Dell PowerSwitch S6000 9.60.0 Configuration Guide for the S6000 System
Dell PowerSwitch S6000 Manual
View all Dell PowerSwitch S6000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S6000 manual content summary:
- Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1
Dell Configuration Guide for the S6000 System 9.6(0.0) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2014 Dell Inc. All rights reserved. This product is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 3
Contents 1 About this Guide 33 Audience...33 Conventions...33 Related Documents...33 2 Configuration Fundamentals 34 Accessing the Command Line...34 CLI Modes...34 Navigating CLI Modes...35 The do - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 4
Logging Facility Level 65 Synchronizing Log Messages...66 Enabling Timestamp on Syslog Messages 67 File Transfer Services...67 Configuration Task List for File Transfer Services 67 Enabling the FTP Server...68 Configuring FTP Server Parameters 68 Configuring FTP Client Parameters 68 Terminal - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 5
The Port-Authentication Process...77 EAP over RADIUS...79 Configuring 802.1X...79 Related Configuration Tasks...79 Important Points to Remember...80 Enabling 802.1X...80 Configuring Request Identity Re-Transmissions 82 Configuring a Quiet Period after a Failed Authentication 82 Forcibly - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 6
116 Route Maps...118 Implementation Information...118 Flow-Based Monitoring Support for ACLs 118 Behavior of Flow-Based Monitoring 119 Enabling BGP...140 Configure BFD for VRRP...147 Configuring Protocol Liveness 150 Troubleshooting BFD...150 8 Border Gateway Protocol IPv4 (BGPv4 152 Autonomous - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 7
Multiprotocol BGP...163 Implement BGP with Dell Networking OS 163 Additional Path (Add-Path) Support 163 Advertise IGP Cost as MED for Redistributed Routes 163 Ignore Router-ID for Some Best-Path Calculations 164 Four-Byte AS Numbers...164 AS4 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 8
CAM-ACL Settings...219 View CAM Usage...221 CAM Optimization...222 Troubleshoot CAM Profiling...222 CAM Profile Mismatches...222 QoS CAM Region Limitation...222 ...236 QoS dot1p Traffic Classification and Queue Assignment 237 SNMP Support for PFC and Buffer Statistics Tracking 238 DCB Maps and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 9
...251 DCBx Port Roles...251 DCB Configuration Exchange...253 Configuration Source Election 253 Propagation of DCB Information 254 Auto-Detection and Manual Configuration of the DCBx Version 254 Behavior of Tagged Packets...255 Configuration Example for DSCP and PFC Priorities 255 DCBx Example - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 10
DNS for Address Resolution 286 Using NetBIOS WINS for Address Resolution 286 Creating Manual Binding Entries 287 Debugging the DHCP Server...287 Using DHCP Clear Commands 287 Bundle 304 Modifying the ECMP Group Threshold 304 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 11
for ECMP in host table 305 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes 306 14 FCoE Transit...307 Fibre Channel over Ethernet...307 Ensure Robustness in a Converged Ethernet Network - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 12
337 Setting the FRRP Timers...338 Clearing the FRRP Counters...339 Viewing the FRRP Configuration 339 Viewing the FRRP Information 339 Troubleshooting FRRP...340 Configuration Checks...340 Sample Configuration and Topology 340 17 GARP VLAN Registration Protocol (GVRP 342 Important Points to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 13
Configuring a Static IGMP Group...355 Enabling IGMP Immediate-Leave...356 IGMP Snooping...356 IGMP Snooping Implementation Information 356 Configuring IGMP Snooping...356 Removing a Group-Port Association 357 Disabling Multicast Flooding...357 Specifying a Port as Connected to a Multicast Router - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 14
QSFP Ports to SFP+ Ports 394 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port 394 Important Points to Remember 395 Support for LM4 Optics...396 Example Scenarios...396 Link Dampening...400 Important Points to Remember 400 Enabling Link Dampening...400 Link Bundle Monitoring...402 Using - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 15
Setting the Speed and Duplex Mode of Ethernet Interfaces 405 Set Auto-Negotiation Options 407 View Advanced Interface Information 407 Configuring the Interface Sampling Size 408 Dynamic Counters...409 Clearing Interface Counters...410 Enhanced Validation of Interface Ranges 411 Compressing - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 16
with No Configured Broadcast Addresses 431 Troubleshooting UDP Helper...432 21 IPv6 Routing... (LPM) Table and IPv6 /65 - /128 support 434 IPv6 Header Fields...436 Extension Header Fields...437 Traffic Flows 456 Application of Quality of Service to iSCSI Traffic Flows 456 Information Monitored - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 17
System 464 IS-IS Protocol Overview...464 IS-IS Addressing...464 Multi-Topology IS-IS...465 Transition Mode...466 Interface Support...466 Adjacencies...466 Graceful Restart...466 Timers...467 Implementation Information...467 Configuration Information...468 Configuration Tasks for IS-IS...468 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 18
Setting the LACP Long Timeout 493 Monitoring and Debugging LACP 494 Shared LAG State Tracking...494 Configuring Shared LAG State Tracking 495 Important Points about Shared LAG State Tracking 496 LACP Basic Configuration Example 497 Configure a LAG on ALPHA...497 25 Layer 2...505 Manage the MAC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 19
LLDP Compatibility...530 CONFIGURATION versus INTERFACE Configurations 530 Enabling LLDP...531 Disabling and Undoing LLDP...531 Enabling LLDP on Management Ports 531 Disabling and Undoing LLDP on Management Ports 531 Advertising TLVs...532 Viewing the LLDP Configuration...533 Viewing Information - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 20
Logging Changes in Peership States 563 Terminating a Peership...563 Clearing Peer Statistics...563 Debugging MSDP...564 MSDP with Anycast RP...564 Configuring Anycast RP...566 Reducing Source-Active Message Flooding 566 Specifying the RP Address Used in SA Messages 566 MSDP Sample Configurations - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 21
-Interface...627 Redistributing Routes...628 Configuring a Default Route...628 Enabling OSPFv3 Graceful Restart 629 OSPFv3 Authentication Using IPsec 631 Troubleshooting OSPFv3...638 32 Policy-based Routing (PBR 640 Overview...640 Implementing Policy-based Routing with Dell Networking OS 642 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 22
Send Multicast Traffic...651 Configuring PIM-SM...652 Related Configuration Tasks...652 Enable PIM-SM...652 Configuring S,G Expiry Timers...653 Configuring a Static Rendezvous Point 654 Overriding Bootstrap Router Updates 655 Configuring a Designated Router...655 Creating Multicast Boundaries and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 23
Priority Queueing...706 Queue Classification Requirements for PFC Functionality 706 Support for marking dot1p value in L3 Input Qos Policy 707 -Based Rate Shaping 711 Configuring Weights and ECN for WRED 712 Global Service Pools With WRED and ECN Settings 713 Configuring WRED and ECN Attributes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 24
Enabling Buffer Statistics Tracking 721 38 Routing Information Protocol (RIP 722 Protocol Overview...722 RIPv1...722 RIPv2...722 Implementation Information...723 Configuration Information...723 Configuration Task List...723 RIP Configuration Example...730 39 Remote Monitoring (RMON 736 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 25
List 774 Secure Shell Authentication...774 Troubleshooting SSH...777 Telnet...778 VTY Line and and Authorization 779 VTY MAC-SA Filter Support...780 Role-Based Access Control...780 Overview Display Information About User Roles 791 43 Service Provider Bridging 793 VLAN Stacking...793 Important - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 26
Debugging VLAN Stacking...797 VLAN Stacking in Multi-Vendor Networks 798 VLAN Stacking Packet Drop Precedence 801 Enabling Drop Eligibility...801 Honoring the Incoming DEI Value 802 Marking Egress Packets with a DEI Value 803 Dynamic Mode CoS for VLAN Stacking 803 Mapping C-Tag to S-Tag dot1p - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 27
Objects 833 MIB Support to Display the Available Memory Size on Flash 834 Viewing the Available Flash Memory Size 834 MIB Support to Display the Software 839 Deriving Interface Indices...840 Monitor Port-Channels...841 Troubleshooting SNMP Operation 842 46 Storm Control 844 Configure Storm - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 28
Enabling Spanning Tree Protocol Globally 847 Adding an Interface to the Spanning Tree Group 849 Modifying Global Parameters...850 Modifying Interface STP Parameters 851 Enabling PortFast...851 Prevent Network Disruptions with BPDU Guard 852 Selecting STP Root...854 STP Root Guard...855 Root - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 29
901 RSTP and VLT...901 VLT Bandwidth Monitoring...901 VLT and IGMP Snooping...902 VLT IPv6...902 VLT Port Delayed Restoration...902 PIM-Sparse Mode Support on VLT 903 VLT Routing ...904 Non-VLT ARP Sync...907 RSTP Configuration...907 Preventing Forwarding Loops in a VLT Domain 907 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 30
(VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer 2)Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch)...927 Troubleshooting VLT...929 Reconfiguring Stacked Switches as VLT 930 Specifying VLT Nodes in a PVLAN...931 Association of VLTi as a Member of a PVLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 31
Hardware Watchdog Timer...996 Enabling Environmental Monitoring 996 Recognize an Overtemperature Condition 996 Troubleshoot an Over-temperature Condition 997 Recognize an Under-Voltage Condition 997 Troubleshoot an Under-Voltage Condition 997 Buffer Tuning...998 Deciding to Tune Buffers...1000 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 32
Troubleshooting Packet Loss...1004 Displaying Drop Counters...1004 Dataplane Statistics...1005 Display Stack Port Statistics...1006 Display Stack Member Counters 1007 Enabling Application Core Dumps 1007 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 33
describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. This guide supports the S6000 platform. The S6000 platform is available with Dell Networking OS version 9.0 (2.0) and beyond. Though - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 34
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for the Z9000, S6000, S4810, and S4820T except for some commands and command outputs. The CLI - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 35
configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, or 10 Gigabit Ethernet, or synchronous optical network - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 36
CLI Command Mode NOTE: Access all of the following modes from CONFIGURATION mode. AS-PATH ACL Gigabit Ethernet Interface 10 Gigabit Ethernet Interface Interface Group Prompt Dell(config-as-path)# Dell(conf-if-gi-0/0)# Dell(conf-if-te-0/1-2)# Dell(conf-if-group)# Interface Range Loopback Interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 37
CLI Command Mode RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE TRACE-LIST CLASS-MAP CONTROL-PLANE DCB POLICY DHCP DHCP POOL ECMP EIS FRRP LLDP Prompt Access Command Dell(config-rstp)# - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 38
CLI Command Mode Prompt Access Command LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) line console orline vty or Dell(config-line-vty) MONITOR SESSION Dell(conf-mon-sesssessionID)# monitor session OPENFLOW INSTANCE Dell( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 39
-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports ---- 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 40
no ip address no shutdown Layer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree. Obtaining Help Obtain a list of keywords and a brief functional description of those - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 41
Short-Cut Key Combination CNTL-A CNTL-B CNTL-D CNTL-E CNTL-F CNTL-I CNTL-K CNTL-L CNTL-N CNTL-P CNTL-R CNTL-U CNTL-W CNTL-X CNTL-Z Esc B Esc F Esc D Action Moves the cursor to the beginning of the command line. Moves the cursor back one character. Deletes character at cursor. Moves the cursor to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 42
• show run | grep Ethernet returns a search result with instances containing a capitalized "Ethernet," such as interface GigabitEthernet 0/0. • show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized "ethernet." • show run | - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 43
NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regular-expression | except regular-expression | grep other-regular-expression | find regular-expression | save. Multiple Users in Configuration Mode Dell - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 44
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 45
Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter. 1. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 console port to a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 46
• Characters within the string can be letters, digits, and hyphens. To create a host name, use the following command. • Create a host name. CONFIGURATION mode hostname name Example of the hostname Command Dell(conf)#hostname R1 R1(conf)# Accessing the System Remotely You can configure the system to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 47
Configure a Management Route Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route, use the following command. • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 48
to the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on S6000. Refer to your system's Release Notes for a list of approved USB vendors. 48 Getting Started - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 49
Example of Copying a File to an FTP Server Dell#copy flash://Dell-EF-8.2.1.0.bin ftp://myusername:[email protected]/ /Dell/Dell-EF-8.2.1.0 27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:[email protected]//Dell/ Dell-EF - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 50
after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide. Viewing Files You can only view file information and content on local file systems. To view a list of files or the contents of a file - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 51
View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the following example, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration. In - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 52
command-history Command Dell#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 [12/5 10 This functionality to transport files using HTTP to a remote server is supported on MXL, I/O Aggregator, S4810, S4820, S6000, and Z9000 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 53
default is to use the flash drive. You can just enter the image file name. • hash-value: (Optional). Specify the relevant hash published on i-Support. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification MD5 Dell - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 54
SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin SHA256 hash for FTOS-SE-9.5.0.0.bin: e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 Examples: Entering the Hash Value for Verification MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 55
4 Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 56
Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 57
• Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all the keywords in the command. CONFIGURATION mode privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} • Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 58
vlan VLAN interface Dell(conf)#interface gigabitethernet 1/1 Dell(conf-if-gi-1/1)#? end Exit from configuration mode exit Exit from interface configuration mode Dell(conf-if-gi-1/1)#exit Dell(conf)#line ? aux Auxiliary line console Primary terminal line vty Virtual terminal Dell(conf - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 59
no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 60
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 61
Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode. By default, the system log version is set to 0. The following describes the two log messages formats: • 0 - Displays syslog messages format as - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 62
To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2. On the syslog server, create a reverse SSH tunnel from the syslog server to FTOS switch, using following syntax: ssh -R ::< - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 63
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 64
• Specify the minimum severity level for logging to a syslog server. CONFIGURATION mode logging trap level • Specify the minimum severity level for logging to the syslog history table. CONFIGURATION mode logging history level • Specify the size of the logging buffer. CONFIGURATION mode logging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 65
%TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 66
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 67
copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. In the release 9.4.(0.0), FTP and TFTP services are enhanced to support the VRF-aware functionality. If you want the FTP or TFTP server to use a VRF table - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 68
• Configure FTP Server Parameters (optional) • Configure FTP Client Parameters (optional) Enabling the FTP Server To enable the system as an FTP server, use the following command. To view FTP configuration, use the show running-config ftp command in EXEC privilege mode. • Enable FTP on the system. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 69
- For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. - For a loopback interface, enter the keyword loopback then a number between 0 and 16383. - For a port channel interface, enter the keywords port-channel then a number from 1 to 255 for TeraScale - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 70
Example of an ACL that Permits Terminal Access To view the configuration, use the show config command in LINE mode. Dell(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config line vty 0 access- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 71
per minute, allowing the login and logout of 10 Telnet sessions, 12 times in a minute. If the system reaches this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 72
0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10.11 any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 73
You can then send any user a message using the send command from EXEC Privilege mode. Alternatively, you can clear any line using the clear command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 74
The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 0 nvram * Warning - Restoring factory defaults will delete the existing * * persistent settings (stacking, fanout, etc.) * * After - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 75
press any key 3. Assign the new location of the FTOS image to be used when the system reloads. To boot from flash partition A: BOOT_USER # boot change primary boot device : flash file name : systema BOOT_USER # To boot from flash partition B: BOOT_USER # boot change primary boot device : flash file - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 76
-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-overRADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAPTLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 77
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 78
2. The supplicant responds with its identity in an EAP Response Identity frame. 3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. 4. The authentication server replies with an - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 79
in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Attribute 41 Attribute 61 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 80
server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled 1. Enable 802.1X globally - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 81
dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 82
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 83
Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized - an authorized state. A device connected to this port in this state is never - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 84
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)# - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 85
The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 86
Enter the tasks the user should do after finishing this task (optional). Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 87
Figure 7. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 88
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 89
! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 90
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 91
more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria on enabled by default and support both standard and extended ACLs and on all platforms. NOTE: Hot lock ACLs are supported for Ingress ACLs only. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 92
in this chapter. Test CAM Usage The test cam-usage command is supported on the S6000 platform. This command applies to both IPv4 and IPv6 CAM ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 93
• L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher the field and have not encountered problems so far. ACL Optimization If Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 94
)#policy-map-input pmap Dell(conf-policy-map-in)#service-queue 7 class-map cmap1 Dell(conf-policy-map-in)#service-queue 4 class-map cmap2 Dell(conf-policy-map-in )#exit Dell(conf)#interface te 10/0 Dell(conf-if-te-10/0)#service-policy input pmap Important Points to Remember • For route-maps with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 95
To create a route map, use the following command. • Create a route map and assign it a unique name. The optional permit and deny keywords are the action of the route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] The default is permit. The optional seq keyword allows - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 96
The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command. Dell#show route-map dilling route-map dilling, permit, sequence - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 97
Example of the match Command to Permit and Deny Routes Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 20 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 30 Dell(config-route-map)#match tag 1000 Configuring Match Routes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 98
• Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source {access-list-name | prefix-list prefix-list-name - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 99
CONFIG-ROUTE-MAP mode set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value} • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 100
In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF. According to the route map static ospf, only routes that have a next hop of Gigabitethernet interface 0/0 and that have a metric of 255 are redistributed into the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 101
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 102
Layer 4 ACL Rules Examples The following examples show the ACL commands for Layer 4 packet filtering. Permit an ACL line with L3 information only, and the fragments keyword is present: If a packet's L3 information matches the L3 information in the ACL line, the packet's FO is checked. • If a packet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 103
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1. Enter - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 104
If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5. Configuring a Standard IP ACL Filter If you are creating a standard ACL - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 105
To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the no seq sequence-number command in IP ACCESS LIST mode. Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 106
ip access-list extended access-list-name 2. Configure an extended IP ACL filter for UDP packets. CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ipaddress}} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 107
