Dell Force10 S60-44T FTOS Configuration Guide for the S60 System FTOS 8.3.3.8
Dell Force10 S60-44T Manual
View all Dell Force10 S60-44T manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Force10 S60-44T manual content summary:
- Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 1
FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 2
loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2012 Dell Force10. All rights reserved. Reproduction of these materials in any manner - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 3
mode 34 3 Getting Started 35 Console access 35 Serial console 36 USB-B console 37 Default Configuration 39 Configure a Host Name 40 Access the System Remotely 40 Access the C-Series and E-Series and the S60 Remotely 40 Access the S-Series Remotely 42 Configure the Enable Password - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 4
66 Telnet to Another Network Device 67 Lock CONFIGURATION mode 68 Viewing the Configuration Lock Status 69 Recovering from a Forgotten Password on the S60 69 Recovering from a Forgotten Enable Password on the S60 70 Recovering from a Failed Start on the S60 71 5 802.1ag 73 Ethernet CFM 73 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 5
Request Identity Re-transmissions 93 Configuring a Quiet Period after a Failed Authentication 94 Forcibly Authorizing or Unauthorizing a Port 95 Re-authenticating a Port 96 Periodic Re-authentication 96 Configuring Timeouts 97 Dynamic VLAN Assignment with Port Authentication 98 Guest - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 6
www.dell.com | support.dell.com 6| ACL Resequencing 127 Resequencing an ACL or Prefix List 128 Route Maps 129 Implementation Information 129 Important Points to Remember 129 Configuration Task List for Route Maps 130 8 Border Gateway Protocol IPv4 (BGPv4 137 Protocol Overview 138 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 7
Name Server 218 Switch boot and set-up behavior in Jumpstart Mode 218 10 Content Default CAM Configuration 236 CAM Optimization 237 Applications for CAM Profiling 237 LAG Hashing 237 LAG Hashing based on Bidirectional Flow 238 CAM profile for the VLAN ACL group feature 238 Troubleshoot - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 8
www.dell.com | support.dell.com Configure a Method of Hostname Resolution 248 Create Manual Binding Entries 249 Debug DHCP server 249 DHCP Clear Commands 249 Configure the System to be a Relay Agent 250 Configure the System for User Port Stacking 251 Configure Secure DHCP 251 Option 82 251 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 9
Mode 298 Configure Layer 3 (Network) Mode 299 Management Interfaces 300 Configure Management Interfaces on the E-Series and C-Series and on the S60 .300 Configure Management Interfaces on the S-Series 302 VLAN Interfaces 303 Loopback Interfaces 304 Null Interfaces 304 Port Channel Interfaces - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 10
www.dell.com | support.dell.com Important Points to Remember about Link Debounce Timer 323 Assign a debounce time to an interface 324 Show debounce times in an interface 324 Disable ports when one only SFM is available (E300 only 324 Disable port on one SFM 325 Link Dampening 325 Important - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 11
for an Interface 380 Clear IPv6 Routes 380 18 iSCSI Optimization 383 iSCSI Optimization Overview 383 Detection and Auto-configuration for Dell EqualLogic Arrays 384 Detection and Port Configuration for Dell Compellent Arrays 385 Enabling and Disabling iSCSI Optimization 386 Default iSCSI - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 12
414 MAC Move Optimization 415 Microsoft Clustering 415 Default Behavior 416 Configuring the Switch for Microsoft Server Clustering 417 Enable and Disable VLAN Flooding 417 Configuring Redundant Pairs 418 Important Points about Configuring Redundant Pairs 418 Restricting Layer 2 Flooding 420 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 13
435 CONFIGURATION versus INTERFACE Configurations 435 Enabling LLDP 436 Disabling and Undoing LLDP 436 Advertising TLVs 436 Viewing the LLDP Configuration 438 Viewing Information Advertised by Adjacent LLDP Agents 438 Configuring LLDPDU Intervals 439 Configuring Transmit and Receive Mode 440 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 14
List for OSPFv2 (OSPF for IPv4 491 Troubleshooting OSPFv2 509 Configuration Task List for OSPFv3 (OSPF for IPv6 511 Troubleshooting OSPFv3 516 Sample Configurations for OSPFv2 517 Basic OSPFv2 Router Topology 517 25 PIM Sparse-Mode 519 Implementation Information 519 Protocol Overview 519 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 15
Important Points to Remember 551 Port Monitoring on E-Series 552 E-Series TeraScale 552 E-Series ExaScale 553 Port Monitoring on C-Series and S-Series 553 Configuring Port Monitoring 556 Flow-based Monitoring 558 29 Private VLANs 561 Private VLAN Concepts 562 Private VLAN Commands 563 | 15 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 16
www.dell.com | support.dell.com 16 | Private VLAN Configuration Task List 564 Private VLAN Configuration Example 567 30 Per-VLAN Spanning Tree Plus 571 Protocol Overview 571 Implementation Information 572 Configure Per-VLAN Spanning Tree Plus 572 Related Configuration Tasks 572 Enable PVST - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 17
627 Fault Recovery 628 34 Rapid Spanning Tree Protocol 633 Protocol Overview 633 Configuring Rapid Spanning Tree 633 Related Configuration Tasks 633 Important Points to Remember 634 Configure Interfaces for Layer 2 Mode 634 Enable Rapid Spanning Tree Protocol Globally 635 Add and Remove - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 18
and Authorization 677 VTY MAC-SA Filter Support 677 36 Service Provider Bridging 679 VLAN Stacking 679 Important Points to Remember 680 Configure VLAN Stacking 680 Create Access and Trunk Ports 681 Enable VLAN-Stacking for a VLAN 681 Configure the Protocol Type Value for the Outer - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 19
Configuration Files Using SNMP 718 Manage VLANs using SNMP 724 Create a VLAN 724 Assign a VLAN Alias 724 Display the Ports in a VLAN 725 Add Tagged and Untagged Ports to a VLAN 727 Enable and Disable a Port using SNMP 728 Fetch Dynamic MAC Entries using SNMP 728 Deriving Interface Indices - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 20
766 Troubleshoot an S-Series Stack 766 Recover from Stack Link Flaps 766 Recover from a Card Problem State on an S-Series Stack 767 Recover from a Card Mismatch State on an S-Series Stack 767 41 Storm Control 769 Configure Storm Control 769 Configure storm control from INTERFACE mode 769 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 21
Get Help with upgrades 787 44 Virtual LANs (VLAN 789 Default VLAN 790 Port-Based VLANs 791 VLANs and Port Tagging 791 Configuration Task List for VLANs 792 VLAN Interface Counters 796 Native VLANs 796 Enable Null VLAN as the Default VLAN 797 45 Virtual Router Redundancy Protocol (VRRP 799 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 22
Buffer tuning commands 823 Sample buffer profile configuration 825 Multicast Buffering on the S60 826 Troubleshooting packet loss 827 Displaying Drop Counters 828 Dataplane Statistics 829 Displaying Stack Port Statistics 831 Displaying Stack Member Counters 831 Application core dumps 832 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 23
1 About this Guide Objectives This guide describes the protocols and features supported by the Dell Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. The E-Series ExaScale - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 24
of an FTOS behavior. These behaviors are inherent to the Dell Force10 system or FTOS feature and are non-configurable. ces Platform Specific Feature e e t x E-Series Specific Feature/Command * Exception This symbol informs you of a feature that supported on one or two platforms only: e is for - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 25
the Command Line Access the command line through a serial console port or a Telnet session (Figure 2-1). When the system successfully boots, you enter the command line in the EXEC mode. Note: You must have a password configured on a virtual terminal line before you can Telnet into the system - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 26
INTERFACE sub-mode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1-Gigabit Ethernet, or 10-Gigabit Ethernet, or SONET) or logical (Loopback, Null, port channel, or VLAN). • LINE sub-mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 27
Figure 2-2. CLI Modes in FTOS EXEC EXEC Privilege CONFIGURATION ARCHIVE AS-PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 28
Interface Force10(conf-if-lo-0)# Management Ethernet Force10(conf-if-ma-0/0)# Interface Null Interface Force10(conf-if-nu-0)# Port-channel Interface Force10(conf-if-po-0)# SONET Interface Force10(conf-if-so-0/0)# VLAN Interface Force10(conf-if-vl-0)# STANDARD ACCESS- LIST Force10(config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 29
TREE Per-VLAN SPANNING TREE Plus PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP ROUTER ISIS ROUTER OSPF ROUTER RIP SPANNING TREE TRACE-LIST Force10(config-mstp)# Force10(config-pvst)# Force10(conf-nprefixl)# Force10(config-rstp)# Force10(conf-redirect-list)# Force10(config-route-map - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 30
www.dell.com | support.dell.com The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command do. Figure 2-4 illustrates the do command. Note: The following - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 31
the help command. Figure 2-6. ? Command Example Force10#? calendar cd change clear clock configure copy debug --More-- "?" at prompt for the hardware calendar Change current directory Change subcommands Reset functions Manage the system clock Configuring from terminal Copy from one file to another - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 32
www.dell.com | support.dell.com • The UP and DOWN arrow keys display previously entered commands (see Command History). • The BACKSPACE and DELETE keys erase the previous letter. • Key combinations are available to move quickly across the command line, as described in Table 2-2. Table 2-2. Short- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 33
sub-option is implemented. Starting with FTOS 7.8.1.0, the ," such as interface GigabitEthernet 0/0. Force10#show linecard all | except 0 -- Line cards -- Slot Status NxtBoot ReqTyp CurTyp Version Ports 2 not present 3 not present 4 not present 5 not present 6 not present Configuration - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 34
was established. For example: • On the system that telnets into the switch, Message 1 appears: Message 1 Multiple Users in Configuration mode Telnet Message % Warning: The following users are currently configuring the system: User "" on line console0 • On the system that is connected over - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 35
Interface (CLI), see the Accessing the Command Line section in Chapter 1, Configuration Fundamentals, on page 47. Console access The S60 has 2 management ports available for system access: a serial console port and a USB-B port. The USB-B ports acts exactly as the console port. By default, the S60 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 36
dell.com | support.dell.com Serial console The RS-232 console port is labeled on the S60 chassis. It is in the upper right-hand side, as you face the rear of the chassis. Console Port To access the console port, follow the procedures below. Refer to Table 3-1 for the console port Console Port RJ- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 37
the USB-B end of cable into the USB-B console port on the S60 (see Figure 7) Power on the S60. Install necessary USB device drivers (internet connection required). Contact Dell Force10 TAC for CD, if necessary. Open your terminal software emulation program to access the S60. Getting Started | 37 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 38
www.dell.com | support.dell.com Step 7 Task (continued) Using the terminal settings shown here, set the terminal connection settings. • 9600 baud rate, No parity, 8 data bits, 1 stop bit, No flow control 8 You will see the message below when you are connected to the S60. 38 | Getting Started - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 39
for user on line console Force10> Default Configuration A version of FTOS is pre-loaded onto the chassis, however the system is not configured when you power up for the first time (except for the default hostname, which is Force10). You must configure the system using the CLI. Getting Started | 39 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 40
step process: 1. Configure an IP address for the management port. See Configure the Management Port IP Address. 2. Configure a management route with a default gateway. See Configure a Management Route. 3. Configure a username and password. See Configure a Username and Password. 40 | Getting Started - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 41
To configure the management port IP address: Step Task 1 Enter INTERFACE mode for the Management port. 2 Assign an IP address to the interface. 3 Enable the interface. Command Syntax Command Mode interface ManagementEthernet slot/port • slot range: 0 to 1 • port range: 0 CONFIGURATION ip - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 42
for the port through which you will manage the system using the command ip address from INTERFACE mode, as shown in Figure 3-3. 2. Configure a IP route with a default gateway using the command ip route from CONFIGURATION mode, as shown in Figure 3-3. 3. Configure a username and password using the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 43
. Dell Force10 recommends using the enable secret password. To configure an enable password: Task Create a password to access EXEC Privilege mode. Command Syntax Command Mode enable [password | secret] [level level] [encryption-type] password level is the privilege level, is 15 by default, and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 44
3-2. • To copy a remote file to Dell Force10 system, combine the file-origin syntax for a password configured. • The usbflash and rpm0usbflash commands are supported on E-Series ExaScale and S60 systems. Refer to your system's Release Notes for a list of approved USB vendors. 44 | Getting Started - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 45
current system configuration. Dell Force10 recommends that you copy your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup-configuration is stored in the internal flash on the primary RPM by default, but - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 46
www.dell.com | support.dell.com Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the copy running-config startup-config internal flash of the primary RPM the internal flash on an RPM copy running-config rpm{0|1}flash://filename Note: The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 47
file rpm{0|1}slot0://filename show running-config show startup-config Command Mode EXEC Privilege View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in Figure 3-7, to help you track the last time any user made a change to the file, which - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 48
www.dell.com | support.dell.com Figure 3-7. Tracking Changes with Configuration Comments Force10#show running-config Current Configuration ... ! Version 8.2.1.0 ! Last configuration change at Thu Apr 3 23:06:28 2008 by admin ! Startup-config last updated at Thu Apr 3 23:06:55 2008 by admin ! boot - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 49
Force10#cd slot0: Force10#copy running-config test Force10#copy run test ! 7419 bytes successfully copied Force10 commands entered by all users of the system with Force10#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 Started | 49 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 50
50 | Getting Started www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 51
62 • Terminal Lines on page 64 • Lock CONFIGURATION mode on page 68 • Recovering from a Forgotten Password on the S60 on page 69 • Recovering from a Failed Start on the S60 on page 71 Configure Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 52
www.dell.com | support.dell.com Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 53
| line | route-map | router} {command-keyword ||...|| command-keyword} privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Command Mode CONFIGURATION CONFIGURATION The configuration in Figure 4-1 creates privilege level 3. This level: • removes the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 54
Null interface port-channel Port-channel interface range Configure interface range sonet SONET interface tengigabitethernet TenGigabit Ethernet interface vlan VLAN interface Force10(conf)#interface gigabitethernet 1/1 Force10(conf-if-gi-1/1)#? end Exit from configuration mode exit - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 55
for a user: Task Configure a privilege level for a user. Command Syntax username username privilege level Command Mode CONFIGURATION Apply a mode, but the prompt is hostname#, rather than hostname>. Configure Logging FTOS tracks changes in the system using event and error messages. By default - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 56
www.dell.com | support.dell.com Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. Message 1 BootUp Events %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 57
configure up to eight syslog servers. Command Syntax Command Mode logging {ip-address | hostname} CONFIGURATION Configure a Unix System as a Syslog Server Configure can change the default settings of the system logging by changing the severity level and the storage location. The default is to log - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 58
www.dell.com | support.dell.com Task Specify the size of the logging buffer. Note: When the CONFIGURATION mode: To view the logging configuration, use the show running-config logging command (Figure 37) in the EXEC privilege mode. Display the Logging Buffer and the Logging Configuration Display - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 59
: Port link status for LC 12 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 12 is up %IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8 To view any changes made, use the show running-config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 60
. Figure 4-3. show running-config logging Command Example Force10#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 61
