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 298
with the Flex Hash mechanism. Keep the following points in mind when you configure the flex hash capability: • A maximum of eight flex hash entries is supported. • A maximum of 4 bytes can be extracted from the start of the L4 header. • The offset range is 0 - 30 bytes from the start of the L4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 299
if-po-number)#lacp fast-switchover Optimizing the Boot Time This functionality is supported on the S6000 platform. You can reduce the booting time of an With the reduced time that is taken to reboot the switch, upon a manually-initiated reload or an expected restart of the device, there is minimal - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 300
will operate even if some of the preceding conditions are not met. However, the duration of traffic loss might be longer. 6. Warm boot is supported because it enables faster convergence and reduced traffic loss. 7. BGP graceful restart must be configured with GR time left to default (120 seconds) or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 301
The system saves all dynamic ARP entries to a database on the flash drive. A file is generated to indicate that the system is undergoing a fast boot, which is used after the system comes up. After the Dell Networking OS image is loaded and activated, and the appropriate software components come up, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 302
When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases if any, are automatically computed and installed without the need for any manual intervention in any of the following conditions: • After 30 seconds of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 303
for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the S6000 platform. All the frames in a Layer 2 VLAN are identified using a tag defined in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 304
into multiple, different sub-VLANs, each VLAN is denoted by a unique 8021.Q tag to enable the nodes that receive the traffic frames determine the VLAN for which the frames are destined. Typically, a Layer 3 physical interface processes only untagged or priority-tagged packets. Tagged packets that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 305
16 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 306
has been temporarily blocked and places it into a pre- forwarding state. When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the previously blocked ring ports on the newly restored port. Then the Transit node - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 307
• One Master node per ring - all other nodes are Transit. • Each node has two member interfaces - primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states - blocking, pre-forwarding, forwarding, and disabled. • Transit node ring port states - - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 308
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 309
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 310
VLAN-ID, Range: VLAN IDs for the ring's member VLANS. 6. Enable FRRP. CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 311
VLAN-ID, Range: VLAN IDs for the ring's Member VLANs. 6. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 312
Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 313
no ip address tagged TenGigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 2/14 secondary TenGigabitEthernet 2/31 control-vlan 101 member-vlan 201 mode transit no disable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 314
17 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on Dell Networking OS. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 315
Figure 36. Global GVRP Configuration Example Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2. Enabling GVRP on a Layer 2 Interface Related Configuration Tasks • Configure GVRP Registration • Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 316
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 317
no shutdown Dell(conf-if-te-1/21)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join - A GARP device reliably transmits Join messages to other devices by sending each Join message two times - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 318
IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces on S4810 and S4820 and an unlimited number of groups on all other platforms - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 319
Figure 37. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 320
• To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered. An additional query type, the Group-and-Source-Specific Query, keeps track of state changes, while the Group-Specific and General queries still refresh the existing state. • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 321
3. The host's third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts. There are no other - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 322
Figure 41. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 323
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 324
• View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1 225.1.2.1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 325
the last member query interval (LMQI). The switch waits one LMQI after the second query before removing the group from the state table. • Adjust the period between queries. INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 326
Configuring IGMP Snooping Configuring IGMP snooping is a one-step process. To enable, view, or disable IGMP snooping, use the following commands. There is no specific configuration needed for IGMP snooping with virtual link trunking (VLT). For information about VLT configurations, refer to Virtual - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 327
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 328
table describes the association between applications and their port numbers. Table 30. Association Between Applications and Port Numbers Application Name SSH Port Number 22 Client Supported Server Supported Sflow-Collector 6343 Supported 328 Internet Group Management Protocol (IGMP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 329
port for confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 330
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 331
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 332
applications takes a preference for ip1 as source IP and uses the management network to reach the destination. If the management port is down or the route lookup in EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the destination. The fallback route between the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 333
Switch-Destined Traffic This phenomenon occurs where traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch. The switch accepts all traffic destined to the switch, which is received on management or front-end data port. Response traffic with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 334
Protocol telnet tftp icmp (ping and traceroute) Behavior when EIS is Enabled EIS Behavior EIS Behavior EIS Behavior for ICMP Behavior when EIS is Disabled Default Behavior Default Behavior Default Behavior Behavior of Various Applications for Switch-Destined Traffic This section describes the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 335
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 336
, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S6000 platform. Basic Interface Configuration • Interface Types • View Basic Interface Information • Enabling a Physical Interface • Physical Interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 337
Interface Type Port Channel VLAN Modes Possible L2, L3 L2, L3 Default Mode L3 L2 Fibre Channel Interface TF, F, E- TF- Port port Requires Creation Yes Yes (except default) No Default State Shutdown (disabled) L2 - Shutdown (disabled) L3 - No Shutdown (enabled) Shutdown View Basic Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 338
.10.10.1 TenGigabitEthernet 1/7 unassigned TenGigabitEthernet 1/8 unassigned TenGigabitEthernet 1/9 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 339
configure these on Mgmt-optic ports alone. Without any optic, if you configure the speed, the configured will be assigned as the port speed to support Provisioning via BMP. User viewable Logs: LOGS for optic insertion and removal are same as QSFP optics. You can use ''show inventory media'to check - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 340
show interface transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id QSFP 0 Ext Id QSFP 0 Connector QSFP 0 Transceiver Code QSFP 0 Encoding QSFP 0 Length(SFM) Km QSFP 0 Length(OM3) 2m QSFP 0 Length(OM2) 1m QSFP 0 Length(OM1) 1m QSFP 0 Length(Copper) 1m QSFP 0 Vendor Rev = 0x0d = 0x00 = 0x0c = 0x04 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 341
Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 mode, use the show interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 342
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 343
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 344
internets: MIB-II (RFC 1213). NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 345
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 346
Protocol (LACP). There are 128 port-channels with 16 members per channel. NOTE: If you are using either 10G ports or 40G ports, the platform supports up to 16 members per LAG. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 347
10/100/1000 Mbps Interfaces in Port Channels When both 10/100/1000 interfaces and GigE interfaces are added to a port channel, the interfaces must share a common speed. When interfaces have a configured speed different from the port channel speed, the software disables those interfaces. The common - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 348
You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists. Adding a Physical Interface to a Port Channel The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 349
The following example shows the port channel's mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port-channel 20 Port-channel 20 is up, line protocol is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 350
INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 1/8 interface from port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 351
Dell(conf-if)#switchport 3. Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)# vlan tagged 2-5, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 352
xor16}| seed ] For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value. By default hash seed is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 353
• Change to another algorithm. CONFIGURATION mode hash-algorithm [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip|lsb|xor1|xor2| xor4|xor8|xor16}] Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 354
Bulk Configuration Examples Use the interface range command for bulk configuration. • Create a Single-Range • Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 355
Commas The following is an example of how to use commas to add different interface types to the range, enabling all TenGigabitEthernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/2. Example of Adding Interface Ranges Dell(config-if)# interface range - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 356
Monitoring and Maintaining Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, and so on. To view the interface's statistics, use the following command. • View the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 357
unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when vice-versa without reload. • When a non-supported profile release is upgraded to a supported profile release, the fan-out configured ports get automatically - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 358
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: You can split the 40G ports to 10G ports and vice -versa without reloading the device. 358 Interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 359
11 - number: enter the port number of the 40G port to be split. Important Points to Remember • Splitting a 40G port into four 10G ports is supported on standalone and stacked units. • You cannot use split ports as stack-link to stack a S6000 system. To verify port splitting, use the show system - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 360
• Before using the QSA to convert a 40 Gigabit Ethernet port to a 10 Gigabit SFP or SFP+ port, enable 40 G to 4*10 fan-out mode on the device. • When you insert a QSA into a 40 Gigabit port, you can use only the first 10 Gigabit port in the fan-out mode to plug-in SFP or SFP+ cables. The remaining - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 361
SFP+ 0 Serial ID Base Fields SFP+ 0 Id SFP+ 0 Ext Id SFP+ 0 Connector = 0x0d = 0x00 = 0x23 Dell#show interfaces tengigabitethernet 0/3 transceiver SFP+ 0 Serial ID Base Fields SFP+ 0 Id = 0x0d SFP+ 0 Ext Id = 0x00 SFP+ 0 Connector = 0x23 Dell#show interfaces tengigabitethernet 0/4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 362
QSFP 0 Id = 0x0d QSFP 0 Ext Id = 0x00 QSFP 0 Connector = 0x23 QSFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 0 Encoding = 0x00 QSFP 0 Diagnostic Information QSFP 0 Rx Power measurement type = OMA QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 363
Dell#show interfaces tengigabitethernet 0/4 gigabitethernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE LineSpeed 1000 Mbit Dell#show interfaces tengigabitethernet 0/5 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 364
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 365
Command Dell# clear dampening interface Te 1/1 Dell# show interfaces dampening TenGigabitEthernet1/1 InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Te 1/1Up00205001500300 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 366
To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 367
the egress port of the peer device. If the negotiate command is not used, pause-negotiation is disabled. 40 gigabit Ethernet interfaces do not support pause-negotiation. Configure the MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 368
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 369
6. Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port. INTERFACE mode no negotiation auto If the speed was set to 1000, do not disable auto-negotiation. 8. Verify configuration changes. INTERFACE mode show config Example of the show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 370
refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 371
Name: TenGigabitEthernet 3/2 802.1QTagged: True Vlan membership: Vlan 2 Name: TenGigabitEthernet 3/3 802.1QTagged: True Vlan membership: Vlan 2 Name: TenGigabitEthernet 3/4 802.1QTagged: True Vlan membership: Vlan 2 --More-- Configuring the Interface Sampling Size Although you can enter any value - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 372