The following example shows an extended IP ACL in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number). The show config command in IP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 108
For information about MAC ACLs, refer to Layer 2. Assign an IP ACL to an Interface To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel interface and the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 109
Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.2.1.100 255.255.255.0 ip access-group nimule in no shutdown Dell(conf-if)# To filter traffic on Telnet sessions, use only standard ACLs in the access-class command. Counting ACL Hits - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 110
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 111
address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address. IP Prefix Lists Prefix lists are supported on the S6000 platform. IP prefix lists control routing policy. An IP prefix list is a series of sequential filters that contain a matching criterion - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 112
]). NOTE: It is important to know which protocol your system supports prior to implementing prefixlists. Configuration Task List for Prefix Lists To prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 113
• le max-prefix-length: the maximum prefix length to match (from 0 to 32). Example of Assigning Sequence Numbers to Filters If you want to forward all routes that do not match the prefix list criteria, configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The "permit all" - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 114
Dell(conf-nprefixl)#permit 123.23.0.0 /16 Dell(conf-nprefixl)#deny 133.24.56.0 /8 Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 115
Applying a Prefix List for Route Redistribution To pass traffic through a configured prefix list, use the prefix list in a route redistribution command. Apply the prefix list to all traffic redistributed into the routing process. The traffic is either forwarded or dropped, depending on the criteria - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 116
CONFIG-ROUTER-OSPF mode distribute-list prefix-list-name out [connected | rip | static] Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 117
• IPv4, IPv6, or MAC ACL EXEC mode resequence access-list {ipv4 | ipv6 | mac} {access-list-name StartingSeqNum Step-to-Increment} • IPv4 or IPv6 prefix-list EXEC mode resequence prefix-list {ipv4 | ipv6} {prefix-list-name StartingSeqNum Stepto-Increment} Examples of Resequencing ACLs When Remarks - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 118
host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.4 Route Maps Route maps are supported on S6000 platform. Similar to ACLs and prefix lists, route maps are composed of a series of commands that contain a matching criterion and an action - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 119
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 120
on GigabitEthernet 10/0 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S6000 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 121
Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 122
BFD at Layer 3 and with user datagram protocol (UDP) encapsulation. BFD functionality will be implemented in phases. On the S6000 platform, BFD is supported on dynamic routing protocols such as VRRP, OSPF, OSPFv3, IS-IS, and BGP. How BFD Works Two neighboring systems running BFD establish a session - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 123
NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 124
final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 125
inquiries from the Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. Administratively Down Down Init Up The local system - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 126
handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 127
state on the local system changes to Init. Figure 10. Session State Changes Important Points to Remember • On the platform, Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 128
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 129
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 11. Establishing a BFD Session on Physical Ports 1. Enter interface mode. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 130
Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:06:95:a2 Int: GigabitEthernet 4/24 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 131
session state to Down for neighbor 2.2.2.1 on interface Gi 2/1 (diag: 7) Configure BFD for Static Routes Configuring BFD for static routes is supported on , , , andS6000. BFD offers systems a link state detection mechanism for static routes. With BFD, systems are notified to remove static routes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 132
Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 12. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 133
routes, use the following command. • Disable BFD for static routes. CONFIGURATION mode no ip route bfd Configure BFD for OSPF BFD for OSPF is only supported on the S6000 platform. When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 134
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 13. Establishing Sessions with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 135
INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 136
on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 is only supported on the platform. BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: 1. Enable BFD globally. 2. Establish sessions with OSPFv3 neighbors - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 137
sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS BFD for IS-IS is supported on the S6000 platform. When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 138
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 14. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 139
The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 140
internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, you must first configure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 141
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 142
typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1. Enable BFD globally. CONFIGURATION mode bfd enable 2. Specify the AS number and enter - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 143
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 144
Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 145
Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 146
Down : 0 Admin Down : 2 The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 147
Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ... Configure BFD for VRRP BFD for VRRP is supported on the platform. When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 148
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 16. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 149
The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-gi-4/25)#vrrp bfd all-neighbors Dell(conf-if-gi-4/25)#do show bfd neighbor * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr RemoteAddr Interface State Rx- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 150
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 151
Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: Version:1, Diag code:0, State:Down, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:4, yourDiscrim:0, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 152
chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol connections from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates inside - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 153
Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the path that updated information - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 154
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 155
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 156
Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 157
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 158
Figure 20. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 159
c. Paths with no MED are treated as "worst" and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 160
and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 161
Figure 22. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 162
*> 7.0.0.0/30 10.114.8.33 0 0 *> 9.2.0.0/16 10.114.8.33 10 0 18508 ? 18508 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. NOTE: Any update that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 163
peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 164
and forwarding plane changes and allows for faster convergence. Four-Byte AS Numbers Dell Networking OS supports 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 165
asnotation Command ASDOT Dell(conf-router_bgp)#bgp asnotation asdot Dell(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 24901, local router ID - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 166
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 167
appear as if it still belongs to Router B's old network (AS 200) as far as communicating with Router C is concerned. Figure 23. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 168
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 169
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 170
keepalive = 60 seconds holdtime = 180 seconds Add-path Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 171
) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process. NOTE: This command is OPTIONAL. Enable if you want to use - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 172
CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} no shutdown Examples of the show ip bgp Commands NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp * command in EXEC Privilege mode. To view the BGP configuration, enter show config - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 173
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 174
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 175
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 176
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 177
To add an internal BGP (IBGP) neighbor, configure the as-number parameter with the same BGP asnumber configured in the router bgp as-number command. Examples of Viewing and Configuring Peer Groups After you create a peer group, you can use any of the commands beginning with the keyword neighbor to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 178
neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To disable a peer group, use the neighbor peer-group-name shutdown command in CONFIGURATION ROUTER BGP mode. The configuration of the peer group is maintained, but it is not applied - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 179
When you enable fall-over, BGP tracks IP reachability to the peer remote address and the peer local address. Whenever either address becomes unreachable (for example, no active route exists in the routing table for peer IPv6 destinations/local address), BGP brings down the session with the peer. The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 180
Notification History 'Connection Reset' Sent : 5 Recv: 0 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 181
prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 182
100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 183
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 184
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 185
to affect interdomain routing. By identifying certain ASN in the AS_PATH, you can permit or deny routes based on the number in its AS_PATH. AS-PATH ACLs use regular expressions to search AS_PATH values. AS-PATH ACLs have an "implicit deny." This means that routes that do not meet a deny or match - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 186
0x6cc18d4 0 1 0x5982e44 0 162 0x67d4a14 0 2 0x559972c 0 31 0x59cd3b4 0 2 0x7128114 0 10 0x536a914 0 3 0x2ffe884 0 1 0x2ff7284 0 99 0x2ff7ec4 0 4 0x2ff8544 0 3 0x736c144 0 1 0x3b8d224 0 10 0x5eb1e44 0 1 0x5cd891c 0 9 --More-- 18508 701 2914 4713 17935 i 18508 209 i 18508 701 19878 ? 18508 209 18756 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 187
The following example applies access list Eagle to routes inbound from BGP peer 10.5.5.2. Access list Eagle uses a regular expression to deny routes originating in AS 32. The first lines shown in bold create the access list and filter. The second lines shown in bold are the regular expression shown - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 188
redistribute isis [level-1 | level-1-2 | level-2] [metric value] [route-map map-name] Configure the following parameters: - level-1, level-1-2, or level-2: Assign all redistributed routes to a level. The default is level-2. - metric value: The value is from 0 to 16777215. The default is 0. - map- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 189
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 190
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 191
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 192
To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 193
Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric * i 3.0.0.0/8 195.171.0.16 *>i 4.2.49.12/30 195.171.0.16 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 194
CONFIG-ROUTER-BGP mode bgp default local-preference value - value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 195
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: With Dell Networking OS, you can create inbound and outbound policies - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 196
For inbound and outbound updates the order of preference is: • prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 197
• If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 198
Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create a AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 199
• Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id cluster-id You can have multiple clusters in an AS. • Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client. CONFIG-ROUTER-BGP mode neighbor {ip- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 200
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 201
default is 60 minutes. - route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 202
show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] - ip-address [mask]: enter the IP address and mask. - filter-list as-path-name: enter the name of an AS-PATH ACL. - regexp regular-expression: enter a regular express to match on. By default, the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 203
Dampening enabled. 0 history paths, 0 dampened paths, 0 penalized paths Neighbor AS MsgRcvd MsgSent TblVer 10.114.8.34 18508 82883 79977 780266 10.114.8.33 18508 117265 25069 780266 Dell> InQ OutQ Up/Down State/PfxRcd 0 2 00:38:51 118904 0 20 00:38:50 102759 To view which routes are dampened (non - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 204
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 205
. The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. MBGP for IPv4 multicast is supported on the S6000 platform. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 206
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 207
EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] • View information about BGP updates and filter by prefix name. EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] • Enable soft- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 208
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 209
State/Pfx 1.1.1.2 2 17 18966 0 0 0 00:08:19 Active 172.30.1.250 18508 243295 25 313511 0 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 210
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 211
no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if-te-1/21)#no shutdown R1(conf-if-te-1/21)#show config ! interface TengigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-te-1/21)#int te 1/31 R1(conf-if-te-1/31)#ip address 10.0.3.31/24 R1( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 212
R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R2(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R2(conf-router_bgp)#neighbor 192. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 213
R1(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBB R1(conf-router_bgp)# R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 214
Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Example of Enabling Peer Groups (Router 2) R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 215
BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 93 99 1 0 (0) 00:00:15 1 192. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 216
9 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation The user configurable CAM - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 217
CAM Allocation vrfv4Acl Openflow fedgovacl Setting 0 0 0 The following additional CAM allocation settings are supported on the S6000, S4810 or S4820T platforms only. Table 9. Additional Default CAM Allocation Settings Additional CAM Allocation FCoE ACL (fcoeacl) ISCSI Opt ACL (iscsioptacl) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 218
the system. EXEC Privilege mode reload Test CAM Usage The test cam-usage command is supported on the S6000 platform. Use this command to determine whether sufficient CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 219
cam-profile Command Dell#show running-config cam-profile ! cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command is supported on the S6000 platform. Thisshow cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 220
L2Acl : 6 4 Ipv4Acl : 4 2 Ipv6Acl : 0 0 Ipv4Qos : 2 2 L2Qos : 1 1 L2PT : 0 0 IpMacAcl : 0 0 VmanQos : 0 0 VmanDualQos : 0 0 EcfmAcl : 0 0 FcoeAcl : 0 0 iscsiOptAcl : 0 0 ipv4pbr : 0 2 vrfv4Acl : 0 2 Openflow : 0 0 fedgovacl : 0 0 Dell(conf - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 221
iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 7 -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 222
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting this case, manually adjust the the non-EG line cards enter a problem state. • Before moving a card to supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 223
Syslog Error When the Table is Full In the Dell Networking OS, the table full condition is displayed as CAM full only for LPM. But now the LPM is split into two tables. There are two syslog errors that are displayed: 1. /65 to /128 Table full. 2. 0/0 - 0/64 Table full. A table-full error message is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 224
10 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 225
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing For example, border gateway protocol (BGP) and internet control message protocol (ICMP) share same queue (Q6); Q6 has 400 PPS of bandwidth by default. The desired rate of ICMP is 100 PPS and the remaining 300 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 226
name cpu-qos class-map name qos-policy name 7. Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8. Assign the protocol based the service policy on the control plane. Enabling this command on a port- pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 227
service-policy rate-limit-protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL. Dell(conf)#ip - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 228
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1. Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 229
conf Dell(conf)#control-plane Dell(conf-control-plane)#service-policy rate-limit-cpu-queues cpuq_rate_policy Show Commands The cpu-queue rate cp command. Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 Q5 400 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 230
GVRP 01:80:c2:00:00:21 any Q7 CP _ STP 01:80:c2:00:00:00 any Q7 CP _ ISIS 01:80:c2:00:00:14/15 any Q7 CP _ 09:00:2b:00:00:04/05 any Q7 CP Dell# To view the queue mapping for IPv6 protocols, use the show ipv6 protocol-queue-mapping command. Example of Viewing Queue Mapping for IPv6 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 231
selection (ETS) DCB refers to a set of IEEE Ethernet enhancements that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and storage traffic. Through network consolidation, DCB results in reduced operational - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 232
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 233
mismatch), DCBx is disabled and PFC or ETS cannot be enabled. • PFC supports buffering to receive data that continues to arrive on an interface while the remote IEEE 802.1azd2.5 and PFC MIB IEEE 802.1bb-d2.2 • PFC supports buffering to receive data that continues to arrive on an interface while the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 234
is queued according to its 802.1p priority assignment, while flexible bandwidth allocation and the configured queue-scheduling for a priority group is supported. The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802.1p priority - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 235
the ETS algorithm is made available after strict-priority groups are serviced. Bandwidth is distributed in the following ways: - If bandwidth is - Strict priority shaping - ETS shaping - (Credit-based shaping is not supported.) • ETS uses the DCB MIB IEEE 802.1azd2.5. Data Center Bridging Exchange - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 236
converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE. • Priority-based flow control • Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol (FIP) snooping DCB processes virtual - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 237
reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 238
is controlled independently for each frame priority. The goal of this mechanism is to ensure zero loss under congestion in DCB networks. The SNMP support for monitoring PFC and BST counters and statistics is introduced in Dell Networking OS 9.3(0.1). The enhancement is made on F10-FPSTATS MIB with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 239
port queue lossless. The sum of all allocated bandwidth percentages in all groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed rates. The bandwidth allocated to other priority groups is made available and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 240
mode on an Ethernet port. 2 Enable PFC on specified priorities. Range: 0-7. Default: None. Maximum number of lossless queues supported on an Ethernet port: 2. Command interface {tengigabitEthernet slot/port | fortygigabitEthernet slot/port} pfc priority priority-range Command Mode - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 241
has been applied or which is already configured for lossless queues (pfc no-drop queues command). Command Mode Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface after you disable PFC mode in a DCB map and apply the map on the interface. The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 242
configure PFC and ETS on a switch see the priority group setting taken into account the following default settings: DCB is enabled. The PFC memory buffer supports up to 52 (not 64) PFC-enabled ports and two lossless queues per port. PFC and ETS are globally enabled by default. The default dot1p - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 243
to create zero-loss links for SAN traffic that requires nodrop service, while at the same time retaining packet-drop congestion management for to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 244
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 245
must map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) on the port. Each priority group can support more than one data queue. • You can enable PFC on a maximum of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 246
, PFC stops traffic transmission for specified priorities (Class of Service (CoS) values) without impacting other priority classes. Different traffic and CIN versions of PFC Type, Length, Value (TLV) are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices. 246 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 247
, dcb-policy output, dcbinput, dcb-output, and priority-group commands as those are removed from Release 9.6. (0.0). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off and priority classes are disabled in a DCB input - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 248
classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802 mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 249
group configured with a scheduler type is treated as a strict-priority group and is given the priority-group (TCG) ID 15. - The CIN version supports two types of strict-priority scheduling: * Group strict priority: Use this to increase its bandwidth usage to the bandwidth total of the priority group - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 250