, use these commands in the following sequence starting in the CONFIGURATION mode: Step Command Syntax 1 line {console 0 Default is 20. To view the logging synchronous configuration, use the show config command in the LINE mode. Enable timestamp on syslog messages syslog messages, by default - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 62
on to the system; however, FTP is not supported on VLAN interfaces. For more information on FTP, refer to RFC 959, File Transfer Protocol. Configuration Task List for File Transfer Services The following list includes the configuration tasks for file transfer services: • Enable FTP server on page 63 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 63
ftp-server username username password [encryption-type] password Command Mode Purpose CONFIGURATION Specify the directory for users using FTP to reach the system. The default is the internal flash directory. CONFIGURATION Specify a user name for all FTP users and configure either a plain text - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 64
com | support.dell.com Configure FTP client parameters To configure FTP client parameters, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode ip ftp source-interface interface CONFIGURATION ip ftp password password ip ftp username name CONFIGURATION CONFIGURATION - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 65
method list that contains the line authentication method. Configure a password using the command password from LINE mode. • local-Prompt for the the system username and password. • none-Do not authenticate the user. • radius-Prompt for a username and password and use a RADIUS server to authenticate - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 66
4-6. Configuring Login Authentication on a Terminal Line Force10(conf)#aaa authentication login myvtymethodlist line Force10(conf)#line vty 0 2 Force10(config-line-vty)#login authentication myvtymethodlist Force10(config-line-vty)#password myvtypassword Force10(config-line-vty)#show config line - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 67
to 0. Return to the default timeout values. no exec-timeout View the configuration using the command show config from LINE mode. Figure 4-7. Configuring EXEC Timeout Force10(conf)#line con 0 Force10(config-line-console)#exec-timeout 0 Force10(config-line-console)#show config line console 0 exec - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 68
other users are denied access. This means that you can exit to EXEC Privilege mode, and re-enter CONFIGURATION mode without having to set the lock again. • Set a manual lock using the command configure terminal lock from CONFIGURATION mode. When you configure a manual lock, which is the default, you - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 69
any line using the command clear from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Recovering from a Forgotten Password on the S60 If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 70
Recovering from a Forgotten Enable Password on the S60 If you forget the enable password: Step 1 2 3 4 5 6 7 8 Task Command Syntax Command Mode Log onto the system via console. Power-cycle the chassis by switching off all of the power modules and then switching them back on. Press any - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 71
f10boot location] 4 Assign an IP address to the Management Ethernet interface. setenv ipaddre address 5 Assign an IP address as the default gateway for the system. setenv gatewayip address 6 Reload the system. reset Command Mode (during bootup) uBoot uBoot uBoot uBoot Management | 71 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 72
72 | Management www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 73
used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3. Ethernet Local management Interface (MEF-16 E-LMI) Ethernet - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 74
is an interface demarcation that confines CFM frames to a domain. There are two types of maintenance points: • Maintenance End Points (MEPs): a logical entity that marks the end-point of a domain • Maintenance Intermediate Points (MIPs): a logical entity configured at a port of a switch that is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 75
on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP: monitors the forwarding path external another bridge. Configure Up- MEPs on ingress ports, ports that send traffic towards the bridge relay - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 76
www.dell.com | support.dell.com Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 77
domain name md-level number Range: 0-7 show ethernet cfm domain [name | brief] ETHERNET CFM EXEC Privilege Force10# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services MA-Name VLAN CC-Int X-CHK Status My_MA 200 10s enabled Domain Name: praveen Level: 6 Total - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 78
on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP: monitors the forwarding path external another bridge. Configure Up- MEPs on ingress ports, ports that send traffic towards the bridge relay - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 79
. Display configured MEPs and MIPs. ethernet cfm mip domain {name | level } ma-name name show ethernet cfm maintenance-points local [mep | mip] INTERFACE EXEC Privilege Force10#show ethernet cfm maintenance-points local mip MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 80
dell.com | support.dell.com • MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that have announced their presence via CCM Task Command Syntax Command Mode Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: Force10 MEP Interface status: Up MEP Port status: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 81
happen when different VLANs are cross-connected due to a configuration error. 4. Reception of a CCM with an MD level lower than that of the receiving MEP, which indicates a configuration or cross-connect error. 5. Reception of a CCM containing a port status/interface status TLV, which indicates - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 82
Default: Disabled mep cross-check mep-id Configure the amount of time the system waits for a remote MEP to come up before the cross-check operation is started. mep cross-check start-delay number Command Mode ECFM DOMAIN ECFM DOMAIN Command Mode -id | port interface} Command Mode EXEC Privilege - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 83
. Command Syntax traceroute cache traceroute cache hold-time minutes Default: 100 minutes Range: 10-65535 minutes traceroute cache size entries Default: 100 Range: 1 - 4095 entries show ethernet cfm traceroute-cache Command Mode CONFIGURATION ETHERNET CFM ETHERNET CFM EXEC Privilege 802.1ag | 83 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 84
dell.com | support.dell.com Task Command Syntax Command Mode Force10#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN Command Syntax snmp-server enable traps ecfm Command Mode CONFIGURATION A Trap is sent only when one of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 85
Name Level Type Port CCM-Status MA Name VLAN Dir MAC 100 cfm0 7 MEP Gi 4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45 Force10(conf-if-gi-0/6)#do show ethernet cfm domain Domain Name: My_Name MD Index: 1 Level: 0 Total Service: 1 Services MA-Index MA-Name VLAN CC-Int X-CHK - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 86
www.dell.com | support.dell.com Task Command Syntax Command Mode Display CFM statistics by port. show ethernet cfm port-statistics [interface] EXEC Privilege Force10#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 RX Statistics Total CFM - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 87
EAP over RADIUS to communicate with the server. End-user Device Force10 switch RADIUS Server EAP over LAN (EAPOL) EAP over RADIUS fnC0033mp Figure 6-1 and Figure show how EAP frames are encapsulated in Ethernet and Radius frames. * Note: FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 88
authenticate the supplicant. In this state, network traffic can be forwarded normally. Note: The Force10 switches place 802.1X-enabled ports in the unauthorized state by default. The Port-authentication Process The authentication process begins when the authenticator senses that a link status has - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 89
by the supplicant is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized, and forwards an EAP Success frame. If the identity information is invalid, the server sends and Access-Reject frame - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 90
.dell.com | support.dell.com Support Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: • Attribute 5-NAS-Port: the physical port authentication server. • Attribute 41-NAS-Port-Type: NAS-port physical port type. 5 indicates Ethernet. • Attribute - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 91
1X on an interface. See page 91. Related Configuration Tasks • Configuring Request Identity Re-transmissions on page 93 • Configuring Port-control on page 95 • Re-authenticating a Port on page 96 • Configuring Timeouts on page 97 • Configuring a Guest VLAN on page 100 • Configuring an Authentication - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 92
com | support.dell.com Figure 6-4. Enabling 802.1X Supplicant Authenticator 2/1 2/2 Authentication Server Force10(conf )#dot1x authentication Force10(conf )#interface range gigabitethernet 2/1 - 2 Force10(conf-if-range-gi-2/1-2)#dot1x authentication Force10(conf-if-range-gi-2/1-2)#show config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 93
Identity re-transmissions: Step 1 Task Command Syntax Configure a maximum number of times that a Request Identity frame can be re-transmitted by the authenticator. dot1x max-eap-req number Range: 1-10 Default: 2 Command Mode INTERFACE Figure 6-7 shows configuration information for a port for - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 94
a Request Identity frame after a failed authentication. Command Syntax dot1x quiet-period seconds Range: 1-65535 Default: 60 Command Mode INTERFACE Figure 6-7 shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • after 90 seconds and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 95
force-authorized | force-unauthorized | auto} Default: auto Command Mode INTERFACE Figure 6-8 shows configuration information for a port that has been force-authorized. Figure 6-8. Configuring Port-control Force10(conf-if-gi-2/1)#dot1x port-control force-authorized Force10(conf-if-gi-2/1)#do show - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 96
re-authenticate the supplicant. Command Syntax dot1x reauthentication [interval] seconds Range: 1-65535 Default: 60 To configure a maximum number of re-authentications: Command Mode INTERFACE Step 1 Task Configure the maximum number of times that the supplicant can be reauthenticated. Command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 97
Default: 30 Command Mode INTERFACE Figure 6-10 shows configuration information for a port for Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Disable Guest VLAN id: NONE Auth-Fail VLAN: Disable Auth-Fail VLAN - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 98
to which the interface will be assigned. Connect the supplicant to the port configured for 802.1X. Verify that the port has been authorized and placed in the desired VLAN (Figure 6-11, red text). In Figure 6-11 shows the configuration on the Force10 system before connecting the end-user device in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 99
6-11. Dynamic VLAN Assignment with 802.1X Force10(conf-if-gi-1/10)#show config interface GigabitEthernet 1/10 no ip address switchport 2 dot1x authentication 1 radius-server host 10.11.197.169 auth-port 1645 1 no shutdow key 7 387a7f2df5969da4 End-user Device Force10 switch RADIUS Server - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 100
. Configure a port to be placed in the Guest VLAN after failing to respond within the timeout period using the command dot1x guest-vlan from INTERFACE mode, as shown in Figure 6-12. Figure 6-12. Configuring a Guest VLAN Force10(conf-if-gi-1/2)#dot1x guest-vlan 200 Force10(conf-if-gi-1/2)#show config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 101
show config from INTERFACE mode, as shown in Figure 6-12, or using the command show dot1x interface command from EXEC Privilege mode as shown in Figure 6-14. Figure 6-14. Viewing Guest and Authentication-fail VLAN Configurations Force10(conf-if-gi-2/1)#dot1x port-control force-authorized Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 102
102 | 802.1X www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 103
the second filter (if configured) is applied. When a packet matches a filter, the switch drops or forwards the Configure a standard IP ACL on page 110 • Configure an extended IP ACL on page 113 • Configuring Layer 2 and Layer 3 ACLs on an Interface on page 116 • Assign an IP ACL to an Interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 104
Egress ACLs on page 119 • Configuring ACLs to Loopback on page 121 • Applying an ACL on Loopback Interfaces on page 121 • IP Prefix Lists on page 122 • ACL Resequencing on page 127 • Route Maps on page 129 IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 105
: % Error: Sum of all regions does not total to 100%. User Configurable CAM Allocation c User Configurable CAM Allocations are supported on platform and Allocate space for IPV6 ACLs on the by using the cam-acl command in CONFIGURATION mode. Access Control Lists (ACL), Prefix Lists, and Route-maps - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 106
take effect. CAM optimization c s CAM optimization is supported on platforms When this command is enabled, if a Policy Map containing classification rules (ACL and/or dscp/ ip-precedence rules) is applied to more than one physical interface on the same port-pipe, only a single copy of the policy is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 107
rules that are already configured, those counters are reset when a new supported over VLANs in Version 6.2.1.1 and higher. V ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 108
pmap Force10(conf-policy-map-in)#service-queue 7 class-map cmap1 Force10(conf-policy-map-in)#service-queue 4 class-map cmap2 Force10(conf-policy-map-in)#exit Force10(conf)#interface gig 1/0 Force10(conf-if-gi-1/0)#service-policy input pmap IP Fragment Handling FTOS supports a configurable option - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 109
• Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a loopback interface, the command is accepted, but the ACL entries are not actually installed the offending rule in CAM. IP fragments ACL examples The following - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 110
.dell.com | support.dell.com To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration similar to the following. Force10(conf)#ip access-list extended ABC Force10(conf-ext-nacl)#permit tcp any any fragment Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 111
Mode CONFIG-STD-NACL Purpose Configure a drop or forward filter. The parameters are: • log and monitor options are supported interface interface command (Figure 226) in EXEC Privilege mode. Figure 7-3. Command Example: show ip accounting access-list Force10#show ip accounting access ToOspf interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 112
support.dell.com To configure a filter without a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode 1 ip access-list standard access-list-name CONFIGURATION 2 {deny | permit} {source [mask] | any CONFIG - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 113
in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose 1 ip access-list extended access-list-name CONFIGURATION Enter the IP ACCESS LIST mode by creating an extended IP ACL. 2 seq sequence-number CONFIG-EXT-NACL Configure a drop or forward - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 114
www.dell.com | support.dell.com Step Command Syntax 2 seq sequence-number {deny | permit} tcp {source mask | any | host ip-address}} [count [byte] | log ] [order] [monitor] [fragments] Command Mode CONFIG-EXT-NACL Purpose Configure an extended IP ACL filter for TCP packets. • log and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 115
any seq 15 deny ip host 112.45.0.0 any log Force10(config-ext-nacl)# Configure filters without sequence number If you are creating an extended ACL supported on E-Series only. Configure a deny or permit filter to examine TCP packets. • log and monitor options are supported on E-Series only. Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 116
ACL Filtering on Switched Packets L2 ACL Behavior Deny Deny Permit Permit L3 ACL Behavior Deny Permit Deny Permit Decision on Targeted Traffic Denied by L3 ACL Permitted by L3 ACL Denied by L2 ACL Permitted by L2 ACL Note: If an interface is configured as a "vlan-stack access" port, the packets - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 117
in the INTERFACE mode: Step Command Syntax 1 interface interface slot/port 2 ip address ip-address 3 ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-range] 4 ip access-list [standard | extended] name Command Mode CONFIGURATION INTERFACE INTERFACE INTERFACE Purpose - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 118
www.dell.com | support.dell.com To view which IP ACL is applied to an interface, use the show config command (Figure 232) in the INTERFACE mode or the show running-config command in the EXEC mode. Figure 7-9. Command example: show config in the INTERFACE Mode Force10(conf-if)#show conf ! interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 119
10. Creating an Ingress ACL Force10(conf)#interface gige 0/0 Force10(conf-if-gige0/0)#ip access-group abcd in Force10(conf-if-gige0/0)#show config ! gigethernet 0/0 no ip address ip access-group abcd in no shutdown Force10(conf-if-gige0/0)#end Force10#configure terminal Force10(conf)#ip access-list - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 120
www.dell.com | support.dell.com Figure 7-11. Creating an Egress ACL Force10(conf)#interface gige 0/0 Force10(conf-if-gige0/0)#ip access-group abcd out Force10(conf-if-gige0/0)#show config Use the "out" keyword to specify egress. ! gigethernet 0/0 no ip address ip access-group abcd out no - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 121
an ACL (standard or extended) for loopback, use these commands in the following sequence: Step Command Syntax Command Mode Purpose 1 interface loopback 0 CONFIGURATION Only loopback 0 is supported for the loopback ACL. 2 ip access-list [standard | extended] name 3 ip access-group name in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 122