more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 373
vlan-id output-range interface command. Compressing Configuration Files The functionality to optimize and reduce the sizes of the configuration files is supported on the device. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 374
shut int te 1/1 no ip address switchport shut int te 1/2 no ip address shut Dell# show running-config ! interface TenGigabitEthernet 1/1 no ip address switchport shutdown ! interface TenGigabitEthernet 1/2 no ip address shutdown ! interface TenGigabitEthernet 1/3 no ip address shutdown ! - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 375
! interface Vlan 2 no ip address no shutdown ! interface Vlan 3 tagged te 1/1 no ip address shutdown ! interface Vlan 4 tagged te 1/1 no ip address shutdown ! interface Vlan 5 tagged te 1/1 no ip address shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 376
config in flash by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). 376 Interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 377
20 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 378
addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 379
ip route [vrf vrf-name] ip-address mask {ip-address | interface [ip-address]} [distance] [permanent] [tag tag-value] [vrf vrf-name] Use the following required and optional parameters: - vrf vrf-name : use the VRF option after the ip route keyword to configure a static route on that particular VRF, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 380
S 6.1.2.15/32 via 6.1.20.2, Gi 5/1 1/0 00:02:30 S 6.1.2.16/32 via 6.1.20.2, Gi 5/1 1/0 00:02:30 S 6.1.2.17/32 via 6.1.20.2, Gi 5/1 1/0 00:02:30 S 11.1.1.0/24 Direct, Nu 0 0/0 00:02:30 Direct, Lo 0 --More-- Dell#show ip route static Destination Gateway Dist/Metric Last Change - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 381
Configuring the Duration to Establish a TCP Connection This functionality is supported on the S6000 platform. You can configure the amount of time high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 382
command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature >show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 383
gxr f00-3 Dell> (perm, OK) - IP 192.71.18.2 (perm, OK) - IP 192.71.23.1 To view the current configuration, use the show running-config resolve command. Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 384
related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • Configuring Static ARP Entries ( dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 385
Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 386
• update the ARP table of other nodes on the network in case of an address change In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. In Dell Networking OS versions prior to 8.3.1.0, if a gratuitous ARP is received some time after an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 387
choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. IPv4 Routing 387 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 388
ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 389
• Enable UPD helper. ip udp-helper udp-ports Example of Enabling UDP Helper and Using the UDP Helper show Command Dell(conf-if-te-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 390
• UDP Helper with Subnet Broadcast Addresses • UDP Helper with Configured Broadcast Addresses • UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 391
Figure 45. UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 392
Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 393
upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended renumbering of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 394
• M and O flags • Reachable time • Retrans timer • MTU options • Preferred and valid lifetime values for the same prefix Only management ports support stateless auto-configuration as a host. The router redirect functionality in the neighbor discovery protocol (NDP) is similar to IPv4 router redirect - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 395
prefix-length) or 3K IPv6 route entries (greater than /64 prefix-length). You can configure the LPM table with one of the following partitions to support the IPv4 and IPv6 prefix route entries: • Partition 1: IPv6 128-bit LPM entries can be stored in this partition. IPv4 and 64-bit IPv6 entries - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 396
itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 397
Code 2 message to the packet's Source IP Address identifying the unknown option type. 11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet's Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 398
be shortened to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to Internet. Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic IPv6 addresses - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 399
IPv6 BGP in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 8.3.11 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 support for redistribution 8.3.11 Intermediate System to Intermediate System IPv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 400
client support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 401
messages. The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 402
Figure 49. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 403
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 404
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 405
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 406
Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 407
Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting information cam IPv6 CAM Entries fib IPv6 FIB Entries interface IPv6 interface information mbgproutes MBGP routing table mld MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 408
ND retransmit interval is 1000 milliseconds ND hop limit is 64 Showing IPv6 Routes To view the global IPv6 routing information, use the following command. • Show IPv6 routing information for the specified route type. EXEC mode show ipv6 route [vrf vrf-name] type The following keywords are available - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 409
Direct, Nu 0, 00:34:42 Dell# The following example shows the show ipv6 route static command. Dell#show ipv6 route static Destination Dist/Metric, Gateway, Last Change S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333::1, Te 9/1, 00:03:16 S 9999:9999:9999:9999::/64 [1/0] - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 410
Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform. To configure the IPv6 RA guard, perform the following steps: 1. Configure the terminal to enter the Global - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 411
router-lifetime value The router lifetime range is from 0 to 9,000 seconds. 11. Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12. Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value The MTU range is from 1,280 to 11,982 bytes. 13. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 412
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, refer to Dell Networking OS Command Line Reference Guide. 412 IPv6 Routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 413
to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of iSCSI session information. • iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 414
or a combination of port number and target IP address, and you can remove the well-known port numbers from monitoring. Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 415
in the show commands. Detection and Auto-Configuration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto-provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 416
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 417
Enable and Disable iSCSI Optimization The following describes enabling and disabling iSCSI optimizaiton. NOTE: iSCSI monitoring is disabled by default. iSCSI auto-configuration and auto-detection is enabled by default. If you enable iSCSI, flow control is automatically enabled on all interfaces. To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 418
following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 419
• tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests. You can configure up to 16 target TCP ports on the switch in one command or multiple commands. The default is 860, 3260. Separate port numbers with a comma. If multiple IP addresses are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 420
INTERFACE mode [no] iscsi profile-compellent. The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • Display the currently configured iSCSI settings. show iscsi • Display - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 421
Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0 VLT PEER2 Session 0: Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 422
protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 423
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 424
recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You can configure the system as a Level 1 router, a Level 2 router, or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 425
Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 426
Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 427
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 428
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 429
} - adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. - manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 430
Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value Current Mode/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 431
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 432
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 433
- default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 434
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 435
Enter the type of interface and slot/port information: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. - For a Loopback interface, enter the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 436
- static: for user-configured routes. - bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 437
SNPs, and Partial SNPs. • Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password FTOS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 438
new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER ISIS mode set-overload-bit This setting prevents other routers from using it as - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 439
the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 440
0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is set back to 63 because the higher value is not supported. wide wide narrow narrow narrow narrow transition transition transition transition - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 441
Beginning Metric Style narrow transition narrow transition narrow transition narrow transition wide transition wide transition wide transition wide transition Final Metric Style wide narrow wide transition transition wide narrow narrow transition transition Resulting IS-IS Metric Value original - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 442
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 443
Figure 52. IPv6 IS-IS Sample Topography IS-IS Sample Configuration - Congruent Topology IS-IS Sample Configuration - Multi-topology IS-IS Sample Configuration - Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 444
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 445
24 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on Dell Networking OS. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 446
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 447
LACP Configuration Tasks The following are LACP configuration tasks. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 448
Dell(conf)#interface Gigabitethernet 4/16 Dell(conf-if-gi-4/16)#no shutdown Dell(conf-if-gi-4/16)#port-channel-protocol lacp Dell(conf-if-gi-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 449
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 450
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 54. Configuring Shared LAG State Tracking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 451
LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 55. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 452
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 453
Figure 57. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 453 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 454
Figure 58. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 455
Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 456
Figure 59. Inspecting a LAG Port on BRAVO Using the show interface Command 456 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 457
Figure 60. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 457 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 458
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 459
25 Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. Layer 2 459 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 460
• Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table. EXEC Privilege mode show mac-address-table [address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 461
Setting the MAC Learning Limit To set a MAC learning limit on an interface, use the following command. • Specify the number of MAC addresses that the system can learn off a Layer 2 interface. INTERFACE mode mac learning-limit address_limit Three options are available with the mac learning-limit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 462
mac learning-limit no-station-move The no-station-move option, also known as "sticky MAC," provides additional port security by preventing a station move. When you configure this option, the first entry in the table is maintained instead of creating an entry on the new interface. nostation-move is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 463
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 464
63. Configuring the mac-address-table station-move refresh-arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol (STP) - for example, networks with digital subscriber line access multiplexers (DSLAM) - cannot have redundant links between - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 465
state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair. Dell Networking OS supports only Gigabit, 10 Gigabit, and 40-Gigabit ports and port channels as primary/backup interfaces in redundant pairs. (A port channel is also referred to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 466
any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-3/41- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 467
LAG Mode Status Uptime Ports 1 L2 up 00:08:33 Te 1/1 (Up) 2 L2 up 00:00:02 Te 2/1 (Up) Dell#configure Dell(conf)#interface port-channel 1 Dell(conf-if-po-1)#switchport backup interface port-channel 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 468