type slot/port 6. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode service-policy output output-policy-name Applying DCB Policies in a Switch Stack You can apply DCB policies with PFC and ETS configurations to all - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 251
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 252
Autodownstream Configuration source Manual • If the peer configuration received is compatible with the internally propagated configuration from the configuration source. If you enable DCBx, ports in Manual mode advertise their configurations to peer devices but do not accept or propagate internal - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 253
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 254
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 255
unrecognized TLVs cause the unrecognized TLV counter to increment, but the frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number and acknowledge the number sent in the DCBx control TLVs. Behavior - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 256
. Configure the policy-map 'policy-dscp-based-pfc' on the server connected untagged ports. Dell(conf)#int te 0/0 Dell(conf-if-te-0/0)#service-policy input policy-dscp-based-pfc c. Apply PFC Priority configuration. Configure priorities on which PFC is enabled. Dell(conf-if-te-0/0)#pfc priority - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 257
shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link a configuration-source role. 4. Configure ports to operate in a manual role. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 258
administer-configured DCB parameters. The port does not accept a DCB configuration received from a peer or a local configuration source. The default is Manual. 5. On manual ports only: Configure the PFC and ETS TLVs advertised to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 259
, use the DCBx port-role command in INTERFACE Configuration mode (Step 3). 4. Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 260
tlv pfc ets-reco. The default is All TLV types are enabled. 5. Configure the Application Priority TLVs that advertise on unconfigured interfaces with a manual port- role. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi} • fcoe: enables the advertisement of FCoE in Application Priority - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 261
in a DCBx TLV from a remote peer but received a different, conflicting DCBx version. DSM_DCBx_PFC_PARAMETERS_MATCH and DSM_DCBx_PFC_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) PFC configuration from a peer. DSM_DCBx_ETS_PARAMETERS_MATCH and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 262
Command show interface port-type slot/port pfc {summary | detail} Output Displays the PFC configuration applied to ingress traffic on an interface, including priorities and link delay. To clear PFC TLV counters, use the clear pfc counters interface port-type slot/port command. show interface port- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 263
PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 0/49 pfc summary Interface TenGigabitEthernet 0/49 Admin mode is on Admin is enabled Remote is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 264
Table 13. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 265
following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 0/3 ets su Interface TenGigabitEthernet 0/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 266
TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 0/0 ets detail Interface TenGigabitEthernet 0/0 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC-grp Priority# Bandwidth TSA - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 267
following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 0/0 ets detail Interface TenGigabitEthernet 0/0 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : Admin is enabled TC-grp Priority - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 268
interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 269
-unit all stack-ports all ets details command. Dell(conf)# show stack-unit all stack-ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4 Data Center Bridging (DCB) 269 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 270
- 5 - - 6 - - 7 - - 8 - - Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Admin is Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 271
-Sync Peer DCBx Status DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Total DCBx Frames transmitted port role: auto-upstream, autodownstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 272
switch: true (yes) or false (no). DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBx version - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 273
to classify these untagged packets from the server based on their DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 274
PRIORITY to PG mapping (PRIO2PG) is on the ingress for each port. By default, all priorities are mapped to PG7. A priority for which PFC has to be generated is assigned to a PG other than PG7 (say PG6) and buffer watermark is set on PG6 so as to generate PFC. In ingress, the buffers are accounted - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 275
Figure 30. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 276
Priorities Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 0/1 Dell(conf-if-te-0/1)# service-class dynamic dot1p Example all dcb-map-name Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, you - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 277
to two strict-priority queues). Priority-Based Flow Control Using Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S6000 platform. In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 278
DCB maps are saved in the DCB application and the Differentiated Services Manager (DSM) application. All of these configurations can be modified is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for PFC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 279
4000 dcb pfc-total-buffer-size 5000 3. Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured will depend on the buffer. The default number of PFC queues in the system is two for S4810 and Z9500 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 280
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and errorprone process when hosts often join, leave, and change locations on the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 281
Option Subnet Mask Number and Description Option 1 Specifies the client's subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client's default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 282
the configuration process over by sending a DHCPDISCOVER. DHCPINFORM A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. DHCPNAK A server sends this message to the client if it is not able - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 283
is /17. Dell Networking OS displays an error message for configurations that exceed the allocated memory. • The S6000 platform supports 4K DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For more information, refer to Dynamic ARP Inspection. NOTE: If the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 284
a DHCP Server Configuring the system to be a DHCP server is supported only on the S6000 platform. A DHCP server is a network device primarily, granting, renewing, and terminating leases. Providing Administration Services DHCP servers include functionality that allows an administrator to implement - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 285
the Server for Automatic Address Allocation 2. Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands Excluding Addresses from the Address Pool The DHCP server - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 286
are available to a DHCP client. DHCP dns-server address Using NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 287
assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manually create an entry for a client; manual bindings are useful when you want to guarantee that a particular network device receives a particular IP address - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 288
from an address pool stored on the server. For more information, refer to Configuring the Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported only on Ethernet interfaces: 10Gigabit, 40 Gigabit, and 100/1000/10000 Ethernet Interfaces. The DHCP client is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 289
a new IP address, use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 290
added by the DHCP client. If you remove the statically configured IP route using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management routes added by the DHCP client that is removed or replaced by the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 291
Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 292
packets. CONFIGURATION mode ip dhcp relay information-option [trust-downstream] For routers between the relay agent and the DHCP server, enter the trust-downstream option. • Manually reset the remote ID for Option 82. CONFIGURATION mode 292 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 293
ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted. When you enable DHCP snooping, the relay agent builds a binding table - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 294
3. Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan name Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table. EXEC Privilege mode ip dhcp snooping binding mac Clearing - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 295
inject false IP-to-MAC mappings into the ARP cache of a network device. It is used to launch manin-the-middle (MITM), and denial-of-service (DoS) attacks, among others. A spoofed ARP message is one in which the MAC address in the sender hardware address field and the IP address in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 296
MAC flooding Denial of service An attacker can send fraudulent ARP messages to the gateway until the ARP cache is exhausted, after which, traffic from the gateway is broadcast. An - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 297
To see how many valid and invalid ARP packets have been processed, use the show arp inspection statistics command. Dell#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests : 1000 Invalid ARP Replies - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 298
The DHCP binding table associates addresses the DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to. When you enable IP source address validation on a port, the system verifies that the source IP address is one - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 299
cam-acl l2acl 2. Save the running-config to the startup-config. EXEC Privilege mode copy running-config startup-config 3. Reload the system. EXEC Privilege reload 4. Do one of the following. • Enable IP+MAC SAV. INTERFACE mode ip dhcp source-address-validation ipmac • Enable IP+MAC SAV with VLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 300
Clearing the Number of SAV Dropped Packets To clear the number of SAV dropped packets, use the clear ip dhcp snooping source-addressvalidation discard-counters command. Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 301
13 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on Dell Networking OS. ECMP for Flow-Based Affinity ECMP for flow-based affinity is available on theplatform. Flow-based affinity includes the following: • Link - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 302
CONFIGURATION mode. ipv6 ecmp-deterministic Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 303
] - 44 Alarm State - Active Interface Line Protocol Utilization[In Percent] Te 0/0 Up 36 Te 0/1 Up 52 Managing ECMP Group Paths Managing ECMP group paths is supported only on the S6000 platform. Configure the maximum number of paths for an ECMP route that the L3 CAM can hold to avoid path - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 304
Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, the utilization calculation is performed when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. 1. Create a user- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 305
host table can have ECMP. For other platforms, only the IPv6 /128 prefix route entries is stored in the L3 host table without ECMP support. The software supports a command to program IPv6 /128 route prefixes in the host table. The output of show IPv6 cam command has been enhanced to include the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 306
:20:d5:ec:a0 [ 132] 20::1 00:00:20:d5:ec:a1 Port Vid EC Fo 0/116 0 1 Fo 0/114 0 1 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes The software supports a command to program IPv6 /128 route prefixes in the route table. You can define IPv6 /128 route prefixes in the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 307
works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. In addition, DCB provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 308
requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 309
Figure 33. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 310
FCoEgenerated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 311
virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 312
port must continue to operate with untagged frames. FIP snooping is not supported on a port that is configured for non-default untagged VLAN membership. fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: You must manually add the CAM-ACL space to the FCoE region, as it is not applied - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 313
trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 314
and FIP snooping is enabled on all or individual VLANs. FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is on a FIP snooping-enabled port (bridge-to-bridge links) are not supported on the S6000 Switch. Configuring FIP Snooping You can enable FIP snooping globally - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 315
FCoE configuration: copy flash:/ CONFIG_TEMPLATE/ FCoE_DCB_Config running-config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when either of these configurations is applied. 2. Save the configuration on the switch. EXEC Privilege mode. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 316
Command Output and MAC address, FCF MAC address, VLAN ID and FC-ID. show fip-snooping fcf [fcf-mac-address] Displays information on the FCFs in FIP-snooped sessions, including the FCF interface and MAC address, FCF interface, VLAN ID, FC-MAP value, FKA advertisement period, and number of ENodes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 317
Table 23. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 318
The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------- 54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields. Table 25. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 319
Number of FLOGI :1 Number of FDISC :16 Number of FLOGO :0 Number of Enode Keep Alive :4416 Number of VN Port Keep Alive :3136 Number of Multicast Discovery Advertisement :0 Number of Unicast Discovery Advertisement :0 Number of FLOGI Accepts :0 Number of FLOGI Rejects :0 Number of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 320
Field Number of FLOGI Number of FDISC Number of FLOGO Number of ENode Keep Alives Number of VN Port Keep Alives Number of Multicast Discovery Advertisements Number of Unicast Discovery Advertisements Number of FLOGI Accepts Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 321
The following example shows the show fip-snooping vlan command. Dell# show fip-snooping vlan * = Default VLAN VLAN ---*1 100 FC-MAP -----0X0EFC00 FCFs ---1 Enodes -----2 Sessions -------17 FCoE Transit Configuration Example The following illustration shows an S4810 switch used as a FIP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 322
Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 323
with the Flex Hash mechanism. Keep the following points in mind when you configure the flex hash capability: • A maximum of eight flex hash entries is supported. • A maximum of 4 bytes can be extracted from the start of the L4 header. • The offset range is 0 - 30 bytes from the start of the L4 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 324
if-po-number)#lacp fast-switchover Optimizing the Boot Time This functionality is supported on the S6000 platform. You can reduce the booting time of an With the reduced time that is taken to reboot the switch, upon a manually-initiated reload or an expected restart of the device, there is minimal - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 325
will operate even if some of the preceding conditions are not met. However, the duration of traffic loss might be longer. 6. Warm boot is supported because it enables faster convergence and reduced traffic loss. 7. BGP graceful restart must be configured with GR time left to default (120 seconds) or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 326
with an uplink speed of 40 Gigabit Ethernet per second. Interoperation of Applications with Fast Boot and System States This functionality is supported on the S6000 platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 327
because of the peer timing out, traffic disruption occurs from that point onwards, even if the system continues to maintain valid routing information in the hardware and is capable of forwarding traffic. LACP and IPv6 Routing The following IPv6-related actions are performed during the reload phase: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 328
When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases if any, are automatically computed and installed without the need for any manual intervention in any of the following conditions: • After 30 seconds of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 329
be acceptable. RDMA Over Converged Ethernet (RoCE) Overview This functionality is supported on the S6000 platform. Remote direct memory access (RDMA) reduces both other data packets are discarded. To provide lossless service for RRoCE, the QoS service policy must be configured in the ingress and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 330
comprise TCP and UDP packets and they can be marked with DSCP code points. Multicast is not supported in that network. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the S6000 platform. All the frames in a Layer 2 VLAN are identified using a tag defined in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 331
16 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 332
has been temporarily blocked and places it into a pre- forwarding state. When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the previously blocked ring ports on the newly restored port. Then the Transit node - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 333
Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 334
Concept Control VLAN Member VLAN Port Role Ring Interface State Explanation Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Each ring maintains a list of member VLANs. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 335
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 336
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 337
• For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a SONET interface, enter the keyword sonet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 338
• Slot/Port, range: Slot and Port ID for the interface. The range is entered Slot/Port-Port. • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 339
• Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds - Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). - Dead-Interval: the range is from 50 to 6000, in increments of 50 ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 340
FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 341
no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 2/14 secondary GigabitEthernet 2/31 controlvlan 101 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 342
17 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on Dell Networking OS. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 343
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 344
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 345
not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED. • Forbidden Mode - Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1. A port with forbidden registration type thus allows - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 346
LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. 346 GARP VLAN Registration Protocol (GVRP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 347
information in IGMP messages to discover which groups are active and to populate the multicast routing table. IGMP Implementation Information • Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 348
Figure 37. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 349
response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 350
Figure 39. IGMP Version 3-Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 351
Figure 40. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 352
Figure 41. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 353
querying router is 10.87.3.2 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 354
IGMP version is 3 Dell(conf-if-gi-1/13)# Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 355
INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 356
Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet. IGMP immediate leave reduces leave latency by - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 357
• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 358
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 359
ip igmp snooping last-member-query-interval Fast Convergence after MSTP Topology Changes The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 360
httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application Supported Supported Supported Supported Supported Supported Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might not coexist with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 361
can configure two default routes, one configured on the management port and the other on the frontend port. Two tables, namely, Egress Interface Selection routing table and default routing table, are maintained. In the preceding table, the columns Client and Server indicate that the applications can - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 362
When the feature is disabled using the no management egress-interface-selection command, the following operations are performed: • All management application configuration is removed. • All routes installed in the management EIS routing table are removed. Handling of Management Route Configuration - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 363
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 364
traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup. Handling of Transit Traffic (Traffic Separation) This is forwarded traffic where destination IP is not an IP address configured in the switch. • Packets received on the management - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 365
This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port. • Drop the packets that received on the management - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 366
Protocol dns Behavior when EIS is Enabled EIS Behavior ftp EIS Behavior ntp EIS Behavior radius EIS Behavior Sflow-collector Snmp (SNMP Mib response and EIS Behavior SNMP Traps) ssh EIS Behavior syslog EIS Behavior tacacs EIS Behavior telnet EIS Behavior tftp EIS Behavior icmp ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 367
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Internet Group Management Protocol (IGMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 368
Designating a Multicast Router Interface To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 369
, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S6000 platform. Basic Interface Configuration • Interface Types • View Basic Interface Information • Enabling a Physical Interface • Physical Interfaces - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 370
Interface Types The following table describes different interface types. Interface Type Modes Possible Default Mode Physical L2, L3 Unset Management N/A N/A Loopback L3 L3 Null N/A N/A Port Channel L2, L3 L3 VLAN L2, L3 L2 Requires Creation Default State No Shutdown ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 371
10.10.10.1 GigabitEthernet 1/6 unassigned GigabitEthernet 1/7 unassigned GigabitEthernet 1/8 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively down - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 372