www.dell.com | support.dell.com Figure 7-12. Applying an ACL to the Loopback Interface Force10(conf)#interface loopback 0 Force10(conf-if-lo-0)#ip access-group abcd in Force10(conf-if-lo-0)#show config ! interface Loopback 0 no ip address ip access-group abcd in no shutdown Force10(conf-if-lo-0)# - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 123
all commands related to prefix lists, refer to the FTOS Command Line Interface Reference document. Configure a prefix list To configure a prefix list, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax 1 ip prefix-list prefix-name 2 seq sequence - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 124
, use these commands in the following sequence starting in the CONFIGURATION mode: Step Command Syntax 1 ip prefix-list prefix-name 2 {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] Command Mode CONFIGURATION CONFIG-NPREFIXL Purpose Create a prefix list and assign - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 125
(conf-nprefixl)# To delete a filter, enter the show config command in the PREFIX LIST mode and locate the sequence number of the filter you want to delete; then use the no seq sequence-number command in the PREFIX LIST mode. To view all configured prefix lists, use either of the following commands - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 126
(RIP is supported on C and E-Series.), use either of the following commands in the ROUTER RIP mode: Command Syntax router rip distribute-list prefix-list-name in [interface] distribute-list prefix-list-name out [interface | connected | static | ospf] Command Mode CONFIGURATION CONFIG-ROUTER-RIP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 127
To view the configuration, use the show config command in the ROUTER OSPF mode (Figure 241) or the show running-config ospf command in the EXEC mode. Figure 7-18. Command Example: show config in ROUTER OSPF Mode Force10(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 128
dell.com | support.dell.com Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs and prefix lists and MAC ACLs. To resequence an ACL or prefix list use the appropriate command in Table 7-5. You must specify the list name, starting Force10(config-ext-nacl)# show config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 129
20 permit ip any host 1.1.1.4 Force10# end Force10# resequence access-list ipv4 test 2 2 Force10# show running-config acl ! ip access-list extended 12 permit ip any host 1.1.1.4 Route Maps c e s Route-maps are supported on platforms: Like ACLs and prefix lists, route maps are composed of a series - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 130
www.dell.com | support.dell.com • Two or more match clauses within default sequence number starts at 10. When the keyword deny is used in configuring a route map, routes that meet the match filters are not redistributed. To view the configuration, use the show config command in the ROUTE-MAP mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 131
route-map zakho, permit, sequence 20 Match clauses: interface GigabitEthernet 0/1 Set clauses: tag 35 level stub-area Force10# Figure 7-24 shows an example of a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 132
www.dell.com | support.dell.com Figure 7-24. Command Example: show route-map Force10#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: tag 3444 Force10# To delete a route - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 133
Ethernet interface, enter the keyword tengigabitEthernet followed by the slot/port information. • For a VLAN, enter the keyword vlan followed by a number from 1 to 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. Access - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 134
www.dell.com | support.dell.com Command Syntax match ip address prefix-list-name Command Mode CONFIG-ROUTE-MAP match ipv6 address prefix-list-name CONFIG-ROUTE-MAP match ip next-hop {access-list-name | prefix-list prefix-list-name} match ipv6 next-hop {access-list-name | prefix-list prefix-list- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 135
Mode CONFIG-ROUTE-MAP CONFIG-ROUTE-MAP CONFIG-ROUTE-MAP CONFIG- match command. Configure a route route-maps, the user must take care to default-information originate metric-type 1 redistribute static metric 20 metric-type 2 tag 0 route-map staticospf ! route-map staticospf permit 10 match interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 136
dell.com | support.dell.com Configure ospf command with a route map is used in the ROUTER RIP mode to apply a tag of 34 to all internal OSPF routes that route-map modules are processed. If the continue command is configured at the end of a module, the next module (or a specified module) is processed - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 137
ex s c et This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Force10 Operating System (FTOS). This chapter includes the following topics: • Protocol Overview • Autonomous Systems (AS) • Sessions and Peers • Route - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 138
www.dell.com | support.dell.com • Multiprotocol BGP • Implementing BGP with FTOS • Advertise IGP cost Remember • Configuration Information • Configuration Task List for BGP • MBGP Configuration • Storing Last and Bad PDUs • Capturing PDUs • PDU Counters • Sample Configurations BGP protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 139
from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP BGP (IBGP) AS 2 Interior BGP (IBGP) BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 140
www.dell.com | support.dell.com Figure 8-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 141
state to another. The first state is the Idle mode. BGP initializes all resources, refuses all inbound BGP connection not successful, BGP resets the ConnectRetry timer and transitions to the Active routing policies. They enable easier system configuration and management by allowing groups of routers - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 142
www.dell.com | support.dell.com { To illustrate how these rules affect routing, see Figure 8-3 and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 143
external AS number (BGP best path selection is deterministic by default, which means the bgp non-deterministic-med command is NOT since MED may or may not get compared between adjacent paths. In deterministic mode, FTOS compares MED between adjacent paths within an AS group since all paths in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 144
www.dell.com | support.dell.com Figure 8-4. BGP Best Path Selection No, or Not Resulting . 4. Prefer the path with the shortest AS_PATH (unless the bgp bestpath as-path ignore command is configured, then AS_PATH is not considered). The following criteria apply: • An AS_SET has a path length of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 145
the following criteria is met: • the IBGP multipath or EBGP multipath are configured (maximum-path command) • the paths being compared were received from the may or may not get compared between adjacent paths. In deterministic mode, FTOS compares MED between adjacent paths within an AS group since - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 146
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 147
set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. Origin The Origin indicates the origin of the prefix, or how the prefix came into BGP. There are three - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 148
www.dell.com | support.dell.com Generally, an IGP indicator means that the route was code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP. Figure 8-7. Origin attribute reported Force10#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 149
you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. FTOS 8.3.1.0 and later support configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 150
www.dell.com | support.dell.com • If the redistribute command does not have any metric configured and BGP Peer out-bound route-map does have metric-type internal configured, BGP advertises the IGP cost as MED. • If the redistribute command has metric configured (route-map set metric or redistribute - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 151
Confederation must be either 4-Byte or 2-Byte identified routers. You cannot mix them. Configure the 4-byte AS numbers with the four-octet-support command. AS4 Number Representation FTOS version 8.2.1.0 supports multiple representations of an 4-byte AS Numbers: asplain, asdot+, and asdot. Note: The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 152
bgp asnotation command in the show running config ASDOT Force10(conf-router_bgp)#bgp asnotation asdot Force10(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Force10(conf-router_bgp)#do show ip bgp BGP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 153
config AS NOTATION DISABLED Force10(conf-router_bgp)#no bgp asnotation Force10(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Force10 C without immediately updating Router C's configuration. Local-AS allows this to happen - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 154
www.dell.com | support.dell.com Figure 8-11. Local-AS Scenario Router A AS 100 Router B AS 200 Router C not be prepended to the updates received from the eBGP peer. If "no prepend" is not selected (the default), the local-as is added to the first AS segment in the AS-PATH. If an inbound route-map - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 155
support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: See the Dell Force10 iSupport webpage for the Force10 each segment starting from 0. For - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 156
-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Force10 recommends configuration file prior to sending messages to start BGP peer sessions) The following are not yet supported: • auto-summarization (the default is no auto-summary) • synchronization (the default - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 157
the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 158
dell.com | support.dell.com • Configure passive peering • Maintain existing AS numbers during an AS migration • Allow an AS number to appear in its own AS path • Enable graceful restart • Filter on an AS-Path attribute • Configure the IP address of the interface directly connected to the router. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 159
Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 1a 1b 2 3 Command Syntax router bgp as-number bgp four-octet-as-support address-family [ipv4 | ipv6} neighbor {ip-address | peer-group name} remote-as as-number neighbor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 160
dell.com | support.dell.com Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode uses the highest IP address of the Loopback interfaces configured. Since Loopback interfaces are virtual, they cannot go down, thus - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 161
neighbors command, refer to the FTOS Command Line Interface Reference. Figure 8-14. Command example: show ip bgp neighbors Force10#show ip bgp neighbors BGP neighbor is 10. dropped 0 Last reset never Local host: 10.114.8.39, Local port: 1037 Foreign host: 10.114.8.60, Foreign port: 179 BGP neighbor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 162
representations within an AS. Task Enable ASPLAIN AS Number representation. Figure 8-16 Command Syntax bgp asnotation asplain Command Mode CONFIG-ROUTER-BGP Note: ASPLAIN is the default method FTOS uses and does not appear in the configuration display. 162 | Border Gateway Protocol IPv4 (BGPv4) - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 163
asdot bgp asnotation asdot+ Command Mode CONFIG-ROUTER-BGP CONFIG-ROUTER-BGP Figure 8-16. Command example and output: bgp asnotation asplain Force10(conf-router_bgp)#bgp asnotation asplain Force10(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 164
end of this chapter. Use these commands in the following sequence starting in the CONFIGURATION ROUTER BGP mode to create a peer group Step Command Syntax Command Mode Purpose 1 neighbor peer-group-name peer-group CONFIG-ROUTER- Create a peer group by assigning a name to it. BGP 2 neighbor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 165
a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer-group peer-group-name command in EXEC Privilege mode. Use the show config command in the CONFIGURATION ROUTER BGP mode to view the configuration. When you create a peer group, it is disabled - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 166
dell.com | support.dell.com Figure 8-20. Command example: show config (peer-group enabled Force10(conf-router_bgp)#neighbor zanzibar no shutdown Force10(conf-router_bgp)#show config -group-name shutdown command in the CONFIGURATION ROUTER BGP mode. The configuration of the peer group is maintained, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 167
.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Force10> BGP fast fall-over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 168
www.dell.com | support.dell.com The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default. Command Syntax neighbor {ip-address | peer-group-name} fall-over Command Mode CONFIG-ROUTER-BGP Purpose Enable BGP Fast Fall-Over To disable Fast Fall- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 169
5 seconds Minimum time before advertisements start is 0 seconds Capabilities received from reset 00:19:37, due to Reset by peer Notification History 'Connection Reset' Sent : 5 Recv: 0 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 170
the order of the peer group configuration. Use these commands in the following sequence, starting in the CONFIGURATION ROUTER BGP mode to configure passive peering. Step 1 2 3 4 Command Syntax Command Mode neighbor peer-group-name peer-group passive CONFIG-ROUTERBGP neighbor peer-group-name - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 171
-as as number [no prepend] Command Mode CONFIG-ROUTERBGP Purpose Allow external routes from this Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Disable this feature, using the no neighbor local-as command in CONFIGURATION ROUTER BGP mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 172
dell.com | support.dell.com Figure 8-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support Command Mode Purpose CONFIG-ROUTERBGP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 173
network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list the peer has been updated with all routes in the local RIB. If you configure your system to do so, FTOS can perform the following actions during a hot - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 174
and its available options: Command Syntax Command Mode Usage bgp graceful-restart bgp graceful-restart [restart-time time-in-seconds] CONFIG-ROUTERBGP CONFIG-ROUTERBGP Enable graceful restart for the BGP node. Set maximum restart time for all peers. Default is 120 seconds. bgp graceful-restart - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 175
deny." This means that routes that do not meet a deny or match filter are dropped. Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an AS-PATH ACL to filter a specific AS_PATH value. Step Command Syntax 1 ip as-path access-list as-path-name Command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 176
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 {deny | permit} filter parameter 3 exit CONFIG-AS-PATH AS to CONFIGURATION mode 4 router bgp as-number CONFIGURATION Enter ROUTER BGP mode. 5 neighbor {ip-address | CONFIG-ROUTER-B Use a configured AS-PATH - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 177
10.155.15.2 filter-list 1 in Force10(conf-router_bgp)#ex Force10(conf)#ip as-path access-list Eagle Force10(config-as-path)#deny 32$ Force10(config-as-path)#ex Force10(conf)#router bgp 99 Force10(conf-router_bgp)#neighbor AAA filter-list Eagle in Force10(conf-router_bgp)#show conf ! router bgp 99 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 178
, the expressions are displayed when using the show commands. Use the show config command in the CONFIGURATION AS-PATH ACL mode and the show ip as-path-access-list command in EXEC Privilege mode to view the AS-PATH ACL configuration. For more information on this command and route filtering, refer to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 179
}] [route-map map-name] Command Mode ROUTER BGP or CONF-ROUTER_BGPv6_ AF Purpose Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range are sent to CONFED-EBGP and IBGP peers. FTOS also supports BGP Extended Communities as described in RFC 4360-BGP Extended - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 180
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose 1 ip community-list community-list-name CONFIGURATION Create a Community list and enter the COMMUNITY- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 181
667 deny 703:667 Use these commands in the following sequence, starting in the CONFIGURATION mode, To use an IP Community list or Extended Community List to Community list. CONFIG-ROUTE-MAP CONFIGURATION CONFIG-ROUTER-BGP Return to the CONFIGURATION mode. Enter the ROUTER BGP mode. AS-number: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 182
or peer group. Use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode 1 route-map map-name [permit | deny] [sequence-number] CONFIGURATION 2 set comm-list CONFIG-ROUTE-MAP community-list-name delete set community {community-number - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 183
configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode 1455 i 209 7170 1455 i Change MED attribute By default, FTOS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 184
ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode to view BGP configuration. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map. Use these commands in the following sequence, starting CONFIGURATION mode to change the default value - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 185
weight Command Mode Purpose CONFIG-ROUTERBGP Assign a weight to the neighbor connection. • weight range: 0 to 65535 • Default is 0 Use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode to view BGP configuration. Border Gateway - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 186
destination. Use the following command in the CONFIGURATION ROUTER BGP mode to allow more than one path. Command Syntax maximum-paths {ebgp | ibgp} number Command Mode CONFIG-ROUTERBGP Purpose Enable multiple parallel paths. • number range: 1 to 16 • Default is 1 The show ip bgp network command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 187