received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 469
• Enable FEFD globally on all interfaces. CONFIGURATION mode fefd-global To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 470
To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3. INTERFACE mode fefd - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 471
Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) An RPM Failover In the event that an RPM failover occurs, FEFD becomes operationally down on all enabled ports for approximately 8-10 seconds - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 472
26 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on Dell Networking OS. 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 473
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 67. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 474
implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation. 127 Power via MDI Dell Networking supports the LLDP-MED protocol, which recommends that Power via MDI TLV be not implemented, and therefore Dell Networking implements Extended Power via - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 475
link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. Dell Networking OS does not currently support this TLV. Indicates the maximum frame size capability of the MAC and PHY. TIA-1057 (LLDP-MED) Overview Link layer discovery protocol - media - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 476
: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 127 Inventory Management TLVs 127 127 127 127 127 127 127 the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 477
TLV LLDP-MED Capabilities Network Policy Location Identification Extended Power via MDI-PSE Extended Power via MDI-PD Inventory reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 44. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint Class 1 Endpoint - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 478
8 9-255 Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 479
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 480
multiplier no show LLDP multiplier configuration Negate a command or set its defaults Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3 Dell(conf-if-te-1/3)#protocol lldp Dell(conf-if-te-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 481
Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2. Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3. Enter the disable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 482
- voice - voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 72. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 483
Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 484
• Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 485
advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 486
entire LLDPDU. debug lldp detail Figure 73. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 487
Table 46. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus msgTxHold msgTxInterval rxInfoTTL txInfoTTL Basic TLV Selection mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal statsFramesDiscardedTotal - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 488
TLV MIB Objects TLV Type 127 TLV Name Port-VLAN ID TLV Variable PVID 127 Port and Protocol VLAN port and protocol VLAN ID supported System Local Remote Local Remote port and protocol VLAN enabled Local Remote 488 Link Layer Discovery Protocol (LLDP) LLDP MIB Object lldpLocPortDesc - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 489
TLV Type TLV Name 127 VLAN Name TLV Variable PPVID VID VLAN name length VLAN name System Local Remote Local Remote Local Remote Local Remote Table 49. LLDP-MED System MIB Objects TLV Sub-Type 1 TLV Name LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote LLDP-MED - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 490
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System Remote Local Remote Local Remote Local Remote Local Remote Local Remote Power Priority Local Remote Power Value - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 491
27 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 492
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 493
Configuring a Switch for NLB To enable a switch for Unicast NLB mode, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across all the member ports of that VLAN. CONFIGURATION mode ip vlan- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 494
28 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 495
Figure 75. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 496
3. Enable MSDP. 4. Peer the RPs in each routing domain with each other. Refer to Enable MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 497
Figure 76. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP) 497 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 498
Figure 77. Configuring OSPF and BGP for MSDP 498 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 499
Figure 78. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) 499 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 500
Figure 79. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 501
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 502
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries. Clearing the Source- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 503
Figure 80. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP) 503 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 504
Figure 81. MSDP Default Peer, Scenario 2 504 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 505
Figure 82. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 505 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 506
Figure 83. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 507
GroupAddr 229.0.50.2 229.0.50.3 229.0.50.4 SourceAddr 24.0.50.2 24.0.50.3 24.0.50.4 RPAddr 200.0.0.50 200.0.0.50 200.0.0.50 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.2 Expire 73 73 73 UpTime 00:13:49 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 508
seq 10 deny ip any any R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Reason Redistribute - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 509
Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 510
SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none [Router 1] R1_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 511
03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.3, Input (S,G) filter: none Output (S,G) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 512
Figure 84. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 513
CONFIGURATION mode ip msdp peer 5. Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 514
network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp originator-id Loopback 1! ip pim rp-address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 515
ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 516
ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ! ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 517
interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 518
ip multicast-routing ! interface TenGigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface TenGigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface TenGigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 519
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on Dell Networking OS. Protocol Overview MSTP - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 520
and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. Configure Multiple Spanning Tree Protocol Configuring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 521
Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. • Within an MSTI, only one path - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 522
Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 523
-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Networking OS Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 524
MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges. • Forward-delay - the amount of time an interface waits in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 525
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp ! protocol spanning-tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 526
To view the current values for these interface parameters, use the show config command from INTERFACE mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode, an interface forwards frames by default until it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 527
of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 86. MSTP with Three VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 528
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 529
MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown ! interface Vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 530
tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • Display MSTP-triggered topology - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 531
The following example shows viewing the debug log of a successful MSTP configuration. Dell#debug spanning-tree mstp bpdu MSTP debug bpdu is ON Dell# 4w0d4h : MSTP: Sending BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 532
Multicast Features NOTE: Multicast routing is supported on secondary IP addresses; it is not supported on IPv6. NOTE: Multicast routing is supported across default and non-default VRFs. The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 533
• Multicast is not supported on secondary IP addresses. • If you enable multicast routing, Egress L3 ACL is not applied to multicast data traffic. Multicast Policies Dell Networking OS offers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 534
Preventing a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports. Create an extended access list containing the permissible source-group pairs. NOTE: For rules in IGMP access lists, source is the multicast source, not the source of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 535
Figure 87. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 52. Preventing a Host from Joining a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim sparse-mode • ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 536
Location 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 537
Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on theS6000 platform. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast group has an RP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 538
Figure 88. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 54. Preventing a Source from Transmitting to a Group - Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 • ip pim - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 539
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 540
ip pim join-filter NOTE: When you configure a join filter that filter is applicable for both ingress and egress flows. There is no option to specify in or out parameters while configuring a join filter. 540 Multicast Features - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 541
link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP. Object Tracking Overview Object tracking allows you to define objects of interest, monitor their state, and report to a client - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 542
Figure 89. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 543
A tracked route matches a route in the routing table only if the exact address and prefix length match an entry in the routing table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact address and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 544
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 545
Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 546
Valid object IDs are from 1 to 65535. 2. (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 547
• By the reachability of the route's next-hop router. The UP/DOWN state of the route is determined by the entry of the next-hop address in the ARP cache. A tracked route is considered to be reachable if there is an ARP cache entry for the route's next-hop address. If the next-hop address in the ARP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 548
The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object's status. EXEC Privilege mode show track object-id Example of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 549
Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128. (Optional) E-Series only: For an IPv4 route, you can enter a VRF name. 3. (Optional) Configure the time delay used - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 550
• Display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces, IPv4 or IPv6 routes, and a VRF instance. show track [object-id [brief] | interface [brief] [vrf vrf-name] | ip route [brief] [vrf vrf-name] | resolution | vrf vrf-name [brief] | brief] • Use the show running- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 551
Example of Viewing Object Tracking Configuration Dell#show running-config track track 1 ip route 23.0.0.0/8 reachability track 2 ipv6 route 2040::/64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050::/64 reachability track 4 interface TenGigabitEthernet 1/4 ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 552
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 553
Figure 90. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 554
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 555
Figure 91. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 556
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 557
For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 558
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 559
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 560
impacts CPU utilization and may impact adjacency stability in larger topologies. Multi-Process OSPFv2 with VRF Multi-process OSPF with VRF is supported on the Dell Networking OS. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for isolating - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 561
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 562
-Convergence • Changing OSPFv2 Parameters on Interfaces • Enabling OSPFv2 Authentication • Creating Filter Routes • Applying Prefix Lists • Redistributing Routes • Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 563
refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 564
ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 0, normal 0 stub - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 565
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 566
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 567
• Specify whether all or some of the interfaces are passive. CONFIG-ROUTEROSPF- id mode passive-interface {default | interface} The default is enabled passive interfaces on ALL interfaces in the OSPF process. Entering the physical interface type, slot, and number enables passive interface on only - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 568