RJ-45 Fast Ethernet port on each unit of the S6000 The interface provides dedicated management access to the system. Stack-unit interfaces support Layer 2 and Layer 3 traffic over the 10/100/1000 and 10-Gigabit Ethernet interfaces. Synchronous optical network technologies interfaces with point-to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 373
configure these on Mgmt-optic ports alone. Without any optic, if you configure the speed, the configured will be assigned as the port speed to support Provisioning via BMP. User viewable Logs: LOGS for optic insertion and removal are same as QSFP optics. You can use ''show inventory media'to check - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 374
Type of Interface 10/100/1000 Ethernet, 10 Gigabit Ethernet Possible Modes Layer 2 Layer 3 Management Loopback Null interface Port Channel N/A Layer 3 N/A Layer 2 Layer 3 VLAN Layer 2 Layer 3 Requires Creation No Default State Shutdown (disabled) No Shutdown (disabled) Yes No shutdown ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 375
For information about enabling and configuring the Spanning Tree Protocol, refer to Spanning Tree Protocol (STP). To view the interfaces in Layer 2 mode, use the show interfaces switchport command in EXEC mode. Configuring Layer 3 (Network) Mode When you assign an IP address to a physical interface, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 376
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 377
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 378
Configuring Management Interfaces on the S-Series You can manage the S-Series from any port. To configure an IP address for the port, use the following commands. There is no separate management routing table, so configure all routes in the IP routing table (the ip route command). • Configure an IP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 379
internets: MIB-II (RFC 1213). NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 380
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 381
Protocol (LACP). There are 128 port-channels with eight members per channel. NOTE: If you are using either 10G ports or 40G ports, the S6000 supports eight members per LAG. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 382
configuration becomes the common speed of the port channel. If the other interfaces configured in that port channel are configured with a different speed, Dell Networking OS disables them. For example, if four interfaces (TenGig 0/1, 0/2, 0/3 and 0/4) in which TenGig 0/1 and TenGig 0/2 are set to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 383
You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists. Adding a Physical Interface to a Port Channel The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 384
Dell# Gi 13/8 (Up) Gi 13/13 (Up) Gi 13/14 (Up) The following example shows the port channel's mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 385
Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 386
mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if-te-0/2)#switchport 3. Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 0/1 Dell(conf-if-te - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 387
- secondary: the IP address is the interface's backup IP address. You can configure up to eight secondary IP addresses. Deleting or Disabling a Port Channel To delete or disable a port channel, use the following commands. • Delete a port channel. CONFIGURATION mode no interface portchannel channel- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 388
|xor16}| seed ] For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value. By default hash seed is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 389
The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crclower. This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: • crc16 - uses 16 bit CRC16-bisync polynomial • crc16cc - uses 16 bit - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 390
Bulk Configuration Examples Use the interface range command for bulk configuration. • Create a Single-Range • Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 391
Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. handles overlapping port ranges. Example of the Interface-Range Prompt for Overlapping Port Ranges - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 392
Choosing an Interface-Range Macro To use an interface-range macro, use the following command. • Selects the interfaces range to be configured using the values saved in a named interface-range macro. CONFIGURATION mode interface range macro name Example of Using a Macro to Change the Interface Range - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 393
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 394
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: When you split a 40G port (such as fo 0/4) into four 10G ports, the 40G interface configuration is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 395
When connected to a QSFP or QSFP+ port on a 40 Gigabit adapter, QSA acts as an interface for the SFP or SFP+ cables. This interface enables you to directly plug in an SFP or SFP+ cable originating at a 10 Gigabit Ethernet port on a switch or server. You can use QSFP optical cables (without a QSA) to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 396
LM4 optics are similar in behavior to the LR4 optics that are already supported. However, in the output of show inventory media command, an LM4 optical module is denoted as 40G-LM4. Barring this exception, the functionality and behavior - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 397
SFP+ 0 Id SFP+ 0 Ext Id SFP+ 0 Connector = 0x0d = 0x00 = 0x23 Dell#show interfaces tengigabitethernet 0/4 transceiver SFP 0 Serial ID Base Fields SFP 0 Id = 0x0d SFP 0 Ext Id = 0x00 SFP 0 Connector = 0x23 SFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 398
QSFP 0 Connector = 0x23 QSFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 0 Encoding = 0x00 QSFP 0 Diagnostic Information QSFP 0 Rx Power measurement type = OMA QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 399
Pluggable media present, SFP+ type is 10GBASE-SX .......... LineSpeed 10000 Mbit Dell#show interfaces tengigabitethernet 0/4 gigabitethernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 400
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 401
Command Dell# clear dampening interface Gi 0/1 Dell# show interfaces dampening GigabitEthernet0/0 InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Gi 0/1Up00205001500300 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 402
To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 403
control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 404
Configure the MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 405
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 406
interface interface slot/port 5. Set the local port speed. INTERFACE mode speed {10 | 100 | 1000 | auto} 6. Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port. INTERFACE mode no negotiation auto If the speed was set to 1000, do not - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 407
For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 408
only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TenGigabitEthernet 13 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 409
The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9 Internet address is not set MTU 1554 bytes, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 410
more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 411
on the S6000 platform. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 412
shut shut int te 0/ 0 no ip address switchport shut int te 0/2 no ip address shut int te 0/3 no ip address shut Dell# show running-config ! interface TenGigabitEthernet 0/0 no ip address switchport shutdown ! interface TenGigabitEthernet 0/2 no ip address shutdown ! interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 413
interface TenGigabitEthernet 0/34 ip address 2.1.1.1/16 shutdown ! interface Vlan 2 no ip address no shutdown ! interface Vlan 3 tagged te 0/0 no ip address shutdown ! interface Vlan 4 tagged te 0/0 no ip address shutdown ! interface Vlan 5 tagged te 0/0 no ip address shutdown ! interface Vlan 100 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 414
flash by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). 414 Interfaces - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 415
on Dell Networking OS. The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 416
(optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for example, [virtual local area network - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 417
! interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 418
S 6.1.2.4/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.5/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.6/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.7/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.8/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.9/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 419
Using the Configured Source IP Address in ICMP Messages This feature is supported on the S6000 platform. ICMP error or unreachable messages are now to the initial SYN packet that requests a connection to the router for a specific service (such as SSH or BGP) with a SYN ACK, the router waits for a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 420
high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 421
To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 422
ip domain-list name Configure this command up to six times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted. Configuring DNS with Traceroute To configure your switch to perform - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 423
related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • Configuring Static ARP Entries ( dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 424
Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 425
- For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. NOTE: Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re-installed in CAM. Use this option with extreme caution. ARP Learning via Gratuitous ARP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 426
Figure 42. ARP Learning via ARP Request Beginning with Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 43. ARP Learning via ARP Request with ARP Learning via - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 427
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 428
UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper Configuring Dell Networking OS to direct UDP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 429
Configuring a Broadcast Address To configure a broadcast address, use the following command. • Configure a broadcast address on an interface. ip udp-broadcast-address Examples of Configuring and Viewing a Broadcast Address Dell(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 Dell(conf-if-vl-100 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 430
address to the configured broadcast 1.1.255.255 and routes the packet to VLANs 100 and 101. If you do not configure an IP broadcast address (using the ip udp-broadcast-address command) on VLANs 100 or 101, the packet is forwarded using the original destination IP address 255.255.255.255. Packet 2, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 431
Figure 45. UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 432
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 433
chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6. Protocol of hosts in the network when an organization changes its service provider. IPv6 Routing 433 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 434
(RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to autoconfigure its address - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 435
prefix-length) or 3K IPv6 route entries (greater than /64 prefix-length). You can configure the LPM table with one of the following partitions to support the IPv4 and IPv6 prefix route entries: • Partition 1: IPv6 128-bit LPM entries can be stored in this partition. IPv4 and 64-bit IPv6 entries - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 436
itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 437
The following lists the Next Header field values. Value 0 4 6 8 41 43 44 50 51 59 60 Description Hop-by-Hop option header IPv4 TCP Exterior Gateway Protocol (EGP) IPv6 Routing header Fragmentation header Encrypted Security Authentication header No Next Header Destinations option header NOTE: This - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 438
Code 2 message to the packet's Source IP Address identifying the unknown option type. 11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet's Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 439
of double colons is supported in a single address. Any number of consecutive 0000 groups may be cannot be routed to the public Internet. Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic IPv6 addresses are assigned either randomly or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 440
Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used S6000 IPv6 Basic Commands in the Dell Networking OS Command Line Interface Reference Guide. IPv6 Basic Addressing IPv6 address types: Unicast 8.3.11 Extended Address Space - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 441
IS-IS for IPv6 S6000 8.3.11 IS-IS for IPv6 support for 8.3.11 redistribution ISIS for IPv6 support for distribute lists and administrative distance 8.3.11 OSPF for IPv6 (OSPFv3) 8.3.11 Equal Cost Multipath for 8.3.11 IPv6 IPv6 Services and Management Telnet client over IPv6 (outbound Telnet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 442
Guide. ICMPv6 ICMPv6 is supported on the S6000 platform. ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting Exceeded and Parameter Problem messages. • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 443
Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the S6000 platform. NDP is a top-level protocol for , it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 444
Figure 49. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 445
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): IPv6 Routing 445 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 446
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 447
at least one group for L2ACL and IPv4 ACL. The total number of groups is 4. Assigning an IPv6 Address to an Interface IPv6 addresses are supported on the S6000 platform. Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 448
digits. Separate each group by a colon (:). Omitting zeros is accepted as described in Addressing. Assigning a Static IPv6 Route IPv6 static routes are supported on the S6000 platform. To configure IPv6 static routes, use the ipv6 route command. NOTE: After you configure a static IPv6 route (the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 449
and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server name ipv6 Showing IPv6 Information All of the following show commands are supported on the S6000 platform. View specific IPv6 configuration with the following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 450
mroute neighbors ospf pim prefix-list route rpf Dell# IPv6 multicast-routing table IPv6 neighbor information OSPF information PIM V6 information List IPv6 prefix lists IPv6 routing information RPF table Showing an IPv6 Interface To view the IPv6 configuration for a specific interface, use the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 451
ND base reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND hop limit is 64 Showing IPv6 Routes To view the global IPv6 routing information, use the following command. • Show IPv6 routing information for the specified route type. EXEC mode show ipv6 route type The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 452
C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 0/24, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00:34:42 Dell# The following example shows the show ipv6 route static command. Dell#show ipv6 route static Destination Dist/Metric, Gateway, Last Change - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 453
- ipv6 address: the format is x:x:x:x::x. - mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. IPv6 Routing 453 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 454
and is not supported on the Z9000 platform. iSCSI optimization also provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 455
iSCSI session information. • iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported. The following illustration shows iSCSI optimization between servers and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 456
or a combination of port number and target IP address, and you can remove the well-known port numbers from monitoring. Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 457
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 458
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 459
iSCSI optimization, which can turn on flow control again on reboot, use the no iscsi enable command and save the configuration. When you enable iSCSI on the switch, the following actions occur: • Link-level flow control is globally enabled, if it is not already enabled, and PFC is disabled. • iSCSI - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 460
following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 461
5. Reload the switch. EXEC Privilege mode reload After the switch is reloaded, DCB/ DCBx and iSCSI monitoring are enabled. 6. (Optional) Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication is monitored. CONFIGURATION mode [no] iscsi target port tcp-port-1 [ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 462
The range is from 5 to 43,200 minutes. The default is 10 minutes. 9. (Optional) Configures DCBX to send iSCSI TLV advertisements. LLDP CONFIGURATION mode or INTERFACE LLDP CONFIGURATION mode [no] advertise dcbx-app-tlv iscsi. You can send iSCSI TLVs either globally or on a specified interface. The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 463
3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0 Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0 Target: iqn. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 464
protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 465
and security policies. All routers on a LAN or point-to-point must have at least one common supported topology when operating in Multi-Topology IS-IS mode. If IPv4 is the common supported topology between those two routers, adjacency can be formed. All topologies must share the same set of L1 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 466
does not form an adjacency if both routers do not have at least one common MT over the interface. Graceful Restart Graceful restart is supported on the platform for both Helper and Restart modes. Graceful restart is a protocol-based mechanism that preserves the forwarding table of the restarting - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 467
) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 468
• Accepts external IPv6 information and advertises this information in the PDUs. The following table lists the default IS-IS values. Table 31. IS-IS Default Values IS-IS Parameter Complete sequence number PDU (CSNP) interval IS-to-IS hello PDU interval IS-IS interface metric Metric style - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 469
Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 470
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223. 2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 GigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 471
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 472
Use this command for IPv6 route computation only when you enable multi-topology. If using singletopology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. 4. Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 473
} - adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. - manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 474
To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 475
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if you - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 476
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223. 2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 GigabitEthernet 4/22 Loopback 0 Redistributing: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 477
The default level is level-1. For more information about this command, refer to Configuring the IS-IS Metric Style. The following table describes the correct value range for the isis metric command. Metric Sytle wide narrow wide transition narrow transition transition Correct Value Range 0 to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 478
Dell#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000003 0x07BF 1088 0/0/0 eljefe.00-00 * 0x00000009 0xF76A 1126 0/0/0 eljefe.01-00 * 0x00000001 0x68DF 1122 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1113 0/0/0 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 479
distribute-list prefix-list-name in [interface] - Enter the type of interface and slot/port information: - For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. - For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 480
- For a VLAN, enter the keyword vlan then a number from 1 to 4094. • Apply a configured prefix list to all outgoing IPv6 IS-IS routes. ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static] You can configure one of the optional - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 481
- process-id the range is from 1 to 65535. - level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. - metric value the range is from 0 to 16777215. The default is 0. - match external the range is from 1 or 2. - match internal - metric-type: external or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 482
ISIS mode domain-password [encryption-type | hmac-md5] password FTOS supports both DES and HMAC-MD5 authentication methods. This password is inserted in continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 483
Example of Viewing the Overload Bit Setting When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2. Dell#show isis database IS-IS Level-1 Link - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 484
the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 485
style. NOTE: A truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. wide wide narrow narrow narrow narrow transition narrow transition wide transition wide transition narrow transition wide transition wide default value (10) if the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 486
Beginning Metric Style transition transition transition narrow transition narrow transition narrow transition narrow transition wide transition wide transition wide transition wide transition Final Metric Style narrow narrow wide transition wide narrow wide transition transition wide narrow narrow - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 487
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Intermediate System to Intermediate System 487 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 488
NOTE: Whenever you make IS-IS configuration changes, clear the IS-IS process (re-started) using the clear isis command. The clear isis command must include the tag for the ISIS process. The following example shows the response from the router: Dell#clear isis * % ISIS not enabled. Dell#clear isis - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 489
ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 490
24 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on Dell Networking OS. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 491
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 492
• Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] - number: cannot statically contain any links. The default is LACP active. • Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 493
Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command. • Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 494
Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 495
Figure 53. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 496
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 54. Configuring Shared LAG State Tracking - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 497
• If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 498
ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 499
Figure 57. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 499 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 500
Figure 58. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 501
interface GigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 502
Figure 59. Inspecting a LAG Port on BRAVO Using the show interface Command 502 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 503
Figure 60. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 503 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 504