configure a new set of BGP policies, always reset the neighbor or peer group by entering the clear ip bgp command in EXEC Privilege mode. Use these commands in the following sequence, starting in the CONFIGURATION mode Mode CONFIGURATION CONFIG-PREFIX LIST CONFIG-PREFIX LIST CONFIGURATION CONFIG- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 188
dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map. Step 1 2 Command Syntax route-map map-name [permit | deny] [sequence-number] {match | set} Command Mode CONFIGURATION CONFIG-ROUTE-MAP 3 exit CONFIG - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 189
or peer group identified is the route reflector client. To view a route reflector configuration, use the show config command in the CONFIGURATION ROUTER BGP mode or show running-config bgp in EXEC Privilege mode. When you enable a route reflector, FTOS automatically enables route reflection to all - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 190
| support.dell.com Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION ROUTER BGP mode to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 191
mix of router ASN support, Use the show config command in the CONFIGURATION ROUTER BGP mode to view the configuration. Enable route flap dampening The CLI example below shows configuring values to start reusing or restarting a route, as well as their default values. Border Gateway Protocol IPv4 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 192
Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. To view the BGP configuration, use show config in the CONFIGURATION ROUTER BGP mode or show running-config bgp in EXEC Privilege mode. 192 | Border Gateway Protocol IPv4 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 193
CONFIGURATION ROUTE-MAP mode: Command Syntax set dampening half-life reuse suppress max-suppress-time Command Mode CONFIG-ROUTE-MAP Purpose Enter the following optional parameters to configure is once again advertised (or no longer suppressed). (Default: 750) • suppress range: 1 to 20000. This - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 194
are from the same AS. Use the following command in CONFIGURATION ROUTER BGP mode to change the path selection from the default mode (deterministic) to non-deterministic. Command Syntax bgp non-deterministic-med Command Mode CONFIG-ROUTERBGP Purpose Change the best path selection method to non - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 195
keepalive message and declaring the router dead. (Default: 180 seconds) Use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode to view non-default values. Timer values configured with the neighbor timers command override the timer - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 196
www.dell.com | support.dell.com Use the clear ip bgp command in EXEC Privilege mode at the system prompt to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose clear ip bgp {* | neighbor-address | AS Numbers | ipv4 | peer-group-name} [soft [in | out]] - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 197
map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map the set community additive and set as-path prepend commands are configured, the communities and AS numbers are prepended. Border Gateway Protocol IPv4 (BGPv4) | 197 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 198
| peer-group-name] activate Command Mode CONFIG-ROUTER-BGP CONFIG-ROUTER-BGP-AF (Address Family) Purpose Enables support for the IPv4 Multicast family on the BGP node Enable IPv4 Multicast support on a BGP neighbor/peer group When a peer is configured to support IPv4 Multicast, FTOS takes the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 199
and re-using regular expression evaluated results, at the expense of some memory in RP1 processor. This feature is turned on by default. Use the command bgp regex-eval-optz-disable in CONFIGURATION ROUTER BGP mode to disable it if necessary. Debugging BGP Use any of the commands in EXEC Privilege - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 200
www.dell.com | support.dell.com FTOS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode. Use the keyword no followed by the debug command To disable a specific debug command. For example, to disable debugging - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 201
Bad PDU from BGP Peers Force10(conf-router_bgp)#do show ip time before advertisements start is 0 seconds Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) : 1.1.1.1, Local port: 179 Foreign host: 1.1.1.2, Foreign port: 41758 Capturing - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 202
www.dell.com | support.dell.com The buffer size supports a maximum value between 40 MB (the default) and 100 MB. PDUs using the command show capture bgp-pdu neighbor. Figure 8-35. Viewing Captured PDUs Force10#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 203
Figure 8-36. Figure 8-36. Required Memory for Captured PDUs Force10(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 support your own IP Addresses, Interfaces, Names, etc. Figure 8-37 is a graphic illustration of the configurations shown on the following pages. These configurations - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 204
www.dell.com | support.dell.com Figure 8-37. Sample Configuration Illustration AS 99 Physical Links GigE 1/21 10.0.1.21 /24 Loopback 1 192.168.128.1 /24 GigE 1/31 10.0.3.31 /24 Virtual Links Peer Group AAA - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 205
168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)# 24 R1(conf-if-gi-1/31)#no shutdown R1(conf-if-gi-1/31)#show config ! interface GigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-gi - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 206
www.dell.com | support.dell.com Figure 8-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 207
R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config ! interface GigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo R3(conf-if-gi-3/21)#no shutdown R3(conf-if-gi-3/21)#show config ! interface GigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-gi-3/21 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 208
www.dell.com | support.dell.com Figure 8-41. .168.128.3 peer-group BBB R1(conf-router_bgp)# R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group is 5 seconds Minimum time before advertisements start is 0 seconds 208 | Border Gateway Protocol IPv4 (BGPv4) - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 209
user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:00:57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port time before advertisements start is 0 seconds - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 210
www.dell.com | support.dell.com Figure 8-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 115 keepalives, 0 route refresh requests Minimum time between advertisement runs is 5 seconds Minimum time before advertisements start is 0 seconds 210 | Border Gateway Protocol IPv4 (BGPv4) - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 211
85 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 212
dell.com | support.dell Reset' Sent : 2 Recv: 2 Last notification (len 21) received 00:12:01 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.2, Local port: 65464 Foreign host: 192.168.128.1, Foreign port Minimum time before advertisements start is 0 seconds - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 213
, factory-loaded switch. You can enable and disable BMP using the following steps: 1. Configure a reload mode using the reload-type command. 2. Reload the switch in the configured mode using the reload command. Prerequisites Before you use BMP 2.0 to auto-configure a supported Dell Force10 switch - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 214
is not supported in a stacking environment. Overview On a new factory-loaded switch, the switch boots up in Jumpstart mode. You can reconfigure a switch to reload between Normal and Jumpstart mode. • Jumpstart (BMP) mode: The switch automatically configures all ports (management and user ports) as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 215
is automatically changed to Normal reload, i.e., BMP is disabled. Jumpstart mode Jumpstart (BMP) mode is the default boot mode configured for a new switch arriving from Dell Force10. This mode obtains the FTOS image and configuration file from a network source (DHCP server and file server). DHCP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 216
/f10/flash directory option config-file "usbflash://S60-1.conf"; External USB memory MAC-Based IP assignment One way to use the BMP mode most efficiently is to configure the DHCP server to assign a fixed IP address, FTOS image, and configuration file based on the switch's MAC address. When this - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 217
. The dhcpd.conf file shows assignment of a fixed IP address and configuration file based on the MAC address of the switch. Parameter Example option boot-filename code 67 = text; option tftp-server-address code 150 = ip-address; option config-file code 209 = text; subnet 10.20.30.0 netmask 255.255 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 218
). This allows the switch time to send out a DHCP DISCOVER on all the interface up ports to the DHCP Server in order to obtain its IP address, boot image filename and configuration file from the DHCP server. 1. The switch begins boot up process in jumpstart mode (default mode) 218 | Bare Metal - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 219
switch sends DHCP Discover on all the interface up ports configuration file is chosen. 4. The DHCP OFFER is selected. a All other ports are set to shutdown mode. config file pt-s4810-12. 5. The switch sends a unicast message to the file server to retrieve the named FTOS file and/or the configuration - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 220
www.dell.com | support.dell.com ...00:09:50: %STKUNsyncing disks... IT0-M:CP %CHMGR-1 5-RELOAD: User done request to reload the chassis rebooting • If there is no version mismatch the switch downloads the configuration file. 00:27:12: %STKUNIT0-M:CP %JUMPSTART-2-JUMPSTART_DOWNLOAD_START: The config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 221
to the Default CAM Configuration on page 236 • CAM Optimization on page 237 • Applications for CAM Profiling on page 237 • Troubleshoot CAM lists (ACL), flows, and routing policies. On Dell Force10 systems, there are one or two CAM (Dual-CAM) modules per port-pipe depending on the type of line card. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 222
CAM space according to the way Dell Force10 systems are most commonly used. Available Microcodes: default, lag-hash-align, lag-hash-mpls For EG-series line cards only. EG series line cards have two CAM modules per Port-pipe. Available Microcodes: default, ipv6-extacl Provides 320K entries for - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 223
EgL2ACL EgIPv4ACL Reserved IPv6FIB IPv6ACL IPv6Flow EgIPv6ACL Profile Default 32K 2K 256K 12K 24K 1K 1K 8K 0 0 0 0 eg-default 32K 2K 512K 12K 24K 1K 1K 8K 2K l2-ipv4-inacl 32K 33K 64K 27K 8K 2K 2K 2K 0 0 0 0 unified-default 32K 3K 192K 9K 8K 2K 2K 2K 6K 2K 4K 2K IPv4-VRF 32K 3K - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 224
set of instructions for a CPU. On Dell Force10 systems, the microcode controls how packets are handled. There is a default microcode, and Line Interface Reference Guide for details regarding available profiles for each system. Table 10-3. Microcode Descriptions Microcode Description default lag- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 225
As with the IPv4Flow partition, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode. The amount of space that you can The line card boots with the default (single-CAM) profile and remains in a problem state (Figure 10-1). The line card cannot forward traffic in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 226
www.dell.com | support.dell.com • If you insert a dual-CAM line card into a problem - mismatch cam profile Next Boot : online Required Type : E48TF - 48-port 10/100/1000Base-T line card with RJ-45 interfaces (EF) Current Type : E48TF - 48-port 10/100/1000Base-T line card with RJ-45 interfaces - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 227
238. • Optimize the VLAN ACL Group feature, which permits group VLANs for IP egress ACLs. See CAM profile for the VLAN ACL group feature on page is selected in CONFIGURATION mode. The CAM profile is applied to entire system, however, you must save the running-configuration to affect the change - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 228
be written to the CAM on the next boot. 4 Reload the system. copy running-config startup-config show cam-profile summary reload EXEC Privilege EXEC Privilege EXEC Privilege CAM Allocation c s User Configurable CAM Allocations is available on platforms: Allocate space for IPV4 ACLs and QoS regions - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 229
copy run start) then reload the system for the new settings to take effect. To configure the IPv4 and IPv6 ACLs and Qos regions on the entire system: Step 1 Task Command Syntax Command Mode Select a cam-acl action cam-acl [default | l2acl] CONFIGURATION Note: Selecting default resets the CAM - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 230
www.dell.com | support.dell.com View CAM Profiles View the current CAM profile for the Figure 10-5. Viewing CAM Profile Information in the Running-configuration Force10#show running-config cam-profile ! cam-profile default microcode default Force10# View CAM-ACL settings View the current cam-acl - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 231
Figure 10-6. View CAM-ACl settings on C-Series and S-Series Force10# show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 2 Ipv4Qos : 2 L2Qos : 2 L2PT : 1 IpMacAcl : 2 VmanQos : 0 VmanDualQos : 0 -- Line card 0 -- Current - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 232
www.dell.com | support.dell.com Figure 10-7. Viewing CAM Usage Information R1#show cam-usage | IN-L3-SysFlow | 2878 | 44 | 2834 --More-- Configure IPv4Flow Sub-partitions e IPv4Flow sub-partitions are supported on platform The IPv4Flow CAM partition has sub-partitions for several types of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 233
partition. cam-ipv4flow Save the running-configuration. copy running-config startup-config Verify that the new CAM configuration will show cam-ipv4flow be written to the CAM on the next boot. Reload the system. reload Command Mode CONFIGURATION EXEC Privilege EXEC Privilege EXEC Privilege - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 234
www.dell.com | support.dell.com Figure 10-8. Configuring IPv4Flow on the Entire System Force10(conf)#cam-ipv4flow default Force10#copy running-config startup-config File with same name already exist. Proceed to copy the file [confirm yes/no]: yes ! 3914 bytes successfully copied Force10#sh cam- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 235
not correct. Message 4 Layer 2 ACL Configuration Error % Error: Sum of all regions does not total to 100%. * Note: You must allocate at least ( * ) entries at least when employing PVST+ . For example, the default CAM Profile allocates 1000 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 236
-config to startup-config in flash by Force10(conf)#do show cam-l2acl | find "Line card 1" -- Line card 1 -- Current Settings(in percent) Next Boot(in percent) Sysflow : 6 100 L2Acl : 14 5 Pvst : 50 5 Qos : 12 5 L2pt : 13 5 Frrp : 5 5 Return to the Default CAM Configuration - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 237
with LAG hash MPLS Force10(conf)#cam-profile default microcode default Force10(conf)#cam-ipv4flow ? default Reset IPv4flow CAM entries to default setting multicast-fib Set multicast FIB entries Force10(conf)#cam-l2acl ? default Reset L2-ACL CAM entries to default setting system-flow Set - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 238
prior to 6.3.1.1, the system presents an error message. In this case, manually adjust the CAM configuration on the card to match the system configuration. Dell Force10 recommends the following to prevent mismatches: • Use the eg-default CAM profile in a chassis that has only EG Series line cards. If - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 239
actual CAM usage before applying a service-policy. The command test cam-usage service-policy provides this test framework, see Pre-calculating Available QoS CAM Space on page 606. Note: For troubleshooting other CAM issues see the E-Series Network Operations Guide. Content Addressable Memory | 239 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 240
240 | Content Addressable Memory www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 241
: • Protocol Overview • Implementation Information • Configuration Tasks • Configure the System to be a DHCP Server • Configure the System to be a Relay Agent • Configure the System for User Port Stacking • Configure Secure DHCP Protocol Overview Dynamic Host Configuration Protocol (DHCP) is an - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 242
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 243
address is already in use. In this case, the client starts the configuration process over by sending a DHCPDISCOVER. • DHCPINFORM-A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. • DHCPNAK - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 244
www.dell.com | support.dell.com Implementation Information • The Dell Force10 implementation of DHCP is based on an interface which has IP Source Address Validation. If you configure IP Source Address Validation on a member port of a VLAN and then attempt to apply a access list to the VLAN, FTOS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 245
need. Configuring the Dell Force10 system to be a DHCP server is a 3-step process: 1. Configure the Server for Automatic Address Allocation 2. Specify a Default Gateway 3. Enable DHCP Server Related Configuration Tasks • Configure a Method of Hostname Resolution • Create Manual Binding Entries - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 246
. show config Command Mode CONFIGURATION DHCP DHCP DHCP Once an IP address is leased to a client, only that client may release the address. FTOS performs a IP + MAC source address validation to ensure that no client can release another clients address. This is a default behavior and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 247
. Command Syntax Command Mode ip dhcp server no disable Default: Disabled show config CONFIGURATION DHCP DHCP In the illustration below, an IP phone is powered by PoE and has acquired an IP address from the Dell Force10 system, which is advertising LLDP-MED. The leased IP address is displayed - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 248