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 569
- seconds: the range is from 1 to 65535 (the default is 40 seconds). The dead interval must be four times the hello interval. The dead interval must be the same on all routers in the OSPF network. • Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 570
interface TenGigabitEthernet 1/1 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 571
Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 572
Creating Filter Routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists. If they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 573
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 574
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 575
Figure 93. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 - Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 576
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 577
Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 address to the interface. CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 578
CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 579
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 580
-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] - Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 581
show ipv6 ospf database [vrf vrf-name] database-summary Examples of the Graceful Restart show Commands The following example shows the show run ospf command. Dell#show run ospf ! router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 582
ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the because the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 583
for full confidentiality. - 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted keys are supported. NOTE: To encrypt all keys on a router, use the service password-encryption command in Global Configuration mode. However, this command does not provide a high - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 584
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 585
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 586
- authentication-algorithm: specifies the authentication algorithm to use for encryption. The valid values are MD5 or SHA1. - key: specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 587
inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 588
the routes in the OSPF database? • Did you include the OSPF routes in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events and/or packets • show ipv6 neighbors • show ipv6 routes Viewing - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 589
33 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router normally decides where to forward the packet based on the destination address in the packet, which is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 590
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: The user can provide - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 591
• Create a Track-id list. For complete tracking information, refer to Object Tracking chapter. • Apply a Redirect-list to an Interface using a Redirect-group PBR Exceptions (Permit) To create an exception to a redirect list, use the permit command. Use exceptions when a forwarding decision is based - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 592
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 593
the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 594
redirect-group xyz shutdown Dell(conf-if-te-1/2)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 595
some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so forth. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 596
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 597
IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER# Configuration Tasks for - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 598
Configuration Tasks for Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 599
IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 600
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 601
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 602
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 603
(10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11 TenGigabitEthernet 1/12 TenGigabitEthernet 2/13 --More-- Configuring S,G Expiry Timers By default, S, G entries - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 604
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 605
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 606
. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default. Configure PIM-SMM Configuring PIM-SSM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 607
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 608
ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 609
Member Ports: Te 1/1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.11.5.2 00 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 610
Port (MG) can be used in multiple sessions. • There can be a maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a VLAN, where the VLAN traffic received on that port pipe where its members are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 611
point to another new destination (for example, 1/4). If you attempt to configure another destination (to create 5 MG port), this message displays: % Error will be thrown in case of RPM and ERPM features. Example of Changing the Destination Port in a Monitoring Session Dell(conf-mon-sess-5)#do show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 612
Figure 94. Port Monitoring Configurations on the S-Series Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 613
0 Te 1/1 Te 1/2 rx Port N/A Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP 0 Te 1/1 Te 1/2 rx Port N/A 0 Po 10 Te 1/2 rx Port N/A Dell(conf)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 614
mode show run monitor session Dell#show run monitor session ! monitor multicast-queue 7 Dell# Enabling Flow-Based Monitoring Flow-based monitoring is supported only on the S-Series platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 615
Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote- configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 616
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 617
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 618
To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination ----------- 1 remote-vlan 100 Fo 1/32 1 remote-vlan 100 Po - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 619
Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20 Dell(conf-if-vl-20)#mode remote-port-mirroring Dell(conf-if-vl-20)#tagged te 1/6 Dell(conf-if-vl-20)#exit Dell(conf)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 620
Dell(conf)#interface te 1/3 Dell(conf-if-te-1/3)#switchport Dell(conf-if-te-1/3)#no shutdown Dell(conf-if-te-1/3)#exit Dell(conf)#inte vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/1 Dell(conf-if-vl-10)#exit Dell(conf)#inte vlan 20 Dell(conf-if-vl-20)#mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 621
packets to the destination ip address specified in the session. Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 622
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1-3 mac access-group flow in Only ingress packets are supported for mirroring shutdown Dell# 622 Port Monitoring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 623
attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM bytes of the header needs to be ignored/ chopped off. - Some tools support options to edit the capture file. We can make use of such features ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 624
b. Using Python script - Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 625
(VLAN). For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 96. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 55. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 626
Dell Networking Term Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST+) IEEE Specification 802 .1s Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 627
PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode. Dell_E600(conf-pvst)#show - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 628
The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 629
The default is 15 seconds. • Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 630
Refer to the table for the default values. • Change the port priority of an interface. INTERFACE mode spanning-tree pvst vlan priority. The range is from 0 to 240, in increments of 16. The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 631
Networking OS from executing this action, use the no spanning-tree pvst err-disable cause invalid-pvstbpdu command. After you configure this command, if the port receives a PVST+ BPDU, the BPDU is dropped and the port remains operational. Enabling PVST+ Extend System ID In the following example, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 632
switchport no shutdown ! interface TenGigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 200 no ip address tagged - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 633
no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! protocol spanning-tree pvst no disable vlan - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 634
Quality of Service (QoS) Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 57. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 635
QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: Quality of Service (QoS) 635 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 636
) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An it on individual interfaces in a port channel. You can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 637
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When prioritytagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 638
. Figure 100. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 639
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4. Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 640
4. Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 641
example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 642
should be reconfigured to the default dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: - ACK - FIN - SYN - PSH - scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 643
dscp or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p shape egress traffic. QOS-POLICY-OUT mode rate-shape Quality of Service (QoS) 643 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 644
Map • Displaying Color Maps • Display Color Map Configuration Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 645
EXEC mode. summary: Displays summary information about a color policy on one or more interfaces. detail: Displays detailed color policy information on an interface Quality of Service (QoS) 645 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 646
To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 647
POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values . The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Quality of Service (QoS) 647 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 648
after you apply it. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 649
an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. Enabling QoS Rate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 650
. Enabling Strict-Priority Queueing Strict-priority means that Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage configuration. • A queue with strict priority can starve other queues in the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 651
priority 2 which will be honored in switch A. You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 5 % Error: Dot1p space consumes less than 2000KB of the specified traffic. Quality of Service (QoS) 651 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 652
Packets), all traffic defaults to green drop precedence. • Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred 652 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 653
0 0 0 0 6 UCAST 0 0 0 0 7 UCAST 0 0 0 0 8 UCAST 204 13056 0 0 9 MCAST 0 0 0 0 10 MCAST 0 0 0 0 11 MCAST 0 0 0 0 12 MCAST 0 0 0 0 13 MCAST 0 0 0 0 14 MCAST 0 0 0 0 15 MCAST 0 0 0 0 16 MCAST 0 0 0 0 Quality of Service (QoS) 653 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 654
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) 654 Quality of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 655
Packets Per Second Configuration of rate shaping in packets per second (pps) for QoS output policies is supported on the S6000 platform. You can configure rate shaping in pps for a QoS output policy, apart the committed rate and committed burst size in bytes. Quality of Service (QoS) 655 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 656
when the minimum guaranteed buffers for the queue are consumed, can be configured on the S6000 platform. Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 657
for backplane ports. Also, WRED/ECN is not supported for multicast packets. The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 658
queues when the minimum guaranteed buffers for the queue are consumed. S6000 platform supports four global service-pools in the egress direction. mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 659
match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" will mark Attach the policy-map to the interface. Dell Networking OS support different types of match qualifiers to classify the incoming traffic. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 660
) at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn -map command: • set a new DSCP for the packet 660 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 661
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 662
layer2 3. Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Managing Hardware Buffer Statistics Bufffer statistics tracking utility is supported on the S6000 platform. The memory management unit (MMU) on S6000 platform is 12.2 MB in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 663
OS Release 9.3(0.0), only the Max Use count mode of operation is supported for the computation of maximum counter values. Depending on the buffer space the system processes a PFC PAUSE frame. You can use the service-class buffer shared-threshold-weight queue0 ... queue7 number command in Interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 664
mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0) Q# TYPE Q# TOTAL BUFFERED CELLS UCAST 0 0 664 Quality of Service (QoS) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 665
UCAST UCAST UCAST UCAST UCAST UCAST UCAST UCAST UCAST UCAST UCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 Quality of Service (QoS) 665 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 666
addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 667
homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 668
Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 669
8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 12.0.0.0/8 auto-summary 20.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 20.0.0.0/8 auto-summary 29.10.10.0/24 directly connected,Fa 1/49 29.0.0.0/8 auto-summary 31.0.0.0/8 [120/1] via 29.10.10.12, 00:00: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 670
ROUTER RIP mode distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 671
ip rip send version [1] [2] Examples of the RIP Process To see whether the version command is configured, use the show config command in ROUTER RIP mode. The following example shows the RIP configuration after the ROUTER RIP mode version command is set to RIPv2. When you set the ROUTER RIP mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 672
Generating a Default Route Traffic is forwarded to the default route when the traffic's network is not explicitly listed in the routing table. Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 673
ROUTER RIP mode offset-list access-list-name {in | out} offset [interface] Configure the following parameters: - prefix-list-name: the name of an established Prefix list to determine which incoming routes are modified - offset: the range is from 0 to 16. - interface: the type, slot, and number of an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 674
RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/3)# Core2(conf-if-te-2/3)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 675
C 10.11.20.0/24 R 10.11.30.0/24 C 10.200.10.0/24 C 10.300.10.0/24 R 192.168.1.0/24 R 192.168.2.0/24 Core2# R 192.168.1.0/24 R 192.168.2.0/24 Direct, Te 2/3 via 10.11.20.1, Te 2/3 Direct, Te 2/4 Direct, Te 2/5 via 10.11.20.1, Te 2/3 via 10.11.20.1, Te 2/3 via 10.11.20.1, Te 2/3 via 10.11.20.1, Te - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 676
• To display Core 3 RIP activity, use the show ip protocols command. Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3. Core3#show ip rip database Total number of routes in RIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 677
Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2. ! interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 678
40 Remote Monitoring (RMON) Remote monitoring (RMON) is supported on Dell Networking OS. RMON is an industry-standard continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. 678 Remote Monitoring (RMON - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 679
Setting the rmon Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 680
- number: assign an event number in integer format from 1 to 65535. The number value must be unique in the RMON event table. - log: (Optional) enter the keyword log to generate an RMON event log, it sets the eventType to either log or log-andsnmptrap in the RMON event table. The default is None. - - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 681
- integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in the RMON History Table. - owner: (Optional) specifies the name of the owner of the RMON group of statistics. The default is a null-terminated string. - ownername: (Optional) records - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 682
Link State Detection • Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 683
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 684
• Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1. Enter PROTOCOL SPANNING TREE RSTP mode. CONFIGURATION mode protocol spanning-tree rstp 2. Enable RSTP. PROTOCOL SPANNING TREE RSTP mode no disable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 685
Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.cbb4 Number of topology changes 4, last change occurred 00:02:17 ago on Te 1/26 Port 377 (TenGigabitEthernet 2/1) is designated Forwarding Port path cost 20000, Port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 686
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 687
PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 688
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 689
- Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). - Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). - Disable global spanning tree (the no spanning-tree command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 690
42 Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. 690 Software-Defined Networking (SDN) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 691
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 692
process request. - stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. - tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 693
record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 694
Configuring AAA Authentication Login Methods To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 695
9 Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration • TACACS+ - When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 696
only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 697
all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system. To configure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 698
To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 699
• reset: return the command to its default privilege mode. Examples of Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp-server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 700
to set. If you enter disable without a level-number, your security level is 1. RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 701
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 702
listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 703
CONFIGURATION mode radius-server host {hostname | ip-address} [auth-port port-number] [retransmit retries] [timeout seconds] [key [encryption-type] key] Configure the optional communication parameters for the specific host: - auth-port port-number: the range is from 0 to 65535. Enter a UDP port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 704
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 705
( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication When configuring a TACACS+ server host, you can set different communication - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 706
Example of Specifying a TACACS+ Server Host Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#aaa authentication exec tacacsauthorization tacacs+ Dell(conf)#tacacs-server host 25.1.1.2 key Force Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 707
proposes a countermeasure to the problem. This countermeasure is configured into remote login and other secure network services over an insecure network. Dell Networking Networking OS Command Line Interface Reference Guide. Dell Networking OS SCP, which SCP client software is supported. To use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 708
To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands. On the chassis, invoke SCP. CONFIGURATION mode - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 709
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 710
configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 711
SSH server ciphers : 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192- ctr,aes256-ctr. SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac- sha2-256-96. SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1- sha1,diffie- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 712
no ip ssh password-authentication or no ip ssh rsa-authentication 6. Enable host-based authentication. CONFIGURATION mode ip ssh hostbased-authentication enable 7. Bind shosts and rhosts to host-based authentication. CONFIGURATION mode ip ssh pub-key-file flash://filename or ip ssh rhostsfile - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 713
SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub or remote. Table 67. VTY Access Authentication Method Line VTY access-class support? YES Username access-class support? NO Remote authorization support? NO Local NO YES NO TACACS+ YES NO YES (with Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 714
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 715
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 716
A constrained RBAC model provides for separation of duty and as a result, provides greater security than the hierarchical RBAC model. Essentially, a constrained model puts some limitations around each role's permissions to allow you to partition of tasks. However, some inheritance is possible. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 717
If you do not, the following error is displayed when you attempt to enable role-based only AAA authorization. % Error: Exec authorization must be applied to more than one line to be useful, e.g. console and vty lines. Could use default authorization method list as alternative. 5. Verify the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 718
• Modifying Command Permissions for Roles • Adding and Deleting Users from a Role Creating a New User Role Instead of using the system defined user roles, you can create a new user role that best matches your organization. When you create a new user role, you can first inherit permissions from one - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 719
Modifying Command Permissions for Roles You can modify (add or delete) command permissions for newly created user roles and system defined roles using the role mode { { { addrole | deleterole } role-name } | reset } command command in Configuration mode. NOTE: You cannot modify system administrator - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 720
Dell(conf)#show role mode configure interface Role access: netadmin, secadmin, sysadmin Example: Verify that the Security Administrator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode (highlighted in bold). Role Inheritance netoperator - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 721
for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 722
You can further restrict users' permissions, using the aaa authorization command command in CONFIGURATION mode. aaa authorization command {method-list-name | default} method [... method4] Examples of Applying a Method List The following configuration example applies a method list: TACACS+, RADIUS - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 723
RBAC For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". The value is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 724
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 725
Displaying Role Permissions Assigned to a Command To display permissions assigned to a command, use the show role command in EXEC Privilege mode. The output displays the user role and or permission level. Examples of Role Permissions Assigned to a Command Dell#show role mode ? configure exec - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 726
44 Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad - Provider Bridges, which is an amendment to IEEE 802.1Q - Virtual Bridged Local Area Networks. It enables service providers to use - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 727
Figure 104. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are Ports 2. Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3. Enabling VLAN-Stacking for a VLAN. Service Provider Bridging 727 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 728
bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3. Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 729
Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)#vlan-stack trunk Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address portmode hybrid Service Provider Bridging 729 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 730
Networking systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3). 730 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 731
the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Service Provider Bridging 731 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 732
Figure 105. Single and Double-Tag TPID Match 732 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 733
Figure 106. Single and Double-Tag First-byte TPID Match Service Provider Bridging 733 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 734
and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor or - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 735
, use the following command. • Set the DEI value on egress according to the color currently assigned to the packet. INTERFACE mode dei mark {green | yellow} {0 | 1} Service Provider Bridging 735 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 736
CFI/DEI Te 1/1 Green 0 Te 1/1 Yellow 1 Te 2/9 Yellow 0 Te 2/10 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 737
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 738
and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). Figure 109. VLAN Stacking without L2PT 738 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 739
you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Figure 110. VLAN Stacking with L2PT Service Provider Bridging 739 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 740
Allocation. 2. Save the running-config to the startup-config. EXEC Privilege mode copy running-config startup-config 3. Reload the system. EXEC Privilege mode reload 740 Service Provider Bridging - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 741
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 742
on any port specifically, the global sampling rate is downloaded to that port and is to calculate the portpipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 743
a Multicast packet. Enabling Extended sFlow The S-Series platforms support extended-switch information processing only. Extended sFlow packs additional displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 744
Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow conf-if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 745
line indicates sFlow is globally enabled. The second bold lines indicate sFlow is enabled on Te 1/16 and Te 1/17 Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 746
show sflow interface interface-name Examples of the sFlow show Commands The following example shows the show sflow interface command. Dell#show sflow interface tengigabitethernet 1/1 Te 1/1 sFlow type :Ingress Configured sampling rate :16384 Actual sampling rate :16384 Counter polling - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 747
version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off the LAG port. Enabling Extended sFlow The S-Series platforms support extended-switch information processing only. Extended sFlow packs additional - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 748
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter the ingress interface of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 749