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 505
25 Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 506
The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 507
interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list MacLimit on GigabitEthernet 5/84 In this case, the configuration is still present in the running-config and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 508
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If you enable sticky MAC, the specified port retains any dynamically-learned addresses and prevents them from being transferred or learned on other ports. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 509
when the MAC learning limit is exceeded. INTERFACE mode learn-limit-violation shutdown Setting Station Move Violation Actions Station move violation actions are supported only on the S6000 platform. no-station-move is the default behavior. You can configure the system to take an action if a station - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 510
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 511
Figure 62. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 512
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 513
state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair. Dell Networking OS supports only Gigabit, 10 Gigabit, and 40-Gigabit ports and port channels as primary/ backup interfaces in redundant pairs. (A port channel is also referred to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 514
-range-gi-3/41-42)# Dell(conf-if-range-gi-3/41-42)#do show ip int brief | find 3/41 GigabitEthernet 3/41 unassigned YES Manual up up GigabitEthernet 3/42 unassigned NO Manual up down [output omitted] Dell(conf-if-range-gi-3/41-42)#interface gig 3/41 Dell(conf-if-gi-3/41)#shutdown 00:24 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 515
41 GigabitEthernet 3/41 unassigned NO Manual administratively down down GigabitEthernet 3/42 unassigned YES Manual up up [output omitted] Example -po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is supported on the S6000 platform. FEFD is a protocol that senses remote data - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 516
the interface to bring it back to an FEFD operational state. When you enable Aggressive mode on an interface in the same state, manual intervention is required to reset the interface. FEFD enabled systems (comprised of one or more interfaces) automatically switchs between four different states: Idle - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 517
after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Errdisabled state using the fefd reset [interface configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 518
To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTEFACE mode no shutdown 3. Enable fefd globally. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 519
To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3. INTERFACE mode fefd - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 520
Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/0) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Gi 4/0) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Gi 4/0 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 521
26 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on Dell Networking OS. 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 522
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 67. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 523
end station only, or other. 8 Management address Indicates the network address of the management interface. Dell Networking OS does not currently support this TLV. IEEE 802.1 Organizationally Specific TLVs 127 Port-VLAN ID On Dell Networking systems, indicates the untagged VLAN to which - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 524
LLDP-MED framework. • LLDP-MED Network Connectivity Device - any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. 524 Link Layer Discovery - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 525
Indicates: • whether the transmitting device supports LLDP-MED • what LLDP-MED TLVs it supports • LLDP device class 127 2 127 formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 127 4 Location Identification Inventory Management Implementation of this TLVs set - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 526
. - LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • The value of the LLDP-MED capabilities field in the TLV is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 527
Capabilities 1 Network Policy 2 Location Identification 3 Extended Power via MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 41. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 528
Type Application Description 0 Reserved - 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 529
Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type - there are two - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 530
Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 531
Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 532
3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 533
Figure 72. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations Dell(conf)#protocol lldp Dell(conf-lldp)#show config ! protocol - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 534
PDT 1999-2014 Existing System Capabilities: Repeater Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled 534 Link Layer Discovery Protocol (LLDP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 535
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)# - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 536
• Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 537
advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config ! protocol lldp - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 538
Figure 73. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 539
MIB Object Category Basic TLV Selection LLDP Statistics LLDP Variable LLDP MIB Object Description msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 540
Table 44. LLDP System MIB Objects TLV Type TLV Name 1 Chassis ID TLV Variable chassis ID subtype System Local Remote 2 Port ID chassid ID port subtype Local Remote Local Remote port ID Local Remote 4 Port Description port description Local Remote 5 System Name system name - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 541
Type TLV Name TLV Variable System 127 Port-VLAN ID PVID Local Remote 127 Port and Protocol port and protocol Local VLAN ID VLAN supported Remote port and protocol VLAN enabled Local Remote PPVID Local Remote 127 VLAN Name VID Local Remote VLAN name length Local Remote VLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 542
Table 46. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable 1 LLDP-MED LLDP-MED Capabilities Capabilities System Local Remote LLDP-MED Class Type Local Remote 2 Network Policy Application Type Local Remote Unknown Policy Flag Local Remote Tagged Flag Local Remote - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 543
TLV Sub-Type TLV Name TLV Variable 3 Location Identifier Location Data Format System Local Remote Location ID Data Local Remote 4 Extended Power via Power Device Type Local MDI Remote Power Source Local Remote Power Priority Local Remote Power Value Local Remote LLDP-MED MIB - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 544
27 Microsoft Network Load Balancing This functionality is supported on Dell Networking OS. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 545
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Benefits and Working of Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 546
-flooding CLI configuration. Apart from it, there is no indication of the enabling of this capability. Configuring a Switch for NLB This functionality is supported on the S6000 platform. To enable a switch for unicast NLB mode of functioning, perform the following steps: Enter the ip vlan-flooding - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 547
28 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 548
Figure 74. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the "Entry Count" field. SA messages are transmitted every 60 seconds, and immediately when a new source is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 549
Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 550
• Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP from Caching a Remote Source • Preventing MSDP from Advertising a Local Source • Terminating a Peership • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 551
Figure 77. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 551 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 552
Figure 78. Configuring PIM in Multiple Routing Domains 552 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 553
Figure 79. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Multicast Source Discovery Protocol ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 554
Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 555
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 556
Figure 80. MSDP Default Peer, Scenario 1 556 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 557
Figure 81. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP) 557 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 558
Figure 82. MSDP Default Peer, Scenario 3 558 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 559
Figure 83. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 560
Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 229.0.50.4 24.0.50.4 200.0.0. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 561
Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 562
R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 563
Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 564
Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 565
technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation: With only a single RP per group, all joins are sent to that RP regardless of the topological distance between the RP, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 566
Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. Make this address the RP for the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 567
CONFIGURATION mode ip msdp originator-id Examples of R1, R2, and R3 Configuration for MSDP with Anycast RP The following example shows an R1 configuration for MSDP with Anycast RP. ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 568
no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.22/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 569
neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 570
interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 571
redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 572
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on Dell Networking OS. Protocol Overview MSTP - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 573
and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. Configure Multiple Spanning Tree Protocol Configuring - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 574
• Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 575
Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 576
-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Networking OS Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 577
NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address. Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 578
The default is 15 seconds. 2. Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. 3. Change - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 579
• Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The following lists the default values for port cost by interface. Table 48. Default Values for Port Costs by Interface Port Cost Default Value 100-Mb/s - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 580
this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. 580 Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 581
Figure 86. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 582
no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 583
name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface GigabitEthernet 3/11 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 3/11,21 no shutdown ! - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 584
(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 585
- Are there "extra" MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp ! protocol spanning-tree mstp name - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 586
INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.cbbd, Int Root Cost Brg/Port Prio: 32768/128, Rem Hops: 20 586 Multiple Spanning Tree Protocol (MSTP) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 587
SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) 30 Enabling IP Multicast Enable IP multicast is supported on the S6000 platform. Prior to enabling any multicast protocols, you must enable multicast routing. • Enable multicast routing. CONFIGURATION mode - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 588
Figure 87. Multicast with ECMP Implementation Information Because protocol control traffic in Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, Dell Networking OS might forward data traffic with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 589
:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fennertraceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. First Packet Forwarding for - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 590
• If the limit is decreased after it is reached, Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using clear ip mroute). NOTE: Dell Networking OS waits at least 30 seconds between stopping and starting IGMP join processing. You - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 591
no access list limiting Receiver 1, so both IGMP reports are accepted, and two corresponding entries are created in the routing table. Figure 88. Preventing a Host from Joining a Group Table 49. Preventing a Host from Joining a Group - Description Location 1/21 Description • Interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 592
Location 1/31 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • no shutdown • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 593
Location Description • ip igmp access-group igmpjoinfilR2G2 • no shutdown Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 594
specified rate. The keyword infinity directs PIM Default: 10 kbps to never switch to the SPT. IPv6 Configure PIM to switch over to the SPT when ip pim spt-threshold CONFIGURATION the multicast packet rate is at or beyond a {value | infinity} specified rate. The keyword infinity directs PIM to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 595
Figure 89. Preventing a Source from Transmitting to a Group Table 51. Preventing a Source from Transmitting to a Group - Description Location 1/21 Description • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 596
Location 2/1 2/11 2/31 3/1 3/11 3/21 Receiver 1 Receiver 2 Description • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 597
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 598
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 599
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 600
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 601
Figure 91. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 602
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 603
available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA - These LSAs contain information imported into OSPF from other routing processes. They - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 604
a router fails and the cost is assessed, a new priority number results. Figure 92. Priority and Cost Examples OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 605
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 606
a grace period. Reconfigure OSPFv3 graceful restart to a restarting-only role when you enable the helper-reject role on an interface. OSPFv3 supports the helper-reject role on a per-interface basis. Configuring helper-reject role on an OSPFv2 router or OSPFv3 interface enables the restarting-only - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 607
example, if you create five OSPFv2 processes on a system, there must be at least five interfaces assigned in Layer 3 mode. Each OSPFv2 process is independent. If one process loses adjacency, the other processes continue to function. Processing SNMP and Sending SNMP Traps Though there are may be - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 608
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 609
first version 2 (OSPF for IPv4) is supported on the S6000 platform. The following configuration tasks Lists • Redistributing Routes • Troubleshooting OSPFv2 1. Configure a physical section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 610
is not required to be the router's IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router ID for the OSPFv2 process. CONFIG-ROUTER-OSPF-id mode router-id ip - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 611
ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 0, normal 0 stub - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 612
If you try to enable more OSPF processes than available Layer 3 interfaces, the following message displays: C300(conf)#router ospf 1 % Error: No router ID available. Assigning an OSPFv2 Area After you enable OSPFv2, assign the interface to an OSPF area. Set up OSPF areas and enable OSPFv2 on an - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 613
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 614
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 615
Enabling Passive Interfaces A passive interface is one that does not send or receive routing information. Enabling passive interface suppresses routing updates on an interface. Although the passive interface does not send or receive routing updates, the network on that interface is still included in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 616
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 617
#(conf-router_ospf-1)#no fast-converge Dell#(conf-router_ospf-1)#ex Dell#(conf)#ex Dell##show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 0 Min LSA origination 5 secs, Min - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 618
NOTE: Be sure to write down or otherwise record the key. You cannot learn the key after it is configured. You must be careful when changing this key. NOTE: You can configure a maximum of six digest keys on an interface. Of the available six digest keys, the switches select the MD5 key that is common - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 619
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Neighbor Count is 0, Adjacent neighbor count is 0 Dell# Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters, use the following commands. • Set a clear text authentication - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 620
Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 621
graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 Dell# Creating Filter Routes To filter routes, use prefix lists. OSPF applies prefix - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 622
been included in the OSPF database? • Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show interfaces • show protocols • debug IP OSPF events and/or packets • show neighbors • show virtual links • show routes To help - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 623
• View the summary of all OSPF process IDs enables on the router. EXEC Privilege mode show running-config ospf • View the summary information of the IP routes. EXEC Privilege mode show ip route summary • View the summary information for the OSPF database. EXEC Privilege mode show ip ospf database • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 624
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 625
ip address 10.2.22.2/24 no shutdown Configuration Task List for OSPFv3 (OSPF for IPv6) Open shortest path first version 3 (OSPF for IPv6) is supported on the platform. The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 626
is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 627
ipv6 ospf process-id area area-id - process-id: the process ID number assigned. - area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 628
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 629
-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] - Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 630
- Unplanned-only: the OSPFv3 router supports graceful-restart only for unplanned restarts. During an unplanned restart, OSPFv3 sends out a Grace LSA once the secondary RPM comes online. The default is both - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 631
and encrypts both the header and payload. On the receiving side, an IPsec-compliant device decrypts each packet. NOTE: Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec. With IPsec-based authentication, Crypto images are used to include the IPsec secure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 632
ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the because the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 633
for full confidentiality. - 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted keys are supported. NOTE: To encrypt all keys on a router, use the service password-encryption command in Global Configuration mode. However, this command does not provide a high - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 634
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 635
no ipv6 ospf encryption null • Display the configuration of IPsec encryption policies on the router. show crypto ipsec policy • Display the security associations set up for OSPFv3 interfaces in encryption policies. show crypto ipsec sa ipv6 Configuring IPSec Authentication for an OSPFv3 Area To - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 636
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 637
- name: displays configuration details about a specified policy. • Display security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router. EXEC Privilege show crypto ipsec sa ipv6 [interface interface] To display information on the SAs used on a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 638
(0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 639
the OSPF routes in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events (for example, passive- interface vlan 2222). FTOS supports 4094 VLANs. Open Shortest Path First (OSPFv2 and OSPFv3) 639 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 640
32 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 641
specified next-hop. • If the specified next-hops are not reachable, then the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-Lists are applied at Ingress. Policy-based Routing (PBR) 641 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 642
Implementing Policy-based Routing with Dell Networking OS • Non-contiguous bitmasks for PBR • Hot-Lock PBR Non-contiguous bitmasks for PBR Non-contiguous bitmasks for PBR allows more granular and flexible control over routing policies. Network addresses that are in the middle of a subnet can be - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 643
address is the Destination's IP address FORMAT: A.B.C.D/NN, or ANY or HOST IP address Delete a rule with the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The below step shows a step-by-step example of how to create a rule for - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 644
20.1.1.0/25 any seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting in release 9.4(0.0), Dell Networking OS supports the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 645
10 permit ip host 3.3.3.3 any seq 15 redirect 2.2.2.2 ip any any Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as VLAN and port-channel interfaces. NOTE: When you apply a redirect-list on a port-channel, when traffic is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 646
redirect-group xyz shutdown Dell(conf-if-te-1/0)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 647
a some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. Graphic illustration of the configuration shown below: The Redirect-List GOLD defined in this example - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 648
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 649
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 15 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 650
2000 IPv6 multicast forwarding entries, with up to 128 PIM-sourcespecific multicast (SSM) neighbors/interfaces. • IPv6 Multicast is not supported on synchronous optical network technologies (SONET) interfaces. Protocol Overview PIM-SM initially uses unidirectional shared trees to forward multicast - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 651