www.dell.com | support.dell.com Configure a Method of Hostname Resolution Dell Force10 systems are capable of providing DHCP clients with parameters for two methods of hostname resolution. Address Resolution using DNS A domain is a group of networks. DHCP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 249
Manual bindings can be considered single-host address pools. There is no limit on the number of manual bindings, but you can only configure one manual the hardware platform. The default protocol is Ethernet. pool name host address hardware-address hardware-address type Command Mode DHCP DHCP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 250
access the network. You can configure an interface on the Dell Force10 system to relay the DHCP Port: 67 Destination Port: 68 1/3 Broadcast Source IP : 0.0.0.0 Destination IP: 255.255.255.255 Source Port: 68 Destination Port: 67 Relay Agent Address: 0.0.0.0 R1(conf-if-gi-1/3)#show config ! interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 251
Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent Configure the System for User Port Stacking When you set the DHCP offer on the DHCP server, you can set the stacking-option variable to provide the stack-port detail so a stack can be formed when the units are connected - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 252
Mode CONFIGURATION CONFIGURATION CONFIGURATION DHCP Snooping DHCP Snooping protects networks from spoofing. In the context of DHCP Snooping, all ports are either trusted or untrusted. By default, all ports are untrusted. Trusted ports are ports through which attackers cannot connect. Manually - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 253
1 2 3 Task Enable DHCP Snooping globally. Specify ports connected to DHCP servers as trusted. Enable DHCP Snooping on a VLAN. Command Syntax ip dhcp snooping ip dhcp snooping trust ip dhcp snooping vlan Command Mode CONFIGURATION INTERFACE CONFIGURATION Add a static entry in the binding table - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 254
www.dell.com | support.dell.com View the DHCP Snooping statistics with the show ip created using the ACK packets from the trusted port. FTOS#show ip dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface 10.1.1.251 00:00:4d:57:f2:50 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 255
false IP-to-MAC mappings into the ARP cache of a network device. It is used to launch man-in-the-middle (MITM), and denial-of-service (DoS) attacks, among others. A spoofed ARP message is one in which the MAC address in the sender hardware address field and the IP address in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 256
www.dell.com | support.dell.com • denial of service-an attacker can send a fraudulent ARP messages to a client Validate ARP frames against the DHCP Snooping binding table. Command Syntax Command Mode arp inspection INTERFACE VLAN View the number of entries in the ARP database with the show arp - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 257
ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by default. Task Specify an interface as trusted so - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 258
port, and the packet is dropped. Task Enable IP Source Address Validation Command Syntax ip dhcp source-address-validation Command Mode INTERFACE -config to the startup-config. Reload the system. Command Syntax cam-acl l2acl copy running-config startup-config reload Command Mode CONFIGURATION - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 259
IP+MAC address pair in the binding table and applies it to the interface. Task Display the IP+MAC ACL for an interface for the entire system. Command Syntax show ip dhcp snooping source-address-validation [interface] Command Mode EXEC Privilege Dynamic Host Configuration Protocol (DHCP) | 259 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 260
www.dell.com | support.dell.com 260 | Dynamic Host Configuration Protocol (DHCP) - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 261
this FRRP group, thereby avoiding a loop in the ring, like STP. Layer 2 switching and learning mechanisms operate per existing standards on this ring. Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 262
of a switch or port failure. Ring Checking At specified intervals, the Master Node sends a Ring Health Frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port, and the Master node resets its fail-period timer and continues normal operation. 262 | Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 263
number of rings may cause interface instability. Multiple rings can be configured with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link. Member VLAN Spanning Two Rings Connected by One Switch A Member VLAN can span two rings - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 264
dell.com | support.dell.com In the example shown in Figure 12-2, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch | Force10 Resilient Ring Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 265
switch • One Master node per ring-all other nodes are Transit • Each node has 2 member interfaces-Primary, Secondary • No limit to the number of nodes on a ring • Master node ring port 12-1. FRRP Components Concept Ring ID Control VLAN Member VLAN Port Role Explanation Each ring has a unique 8-bit - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 266
a Dell Force10 proprietary protocol that does not interoperate with any other vendor. • Spanning Tree must be disabled on both Primary and Secondary interfaces before FRRP is enabled. • All ring ports must be Layer 2 ports. This is required for both Master and Transit nodes. • A VLAN configured as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 267
not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP. • Create the FRRP group • Configure the Control VLAN • Configure Primary and Secondary ports • Configure and add the Member VLANs • Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 268
supported in Master nodes Use the commands in the following sequence, on the switch that will act as the Master node, to create the Control VLAN for this FRRP group. Step Command Syntax 1 interface vlan vlan-id Command Mode CONFIGURATION 2 tagged interface slot/ CONFIG-INT-VLAN port {range - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 269
, on all of the Transit switches in the ring, to create the Members VLANs for this FRRP group. Step Command Syntax 1 interface vlan vlan-id Command Mode CONFIGURATION 2 tagged interface slot/ CONFIG-INT-VLAN port {range} Purpose Create a VLAN with this ID number VLAN ID: 1-4094 Tag the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 270
www.dell.com | support.dell.com Step Command Syntax Command Mode 3 interface primary int CONFIG-FRRP slot/port secondary int slot/port control-vlan vlan id 4 mode transit CONFIG-FRRP 5 member-vlan vlan-id CONFIG-FRRP {range} 6 no disable CONFIG-FRRP Purpose Assign the Primary and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 271
. Ring ID: 1-255 Show the state of all FRRP groups. Ring ID: 1-255 Troubleshooting FRRP Configuration Checks • Each Control Ring must use a unique VLAN ID • Only two interfaces on a switch can be Members of the same Control VLAN • There can be only one Master node for any FRRP Group. • FRRP can be - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 272
www.dell.com | support.dell.com Figure 12-3 is an example of a basic FRRP topology. Below the figure are the associated CLI commands. 1/24 Primary Forwarding GigE 3/21 Secondary Blocking R1 GigE 1/34 MASTER Secondary Forwarding GigE 3/14 R3 TRANSIT 272 | Force10 Resilient Ring Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 273
/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable R2 TRANSIT interface GigabitEthernet 2/14 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 274
www.dell.com | support.dell.com 274 | Force10 Resilient Ring Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 275
13 GARP VLAN Registration Protocol c e s GARP VLAN Registration Protocol is supported on platform Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 276
to facilitate GVRP communications. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In Figure 13-2, that kind of port is referred to as a VLAN trunk port, but it is not necessary to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 277
VLAN trunk ports for the edge and core switches. Edge Switches Core Switches VLANs 70-80 Edge Switches VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 30-50 VLANs 70-80 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 278
-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 no ip address switchport gvrp enable no shutdown Configuring GVRP Registration • Fixed Registration Mode: Configuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN de-registration, and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 279
1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 13-5. Configuring GVRP Registration Force10(conf-if-gi-1/21)#gvrp registration - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 280
www.dell.com | support.dell.com FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error Force10(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. 280 | GARP VLAN Registration Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 281
3 and versions 1 or 2 on the same subnet. • IGMP on FTOS supports up to 512 interfaces on E-Series, 31 interfaces on C-Series and S-Series, and an unlimited number of groups on all platforms. Note: The S60 supports up to 95 interfaces. • Dell Force10 systems cannot serve as an IGMP host or an IGMP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 282
www.dell.com | support.dell.com IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is , as shown in Figure 14-1. Figure 14-1. IGMP version 2 Packet Format Preamble Start Frame Destination MAC Delimiter Source MAC Ethernet Type IP Packet Padding FCS Version IHL (4) - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 283
adds the group to the list of multicast groups associated with its outgoing port to the subnet. Multicast traffic for the group is then forwarded to , the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP version - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 284
www.dell.com | support.dell.com Figure 14-2. IGMP version 3 Membership Query Packet Format Type (0x11) Max. Response Code Checksum Group Address Reserved S Querier Robustness Querier's Query Number of Value - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 285
Figure 14-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI 10.11.1.2 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 286
dell.com | support.dell.com Figure 14-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Querier Interface Multicast Group Filter Source Source Address Timer Mode protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces on page 286 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 287
IGMP Version FTOS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3 using the command ip igmp version from INTERFACE mode, as shown in Figure 14-7. Figure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 288
www.dell.com | support.dell.com Figure 14-8. Viewing Static and Learned IGMP Groups Force10(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.1 GigabitEthernet 1/0 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 289
querier is down is the Other Querier Present Interval. Adjust this value using the command ip igmp querier-timeout from INTERFACE mode. Configuring a Static IGMP Group Configure a static IGMP group using the command ip igmp static-group. Multicast traffic for static groups is always forwarded to the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 290
page 291 Enabling IGMP Immediate-leave Configure the switch to remove a group-port association upon receiving an IGMP Leave message using the command ip igmp fast-leave from INTERFACE VLAN mode. View the configuration using the command show config from INTERFACE VLAN mode, as shown in Figure 14-10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 291
the command ip igmp snooping mrouter from INTERFACE VLAN mode. View the ports that are connected to multicast routers using the command show ip igmp snooping mrouter from EXEC Privilege mode. Configuring the Switch as Querier Hosts that do not support unsolicited reporting wait for a general query - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 292
Query Interval (LMQI). The switch waits one LMQI after the second query before removing the group-port entry from the forwarding table. Adjust the Last Member Query Interval using the command ip igmp snooping last-member-query-interval from INTERFACE VLAN mode. Fast Convergence after MSTP Topology - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 293
Configuration Guide. Basic Interface Configuration: • Interface Types • View Basic Interface Information • Enable a Physical Interface • Physical Interfaces • Management Interfaces • VLAN Interfaces • Loopback Interfaces • Null Interfaces • Port Channel Interfaces Advanced Interface Configuration - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 294
| support.dell.com • View Advanced Interface Information Interface Types Interface Type Physical Management Loopback Null Port Channel VLAN Modes Possible L2, L3 N/A L3 N/A L2, L3 L2, L3 Default Mode Unset N/A L3 N/A L3 L2 Requires Creation No No Yes No Yes Yes (except default) Default State - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 295
up up YES Manual up up YES Manual up up YES Manual up up NO Manual administratively down down NO Manual administratively down down NO Manual administratively down down Use the show interfaces configured command in the EXEC Privilege mode to view only configured interfaces. In Figure 15 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 296
, the user may enter the INTERFACE mode by entering the command interface interface slot/port to enable and configure the interfaces. To enter the INTERFACE mode, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax 1 interface interface 2 no - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 297
, use the show config command in the INTERFACE mode. To leave the INTERFACE mode, use the exit command or end command. The user can not delete a physical interface. Physical Interfaces The Management Ethernet interface, is a single RJ-45 Fast Ethernet port on the Route Processor Module (RPM) of the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 298
the No shutdown (active for Layer 2) default VLAN Shutdown (disabled for Layer 3) Configure Layer 2 (Data Link) Mode Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface. The user can not configure switching or Layer 2 protocols such as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 299
conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Gi 1/2. Force10(conf-if)# Error message To determine the configuration of an interface, you can use the show config command in INTERFACE mode or the various show interface commands in EXEC mode. To assign an IP address, use both of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 300
not sent ICMP unreachables are not sent Management Interfaces The S60 system supports the Management Ethernet interface as well as the standard S-Series interface on any port. Either method can be used to connect to the system. Configure Management Interfaces on the E-Series and C-Series and on the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 301
use the following command in the CONFIGURATION mode: Command Syntax interface Managementethernet interface Command Mode CONFIGURATION Purpose Enter the slot and the port (0). ON the E-Series and C-Series, dual RPMs can be in use. Slot range: C-Series, E-Series: 0-1 S60: 0 To view the Primary RPM - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 302
the same subnet. Configure Management Interfaces on the S-Series The user can manage the S-Series from any port. Configure an IP address for the port using the ip address command, and enable it using the command no shutdown. The user may use the command description from INTERFACE mode to note that - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 303
VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Chapter 10, Layer 2, on page 47. See also Chapter 18, VLAN Stacking, on page 367. Note: To monitor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 304
stability. You can place Loopback interfaces in default Layer 3 mode. To configure a Loopback interface, use the following command in the CONFIGURATION mode: Command Syntax interface loopback number Command Mode Purpose CONFIGURATION Enter a number as the loopback interface. Range: 0 to 16383. To - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 305
by aggregating five 1-Gigabit Ethernet interfaces together. If one of the five interfaces fails, traffic is redistributed across the four remaining interfaces. Port channel implementation FTOS supports two types of port channels: • Static-Port channels that are statically configured Interfaces | 305 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 306
: S55, S60 and S4810 Port-channels 255 128 52 128 Members/Channel 16 8 8 8 Table 15-3. Maximum number of configurable Port-channels Platform E-Series ExaScale Port-channels 512 Members/Channel 64 As soon as a port channel is configured, FTOS treats it like a physical interface. For example - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 307
Series S55, S60 and S4810. To configure a port channel, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax 1 interface port-channel id-number 2 no shutdown Command Mode CONFIGURATION INTERFACE PORT-CHANNEL Purpose Create a port channel. Ensure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 308
: The S-Series supports jumbo frames by default (the default maximum transmission unit (MTU) is 1554 bytes) You can configure the MTU using the mtu command from INTERFACE mode. To view the interface's configuration, enter the INTERFACE mode for that interface and enter the show config command or - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 309
2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Figure 15-11. show interface port-channel Command Example Force10>show interface port-channel 20 Port-channel 20 is up, line protocol is up - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 310
www.dell.com | support.dell.com Figure 15-12. Error Message Force10(conf-if-portch)#show config ! interface Port-channel 5 no ip address switchport channel-member GigabitEthernet 1/6 Force10(conf-if-portch)#int gi 1/6 Force10(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Gi 1/6. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 311