IP SA BGP IP DA BGP srcAS and srcPeerAS dstAS and dstPeerAS Description IP DA is not learned via BGP. Version 7.8.1.0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 750
MIB (RFC 1483) for STP and IEEE 802.1 draft ruzin-mstp-mib-02 for MSTP. SNMPv3 Compliance With FIPS This functionality is supported on the S6000 platform. SNMPv3 is compliant with the Federal information processing standard (FIPS) cryptography standard. The Advanced Encryption Standard (AES) Cipher - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 751
FIPS Mode Disabled Enabled Privacy Options des56 (DES56-CBC) aes128 (AES128-CFB) aes128 (AES128-CFB) Authentication Options md5 (HMAC-MD5-96) sha (HMAC-SHA1-96) sha (HMAC-SHA1-96) To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 752
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 753
Setting Up User-Based Security (SNMPv3) When setting up SNMPv3, you can set users up with one of the following three types of configuration for SNMP read/write operations. Users are typically associated to an SNMP group with permissions provided, such as OID view. • noauth - no password or privacy. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 754
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 755
the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Force10 enterpriseSpecific - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 756
• Force10 enterpriseSpecific protocol traps - bgp, ecfm, stp, and xstp. To configure the system to send SNMP notifications, use the following commands. 1. Configure the Dell Networking system to send notifications to an SNMP server. CONFIGURATION mode snmp-server host ip-address [traps | informs] [ - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 757
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 758
5 minutes, a trap is sent. This restriction applies to the console message also. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, then SNMP trap is not sent successfully. To enable an SNMP agent to send a trap when the syslog server is not reachable, use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 759
Table 70. List of Syslog Server MIBS that have read access MIB Object OID dF10SysLogTraps 1.3.6.1.4.1.6027.3.30.1.1 Object Values 1 = reachable2 = unreachable Description Specifies whether the syslog server is reachable or unreachable. Following example shows the SNMP trap that is sent when - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 760
MIB Object copySrcFileLocation copySrcFileName copyDestFileType copyDestFileLocation copyDestFileName copyServerAddress copyUserName OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 .1.3.6.1.4.1.6027.3.5.1.1.1.1.6 .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 761
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 762
Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same command using the object OIDs. In both cases, a unique index number follows the object. The following example shows copying configuration files using MIB object names. > snmpset - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 763
FTOS-COPY-CONFIG-MIB::copyServerAddress.110 = IpAddress: 11.11.11.11 FTOS-COPY-CONFIG-MIB::copyUserName.110 = STRING: mylogin FTOS-COPY-CONFIG-MIB::copyUserPassword.110 = STRING: mypass Copying the Startup-Config Files to the Server via TFTP To copy the startup-config to the server via TFTP from the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 764
MIB Object copyFailCause copyEntryRowStatus OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.14 .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Values 1 = bad filename 2 = copy in progress 3 = disk full 4 = file exists 5 = file not found 6 = timeout 7 = unknown Row status Description Specifies the reason the copy request - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 765
.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 766
• To view the viewing the software core files generated by the system, use the following command. snmpwalk -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.10 enterprises.6027.3.10.1.2.10.1.1.1.1 = 1 enterprises.6027.3.10.1.2.10.1.1.1.2 = 2 enterprises.6027.3.10.1.2.10.1.1.1.3 = 3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 767
Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members. The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 768
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 769
Table 75. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. 2 Q-BRIDGE MIB dot3aCurAggFdb Table .1.3.6.1.4.1.6027.3.2. 1.1.5 F10-LINK-AGGREGATION MIB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 770
Deriving Interface Indices Dell Networking OS assigns an interface number to each (configured or unconfigured) physical and logical interface. The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 771
= INTEGER: 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 772
SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 773
also called the master unit. • Standby - secondary management unit. • Stack units - the remaining units in the stack, also called stack members. The system supports up to six stack units. • Stack group - Each individual 40G port correspond to a stack-group. To configure the front ports on the device - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 774
Stack Master Election The stack elects a master and standby unit at bootup time based on two criteria. • Unit priority - User-configurable. The range is from 1 to 14. A higher value (14) means a higher priority. The default is 1. By removing the stack-unit priority using the no stack-unit priority - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 775
after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6-address | dhcp} Failover Roles If the stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 776
[output omitted] Standalone#show system | grep priority Master priority : 0 -----------STACK BEFORE CONNECTION Stack#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby online S6000 1-0 (0-3387) 128 1 Management - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 777
path selection inside the stack: If multiple paths exist between two units in the stack, the shortest path is used. Supported Stacking Topologies The device supports stacking in a ring or a daisy chain topology. Dell Networking recommends the ring topology when stacking the switches to provide - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 778
Stack-unit SW Version: 1-0(0-3387) -- Stack-unit Redundancy Configuration -- Primary Stack-unit: mgmt-id 0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot Stack-unit: Disabled Auto failover limit: 3 times in 60 minutes -- Stack-unit Failover Record -- Failover - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 779
You can connect two units with two or more stacking cables in case of a stacking port or cable failure. Removal of only one of the cables does not trigger a reset. Important Points to Remember • You may stack up to six S6000 systems. • The S6000 cannot be stacked with other system types. • You - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 780
the stack is running Dell Networking OS version9.7.0.0and the new unit is running an earlier software version, the new unit is put into a card problem state. • If the unit is running Dell Networking OS version 9.7.0.0 it is upgraded to use the same Dell Networking OS version as the stack, rebooted - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 781
in the stack. 2. Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3. Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack-unit-number - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 782
Example of a Syslog Figure 113. Creating a new stack In the following example, stack unit is the master management unit, stack unit 2is the standby unit. The cables are connected to each unit. Configure the stack groups on the units in the following order: • Configure the first stack group on unit - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 783
6971 Speed in RPM Add Units to an Existing S-Series Stack You can add units to an existing stack in one of three ways. • By manually assigning a new unconfigured unit a position in an existing stack. • By adding a configured unit to an existing stack. • By merging two stacks. If you are adding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 784
stack-unit [0-5] renumber [0-5] 3. (OPTIONAL) On the new unit, assign a management priority based on whether you want the new unit to be the stack manager. CONFIGURATION mode stack-unit [0-5] priority [1-14] 4. Assign a stack group to each unit. CONFIGURATION mode stack-unitstack-unit-number stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 785
• Dell# configure 5. Configure the ports on the added switch for stacking. CONFIGURATION mode stack-unit 0 stack-group group-number • stack-unit 0: defines the default ID unit-number in the initial configuration of a switch. • stack-group group-number: configures a port for stacking. 6. Save the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 786
• If one of the new stacks receives only the standby unit, it becomes the master unit of the new stack, and Dell Networking OS elects a new standby unit. • If one of the new stacks receives neither the master nor the standby management unit, the stack is reset so that a new election can take place. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 787
• Display the same information in show system, but only for the specified unit. EXEC Privilege mode show system stack-unit Refer to the following example. • Display topology and stack link status for the entire stack. EXEC Privilege mode show system stack-ports [status | topology] Refer to the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 788
POE Capable FIPS Mode Burned In MAC No Of MACs : no : disabled : 90:b1:1c:f4:a7:c7 : 3 -- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) 5 0 up AC up 6688 5 1 down UNKNOWN down 0 -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 5 0 up up 6971 up - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 789
from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. • Display redundancy information. EXEC Privilege mode show redundancy Resetting a Unit on an S-Series Stack - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 790
mode reset stack-unit • Reload a member unit, from the unit itself. EXEC Privilege mode reset-self • Reset a stack-unit when the unit is in a problem state. EXEC Privilege mode reset stack-unit {hard} Verify a Stack Configuration The light of the LED status indicator on the front panel of the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 791
Number Part Number Vendor Id Date Code Country Code Piece Part ID PPID Revision Service Tag Expr Svc Code Auto Reboot Burned In MAC No Of MACs : yes To remove units or front end ports from a stack, use the following instructions. • Removing a Unit from an S-Series Stack • Removing Front End Port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 792
EXEC Privilege mode reload After the units are reloaded, the system reboots. The units come up as standalone units after the reboot completes. Troubleshoot an S-Series Stack To troubleshoot an S-Series stack, use the following recovery tasks. • Recover from Stack Link Flaps • Recover from a Card - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 793
Series Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error. To recover, disconnect the new unit from the stack, change the Dell Networking OS version to match the stack, and then reconnect it to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 794
-- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 2 0 up up 7072 up 6971 2 1 up up 7021 up 7021 2 2 up up 7021 up 6971 5 0 up up 7021 up 7123 5 1 up up 6971 up 7021 5 2 up up 7021 up 6971 Speed in RPM 794 Stacking - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 795
interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and . Do not apply per-viritual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 796
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 797
• To add interfaces to the spanning tree topology after you enable STP, enable the port and configure it for Layer 2 using the switchport command. • The IEEE Standard 802.1D allows 8 bits for port ID and 8 bits for priority. The 8 bits for port ID provide port IDs for 256 ports. Configuring - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 798
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 799
no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode. Dell(conf)#protocol spanning-tree 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 800
Te 1/4 8.514 8 Dell# 4 FWD 0 32768 0001.e80d.2462 8.514 Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Modifying Global Parameters - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 801
• Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 802
• Enable PortFast on an interface. INTERFACE mode spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] Example of Verifying PortFast is Enabled on an Interface To verify that PortFast is enabled on a port, use the show spanning-tree command from EXEC Privilege mode or the show config - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 803
- Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 116. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 804
P2P No Dell(conf-if-te-1/7)#do show ip interface brief tengigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 805
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 806
- 0: enables root guard on an STP-enabled port assigned to instance 0. - mstp: enables root guard on an MSTP-enabled port. - rstp: enables root guard on an RSTP-enabled port. - pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 807
channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: Spanning Tree Protocol (STP) 807 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 808
- Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 809
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. In the release 9.4.(0.0), support for reaching an NTP server through different VRFs is included. You can configure a maximum of eight logging servers across different VRFs or the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 810
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 811
• Specify the NTP server to which the Dell Networking system synchronizes. CONFIGURATION mode ntp server ip-address Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 812
• Configure a source IP address for NTP packets. CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. - For a 40-Gigabit Ethernet interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 813
in dotted decimal format (A.B.C.D). - ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. - key keyid : Configure a text string as the key exchanged between the NTP server and the client. - prefer: Enter the keyword prefer to set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 814