received becomes the outgoing interface associated with the (*,G) entry. This process constructs an RPT branch to the RP. 3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action. If a router between the host and the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 652
Important Point to Remember If you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface. Configuring PIM-SM Configuring PIM-SM is a three-step process. 1. Enable multicast routing (refer to the following step). 2. Select a rendezvous point. 3. Enable - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 653
NOTE: You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address. To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 654
The default is 210. 2. Create an extended ACL. CONFIGURATION mode ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only. CONFIG-EXT-NACL mode [seq sequence-number] permit ip source-address/mask | any | host - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 655
interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 656
EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 657
protocol overhead. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if multiple applications use . • The default range is always supported, so range can never be smaller than the default. PIM Source-Specific Mode (PIM-SSM) 657 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 658
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 659
• When you remove the mapping configuration, Dell Networking OS removes the corresponding (S,G) states that it created and re-establishes the original (*,G) states. • You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 660
Interface Vlan 400 Group 239.0.0.1 Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10.11.5.2 00:00:05 00:02:04 Member Ports: Gi 1/2 660 PIM Source- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 661
Port (MG) can be used in multiple sessions. • There can be a maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a VLAN, where the VLAN traffic received on that port pipe where its members are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 662
multiple source-destination statements in a single monitor session. The maximum number of source ports that can be supported in a session is 128. The maximum number of destination ports that can be supported is 4 per port pipe. In the following examples, ports 0/13, 0/14, 0/15, and 0/16 all belong - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 663
Example of Viewing a Monitoring Session In the example below, 0/25 and 0/26 belong to Port-pipe 1. This port-pipe has the same restriction of only four destination ports, new or used. Dell(conf-mon-sess-300)#do show mon session SessionID Source Destination Direction Mode Type ---- 0 Te 0/ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 664
show interface 2. Create a monitoring session using the command monitor session from CONFIGURATION mode, as shown in the following example. CONFIGURATION mode monitor session monitor session type rpm/erpm type is an optional keyword, required only for rpm and erpm 3. Specify the source and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 665
Figure 95. Port Monitoring Example Enabling Flow-Based Monitoring Flow-based monitoring is supported only on the S-Series platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 666
Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote- configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 667
source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border). The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network. Two - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 668
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 669
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 670
destination switches), and a destination session (destination ports connected to analyzers on destination switches). Configuration Steps for RPM Step Command Purpose 1 configure terminal Enter global configuration mode. 2 monitor session type rpm The needs to be unique and not - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 671
Dell(conf)#inte te 0/30 Dell(conf-if-te-0/30)#no shutdown Dell(conf-if-te-0/30)#switchport Dell(conf-if-te-0/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 672
Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 0/3 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 0/4 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 673
packets to the destination ip address specified in the session. Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 674
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 0/1-3 mac access-group flow in Only ingress packets are supported for mirroring shutdown Dell# 674 Port Monitoring - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 675
address (Port D's ip address) on the sniffer. The Header that gets attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 676
39th byte in a given ERPM packet. The first 38/42 bytes of the header needs to be ignored/ chopped off. - Some tools support options to edit the capture file. We can make use of such features (for example: editcap ) and chop the ERPM header part and save it - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 677
Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is supported on Dell Networking OS. Protocol Overview PVST+ is a variation of ) chapter. Figure 96. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 678
Table 52. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 679
PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 680
Figure 97. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 681
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 682
PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds. The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 683
The range is from 0 to 240, in increments of 16. The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 684
PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 685
Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 686
no ip address tagged GigabitEthernet 2/12,32 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthernet 2/12,32 no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 2/12,32 no shutdown ! protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 Example of PVST+ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 687
37 Quality of Service (QoS) Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 54. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 688
StrictPriority Queueing Weighted Random Early Detection Create WRED Profiles Direction Egress Egress Ingress + Egress Ingress Ingress Ingress Egress Egress Egress Egress Egress 688 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 689
implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An Expedited Forwarding PHB You - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 690
-class dynamic dot1p entry supersedes any INTERFACE entries. For more information, refer to Mapping dot1p Values to Service Queues. NOTE: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. • Honor dot1p priorities on ingress traffic. INTERFACE mode - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 691
. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p. When priority-tagged frames ingress Configuring Port-Based Rate Shaping Configuring port-based rate limiting is supported on the S6000 platform. Dell Networking OS Behavior: Rate shaping is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 692
QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 100. Constructing Policy-Based QoS Configurations 692 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 693
differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps allow only one ACL. 4. Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 694
4. Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 695
example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 696
TABLE 1). If a custom dot1p to queue mapping is present it should be reconfigured to the default dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: - ACK - FIN - SYN - PSH - RST - URG In the existing software, ECE/CWR TCP flag qualifiers are not - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 697
the specific match criteria as 'yellow', Dell Networking OS does not support Policer based coloring and this feature concurrently. • If single rate percentage, scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 698
dscp or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p to bandwidth weight by the sum of all queue weights. 698 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 699
. bandwidth-percentage Specifying WRED Drop Precedence Specifying WRED drop precedence is supported on the S6000 platform. • Specify a WRED profile to yellow and You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 700
maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 red 20,30 Dscp-color-map mapTWO yellow 16,55 700 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 701
the keyword layer2 with the policy-map-input command. 2. After you create an input policy map, do one or more of the following: Quality of Service (QoS) 701 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 702
command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an QoS policy to an input policy map. POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 703
VLAN. For more information, refer to PriorityTagged Frames on the Default VLAN. • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Quality of Service (QoS) 703 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 704
times. • Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying 2 policy map. Creating Output Policy Maps Creating output policy maps is supported on the S6000 platform. 1. Create an output policy map. CONFIGURATION - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 705
an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. Enabling QoS Rate - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 706
. Enabling Strict-Priority Queueing Strict-priority means that Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage configuration. • A queue with strict priority can starve other queues in the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 707
priority 2 which will be honored in switch A. You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 5 % Error: Dot1p traffic, leaving no space for other types. You can apply a Quality of Service (QoS) 707 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 708
profiles, use the following commands. 1. Create a WRED profile. CONFIGURATION mode wred-profile 2. Specify the minimum and maximum threshold values. WRED mode threshold 708 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 709
qos statistics wred-profile Pre-Calculating Available QoS CAM Space Pre-calculating available QoS CAM space is supported on the S6000 platform. Before Dell Networking OS version 7.3.1, there was no way to measure the CAM space in a partition for a specified port-pipe. Quality of Service (QoS) 709 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 710
cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM of rate shaping in packets per second (pps) for QoS output policies is supported on the S6000 platform. You can configure rate shaping in pps for a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 711
Rate Shaping Configuration of rate shaping for QoS output policies in packets per second (pps) is supported on the S6000 platform. You can explicitly specify the rate shaping functionality for QoS output policies and committed burst size in pps. QOS-POLICY-OUT mode Quality of Service (QoS) 711 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 712
random early detection (WRED) and Explicit Congestion Notification (ECN) functionality for backplane ports is supported on the Additionally, the feature to configure a weight for WRED and ECN functionality for front-end ports separately in the range of 0 through 15. 712 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 713
shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. S6000 platform support four global service-pools in the egress direction. Two service pools are used- one for loss-based queues and the other for lossless (priority-based flow control (PFC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 714
Queue-based ECN marking above queue threshold. ECN marking to shared buffer limits of the service-pool and then packets are tail dropped. SP-T < Q-T Same as above but the WRED and ECN functionality for backplane ports is supported on the Z9000 platform. Additionally, the functionality to configure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 715
queues when the minimum guaranteed buffers for the queue are consumed. S6000 platform supports four global service-pools in the egress direction. mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 716
match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" will mark packets in a congested, heavily-loaded network. This feature is supported in S6000 platform. ECN is a mechanism using which network switches - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 717
specified through one or more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet. As a part OS software through L3 ACL command: Quality of Service (QoS) 717 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 718
all packets are considered as 'green' (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as 'yellow' alone will be provided. By default Dell dscp 50 ecn 0 ! ip access-list standard dscp_40_non_ecn 718 Quality of Service (QoS) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 719
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 720
layer2 3. Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-0/0)# service-policy input l2p layer2 Managing Hardware Buffer Statistics Bufffer statistics tracking utility is supported on the S6000 platform. The memory management unit (MMU) on S6000 platform is 12.2 MB in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 721
. In this example, this setting is configured for queues 5 and 7. Dell(conf-if-te-0/8)#Service-class buffer shared-threshold-weight queue5 4 queue7 6 Enabling Buffer Statistics Tracking This functionality is supported on the S6000 platform. You can enable the tracking of statistical values of buffer - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 722
variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 723
suited for small, homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List The following is , refer to the Dell Networking OS Command Reference Interface Guide. Routing Information Protocol (RIP) 723 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 724
Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process on Dell Networking OS. CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 725
192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 0/0 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 0/0 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 192.162.3.0/24 auto-summary To disable RIP globally, use the no router - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 726
distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Adding RIP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 727
• Set the RIP versions received on that interface. INTERFACE mode ip rip receive version [1] [2] • Set the RIP versions sent out on that interface. INTERFACE mode ip rip send version [1] [2] Examples of the RIP Process To see whether the version command is configured, use the show config command - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 728
Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send FastEthernet 0/0 2 1 2 Routing for Networks: 10.0.0.0 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 729
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 730
Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 731
Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Commands to View Core 2 Information • To display Core 2 RIP database, use the show ip rip database command. • To display Core 2 RIP setup, use the show ip route command. • To display Core 2 RIP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 732
The following example shows the show ip protocols command to show the RIP configuration activity on Core 2. Core2#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 17 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 733
Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 734
GigabitEthernet 3/44 2 2 GigabitEthernet 3/43 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 735
ip address 192.168.2.1/24 no shutdown ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 Routing Information Protocol (RIP) 735 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 736
39 Remote Monitoring (RMON) Remote monitoring (RMON) is supported on Dell Networking OS. RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 737
the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the rmon Alarm To set an alarm on any MIB object - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 738
- owner string: (Optional) specifies an owner for the alarm, this setting is the alarmOwner object in the alarmTable of the RMON MIB. Default is a null-terminated string. Example of the rmon alarm Command To disable the alarm, use the no form of the command. The following example configures RMON - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 739
Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode. • Enable RMON MIB statistics collection. CONFIGURATION INTERFACE (config-if) mode [no] rmon collection statistics {controlEntry - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 740
The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john 740 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 741
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 62. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 742
• RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 743
INTERFACE mode no shutdown Example of Verifying an Interface is in Layer 2 Mode and Enabled To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode. Dell(conf-if-gi-1/1)#show config ! - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 744
Figure 103. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 745
BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (GigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 746
Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group. • Forward-delay - the amount of time an interface waits in the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 747
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 748
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 749
• If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. • When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 750
The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 751
41 Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. Software-Defined Networking (SDN) 751 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 752
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 753
process request. - stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. - tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 754
actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 755
In the release 9.4.(0.0), RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to five authentication - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 756
3. Assign a method-list-name or the default list to the terminal line. LINE mode login authentication {method-list-name | default} To view the configuration, use the show config command in LINE mode or the show runningconfig in EXEC Privilege mode. NOTE: Dell Networking recommends using the none - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 757
-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and keys, use the following command. • Turn on the obscuring of passwords and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 758
of Obscuring Password and Keys Dell(config)# service obscure-passwords AAA Authorization Dell Networking OS enables to control access to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you enter the enable - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 759
all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system. To configure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 760
In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs. Configuring Custom Privilege Levels In addition to assigning privilege levels to the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 761
• mode: enter a keyword for the modes (exec, configure, interface, line, route-map, or router) • level level: the range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 762
show terminal traceroute Dell#confi Dell(conf)#? end exit no snmp-server Dell(conf)# Show running system information Set terminal line parameters Trace route to destination Exit from Configuration mode Exit from Configuration mode Reset a command Modify SNMP parameters Specifying LINE Mode - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 763
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 764
listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 765
• Create a method list with RADIUS and TACACS+ as authorization methods. CONFIGURATION mode aaa authorization exec {method-list-name | default} radius tacacs+ Typical order of methods: RADIUS, TACACS+, Local, None. If RADIUS denies authorization, the session ends (RADIUS must not be the last method - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 766
To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 767
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 768
: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ 768 Security - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 769
TACACS+ Remote Authentication When configuring a TACACS+ server host, you can set different communication parameters, such as the key password. Example of Specifying a TACACS+ Server Host Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#aaa authentication exec - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 770
a countermeasure to the problem. This countermeasure is and other secure network services over an insecure network. Command Line Interface Reference Guide. Dell Networking OS supported for secure copying between a PC and a Dell Networking OS-based system. Unix-based SCP client software is supported - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 771
ip ssh server version {1|2} • Display SSH connection information. EXEC Privilege mode show ip ssh Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 772
• ip ssh hostbased-authentication enable: enable host-based authentication for the SSHv2 server. • ip ssh key-size: configure the size of the server-generated RSA SSHv1 key. • ip ssh password-authentication enable: enable password authentication for the SSH server. • ip ssh pub-key-file: specify the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 773
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 Security - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 774
configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 775
and known_hosts2 are generated when a user tries to SSH using version 1 or version 2, respectively. • The SSH server and client are enhanced to support the VRF awareness functionality. Using this capability, an SSH client or server can use a VRF instance name to look up the correct routing table - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 776
3. Disable password authentication if enabled. CONFIGURATION mode no ip ssh password-authentication enable 4. Enable RSA authentication in SSH. CONFIGURATION mode ip ssh rsa-authentication enable 5. Install user's public key for RSA authentication in SSH. EXEC Privilege mode ip ssh rsa- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 777
-l User name option -m HMAC algorithm to use (for v2 clients only) -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 778
authentication scheme you use - line, local, or remote. Table 64. VTY Access Authentication Method VTY access-class support? Username access-class Remote authorization support? support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with Dell Networking OS version 5.2.1.0 and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 779
1. Create a username. 2. Enter a password. 3. Assign an access class. 4. Enter a privilege level. You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 780
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 781
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 782
Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines. Pre-requisites Before you enable role-based only AAA authorization: 1. Locally define a system administrator user role. This will give - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 783
To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 784