example of configuring five minimum "oper up" links in a port channel. Figure 15-14. Example of using the minimum-links Command Force10#config t Force10(conf)#int po 1 Force10(conf-if-po-1)#minimum-links 5 Force10(conf-if-po-1)# Add or remove a port channel from a VLAN As with other interfaces, you - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 312
dell.com | support.dell.com To add a port channel to a VLAN, use either of the following commands: Command Syntax tagged port-channel id number untagged port-channel id number Command Mode Purpose INTERFACE VLAN INTERFACE VLAN Add the port channel to the VLAN as a tagged interface. An interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 313
. E-Series load-balancing On the E-Series, the default load-balance criteria are a 5-tuple, as follows: • IP source address • IP destination address • Protocol type • TCP/UDP source port • TCP/UDP destination port Balancing may be applied to IPv4, switched IPv6, and non-IP traffic. For these - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 314
Mode Purpose CONFIGURATION To designate a method to balance traffic over a port channel. By default, IP 5-tuple is used to distribute traffic over members port Force10(conf)#load-balance ip-selection packet-based Force10#show running-config | grep load load-balance ip-selection packet-based Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 315
{tcp-udp enable} Command Mode Purpose CONFIGURATION Replace the default IP 4-tuple method of balancing traffic over a port channel. You can select one VLAN, Ethertype, source module ID and source port ID. tcp-udp enable-Distribute traffic based on TCP/ UDP source and destination ports. Interfaces - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 316
-ecmp checksum 26 Force10(conf)# On C-Series and S-Series, the hash-algorithm command is specific to ECMP groups and has different defaults from the E-Series. The default ECMP hash configuration is crc-lower. This takes the lower 32 bits of the hash key to compute the egress port. Other options for - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 317
is at least one valid interface within the range. Bulk configuration excludes from configuration any non-existing interfaces from an interface range. A default VLAN may be configured only if the interface range being configured consists of only VLAN ports. The interface range command allows you to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 318
entries • Exclude a smaller port range • Overlap port ranges • Commas • Add ranges Create a single-range Figure 15-17. Creating a Single-Range Bulk Configuration Force10(config)# interface range gigabitethernet 5/1 - 23 Force10(config-if-range-gi-5/1-23)# no shutdown Force10(config-if-range-gi - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 319
Multiple-Range Bulk Configuration with VLAN, and Port-channel Force10(config-ifrange-gi-5/1-23-te-1/1-2)# interface range Vlan 2 - 100 , Port 1 - 25 Force10(config-if-range-gi-5/1-23-te-1/1-2-so-5/1-vl-2-100-po-1-25)# no shutdown Force10(config-if-range)# Interface Range Macros The user can define - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 320
| support.dell.com Define the Interface Range This example shows how to define an interface-range macro named "test" to select Fast Ethernet interfaces 5/1 through 5/4: Force10(config)# define interface-range test gigabitethernet 5/1 - 4 To show the defined interface-range macro configuration, use - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 321
For a 10 Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information. The information (Figure 15-24) displays in a continuous run, refreshing every 2 seconds by default. Use the following keys to manage the output. m - Change mode l - Page up T - Increase - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 322
Force10# Maintenance using TDR The Time Domain Reflectometer (TDR) is supported on all Dell Force10 switch ). TDR is useful for troubleshooting an interface that is not establishing a interface that is passing traffic. When a TDR test is run on a physical cable, it is important to shut down the port - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 323
about Link Debounce Timer • Link Debounce Timer is configurable on physical ports only. • Only 1G fiber, 10/100/1000 copper, 10G fiber, 10G copper are supported. • This feature is not supported on management interfaces or SONET interfaces. • Link Debounce takes effect only when the operational - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 324
Copper is 3100 ms • Default for Fiber is 100 ms Figure 15-25. Setting Debounce Time Force10(conf)#int gi 3/1 Force10(conf-if-gi-3/1)#link debounce time 150 Force10(conf-if-gi-3/1)#= Show debounce times in an interface show interface debounce [type] [slot/ port] EXEC Privilege Show the debounce - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 325
port on one SFM This feature must be configured for each interface to shut down in the event that an SFM is disabled. Enter the command disable-on-sfm-failure from INTERFACE mode to disable the port supported on VLAN interfaces • Link dampening is disabled when the interface is configured for port - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 326
www.dell.com | support.dell.com Enable Link Dampening Enable link dampening using the command dampening from INTERFACE mode, as shown in Figure 15-27. Figure 15-27. Configuring Link Dampening R1(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 327
XML by adding | display xml to the end of the command: • show interfaces dampening • show interfaces dampening summary • show interfaces interface x/y Configure MTU size on an Interface The E-Series supports a link Maximum Transmission Unit (MTU) of 9252 bytes and maximum IP MTU of 9234 bytes. The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 328
configuration is on: Can't configure half duplex when flowcontrol is on, config ignored. Threshold Settings c s Threshold Settings are supported only on platforms: When the transmission discard threshold defines when the interface starts dropping the packet on the interface. This may be necessary - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 329
TX should be enabled only after consulting with the Dell Force10 Technical Assistance Center. Note: The S60 supports only the rx control option. The S60 does not transmit pause frames. Ethernet Pause Frames flow control must be enabled on all ports on a chassis or a line card. If not, the system - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 330
www.dell.com | support.dell.com Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 331
differences again. Table 15-9. Platform Differences Concerning Port-pipes Chassis Type Port-pipes Channels / Capacity of Each Raw Slot Capacity / Slot Port-pipe Channel (Gbps) (Gbps) E1200/E1200i-AC/DC 2 E600/E600i 2 E300 1 9 3.125 9 3.125 8 3.125 56.25 56.25 25 Interfaces | 331 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 332
that, as long as the remote interface is capable of auto-negotiation. Note: As a best practice, Dell Force10 recommends keeping auto-negotiation enabled. Auto-negotiation should only be disabled on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 333
12 Down Auto [output omitted] Duplex Vlan Auto -Auto 1 Auto 1 Auto - Port Speed Example Force10#configure Force10(config)#interface gig 0/1 Force10(Interface 0/1)#speed 100 Force10(Interface 0/1)#duplex full Force10(Interface 0/1)#no negotiation auto Force10(Interface 0/1)#show config ! interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 334
configuration mode mode Specify autoneg mode no Negate a command or set its defaults show Show autoneg configuration information Force10(conf-if-autoneg)#mode ? forced-master Force port to master mode For details on the speed, duplex, and negotiation auto commands, see the Interfaces - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 335
-config interface gigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command (Figure 15-35) displays the interface, whether the interface supports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 336
.dell.com | support.dell.com Figure 15-36. Configuring Rate Interval Example Force10#show interfaces TenGigabitEthernet Timeout 04:00:00 Last clearing of "show interface" counters 1d23h44m Queueing strategy: fifo 0 packets input, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 337
note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by FTOS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 338
www.dell.com | support.dell.com Clear interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program. To clear the counters, use the following command in the EXEC Privilege mode: Command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 339
classful routing and Variable Length Subnet Masks (VLSM). With VLSM one network can be can configured with different masks. Supernetting, which increases the number of subnets, is also supported. Subnetting is when a mask is added to the IP address to separate the network and host portions of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 340
commands related to IP addressing, refer to FTOS Command Line Interface Reference. Assign IP addresses to an interface Assign primary and secondary IP addresses to physical or logical (for example, VLAN or port channel) interfaces to enable IP communication between the E-Series and hosts connected - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 341
sequence, starting in the CONFIGURATION mode: Step 1 2 3 Command Syntax interface interface Command Mode CONFIGURATION no shutdown INTERFACE ip address ip-address INTERFACE mask [secondary] Purpose Enter the keyword interface followed by the type of interface and slot/port information - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 342
by config file MTU is 1554 bytes Inbound access list is not set Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent Force10# Configure static routes A static route is an IP address that is manually configured and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 343
use the following command in the CONFIGURATION mode: Command Syntax management route ip-address mask {forwarding-router-address | ManagementEthernet slot/port} Command Mode Purpose CONFIGURATION Assign a static route to point to the management interface or forwarding router. IPv4 Addressing | 343 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 344
www.dell.com | support.dell.com To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 16-4. show ip management-route Command Example Force10>show ip management-route Destination ----------1.1.1.0/24 172.16.1.0/24 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 345
Command Example Force10>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers Force10> Type ---- IP IP IP IP IP Address ------2.2.2.2 192.68.69.2 192.68.99.2 192.71.18.2 192.71.23.1 To view the current configuration, use the show running-config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 346
.com | support.dell.com DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode. Command Syntax ip domain-lookup ip name-server ip-address [ip-address2 ... ip-address6] traceroute [host | ip-address ] Command Mode CONFIGURATION - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 347
mac-address interface Command Mode CONFIGURATION Purpose Configure an IP address and MAC address mapping for an interface. • ip-address: IP address in dotted decimal format (A.B.C.D). • mac-address: MAC address in nnnn.nnnn.nnnn format • interface: enter the interface type slot/port information - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 348
www.dell.com | support.dell.com Figure 16-7. show arp static Command Example Force10#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 - CP Force10# Enable Proxy ARP By default, Proxy ARP is enabled. To disable Proxy - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 349
port information. • For a VLAN interface, enter the keyword vlan followed by a number between 1 and 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS conflicts • inform switches of their presence on a port so that packets - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 350
dell.com | support.dell.com Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Enable ARP learning via gratuitous ARP. Command Syntax arp learn-enable Command Mode CONFIGURATION IP is not the VLAN interface IP. Install new entry - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 351
ARP. Command Syntax arp retries number Default: 5 Range: 5-20 show arp retries Command Mode CONFIGURATION EXEC Privilege ICMP For diagnostics, messages on the interface, use the following command in the INTERFACE mode: Command Syntax ip unreachable Command Mode Purpose INTERFACE Set FTOS to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 352
www.dell.com | support.dell.com To view if ICMP unreachable messages are sent on the interface, use the show config command in the INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only nondefault information is displayed in the show config command output. Enable - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 353
as shown in Figure 16-11. Figure 16-11. Viewing the UDP Broadcast Configuration Force10#show ip udp-helper Port UDP port list Gi 1/1 1000 Configuring a Broadcast Address Configure a broadcast address on an interface using the command ip udp-broadcast-address, as shown in Figure 16-12 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 354
www.dell.com | support.dell.com Figure 16-12. Configuring a Broadcast Address Force10(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 Force10(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged GigabitEthernet 1/2 no shutdown - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 355
broadcast address and sends it to matching interface. In Figure 16-15, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101. If UDP helper is configured and the packet matches the specified UDP port, then the system changes the address to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 356
IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In Figure 16-16, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If UDP helper is enabled and the UDP port number matches, the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 357
Troubleshooting UDP Helper Display debugging information using the command debug ip udp-helper, as shown in Figure 16-17. Figure 16-17. Debugging UDP Broadcast Force10(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Gi 5/0 with IP DA (0xffffffff) will be sent on Gi 5/1 Gi 5/2 Vlan 3 01:44:54: Pkt - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 358
358 | IPv4 Addressing www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 359
rapid growth in internet users, and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief discussion of the differences between IPv4 and IPv6, and Dell Force10 support of IPv6. This chapter - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 360
dell.com | support.dell.com Some key changes in IPv6 are: • Extended Address Space • Stateless Autoconfiguration • Header Format Simplification • Improved Support the ipv6 nd prefix default command in INTERFACE mode. FTOS manipulation of IPv6 stateless auto-configuration supports the router side - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 361
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information, and 8 bytes for general header information. The IPv6 header includes the following fields: • Version (4 bits) • Traffic Class (8 bits) • Flow Label (20 bits) • Payload - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 362
www.dell.com | support.dell.com Traffic Class (8 bits) The Traffic Class field deals requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 363
Destinations option header Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page http://www.iana.org/assignments/protocol-numbers for a complete and current listing. Hop Limit (8 bits) The Hop Limit field shows the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 364
www.dell.com | support.dell.com Hop-by-Hop Options header The Hop-by-Hop options packet's Source IP Address identifying the unknown option type 11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet's Source IP Address only if the Destination IP Address is not - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 365
Link-local Addresses Link-local addresses, starting with fe80:, are assigned only in connect to a common hub or switch, they have an instant communication path configured in one place, without having to specifically configure each computer on the network in a different way. In IPv6, every interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 366
www.dell.com | support.dell.com Implementing IPv6 with FTOS FTOS supports both IPv4 and IPv6, and both may be used simultaneously in your system. Note: Dell Force10 recommends that you use FTOS version 7.6.1.0 or later when implementing IPv6 functionality on an E-Series system. Table 17-2 lists - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 367
IPv6 7.5.1 8.2.1 Intermediate System to Intermediate System (IS-IS) on page 841 in the FTOS Configuration Guide IS-IS for IPv6 support 7.6.1 8.2.1 for redistribution IPv6 IS-IS in the FTOS Command Line Reference Guide Intermediate System to Intermediate System (IS-IS) on page 841 in the FTOS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 368
Guide QoS for IPv6 in this chapter ICMPv6 c e s ICMPv6 is supported on platforms ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting Problem messages - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 369
can traverse a transmission path without = 1200) Packet Received IPv6 Neighbor Discovery c e s IPv6 NDP is supported on platforms Neighbor Discovery Protocol (NDP) is a top-level protocol for neighbor neighbors known to reside on attached links, quickly purging cached values that become invalid. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 370
www.dell.com | support.dell.com Figure 17-3. NDP Router Redistribution Router C interface will still pass 1500-byte packets, if that is what is set with the mtu command. QoS for IPv6 e IPv6 QoS is supported on platforms FTOS IPv6 supports quality of service based on DSCP field. You can configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 371
MLD queries that the switch forwards through all ports in the VLAN. There are two versions Interface Reference document chapters Multicast IPv6, and Protocol Independent Multicast (IPv6) for configuration details. SSH over an IPv6 Transport c e s IPv6 SSH is supported on platforms FTOS supports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 372