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 815
:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. System Time and Date 815 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 816
Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following command. • Set the clock to the appropriate timezone and daylight saving time. CONFIGURATION - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 817
- start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. - start-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 818
, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 819
Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.1/24 Dell(conf-if-tu-3)#ipv6 address 3::1/64 Dell(conf-if-tu-3)#no shutdown Dell(conf-if-tu-3)#show config ! interface Tunnel 3 ip address 3.1.1.1/24 ipv6 address 3::1/64 tunnel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 820
Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip unnumbered TenGigabitEthernet 1/1 ipv6 unnumbered - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 821
over ECMP paths to the next hop. ECMP paths over IP tunnel interfaces are supported. ARP and neighbor resolution for the IP tunnel next hop are supported. Multipoint Receive-Only Type and IP Unnumbered Interfaces for Tunnels A multipoint receive-only IP tunnel decapsulates packets from remote - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 822
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 823
speed and can span multiple devices. The Dell Networking Operating System (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 824
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 825
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 826
whether the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 827
NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1 Po1(So 0/0-1) Te 1/2 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If the tagged - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 828
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 829
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 830
gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, refer to Dell Networking OS Command Line Reference Guide. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined for VLT peers in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 831
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 832
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 833
• You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy Gateway LLDP configuration: • You must globally enable LLDP. • You cannot have interface-level LLDP disable commands on the interfaces configured for proxy gateway and you must - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 834
• The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method. For VLT Proxy Gateway to work in this - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 835
Sample Dynamic Proxy Configuration on C switch or C1 switch Switch_C#conf Switch_C(conf)#vlt domain 1 Switch_C(conf-vlt-domain1)#proxy-gateway lldp Switch_C(conf-vlt-domain1-pxy-gw-lldp)#peer-domain-link port-channel 1.... VLT Proxy Gateway 835 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 836
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology. (To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 837
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 838
Figure 122. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 839
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 840
. - A VLT interconnect over 1G ports is not supported. - The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. - The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. - VLT peer switches operate as separate - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 841
port monitoring, jumbo frames, IGMP snooping, sFlow, ingress and egress ACLs, and Layer 2 control protocols RSTP and PVST only. NOTE: PVST+ passthrough is supported in a VLT domain. PVST+ BPDUs does not result in an interface shutdown. PVST+ BPDUs for a nondefault VLAN is flooded out as any other L2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 842
section. - For information about configuring IGMP Snooping in a VLT domain, refer to VLT and IGMP Snooping. - All system management protocols are supported on VLT ports, including SNMP, RMON, AAA, ACL, DNS, FTP, SSH, Syslog, NTP, RADIUS, SCP, TACACS+, Telnet, and LLDP. - Enable Layer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 843
VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers node. VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are synced - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 844
that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 845
Figure 123. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 846
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv6/IPv4. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as RIP - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 847
peer-routing 3. Configure the peer-routing timeout. VLT DOMAIN mode peer-routing-timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT Multicast Routing provides resiliency to multicast routed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 848
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 849
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the VLTi . 3. Configure a backup link for the VLT domain. 4. (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 850
channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 4. Ensure - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 851
CONFIGURATION mode interface managementethernet slot/ port Enter the slot (0-1) and the port (0). 2. Configure an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) and mask (/x) on the interface. MANAGEMENT INTERFACE mode {ip address ipv4-address/ mask | ipv6 address ipv6-address/ mask} This is - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 852
The priority values are from 1 to 65535. The default is 32768. 3. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations. VLT DOMAIN CONFIGURATION mode system-mac mac-address mac-address To explicitly - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 853
no shutdown 6. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number The valid port-channel ID numbers are from 1 to 128. 7. Repeat Steps 1 to 6 on the VLT peer switch - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 854
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 3. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 855
9. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 10. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number Valid port-channel ID numbers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 856
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. s4810-2(conf)#vlt domain 5 s4810 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 857
Configure the backup link between the VLT peer units. 1. Configure the peer 2 management ip/ interface ip for which connectivity is present in VLT peer 1. 2. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 2. Dell-2#show running-config vlt ! vlt domain - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 858
port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface tengigabitethernet 1/30 ! interface TenGigabitEthernet 1/30 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface port-channel - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 859
PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 860
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example, you are configuring two domains. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4, as shown in the following example. In Domain 1, - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 861
Next, configure the VLT domain and VLTi on Peer 2. Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer2(conf) #vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 862
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 863
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link • Display general status information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 864
HeartBeat Timeout: 3 UDP Port: 34998 HeartBeat Messages Sent: 1026 HeartBeat Messages Received: 1025 Dell_VLTpeer2# show vlt backup-link VLT Backup Link Destination: 10.11.200.20 Peer HeartBeat status: Up HeartBeat Timer Interval: 1 HeartBeat Timeout: 3 UDP Port: 34998 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 865
VLT Role ---------- VLT Role: Secondary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:e6 Local System Role Priority: 32768 The following example shows the show running-config vlt command. Dell_VLTpeer1# show running-config vlt ! - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 866
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e88a.dff8 We are the root Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 867
Verify that the port channels used in the VLT domain are assigned to the same VLAN. Dell_VLTpeer1# show vlan id 10 Codes: * - Default VLAN, G - GVRP VLANs, P - Primary, C - Community, I - Isolated Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack, H - - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 868
-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/48,52 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 869
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 870
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. First configure the VLT interconnect (VLTi) or a VLT LAG by using the peer-link port-channel id-number command or the VLT VLAN by using the peer-link port-channel idnumber peer-down-vlan vlan interface number command and the switchport - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 871
Whenever a change occurs in the VLAN mode of one of the peers, this modification is synchronized with the other peers. Depending on the validation mechanism that is initiated for MAC synchronization of VLT peers, MAC addresses learned on a particular VLAN are either synchronized with the other peers - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 872
Table 80. VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN VLT LAG Mode Peer1 Peer2 Trunk Trunk PVLAN Mode of VLT VLAN Peer1 Peer2 Primary Primary ICL VLAN Membership Yes Trunk Trunk Primary Normal No Trunk Trunk Normal Normal Yes Promiscuous Trunk Primary - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 873
PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section contains the following topics that - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 874
The range is from 1 to 128. 8. (Optional) To configure a VLT LAG, enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number peer-down-vlan vlan interface number The range - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 875
• Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 876
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 877
Configuring VLAN-Stack over VLT To configure VLAN-stack over VLT, follow these steps. 1. Configure the VLT LAG as VLAN-stack access or trunk mode on both the peers. INTERFACE PORT-CHANNEL mode vlan-stack {access | trunk} 2. Configure VLAN as VLAN-stack compatible on both the peers. INTERFACE VLAN - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 878
no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 879
back-up destination 10.16.151.115 system-mac mac-address 00:00:00:11:11:11 unit-id 1 Dell# Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 880
NUM Status Description 50 Active Dell# Q Ports M Po10(Te 1/8) M Po20(Te 1/20) V Po1(Te 1/30-32) 880 Virtual Link Trunking (VLT) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 881
56 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 882
and logical network based on messages from the NVP. • Advertises MACs learnt on south-facing VXLAN capable-ports to the NVP client. VXLAN Hypervisor Service Node(SN) Legacy TOR It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. It - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 883
• The VTEP acts according to the TOR schema defined by VMWare. The solution is very specific to VMWare-based orchestration platforms and does not work with other orchestration platforms. VXLAN Frame Format VXLAN provides a mechanism to extend an L2 network over an L3 network. In short, VXLAN is an - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 884
• VXLAN Port : IANA-assigned VXLAN Port (4789). • UDP Checksum: The UDP checksum field is transmitted as zero. When a packet is received with a UDP checksum of zero, it is accepted for decapsulation. VXLAN Header : • VXLAN Flags : Reserved bits set to zero except bit 3, the first bit, which is set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 885
node is responsible for broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service node: 3. Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 886
NOTE: For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3. - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 887
VxLAN INSTANCE mode gateway-ip IP address 5. max-back off (Optional) VxLAN INSTANCE mode max_backoff time The range is from 1000-180000. The default value is 30000 milliseconds. 6. fail-mode (Optional) VxLAN INSTANCE mode fail-mode secure If the local VTEP loses connectivity with the controller, it - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 888
Port : Fo 0/124 Vlan : 100 Rx Packets : 13 Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 889
Total LN count : 1 Name bffc3be0-13e6-4745-9f6b-0bcbc5877f01 4656 VNID Dell#$n-instance 1 logical-network n 2a8d5d19-8845-4365-ad04-243f0b6df252 Name : 2a8d5d19-8845-4365-ad04-243f0b6df252 Description : Tunnel Key : 2 VFI : 28674 Unknown Multicast MAC Tunnels: 192.168.122.133 : vxlan_over_ipv4 ( - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 890
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 891
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 892
commands introduced or modified LLDP protocol on the port 802.1x protocol on the VLAN port OSPF, RIP, ISIS, BGP on physical and logical interfaces Support Status for Default VRF Yes Yes Yes Yes Dynamic Port-channel (LACP) on VLAN Yes port or a Layer 3 port Static Port-channel as VLAN port - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 893
capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF No Yes Yes No No No Yes Yes Yes No No Yes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 894
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Task Create a non-default VRF instance by specifying a name and VRF ID number, and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 895
VRF 0), do not enter a value for vrf-name. Command Syntax Command Mode Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer toOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 896