defined roles. Otherwise you would have to create a user role's command permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 785
myrole secadmin Exec Config Line Modifying Command Permissions for Roles You can modify (add or delete) command permissions for newly created user roles and system defined roles using the role mode { { { addrole | deleterole } role-name } | reset } command command in Configuration mode. NOTE: You - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 786
Example: Allow Security Administrator to Access Only 10-Gigabit Ethernet Interfaces The following example allows the security administrator (secadmin) to only access 10-Gigabit Ethernett interfaces and then shows that the secadmin, highlighted in bold, can now access Interface mode. However, the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 787
for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 788
authentication command in CONFIGURATION mode. aaa authentication login {method-list-name | default} method [... method4] Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI. Users with only privilege levels can use commands in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 789
privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 790
Example for Configuring a VSA Attribute for a Privilege Level 15 The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 791
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 792
Protocol MAC testadmin netadmin Protocol MAC Exec Config Interface Line Router IP Routemap Displaying Role Permissions Assigned to a Command To display permissions assigned to a command, use the show role command in EXEC Privilege mode. The output displays the user role and or permission level. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 793
Virtual local area network (VLAN) stacking is supported on the S6000 platform. VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad - Provider Bridges, which is an amendment to IEEE 802.1Q - Virtual Bridged Local Area Networks. It enables service providers to use 802.1Q architecture to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 794
Figure 104. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured becomes relevant if you enable the port as a multi-purpose port (carrying singletagged and double-tagged traffic). 794 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 795
bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3. Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 796
-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. 796 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 797
the internal state and membership of a VLAN and its ports. debug member Example of Debugging a VLAN and its Ports The port notations are as follows: Service Provider Bridging 797 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 798
appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. 798 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 799
Figure 105. Single and Double-Tag TPID Match Service Provider Bridging 799 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 800
Figure 106. Single and Double-Tag First-byte TPID Match 800 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 801
VLAN stacking packet drop precedence is available on the S6000 platform. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 802
mode. Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow 802 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 803
CFI/DEI Gi 0/1 Green 0 Gi 0/1 Yellow 1 Gi 8/9 Yellow 0 Gi 8/40 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 804
of Queue 3 also matches the traffic. This is an expected behavior. Examples of QoS Interface Configuration and Rate Policing policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 ! class-map match-any a layer2 match mac access-group a ! mac access-list standard a seq 5 permit any ! qos - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 805
service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). Service Provider Bridging 805 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 806
, 01-01-e8-00-00-00. As such, with these Dell Networking OS versions, Dell Networking systems are required at the egress edge of 806 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 807
is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Service Provider Bridging 807 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 808
Allocation. 2. Save the running-config to the startup-config. EXEC Privilege mode copy running-config startup-config 3. Reload the system. EXEC Privilege mode reload 808 Service Provider Bridging - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 809
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 810
any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling rate - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 811
a Multicast packet. Enabling Extended sFlow The S-Series platforms support extended-switch information processing only. Extended sFlow packs additional information are enabled on all three types. Dell#show sflow sFlow services are enabled Global default sampling rate: 4096 Global default counter - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 812
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 813
Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 814
sampling-rate until the CPU condition is cleared. This is as per sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. 814 sFlow - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 815
from the LAG port. Enabling Extended sFlow The S-Series platforms support extended-switch information processing only. Extended sFlow packs additional information the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 816
only if the route is learned via BGP and it is reachable via the ingress interface of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points are summarized in following table. Table 66. Extended Gateway Summary IP SA - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 817
IP SA BGP IP DA BGP srcAS and srcPeerAS Exported dstAS and dstPeerAS Exported Description where is source is reachable over ECMP. Extended gateway data is packed. sFlow 817 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 818
MIB (RFC 1483) for STP and IEEE 802.1 draft ruzin-mstp-mib-02 for MSTP. SNMPv3 Compliance With FIPS This functionality is supported on the S6000 platform. SNMPv3 is compliant with the Federal information processing standard (FIPS) cryptography standard. The Advanced Encryption Standard (AES) Cipher - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 819
The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when the system is configured with the fips mode enable command in Global Configuration mode. When the FIPS mode is enabled on the system, SNMPv3 operates in a FIPScompliant manner, and only - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 820
SNMP version 1 and version 2 that are communitybased security models. The primary difference between the two versions is that version 2 supports two additional protocol operations (informs operation and snmpgetbulk query) and one additional object (counter64 object). SNMP version 3 (SNMPv3) is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 821
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 822
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 823
• Read the value of a single managed object. snmpget -v version -c community agent-ip {identifier.instance | descriptor.instance} • Read the value of the managed object directly below the specified object. snmpgetnext -v version -c community agent-ip {identifier.instance | descriptor.instance} • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 824
Configuring Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system and from the management - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 825
the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Force10 enterpriseSpecific - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 826
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 827
exceeds threshold of %dC) MAJOR_TEMP_CLR: Major alarm cleared: chassis temperature lower (%s %d temperature is within threshold of %dC) envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 828
from SNMP OID %RPM0-P:CP %SNMP-4-RMON_FALLING_THRESHOLD: STACKUNIT0 falling threshold alarm from SNMP OID %RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: STACKUNIT0 high-capacity rising threshold alarm from SNMP OID Copy Configuration Files Using SNMP To do the following, use SNMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 829
MIB Object copyDestFileType copyDestFileLocation copyDestFileName copyServerAddress copyUserName copyUserPassword OID Object Values Description is set to runningconfig or startupconfig, copySrcFileName is not required. . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.5 1 = Dell Networking OS file 2 = running- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 830
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 831
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 832
copyUserName.index s server-login-id copyUserPassword.index s server-loginpassword • precede server-ip-address by the keyword a. • precede the values for copyUsername and copyUserPassword by the keyword s. Example of Copying Configuration Files via FTP From a UNIX Machine > snmpset -v 2c -c private - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 833
myfilename copyServerAddress.10 a 172.16.1.56 copyUserName.10 s mylogin copyUserPassword. 10 s mypass Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 68. Additional MIB Objects for Copying - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 834
-v 2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 835
.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 836
f10cp_vrrp_140522124357_Stk1.acore.gz" enterprises.6027.3.10.1.2.10.1.2.2.1 = "/CORE_DUMP_DIR/FTP_STK_MEMBER/f10cp_sysd_140617134445_Stk0.acore.gz" enterprises.6027.3.10.1.2.10.1.3.1.1 = "Fri Mar 14 11:51:46 2014" enterprises.6027.3.10.1.2.10.1.3.1.2 = "Fri Nov 8 08:11:16 2013" enterprises.6027.3.10 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 837
Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members. The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 838
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.1107787786 = Hex-STRING: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 839
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 840
1 00:01:e8:06:95:ac Dynamic TeGi 1/21 Active Query from Management Station >snmpwalk -v 2c -c techpubs 10.11.131.162 .1.3.6.1.2.1.17.4.3.1 SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.232.6.149.172 = Hex-STRING: 00 01 E8 06 95 AC Example of Fetching MAC Addresses Learned on a Non-default VLAN Using - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 841
type of interface by a 0 bit, and the unused bit is always 0. These 2 bits are not given because they are the most significant bits, and leading zeros are often omitted. To display the interface number, use the following command. • Display the interface index number. EXEC Privilege mode show - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 842
of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 843
• When you query an icmpStatsInErrors object in the icmpStats table by using the snmpget or snmpwalk command, the output for IPv4 addresses may be incorrectly displayed. To correctly display this information under IP and ICMP statistics, use the show ip traffic command. • When you query an IPv4 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 844
interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and . Do not apply per-viritual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 845
three other variations of spanning tree, as shown in the following table. Table 73. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 846
Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 847
To configure and enable the interfaces for Layer 2, use the following command. 1. If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE switchport 3. Enable the interface. INTERFACE mode no shutdown Example of the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 848
Figure 112. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2. Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 849
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 850
spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hellotime, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 851
PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally. Modifying - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 852
CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops if it is enabled on an interface connected to a network. To enable PortFast on an interface, use the following command. • Enable PortFast on an interface. INTERFACE mode spanning-tree stp-id portfast [ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 853
• When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in the Error Disable state, the Error Disabled state is cleared on this physical port (the physical port is - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 854
EDS 20000 P2P No Dell(conf-if-gi-0/7)#do show ip int br gi 0/7 Interface IP-Address OK Method Status Protocol GigabitEthernet 0/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 855
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard STP root guard is supported on the platform. Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 856
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 857
traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Configuring Spanning Trees as Hitless Configuring spanning trees as hitless is supported only on platform. You can configure STP, RSTP, MSTP, and PVST+ to be hitless (configure all or none as hitless). When configured as - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 858
STP Loop Guard STP loop guard is supported only on the platform. The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 859
. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 860
• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: RootGuard is configured. Cannot configure LoopGuard. • Enabling Portfast - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 861
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. In the release 9.4.(0.0), support for reaching an NTP server through different VRFs is included. You can configure a maximum of eight logging servers across different VRFs or the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 862
In what may be the most common client/server model, a client sends an NTP message to one or more servers and processes the replies as received. The server interchanges addresses and ports, overwrites certain fields in the message, recalculates the checksum and returns the message immediately. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 863
Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 864
• Set the interface to receive NTP packets. INTERFACE mode ntp broadcast client Example of Configuring NTP Broadcasts 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 865
Configuring NTP Authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources. NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in Dell Networking - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 866
in dotted decimal format (A.B.C.D). - ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. - key keyid : Configure a text string as the key exchanged between the NTP server and the client. - prefer: Enter the keyword prefer to set - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 867
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 868
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 869
CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 870
00:00:00 pacific Sat Nov 7 2009" Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 871
Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from " - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 872
RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode. You can configure - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 873
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 874
Configuring a Tunnel Interface You can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands. To configure the tunnel interface to operate without a unique explicit ip or ipv6 address, select the interface from which the tunnel will borrow its address. The following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 875
tunnel interface. This is inherited from the current implementation and this is not applicable for the receiveonly tunnels functionality discussed above. • IP tunnel interfaces are supported over ECMP paths to the next hop. ECMP paths over IP tunnel interfaces are - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 876
available by allowing only a given prefix/range of remote peers. IP unnumbered interface address configuration on the IP Tunnels is now supported. Tunnel interface's operational status will always remain UP once tunnel is configured to work in multipoint-receive-only mode. Allowed remote addresses - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 877
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 878
speed and can span multiple devices. The Dell Networking Operating System (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 879
. In Dell Networking OS, a port-based VLAN can contain interfaces from different line cards within the chassis. Dell Networking OS supports 4094 port-based VLANs. Port-based VLANs offer increased security for traffic, conserve bandwidth, and allow switch segmentation. Interfaces in different - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 880
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 881
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 882
interface vlan vlan-id 2. Enable an interface to include the IEEE 802.1Q tag header. INTERFACE mode tagged interface Add an Interface to Another VLAN To view just the interfaces that are in Layer 2 mode, use the show interfaces switchport command in EXEC Privilege mode or EXEC mode. The following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 883
Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface. CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged. INTERFACE - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 884
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLANunaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 885
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 886
52 VLT Proxy Gateway You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to a L3 endpoint in another VLT domain. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 887
gateway. Guidelines for Configuring a VLT Proxy Gateway Keep the following points in mind when you configure this functionality: 1. Proxy gateway is supported only for VLT i.e. across VLT domain. 2. The current design will not handle the asymmetric VLAN configuration scenarios such as same VLAN - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 888
only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam entries can be supported. 12. PVLAN not supported 13. After VM Motion, it's expected that VM Host will send GARP in term, host - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 889
all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process other standard TLVs. The LLDP organizational TLV passes local DA information - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 890
cloud, when a MAC is removed and added back. This could happen when proxy-routing and sub-optimal routing intersperse each other. 5. This feature is not supported for IPv6. 6. ICL shut - Assume ICL between C1 and D1 is shut and if D1 is secondary VLT then one half of the inter DC - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 891
. A proxy gateway enables you to locally route the packets that are destined to L3 endpoint of the other VLT domain. This functionality is supported on the S4810, S4820T, S6000, Z9000, and MXL platforms. To configure the static proxy gateway, perform the following: 1. Enable VLT on a switch, then - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 892
VLT DOMAIN PROXY GW LLDP mode Dell(conf-vlt-domain-proxy-gw-lldp)#peer-domain-link port-channel interface exclude-vlan vlan-range 4. Display the VLT proxy gateway configuration. EXEC mode Dell#show vlt-proxy-gateway 892 VLT Proxy Gateway - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 893
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology. (To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 894
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four units, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example shows - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 895
Figure 119. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 896
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the lacp ungroup memberindependent port-channel command. • If the lacp-ungroup feature is not supported on the ToR, reboot the VLT peers one at a time. After rebooting - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 897
version is more than one release different from the current version in use, the VLTi does not activate. - The chassis members in a VLT domain support connection to orphan hosts and switches that are not connected to both switches in the VLT core. • VLT interconnect (VLTi) - The VLT interconnect must - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 898
required VLANs in VLTi. You do not need to manually select VLANs. - VLT peer switches operate as separate the VLT interconnect may flap. - In a VLT domain, the following software features are supported on VLTi: link layer discovery protocol (LLDP), flow control, port monitoring, jumbo frames, - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 899
and access switches with VLT peer switches, you use a VLT port channel, as shown in Overview. Up to 48 port-channels are supported; up to eight member links are supported in each port channel between the VLT domain and an access device. - To connect servers and access switches with VLT peer switches - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 900
: 802.1p, LLDP, flow control, IPv6 dynamic routing, port monitoring, and jumbo frames. • Software features not supported with VLT - In a VLT domain, the following software features are supported on non-VLT ports: 802.1x, DHCP snooping, FRRP, ingress and egress QOS. • VLT and VRRP interoperability - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 901
VLT Peers Primary and Secondary VLT Peers are supported on the platform. To prevent issues when connectivity the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 902
learned groups and multicast router ports are automatically learned on the VLT peer node. VLT IPv6 VLT IPv6 is supported on the platform. The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 903
router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers receivers and as a first-hop router for multicast sources. Figure 120. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 904
you did not enable VLT Multicast Routing, traffic loss occurs until the other VLT peer is selected as the DR. VLT Routing VLT routing is supported on the platform. Layer 2 protocols from the ToR to the server are intra-rack and inter-rack. No spanning tree is required, but interoperability with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 905
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv6/IPv4. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as RIP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 906
• VLT resiliency - After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until the PIM protocol detects the failure and adjusts the multicast distribution tree. • Optimal routing - The VLT peer that receives the incoming traffic - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 907
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 908
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the VLTi . 3. Configure a backup link for the VLT domain. 4. (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 909
interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2. Remove an IP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 910
You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3. Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number 4. (Optional) Prevent a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 911
The range of domain IDs from 1 to 1000. 2. Enter an amount of time, in seconds, to delay the restoration of the VLT ports after the system is rebooted. CONFIGURATION mode delay-restore delay-restore-time The range is from 1 to 1200. The default is 90 seconds. Reconfiguring the Default VLT Settings ( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 912
Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer switch reboots. Connecting a VLT Domain to an Attached - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 913
To configure the VLAN where a VLT peer forwards received packets over the VLTi from an adjacent VLT peer that is down, use the peer-down-vlan parameter. When a VLT peer with BMP reboots, untagged DHCP discover packets are sent to the peer over the VLTi. Using this configuration ensures the DHCP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 914
3. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 915
interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the Enabling VLT and Creating a VLT Domain. 9. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 10. Associate the port channel to the corresponding - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 916
vlt domain domain id 2. Configure the VLTi between VLT peer 1 and VLT peer 2. 3. You can configure LACP/static LAG between the peer units (not shown). CONFIGURATION mode interface port-channel port-channel id NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 917
NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. s4810-2(conf)#vlt domain 5 s4810-2( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 918
3. In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vlt-peer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured in VLT peer 2). s4810-2#show running-config interface tengigabitethernet 0/ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 919
s60-1# Te 0/50 (Up) Verify VLT is up. Verify that the VLTi (ICL) link, backup link connectivity (heartbeat status), and VLT peer link (peer chassis) are all up. s4810-2#show vlt brief VLT Domain Brief Domain ID: 5 Role: Primary Role Priority: 32768 ICL Link Status: Up HeartBeat - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 920
Figure 121. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 921
Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 922
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 923
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link • Display general status information - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 924
Examples of the show vlt and show spanning-tree rstp Commands The following example shows the show vlt backup-link command. Dell_VLTpeer1# show vlt backup-link VLT Backup Link Destination: 10.11.200.18 Peer HeartBeat status: Up HeartBeat Timer Interval: 1 HeartBeat Timeout: 3 UDP Port: - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 925
The following example shows the show vlt detail command. Dell_VLTpeer1# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs 100 100 UP UP 10, 20, 30 127 2 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 926
Dell_VLTpeer2# show vlt statistics VLT Statistics HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 927
Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 928
Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.35/ Dell_VLTpeer2(conf-if-ma-0/0)#no shutdown Dell_VLTpeer2(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi). Dell_VLTpeer2(conf)#interface port-channel 100 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 929
following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 75. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run Time Action to Take Bandwidth monitoring A syslog error message and an SNMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 930
Description Unit ID mismatch Version ID mismatch VLT LAG ID is not configured on one VLT peer VLT LAG ID mismatch Behavior at Peer Up Behavior During Run Time Action to Take that the MAC address is the same on both units. The VLT peer does not boot up. The VLTi is forced to a down state. A - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 931
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 932
not validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN. Association of VLTi as a Member of a PVLAN If a VLAN is configured as a non-VLT VLAN on both the peers, the VLTi link is made a member - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 933
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 934
VLT LAG Mode Peer1 Peer2 Promiscuo Trunk us PVLAN Mode of VLT VLAN Peer1 Peer2 Primary Primary Trunk Access Primary Secondary Promiscuo Promiscuo Primary us us Primary Promiscuo Access us Primary Secondary Promiscuo us Promiscuo us Primary - Secondary (Community) Primary - - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 935
PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section contains the following topics that - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 936
INTERFACE PORT-CHANNEL mode no shutdown 5. To configure the VLT interconnect, repeat Steps 1-4 on the VLT peer switch. 6. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 7. Enter the port-channel - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 937
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 938
the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast and broadcast ARP requests. Control packets, other than receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 939
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 940
54 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview S6000 device acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 941
and logical network based on messages from the NVP. • Advertises MACs learnt on south-facing VXLAN capable-ports to the NVP client. VXLAN Hypervisor Service Node(SN) Legacy TOR It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. It - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 942
Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1. Provides connectivity between a Virtual server infrastructure and a Physical server infrastructure. 2. Provides the functions performed by a VTEP in a virtual server infrastructure. The - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 943
Components of VXLAN Frame Format Some of the important fields of the VXLAN frame format are described below: Outer Ethernet Header: The Outer Ethernet Header consists of the following components: • Destination Address: Generally, it is a first hop router's MAC address when the VTEP is on a - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 944
To create a Hypervisor or server, the required fields are the IP address and SSL certificate of the server. The following are the snapshots of the user interface for creating a Hypervisor: 2. Create Service Node 944 Virtual Extensible LAN (VXLAN) - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 945
node is responsible for broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service node: 3. Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 946
details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway instance. 2. vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3. controller - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 947
6. fail-mode (Optional) VxLAN INSTANCE mode fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7. no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 948
Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 949
Tunnel Key : 2 VFI : 28674 Unknown Multicast MAC Tunnels: 192.168.122.133 : vxlan_over_ipv4 (up) Port Vlan Bindings: Te 0/80: VLAN: 0 (0x80000001), Fo 0/124: VLAN: 0 (0x80000004), The following example shows the show vxlan vxlan-instance statistics interface command. Dell#show vxlan vxlan-instance - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 950
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 951
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 952
VLAN Yes No port OSPF, RIP, ISIS, BGP on physical Yes and logical interfaces Yes NOTE: OSPF supported on all VRF ports. OSPF V2 and BGP V4 are supported on non-default-VRF ports also. Others supported only on default-VRF ports. Dynamic Port-channel (LACP) on Yes Yes VLAN port or a Layer - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 953
on physical interfaces and LAGs IPv4 ARP Yes IPv6 Neighbor Discovery Yes Layer 2 ACLs on VLANs Yes FEED Yes Layer 2 QoS Yes Support for storm-control Yes (broadcast and unknown- unicast) sFlow Yes VRRP on physical and logical Yes interfaces Secondary IP Addresses Yes Following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 954
to configure non-default VRFs are made available on the system. Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Task Create a non-default VRF instance by specifying a name and VRF ID number, and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 955
(including the default VRF 0), do not enter a value for vrf-name. EXEC Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer to Open Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 956
static routes for reaching specific destinations through a given gateway in a VRF. VRRP provides high availability and protection for next-hop static routes by eliminating a single point of failure in the default static routed network. For more information, refer to VRRP Overview. Task Command - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 957
Figure 123. Setup OSPF and Static Routes Virtual Routing and Forwarding (VRF) 957 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 958
Figure 124. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/0 no ip address switchport no shutdown ! interface GigabitEthernet 7/0 ip vrf forwarding blue - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 959
interface GigabitEthernet 7/1 ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown ! interface GigabitEthernet 7/2 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/0 no shutdown ! interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 960
interface GigabitEthernet 9/19 ip vrf forwarding orange ip address 21.0.0.1/24 no shutdown ! interface GigabitEthernet 9/20 ip vrf forwarding green ip address 31.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/0 no shutdown interface - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 961
Gi 13/0-47, Ma 0/0, Ma 1/0, Nu 0, Vl 1 blue 1 Gi 7/0, Vl 128 orange 2 Gi 7/1, Vl 192 green 3 Gi 7/2, Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1.0.0.2 1 FULL/DR 00:00:32 1.0.0.2 Vl 128 0 Dell#sh ip ospf 2 neighbor Neighbor - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 962
110/2 00:10:41 Dell#show ip route vrf green Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 963
Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1.0.0.1 1 FULL/BDR 00:00:36 1.0.0.1 Vl 128 0 ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri State Dead Time Address Interface Area 2.0.0.1 1 FULL/BDR 00:00:33 2.0.0.1 Vl 192 0 ! - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 964
Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 965
Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on Dell Networking OS. VRRP Overview VRRP is designed to /1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 966
gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported. Virtual IP addresses can belong to the primary or secondary IP address' subnet configured on the interface. You can ping all the virtual - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 967
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 968
Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#int gi 1/1 Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-gi-1/1)#show conf ! interface GigabitEthernet - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 969
NOTE: Carefully following this procedure, otherwise you might introduce dual master switches issues. To migrate an IPv4 VRRP Group from VRRPv2 to VRRPv3: 1. Set the backup switches to VRRP version to both. Dell_backup_switch1(conf-if-te-0/1-vrid-100)#version both Dell_backup_switch2(conf-if-te-0/2- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 970
The VRID range is from 1 to 255. 2. Configure virtual IP addresses for this VRID. INTERFACE -VRID mode virtual-address ip-address1 [...ip-address12] The range is up to 12 addresses. Examples of the Configuring and Verifying a Virtual IP Address The following example shows how to configure a virtual - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 971
When the VRRP process completes its initialization, the State field contains either Master or Backup. Setting VRRP Group (Virtual Router) Priority Setting a virtual router priority to 255 ensures that router is the "owner" virtual router for the VRRP group. VRRP elects the MASTER router by choosing - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 972
NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 973
The following example shows how to disable preempt using the no preempt command. Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)#no preempt Dell(conf-if-gi-1/1-vrid-111)# The following example shows how to verify preempt is disabled using the show conf command. Dell(conf-if-gi-1/1- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 974
advertise-interval centisecs centisecs The range is from 25 to 4075 centisecs in units of 25 centisecs. The default is 100 centisecs. Examples of the advertise-interval Command The following example shows how to change the advertise interval using the advertise-interval command. Dell(conf-if-gi - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 975
- The valid VLAN IDs are from 1 to 4094. For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 976
vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track GigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Dell(conf-if-gi-1/1-vrid-111)# The following example shows - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 977
local destination address is not seen on the reloaded node causing suboptimal routing. Set the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you configure both CLIs, the later timer rules VRRP enabling. For example, if you set - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 978
directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. The VRRP topology was created using the - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 979
Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2( - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 980
Figure 127. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 981
Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the GigE 0/0 interface has a higher IPv6 address than the GigE 1/0 interface on R3. Router 2 R2(conf)#interface gigabitethernet 0/0 R2(conf-if-gi-0/0)#no ip address R2(conf-if-gi-0/0)#ipv6 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 982
VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP. • Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 983
Figure 128. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface GigabitEthernet 12/1 S1(conf-if-gi-12/1)#ip vrf forwarding - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 984
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 985
VRRP in VRF: Switch-1 VLAN Configuration VRRP in VRF: Switch-2 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface GigabitEthernet 12/4 S1(conf-if-gi-12/4)#no ip address S1(conf-if-gi-12/4)#switchport S1(conf-if-gi-12/4)#no - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 986
S2(conf-if-vl-100-vrid-101)#priority 255 S2(conf-if-vl-100-vrid-101)#virtual-address 10.10.1.2 S2(conf-if-vl-100)#no shutdown ! S2(conf-if-gi-12/4)#interface vlan 200 S2(conf-if-vl-200)#ip vrf forwarding VRF-2 S2(conf-if-vl-200)#ip address 10.10.1.2/24 S2(conf-if-vl-200)#tagged gigabitethernet 12/4 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 987
S-Series Debugging and Diagnostics This chapter describes debugging and diagnostics for the S6000 platform. 57 Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 988
NOTE: The system reboots when the offline diagnostics complete. This is an automatic process. The following warning message appears when you implement the offline stackunit command: Warning - Diagnostic execution will cause stack-unit to reboot after completion of diags. Proceed with Offline-Diags [ - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 989
-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports ---- 0 Management offline S6000 S6000 9.4(0.0) 128 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present -- Power Supplies -- Unit Bay Status Type - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 990
[163]: ERROR: platform cpld cache disabled ioctl failed, rv: 9 S6000 DIAGNOSTICS Board CPU Version Stack Unit Board Temp Stack Unit Number Board Service Tag System Cpld Rev Master Cpld Rev Slave Cpld Rev Image Build Version : S6000 Dell Inc. : Intel Centerton Processor : 32 Degree - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 991
diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 8.001 - Psu1 Fan AirFlow Type Test NOT PRESENT Test 8 - Psu Fan AirFlow Type Test NOT PRESENT Test 9 - Power Rail Status Test PASS Test 10.000 - FanTray0 Presence Test PASS Test 10.001 - FanTray1 Presence Test PASS - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 992
124 When you configure twenty-six 40G ports for Fanout mode, a total of 104 10G ports is available. Because this number is the maximum limit supported on the device, the remaining six 40G ports are disabled. Configuring Fanout Mode Keep the following in mind when you specify fanout on S6000 switch - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 993
are disabled the next time you reload the system. • When you attempt to configure fanout on the ports where fanout feature is not supported, a warning message displays stating that Quad mode ports limit has been reached and that you cannot configure additional ports. • For theshow hardware command - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 994
This phenomenon occurs because in Release 9.4(0.0), static configuration for the restricted ports is maintained. Validation of the restricted ports is performed at the CLI level and not during bootup. Therefore, increased fanout configuration on ports is not backward-compatible. If you want to - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 995
are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information for MASTER or . NOTE: Non-management member units do not support this functionality. S-Series Debugging and Diagnostics 995 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 996
Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Enabling Environmental Monitoring The components use environmental monitoring hardware to detect transmit power readings, receive power readings, and - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 997
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 998
going from the FP to the CSF IDP links. 3. Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. 998 S-Series Debugging and Diagnostics - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 999
Physical memory is organized into cells of 128 bytes. The cells are organized into two buffer pools - the dedicated buffer and the dynamic buffer. • Dedicated buffer - this pool is reserved memory that other interfaces cannot use on the same ASIC or by other queues on the same interface. This buffer - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1000
Figure 130. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1001
BUFFER PROFILE mode buffer dedicated • Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE mode buffer packet-pointers • Apply the buffer profile to a line card. CONFIGURATION mode - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1002
The following example shows viewing the default buffer profile. Dell#show buffer-profile detail interface gigabitethernet 0/1 Interface Gi 0/1 Buffer-profile - Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2. - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1003
pre-defined buffer profiles, one for single-queue (for example, nonquality-of-service [QoS]) applications, and one for four-queue (for example, QoS) profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1004
fsqueue-fp Dell#sho run int gi 0/10 ! interface GigabitEthernet 0/10 no ip address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet loss, use the following commands. • show hardware stack-unit cpu data-plane - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1005
Dell#show hardware stack-unit 0 drops unit 0 Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 Dell#show hardware stack-unit 0 drops unit 0 port 1 --- Ingress Drops --- - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1006
noMbuf :0 noClus :0 recvd :0 dropped :0 recvToNet :0 rxError :0 rxDatapathErr :0 rxPkt(COS0) :0 rxPkt(COS1) :0 rxPkt(COS2) :0 rxPkt(COS3) :0 rxPkt(COS4) :0 rxPkt(COS5) :0 rxPkt(COS6) :0 rxPkt(COS7) :0 rxPkt(UNIT0) :0 rxPkt(UNIT1) :0 rxPkt(UNIT2) :0 rxPkt(UNIT3) :0 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1007
34 over 255-byte pkts, 504838 over 511-byte pkts, 1009638 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 1649714 Unicasts 0 throttles, 0 discarded, 0 collisions Rate info (interval 45 seconds): Input 00.00 Mbits/sec, 2 packets/sec, 0.00% of line-rate Output 00.06 Mbits/sec, 8 packets/sec, 0.00% of - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1008
Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and kernel mini core - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1009
FREE MEMORY uvmexp.free = 0x2312 Enabling TCP Dumps A TCP dump captures CPU-bound control plane traffic to improve troubleshooting and system manageability. When you enable TCP dump, it captures all the packets on the local CPU, as specified in the CLI. You can save - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1010
standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1011
Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 81. General Internationalization of the File Transfer 8.3.12.0 Protocol 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 7.7.1 2615 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1012
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 82. General IPv4 Protocols RFC# Full Name S-Series 791 Internet Protocol 7.6.1 792 Internet Control Message Protocol 7.6.1 826 An - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1013
per platform for general IPv6 protocols. Table 83. General IPv6 Protocols RFC# Full Name S-Series 1886 DNS Extensions to support IP version 6 7.8.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 2462 (Partial) IPv6 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1014
Gateway Protocol 4 (BGP-4) 7.8.1 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 85. Open Shortest Path First (OSPF) RFC# Full Name S-Series/Z-Series 1587 The OSPF Not-So - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1015
(IS-IS) Point-to-Point Adjacencies 3567 IS-IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1016
(PIM-SM): Protocol Specification (Revised) 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 89. Network Management RFC# Full Name S4810 S4820T Z-Series 1155 Structure and Identification - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1017
RFC# 1157 1212 1215 1493 1724 1850 1901 2011 2012 2013 2024 2096 2558 Full Name S4810 Management of TCP/IPbased internets A Simple Network Management Protocol (SNMP) 7.6.1 Concise MIB Definitions 7.6.1 A Convention for Defining 7.6.1 Traps for use with the SNMP Definitions of Managed 7.6.1 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1018
RFC# 2570 2571 2572 2574 2575 2576 2578 2579 2580 2618 1018 Full Name S4810 Digital Hierarchy (SONET/ SDH) Interface Type Introduction and Applicability Statements for Internet Standard Management Framework 7.6.1 An Architecture for 7.6.1 Describing Simple Network Management Protocol (SNMP - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1019
, Ethernet History Table, Alarm Table, Event Table, Log Table 7.6.1 The Interfaces Group MIB 7.6.1 Remote Authentication Dial In User Service (RADIUS) 7.6.1 Remote Network 7.6.1 Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1020
Extensions for High Capacity Alarms, HighCapacity Alarm Table (64 bits) 7.6.1 3580 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines 7.6.1 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 4001 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1021
RFC# draft-ietf-isiswgmib- 16 Full Name S4810 Gateway Protocol (BGP-4) using SMIv2 Management Information Base for Intermediate System to Intermediate System (IS-IS): isisSysObject (top level scalar objects) isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1022
can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) FORCE10-CSCHASSIS-MIB Force10 C-Series Enterprise Chassis MIB FORCE10-IFEXTENSION-MIB Force10 - Dell PowerSwitch S6000 | 9.60.0 Configuration Guide for the S6000 System - Page 1023
RFC# Full Name S4810 FORCE10-SSCHASSIS-MIB Force10 S-Series Enterprise Chassis MIB 7.6.1 FORCE10-SMI Force10 Structure of 7.6.1 Management Information FORCE10-SYSTEM- Force10 System COMPONENT-MIB Component MIB (enables the user to view CAM usage information) 7.6.1 FORCE10-TC-MIB Force10
Dell Configuration Guide for the S6000
System
9.6(0.0)