e The cam-profile command is supported only on platform Change your CAM profile to the CAM ipv6-extacl before doing any further IPv6 configuration. Once the CAM profile is changed, save the configuration and reboot your router. Command Syntax Command Mode cam-profile ipv6-extacl EXEC Privileged - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 373
17-5. Command Example: show cam profile (E-Series) Force10#show cam-profile -- Chassis CAM Profile -- --More-- Adjust your CAM-Profile on an C-Series or S-Series c s The cam-acl command is supported on platforms Although this is not a mandatory step, if you plan to implement IPv6 ACLs, you must - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 374
www.dell.com | support.dell.com Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax cam-acl { ipv6acl } show cam-acl Command Mode CONFIGURATION EXEC EXEC Privilege Purpose Allocate space for IPV6 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 375
Static Routes are supported on platforms Use the ipv6 route command to configure IPv6 static routes. Command Syntax ipv6 route prefix type {slot/ port} forwarding router tag Command Mode CONFIGURATION Purpose Set up IPv6 static routes prefix: IPv6 route prefix type {slot/port}: interface type and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 376
access-list-name ipv6 Show IPv6 Information c e s All of the following show commands are supported on platforms View specific IPv6 configuration with the following commands. Command Syntax show ipv6 ? Command Mode EXEC or EXEC Privileged Purpose List the IPv6 show options 376 | IPv6 Addressing - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 377
with the following command. Command Syntax Command Mode show ipv6 interface type {slot/ EXEC port} Purpose Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For all brief summary of IPv6 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 378
www.dell.com | support.dell.com Figure 17-6. Command Example: show ipv6 interface Force10#show ipv6 interface gi 2/2 GigabitEthernet 2/2 is down, with the following command. Command Syntax show ipv6 route type Command Mode EXEC Purpose Show IPv6 routing information for the specified route type. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 379
level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, Gateway of last resort is not set Destination Dist/Metric, Gateway, Last Change C 2001::/64 Figure 17-8. Command Example: show ipv6 route summary Force10#show ipv6 route summary Route Source connected static Total - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 380
www.dell.com | support.dell.com Show the Running-Configuration for an Interface View the configuration for any interface with the following command. Command Syntax show running-config interface type {slot/port} Command Mode EXEC Purpose Show the currently running configuration for the specified - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 381
Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter. IPv6 Addressing | 381 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 382
382 | IPv6 Addressing www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 383
storage arrays - The switch detects any active EqualLogic array directly attached to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. (This feature is available on platforms ) • Automatic configuration of switch ports after detection of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 384
storage traffic flows. The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. If you are using reload-type jump-start command you must enable the LLDP protocol manually. If you delete the startup configuration and reload, the LLDP protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 385
feature is available on platforms Switches support the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array. The command configures a port for the best iSCSI traffic conditions and must be entered in INTERFACE Configuration mode. The following message is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 386
optimization on a switch connected to a Dell Compellent array, follow these steps: Step 1 Task Command Configure the auto-detection of Dell Compellent arrays on a port. Default: Dell Compellent disk arrays are not detected. [no] iscsi profile-compellent Command Mode INTERFACE Enabling and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 387
Mode (Pre-requisite) For all 1G interfaces on the S60 and S4810, configure them as switchports. For more information on configuring switchports, refer to Chapter 15, Interfaces. (Pre-requisite) Enable LLDP protocol on the ports on the S60 and S4810 platforms to be connected to the Dell EqualLogic - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 388
www.dell.com | support.dell.com Use the show commands in Table 18-2 to display information on iSCSI optimization Table 18-2. Displaying iSCSI Optimization Information Command show run iscsi Output Displays all globally-configured non-default iSCSI settings in the current FTOS session. 388 | - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 389
are basically the same, as described in Port Channel Interfaces on page 305 in Chapter 15, Interfaces. The unique benefit of a dynamic LAG is that its ports can toggle between participating in the LAG or acting as dedicated ports, whereas ports in a static LAG must be specifically removed - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 390
property does not match with other LAG member. LACP modes FTOS provides the following three modes for configuration of LACP: • Off-In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. • Active-In this state - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 391
channel-protocol lacp [no] port-channel number mode [active | passive | off] [no] lacp port-priority priority-value Command Mode CONFIGURATION INTERFACE LACP LACP Purpose Configure the system priority. Range: 1- 65535 (the higher the number, the lower the priority) Default: 32768 Enable or disable - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 392
19-2): Figure 19-2. Placing a LAG into a Non-default VLAN Force10(conf)#interface vlan 10 Force10(conf-if-vl-10)#tagged port-channel 32 Configure the LAG interfaces as dynamic After creating a LAG, configure the dynamic LAG interfaces. Figure 19-3 shows ports 3/15, 3/16, 4/15, and 4/16 added to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 393
it has no effect. To configure the LACP long timeout (Figure 196): Step 1 Task Set the LACP timeout value to 30 seconds. Command Syntax lacp long-timeout Command Mode CONFIG-INT-PO Figure 19-4. Invoking the LACP Long Timeout Force10(conf)# interface port-channel 32 Force10(conf-if-po-32)#no - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 394
www.dell.com | support.dell.com To debug LACP, use the following command: Command Syntax [no] debug lacp [config | events | pdu [in | out | [interface [in | out]]]] Command Mode EXEC Purpose Debug LACP, including configuration and events. Shared LAG State Tracking Shared LAG State Tracking - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 395
the group. Command group number port-channel number port-channel number Command Mode CONFIG-PO-FAILOVER-GRP In Figure 19-6, LAGs 1 and 2 have been placed into to the same failover group. Figure 19-6. Configuring Shared LAG State Tracking R2#config R2(conf)#port-channel failover-group R2(conf-po - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 396
:01:e8:05:e8:4c Interface index is 1107755010 Minimum number of links to bring Port-channel up is 1 Port-channel is part of failover- Configure LACP as Hitless c e Configure LACP as Hitless is supported only on platforms: LACP on Dell Force10 systems can be configured to be hitless. When configured - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 397
protocol lacp Force10#show running-config redundancy ! redundancy protocol lacp Force10# Force10#show running-config interface gigabitethernet 0/12 ! interface GigabitEthernet 0/12 no ip address ! port-channel-protocol LACP port-channel 200 mode active no shutdown LACP Basic Configuration Example - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 398
dell.com | support.dell.com Configuring a LAG on ALPHA Figure 19-12. Creating a LAG on ALPHA Alpha(conf)#interface port-channel 10 Alpha(conf-if-po-10)#no ip address Alpha(conf-if-po-10)#switchport Alpha(conf-if-po-10)#no shutdown Alpha(conf-if-po-10)#show config ! interface Port 0 Vlans, 0 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 399
Configuration of LAG 10 on ALPHA Indicates the MAC address assigned to the Alpha#show int port-channel 10 LAG. This does NOT match any of the physical interface MAC addresses. Port is a switch port instead of a router port. LineSpeed 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 400
dell.com | support.dell.com Figure 19-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode 10 Priority 32768 Interfaces participating in the LAG are included here. Port Gi 2/33 is enabled, LACP is enabled and mode is lacp Actor - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 401
-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config ! interface GigabitEthernet 2/31 no ip address ! port-channel-protocol LACP port-channel 10 mode active no shutdown ! Alpha(conf-if-gi-2/31)# interface Port-channel 10 no ip address - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 402
.dell.com | support.dell.com Summary of the configuration on BRAVO Figure 19-17. Summary of the configuration on BRAVO Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 403
Interface index is 140034106 Shows that this is a Layer 2 port. Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode 0 over 1023-byte pkts 705 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info ( - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 404
dell.com | support.dell.com Figure 19-19. Using the show interfaces port-channel Command to Inspect LAG 10 This does NOT match any of the Force10#sh int port 10 physical interface MAC addresses. Port LAG and that this is a switch port instead of a router port. LineSpeed 3000 Mbit Members in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 405
Key 10 Priority 32768 Interfaces participating in the LAG are included here. Port Gi 3/23 is enabled, LACP is enabled and mode is lacp Actor Admin: layer connections. It is supported on both synchronous and asynchronous lines, and can operate in half-duplex or full-duplex mode. It was designed - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 406
www.dell.com | support.dell.com 406 | Link Aggregation Control Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 407
deletes the specified entry • all deletes all dynamic entries • interface deletes all entries for the specified interface • vlan deletes all entries for the specified VLAN Command Syntax clear mac-address-table dynamic {address | all | interface | vlan} Command Mode EXEC Privilege Layer 2 | 407 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 408
Syntax mac-address-table aging-time seconds Range: 1-1000000 Command Mode INTERFACE VLAN FTOS Behavior: The time elapsed before the configured MAC aging time expires is not precisely as configured. For example, the VLAN configuration mac-address-table aging-time 1, does not remove dynamic entries - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 409
all traffic from a device with an unlearned MAC address. FTOS Behavior: When configuring MAC Learning Limit on a port or VLAN the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If the CAM - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 410
dell.com | support.dell.com To set a MAC learning limit on an interface: Task Specify the number of MAC addresses that the system can learn off a Layer 2 interface. Command Syntax mac learning-limit address_limit Command Mode INTERFACE on this port are static by default. When you configure the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 411
also known as "sticky MAC," provides additional port security by preventing a station move. When this option is configured, the first entry in the table is maintained instead of creating a new entry on the new interface. no-station-move is the default behavior. Entries created before this option is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 412
mac learning-limit violate-action Command Mode CONFIGURATION Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it: Task Command Syntax Reset interfaces in ERR_Disabled state caused by - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 413
can be applied to those ports. Task Configure a MAC learning limit on a VLAN. Display the MAC learning limit counters for a VLAN. Command Syntax mac learning-limit limit vlan vlan-id show mac learning-limit [interface slot/port [vlan vlan-id]] Command Mode INTERFACE EXEC Privilege Layer 2 | 413 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 414
dell.com | support.dell.com Task Command Syntax Force10#show mac learning-limit Interface Vlan Learning Dynamic Static Unknown SA Slot/port Id Limit MAC count MAC count Drops Gi 5/84 2 2 0 0 Gi 5/84 * 5 0 0 Gi 5/85 3 3 0 0 Gi 5/85 * 10 0 0 Force10 switches to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 415
must be disassociated with the one port and re-associated with another in the ARP table; in other words, the ARP entry must be "moved". To ensure that this happens, you must configure the command mac-address-table station-move refresh-arp on the Dell Force10 switch at the time that NIC teaming - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 416
default; it must be configured to do so. Default Behavior When an ARP request is sent to a server cluster, either the active server or all of the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell Force10 switch Last ARP Reply VLAN 1 ARP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 417
traffic destined for the server cluster out all member ports in the VLAN connected to the cluster. To ensure that this happens, you must configure the command vlan-flooding on the Dell Force10 switch at the time that the Microsoft cluster is configured (Figure 20-6). As shown in Figure 20-6, the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 418
of the network. Figure 20-7. Configuring Redundant Layer 2 Pairs without Spanning Tree Redundant links create a switching loop. Without STP broadcast storms occurs. Use backup interfaces to create redundant links in networks without STP Force10(conf-if-gi-3/41)#switchport Force10(conf-if-gi-3/41 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 419
: Gi 3/42 Figure 20-8. CLI for Configuring Redundant Layer 2 Pairs without Spanning Tree Force10(conf-if-range-gi-3/41-42)#switchport backup interface GigabitEthernet 3/42 Force10(conf-if-range-gi-3/41-42)#show config ! interface GigabitEthernet 3/41 no ip address switchport switchport - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 420
of 1G, multicast traffic is only flooded on the 1G port. Enable Restricted Layer 2 Flooding using the command restrict-flooding from INTERFACE VLAN mode. In combination with restrict-flooding, you can use the command mac-flood-list from CONFIGURATION mode, without the min-speed option, to allow some - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 421
by the user) the state changes to unknown. 5. If the FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the state changes to Err-disabled. All interfaces in the Err-disabled state must be manually reset using the fefd reset [interface] command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 422
, interface FEFD configurations override global FEFD configurations. • FTOS supports FEFD on physical Ethernet interfaces only, excluding the management interface. Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 423
FEFD configuration which can be enabled again at any time. Step 1 2 3 Task Setup two or more connected interfaces for Layer 2 or Layer 3 use Activate the necessary ports administratively Enable FEFD on each interface Command Syntax Command Mode ip address ip INTERFACE address, switchport - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 424
www.dell.com | support.dell.com Figure 20-12. FEFD enabled interface configuration Force10(conf-if-gi-1/0)#show config ! interface GigabitEthernet 1/0 no ip address switchport fefd mode normal no shutdown Force10(conf-if-gi-1/0)#do show fefd | grep 1/0 Gi 1/0 Normal 3 Unknown Debugging FEFD - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 425
occurs, FEFD will become operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again request from active peer: User request. 02-05-2009 12:40:38 Local7.Debug 10.16.151.12 %RPM1-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Gi - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 426
426 | Layer 2 www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 427
21 Link Layer Discovery Protocol c e s Link Layer Discovery Protocol is supported only on platforms: This chapter contains the following sections: • 802.1AB (LLDP) Overview on page 427 • TIA-1057 (LLDP-MED) Overview on page 430 • Configuring LLDP on page 434 802.1AB (LLDP) Overview Link Layer - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 428
dell.com | support.dell is user configurable. Table 21-1. Type, Length, Value (TLV) Types Type TLV 0 End of LLDPDU 1 Chassis ID 2 Port ID Start Frame Destination MAC Source MAC Delimiter (01:80:C2:00:00:0E) Ethernet Type (0x88CC) LLDPDU Padding FCS TLV 1 Chassis ID TLV 2 Port ID TLV 3 Port - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 429
8 Management address Indicates the network address of the management interface. FTOS does not currently support this TLV. IEEE 802.1 Organizationally Specific TLVs 127 Port-VLAN ID On Dell Force10 systems, indicates the untagged VLAN to which a port belongs Link Layer Discovery Protocol | 429 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 430
127 Port and Protocol VLAN ID On Dell Force10 systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in hybrid mode) 127 VLAN Name Indicates the user-defined alphanumeric string that identifies the VLAN. This TLV is supported on - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 431
Services ELIN Indicates power requirements, priority, and power status Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. FTOS does not currently support these TLVs. Indicates the hardware revision of the LLDP-MED device Indicates the firmware - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 432
values of the LLDP-MED Device Type is listed in Table 21-5. The Dell Force10 system is a Network Connectivity device, which is Type 4. When you enable MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved FTOS Support Yes Yes Yes Yes No No No Table 21-5. LLDP-MED Device Types - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 433