help still displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route To configure a static route, perform the following steps: Task Configure a static - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 897
Task Command Syntax Command Mode NOTE: You can also have the management route to point to a front-end port in case of the management VRF. For example: management route 2::/64 te 0/0. To configure a static entry in the IPv6 neighbor discovery, perform the following steps: Task Configure a static - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 898
Figure 127. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 899
ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 900
ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 901
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 902
Dell#show ip ospf 1 neighbor Neighbor ID Pri 1.0.0.1 1 FULL/BDR ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri 2.0.0.1 1 FULL/BDR ! Dell#show ip route vrf blue State Dead Time 00:00:36 State Dead Time 00:00:33 Address 1.0.0.1 Address 2.0.0.1 Interface Vl 128 Interface Vl 192 Area 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 903
or more VRFs. Previous FTOS releases support static route leaking, which enables route leaking and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes . The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 904
purpose, routes corresponding VRF-Shared routes are leaked to only VRF-Red and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are leaked to VRF-Shared. For leaking the routes from VRF-Shared to VRF-Red and VRF-Blue, you can configure route-export tag on VRF-shared (source VRF - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 905
Dell# show ip route vrf VRF-Green O 33.3.3.3/32 via 133.3.3.3 110/0 00:00:11 C 133.3.3.0/24 Direct, Te 1/13 0/0 Dell# show ip route vrf VRF-Shared O 44.4.4.4/32 via 144.4.4.4 110/0 00:00:11 22:39:61 C 144.4.4.0/24 Direct, Te 1/4 0/0 00:32:36 Show routing tables of VRFs( after route- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 906
Configuring Route Leaking with Filtering When you initalize route leaking from one VRF to another, all the routes are exposed to the target VRF. If the size of the source VRF's RTM is considerablly large, an import operation results in the duplication of the target VRF's RTM with the source RTM - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 907
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. • You can expose a unique set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 908
Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on Dell Networking OS. VRRP Overview VRRP is designed to Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 909
gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported. Virtual IP addresses can belong to the primary or secondary IP address' subnet configured on the interface. You can ping all the virtual - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 910
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 911
• VRRPv3 as defined in RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6 You can also migrate a IPv4 group from VRRPv2 to VRRP3. To configure the VRRP version for IPv4, use the version command in INTERFACE mode. Example: Configuring VRRP to Use Version 3 The - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 912
- For example, an interface (on which you enable VRRP) contains a primary IP address of 50.1.1.1/24 and a secondary IP address of 60.1.1.1/24. The VRRP group (VRID 1) must contain virtual addresses belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though Dell - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 913
TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 100, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 27, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.3 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 914
NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 915
vrrp-group 111 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Changing the Advertisement Interval By default, the MASTER router transmits a VRRP advertisement to all - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 916
no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 917
show vrrp • (Optional) Display the configuration of tracked objects in VRRP groups on a specified interface. EXEC mode or EXEC Privilege mode show running-config interface interface Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 918
local destination address is not seen on the reloaded node causing suboptimal routing. Set the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you configure both CLIs, the later timer rules VRRP enabling. For example, if you set - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 919
directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. The VRRP topology was created using the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 920
R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TenGigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.3 no shutdown R2(conf-if-te-2/31)#end - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 921
Figure 130. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 922
R2(conf-if-te-1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 923
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two E-Series switches. The default gateway to reach the internet in each - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 924
S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177. S1(conf-if-te-1/1-vrid-101)#priority 100 S1(conf-if-te-1/1-vrid-101)# - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 925
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 926
VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 927
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. Virtual Router Redundancy Protocol (VRRP) 927 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 928
Figure 132. VRRP for IPv6 Topology NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 929
NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs. R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 930
Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp tengigabitethernet 2/8 TenGigabitEthernet 2/8, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 0 default State: Master, Priority: 110, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 931
59 S-Series Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 932
3. Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-0.txt Diags completed... Rebooting the - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 933
[163]: ERROR: platform cpld cache disabled ioctl failed, rv: 9 S6000 DIAGNOSTICS Board CPU Version Stack Unit Board Temp Stack Unit Number Board Service Tag System Cpld Rev Master Cpld Rev Slave Cpld Rev Image Build Version : S6000 Dell Inc. : Intel Centerton Processor : 32 Degree - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 934
Test 5.001 - Psu1 Status Monitor Test NOT PRESENT Test 5 - Psu Status Monitor Test NOT PRESENT Test 6.000 - Psu0 Fan Speed Monitor Test PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 6.001 - Psu1 Fan Speed Monitor Test NOT PRESENT Test 6 - Psu Fan Speed Monitor - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 935
a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information directory. NOTE: Non-management member units do not support this functionality. Hardware Watchdog Timer The hardware watchdog command - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 936
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 937
going from the FP to the CSF IDP links. 3. Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. S-Series Debugging and Diagnostics 937 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 938
Physical memory is organized into cells of 128 bytes. The cells are organized into two buffer pools - the dedicated buffer and the dynamic buffer. • Dedicated buffer - this pool is reserved memory that other interfaces cannot use on the same ASIC or by other queues on the same interface. This buffer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 939
• Reduce the dedicated buffer on all queues/interfaces. • Increase the dynamic buffer on all interfaces. • Increase the cell pointers on a queue that you are expecting will receive the largest number of packets. To define, change, and apply buffers, use the following commands. • Define a buffer - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 940
uplink |csf] linecard port-set buffer-policy from CONFIGURATION mode and no buffer-policy from INTERFACE mode. To display the allocations for any buffer profile, use the show commands. To display the default buffer profile, use the show buffer-profile {summary | detail} command from EXEC Privilege - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 941
pre-defined buffer profiles, one for single-queue (for example, non-quality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 942
Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet loss, use the following commands. • show hardware stack-unit cpu data-plane statistics • show hardware stack-unit cpu party-bus statistics • show hardware stack- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 943
Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 Example of show hardware drops interface interface Dell#show hardware drops interface tengigabitethernet 2/1 Drops in - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 944
Drops in Interface Te 2/1/1: --- Ingress Drops --- Ingress Drops : 0 IBP CBP Full Drops : 0 PortSTPnotFwd Drops : 0 IPv4 L3 Discards : 0 Policy Discards : 0 Packets dropped by FP : 0 (L2+L3) Drops : 0 Port bitmap zero Drops : 0 Rx VLAN Drops : 0 --- Ingress MAC counters--- - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 945
Ingress MMU Drops : 0 HOL DROPS(TOTAL) : 0 HOL DROPS on COS0 : 0 HOL DROPS on COS1 : 0 HOL DROPS on COS2 : 0 HOL DROPS on COS3 : 0 HOL DROPS on COS4 : 0 HOL DROPS on COS5 : 0 HOL DROPS on COS6 : 0 HOL DROPS on COS7 : 0 HOL DROPS on COS8 : 0 HOL DROPS on COS9 : 0 HOL DROPS on - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 946
rxPkt(UNIT0) :0 rxPkt(UNIT1) :0 rxPkt(UNIT2) :0 rxPkt(UNIT3) :0 transmitted :0 txRequested :0 noTxDesc :0 txError :0 txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0) :0 txPkt(COS1) :0 txPkt(COS2) :0 txPkt(COS3) :0 txPkt(COS4) :0 txPkt(COS5) :0 txPkt(COS6) - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 947
RDBGC5.ge0 : RDBGC7.ge0 : GR64.ge0 : GR127.ge0 : GR255.ge0 : GRPKT.ge0 : GRBYT.ge0 : GRMCA.ge0 : GRBCA.ge0 : GT64.ge0 : GT127.ge0 : GT255.ge0 : GT511.ge0 : GTPKT.ge0 : GTBCA.ge0 : GTBYT.ge0 : RUC.cpu0 : TDBGC6.cpu0 : 16 18 5,176 1,566 4 1,602 117,600 366 12 4 964 4 1 973 1 71,531 972 1,584 +12 +12 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 948
TX - Byte Counter TX - Control frame counter TX - Pause control frame counter TX - Over size packet counter TX - Jabber counter TX - VLAN tag frame counter TX - Double VLAN tag frame counter TX - RUNT frame counter TX - Fragment counter Interface Te 0/1 : Description RX - IPV4 L3 Unicast Frame - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 949
TX - Pause control frame counter 0 TX - Over size packet counter 0 TX - Jabber counter 0 TX - VLAN tag frame counter 0 TX - Double VLAN tag frame counter 0 TX - RUNT frame counter 0 TX - Fragment counter 0 Dell# show hardware stack-unit 1 unit 0 counters Interface Gi 1/1 : Description - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 950
RX - IPV4 L3 Unicast Frame Counter 0 RX - IPV4 L3 routed multicast Packets 0 RX - IPV6 L3 Unicast Frame Counter 0 ----- ----- ----- ----- ----- Example of Displaying Counter Information for a Specific Interface Dell#show hardware counters interfac tengigabitethernet 5/1 unit: 0 port: 2 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 951
mode. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 952
FREE MEMORY uvmexp.free = 0x2312 Enabling TCP Dumps A TCP dump captures CPU-bound control plane traffic to improve troubleshooting and system manageability. When you enable TCP dump, it captures all the packets on the local CPU, as specified in the CLI. You can save - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 953
standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 954
of the File Transfer Protocol 8.3.12.0 2474 Definition of the Differentiated Services Field 7.7.1 (DS Field) in the IPv4 and IPv6 Headers 2615 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 85. General IPv4 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 955
per platform for general IPv6 protocols. Table 86. General IPv6 Protocols RFC# Full Name S-Series 1886 DNS Extensions to support IP version 6 7.8.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 2462 (Partial) IPv6 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 956
7.8.1 draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 88. Open Shortest Path First (OSPF) RFC# 1587 Full Name S-Series/Z-Series The OSPF Not-So - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 957
(IS-IS) Point-to-Point Adjacencies 3567 IS-IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System (ISIS) Extensions in Support of Generalized MultiProtocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 958
Mode 7.8.1 PIM-SM for IPv4 (PIM-SM): Protocol Specification (Revised) Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 92. Network Management RFC# 1155 Full Name Structure and Identification of Management Information - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 959
RFC# 1850 1901 2011 2012 2013 2024 2096 2558 2570 2571 2572 2574 2575 2576 Full Name S4810 OSPF Version 2 Management 7.6.1 Information Base Introduction to Community- 7.6.1 based SNMPv2 SNMPv2 Management 7.6.1 Information Base for the Internet Protocol using SMIv2 SNMPv2 Management 7.6.1 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 960
, Ethernet History Table, Alarm Table, Event Table, Log Table The Interfaces Group MIB 7.6.1 Remote Authentication Dial In 7.6.1 User Service (RADIUS) Remote Network Monitoring 7.6.1 Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High- Capacity Table - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 961
Extensions for High Capacity Alarms, High-Capacity Alarm Table (64 bits) 3580 IEEE 802.1X Remote 7.6.1 Authentication Dial In User Service (RADIUS) Usage Guidelines 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 4001 - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 962
you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) FORCE10-CS-CHASSIS- Force10 C-Series Enterprise MIB Chassis MIB FORCE10-IFEXTENSION-MIB - Dell PowerSwitch S6000 | Configuration Guide for the S6000 System 9.80.0 - Page 963
MIB Aggregation MIB FORCE10-CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPY- Force10 File Copy MIB 7.7.1 CONFIG-MIB (supporting SNMP SET operation) FORCE10-MONMIB Force10 Monitoring MIB 7.6.1 FORCE10-PRODUCTS- Force10 Product Object Identifier 7.6.1 MIB MIB FORCE10-SS
Dell
Configuration
Guide for the S6000 System
9.8(0.0)