of LLDP-MED is a device's VLAN configuration and associated Layer 2 and Layer 3 configurations, specifically: • VLAN ID • VLAN tagged or untagged status • Layer voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services. Specify - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 434
also honors the power priority value sent by the powered device. However, the CLI configuration takes precedence. • Power Value-Dell Force10 advertises the maximum amount of power that can be supplied on the port. By default it is 15.4W, which corresponds to a Power Value of 130, based on the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 435
page 439 • Configuring Transmit and Receive Mode on page 440 • Configuring a Time to Live on page 441 • Debugging LLDP on page 442 Important Points to Remember • LLDP is disabled by default. • Dell Force10 systems support up to 8 neighbors per interface. • Dell Force10 systems support a maximum of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 436
www.dell.com | support.dell.com Figure 21-7. Configuration and Interface mode LLDP Commands R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 437
the specified TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration. To advertise TLVs: Step Task Command Command Mode 1 Enter LLDP mode. protocol lldp CONFIGURATI ON or INTERFACE 2 Advertise one or more TLVs - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 438
the command show config in either CONFIGURATION or INTERFACE mode, as shown in Figure 21-9 and Figure 21-10, respectively Figure 21-9. Viewing LLDP Global Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 439
Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. You can configure a non-default transmit interval-at CONFIGURATION level or INTERFACE level - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 440
www.dell.com | support.dell.com Figure 21-13. Configuring LLDPDU Transmit and Receive Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 441
tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring a Time to Live The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 442
www.dell.com | support.dell.com Figure 21-15. Configuring LLDPDU Time to Live R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 443
37 0e 04 00 16 00 16 00 00 1w1d19h : LLDP frame sent out successfully of Gi 1/2 1w1d19h : Started Transmit timer for Loc interface Gi 1/2 for time 30 sec fnC0051mp Relevant Management Objects FTOS supports all IEEE 802.1AB MIB objects. • Table 21-7 lists the objects associated with received and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 444
.dell.com | support.dell.com Table 21-7. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration the system and and the ports through which they are enabled for transmission statsAgeoutsTotal lldpStatsRxPortAgeoutsTotal Total number of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 445
subtype port ID 4 Port Description port description 5 System Name system name 6 System Description system description 7 System Capabilities system capabilities 8 Management Address enabled capabilities management address length management address subtype management address interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 446
www.dell.com | support.dell.com Table 21-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name 127 Port-VLAN ID 127 Port and Protocol VLAN ID 127 VLAN Name TLV Variable System PVID Local Remote port and protocol VLAN supported Local Remote port and protocol VLAN - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 447
-MED Capabilities TLV Variable LLDP-MED Capabilities LLDP-MED Class Type 2 Network Policy Application Type Unknown Policy Flag Tagged Flag VLAN ID L2 Priority DSCP Value 3 Location Identifier Location Data Format Location ID Data System Local Remote Local Remote Local Remote Local - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 448
www.dell.com | support.dell.com Table 21-10. LLDP-MED System MIB Objects (continued) TLV Sub-Type TLV Name 4 Extended Power via MDI TLV Variable Power Device Type Power - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 449
c e s Multiple Spanning Tree Protocol is supported on platforms: Protocol Overview Multiple Spanning Tree Protocol achieve load balancing. Figure 22-1. MSTP with Three VLANs Mapped to Two Spanning Tree Instances R1 MSTI 1: VLAN 100 MSTI 2: VLAN 200, VLAN 300 1/21 2/11 R2 MSTI 1 root 1/31 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 450
MSTP, all ports in Layer 2 mode participate in MSTP. • On the C-Series and S-Series, you can configure 64 MSTIs including the default instance 0 (CIST). Configure Multiple Spanning Tree Protocol Configuring Multiple Spanning Tree is a four-step process: 1. Configure interfaces for Layer 2. See - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 451
22-2. Verifying MSTP is Enabled Force10(conf)#protocol spanning-tree mstp Force10(config-mstp)#show config ! protocol spanning-tree mstp no disable Force10# When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 452
dell.com | support.dell.com Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 22-3. Figure 22-3. Mapping VLANs to MSTI Instances Force10(conf)#protocol spanning-tree mstp Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 453
revision number on FTOS is 0. • VLAN-to-instance mapping is the placement of a VLAN in an MSTI. For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision will match on all Dell Force10 FTOS equipment. If you have - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 454
of time the bridge maintains configuration information before it refreshes that information by recomputing the MST topology. • Max-hops is the maximum number of hops a BPDU can travel before a receiving switch discards it. Note: Dell Force10 recommends that only experienced network administrators - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 455
Task Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Change the max-age parameter. Range: 6 to 40 Default: 20 seconds Change the max-hops parameter. Range: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 456
values for these interface parameters using the command show config from INTERFACE mode. See Figure 22-8. Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 457
tree on the interface (no spanning-tree in INTERFACE mode). •Disabling global spanning tree (no spanning-tree in CONFIGURATION mode). Figure 22-8. Configuring EdgePort Force10(conf-if-gi-3/41)#spanning-tree mstp edge-port Force10(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 458
www.dell.com | support.dell.com Blocking MSTP Sample Configurations The running-configurations in Figure 22-10, Figure 22-11, and Figure 22-11 support the topology shown in Figure 22-9. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 22-13, could be - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 459
. Router 1 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 1/21 no ip address switchport no shutdown ! interface GigabitEthernet 1/31 no ip address switchport no shutdown ! interface Vlan 100 no ip - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 460
www.dell.com | support.dell.com Figure 22-11. Router 2 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 2/11 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 461
. Router 3 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 3/11 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no ip address switchport no shutdown ! interface Vlan 100 no ip - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 462
spanning-tree port mode enable switchport protected 0 exit Assign Layer-2 interfaces to MSTP topology interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit Create VLANs mapped to MSTP Instances Tag interfaces to VLANs interface vlan 300 tagged - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 463
in the incoming BPDU on port Gi 1/31 for instance 0 Examine your individual routers to ensure all the necessary parameters match. 1. Region Name 2. Region Version 3. VLAN to Instance mapping The show spanning-tree mst commands will show various portions of the MSTP configuration. To view the overall - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 464
dell.com | support.dell.com Figure 22-15. Sample Output for show running-configuration spanning-tree mstp command Force10#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 32768:0001.e806.953e, CIST Port Id: 128:470 Indicates MSTP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 465
page 475 • Multicast Quality of Service on page 475 • Optimize the E-Series for Multicast Traffic on page 476 • Tune the Central Scheduler for Multicast on page 476 FTOS supports the following multicast protocols: • PIM Sparse-Mode on page 519 • PIM Source-Specific Mode on page 529 • Internet Group - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 466
dell.com | support.dell.com Prior to enabling any multicast protocols, you must enable multicast routing. Task Enable multicast routing. Command Syntax ip multicast-routing Command Mode CONFIGURATION Multicast with ECMP Dell Force10 Group Table Group Address Interface Group 1 GigabitEthernet - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 467
use well-known protocol multicast addresses for data transmission, such as the ones below. Protocol OSPF -fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 lossless multicast. In previous versions, when the Dell Force10 system is an RP, all initial packets - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 468
than discarding them until the (S,G) entry is created, making Dell Force10 systems suitable for applications sensitive to multicast packet loss. Note: on the system. ip multicast-limit Range: 1-50000 Default: 15000 Command Mode CONFIGURATION When the limit is reached, FTOS does not process - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 469
least 30 seconds between stopping and starting IGMP join processing. You may that is exists per port-pipe. Any software-configured limit might be superseded access-group access-list-name from INTERFACE mode to apply the access list. rules. In Figure 23-2, VLAN 400 is configured with an access list - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 470
Preventing a Host from Joining a Group 470 | Multicast Features www.dell.com | support.dell.com Source 2 10.11.1.2 interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.23.2/24 no shutdown Source - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 471
from INTERFACE mode. interface from EXEC Privilege mode configure stub multicast routing), use the ip pim neighbor-filter command from INTERFACE mode . Prevent a Source from Registering with the RP Use the command ip pim register-filter from CONFIGURATION mode interfaces are listed. R2 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 472
dell.com | support.dell.com R2(conf )#do show ip pim tib interface GigabitEthernet 3/21 ip pim sparse-mode interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown R1(config interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 400 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 473
Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the configured route limit is reached. Task Limit the total number of IPv6 multicast routes on the system. Command Syntax ipv6 multicast-limit Range: 1-50000 Default: 15000 Command Mode CONFIGURATION - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 474
support.dell.com Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Prevent a router from participating in PIM. ipv6 pim neighbor-filter access-list Force10(conf)#ipv6 pim neighbor-filter NEIGH_ACL Force10(conf)#ipv6 access-list NEIGH_ACL Force10(conf-ipv6-acl)#show config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 475
mroutes and mBGP routes are preferred over unicast routes. When a Dell Force10 system is the last hop to the destination, FTOS sends a default] -2 10.11.5.2 Command Mode EXEC Privilege Multicast Quality of Service e Multicast Quality of Service is supported only on platform: The Quality of Service - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 476
forwarding. For multicast intensive applications like trading, Dell Force10 recommends reconfiguring some default settings. You may do one or more for unicast and multicast packets via the Terabit backplane. The default configuration of the Central Scheduler is optimized for network environments - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 477
example, if the majority of your traffic is multicast, the default configuration might yield greater latency. In this case, allocate more backplane using the command queue multicast bandwidth-percent from CONFIGURATION mode. View your configuration using the command show queue backplane multicast - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 478
478 | Multicast Features www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 479
OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Force10 Operating System (FTOS). It is not intended to provide a Configuration Information • Configuration Task List for OSPFv2 (OSPF for IPv4) • Configuration Task List for OSPFv3 (OSPF for IPv6) • Sample Configurations - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 480
www.dell.com | support.dell.com Protocol Overview Open Shortest Path First (OSPF) routing is a link-state routing protocol that calls for the sending of Link-State Advertisements (LSAs) to all other routers within the same Autonomous System (AS) Areas. Information on attached interfaces, metrics - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 481
contained in any area, and their attached routers. The Backbone is the only area with an default area number. All other areas can have their Area ID assigned in the configuration. Figure 24-1 shows Routers A, B, C, G, H, and I are the Backbone. Open Shortest Path First (OSPFv2 and OSPFv3) | 481 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 482
The router ID does not have to be associated with a valid IP address. However, Dell Force10 recommends that the router ID and the router's IP address reflect each other, to make troubleshooting easier. Figure 24-2gives some examples of the different router designations. 482 | Open Shortest - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 483
Figure 24-2. OSPF Routing Examples Router E Router F Interior Router Router M Interior Router Router K Router L Router D Not So Stubby Area Area 100 Router B Backbone Router Router C Stub Area Area 200 Router G Backbone Area Area 0 Router H Area Border Router Router A Router I Interior - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 484
www.dell.com | support.dell.com Area Border Router (ABR) Within an AS, an Area Border (ABR designations are not the same ad the router IDs discussed earlier. The Designated and Backup Designated Routers are configurable in FTOS. If no DR or BDR is defined in FTOS, the system assigns them. OSPF looks - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 485
SPF algorithms. • OSPFv2 always discards unknown LSA types. The LSA types supported by Dell Force10 are defined as follows: • Type 1 - Router LSA • The router own area only. The Link-State ID of the Type 2 LSA is the IP interface address of the DR. • Type 3 - Summary LSA (OSPFv2), Inter-Area-Prefix - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 486
www.dell.com | support.dell.com Each router link is defined as one of four types: type 1, 2, area and the router ID of the other virtual endpoint (the other ABR). A Virtual Link cannot be configured through a Stub Area or NSSA. Router Priority and Cost Router priority and cost is the method the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 487
1 OSPFv3 process ID per system. Recall that OSPFv2 and OSPFv3 can coexist but must be configured individually. FTOS supports Stub areas, Totally Stub (No Summary) and Not So Stubby Areas (NSSAs) and supports the following LSAs, as discussed earlier in this document. • Router (type 1) • Network (type - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 488
is supported because the forwarding tables previously computed by an active RPM have been downloaded into the Forwarding Information Base on the line cards (the data plane), and are still resident. For packets that have existing FIB/CAM entries, forwarding between ingress and egress ports/VLANs etc - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 489
to 4 OSPFv2 processes. • The S55, S60, and S4810 support up to 16 OSPFv2 processes. • The Z9000 supports up to 3 OSPFv2 processes. Each OSPFv2 process has a unique process ID and must have an associated Router ID. There must be an equal number of interfaces must be in Layer-3 mode for the number of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 490
the number of small ACK packets sent to a neighboring router. OSPF ACK packing is enabled by default, and non-configurable. OSPF Adjacency with Cisco Routers To establish an OSPF adjacency between Dell Force10 and Cisco routers, the hello interval and dead interval must be the same on both routers - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 491
must be assigned to OSPF areas. OSPF must be configured GLOBALLY on the system in CONFIGURATION mode. OSPF features and functions are assigned to each router using the CONFIG-INTERFACE commands for each interface. Note: By default, OSPF is disabled Configuration Task List for OSPFv2 (OSPF for IPv4 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 492
dell.com | support.dell.com 3. Add interfaces or configure other attributes. The following configuration steps include two mandatory steps and several optional ones: • Enable OSPFv2 (mandatory) • Enable Multi-Process OSPF • Assign an OSPFv2 area (mandatory) • Enable OSPFv2 on interfaces • Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 493
. In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router's IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting. Command Syntax router-id ip address Command Mode Usage CONFIG-ROUTER - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 494
address mask 2 no shutdown Command Mode Usage CONFIG-INTERFACE Assign an IP address to an interface. Format: A.B.C.D/M If using a Loopback interface, refer to Loopback Interfaces on page 304. CONFIG-INTERFACE Enable the interface. Return to CONFIGURATION mode to enable the OSPF process. The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 495
In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router's IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting. Command Syntax router-id ip address Command Mode Usage CONFIG-ROUTER-O - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 496
's IP Address to an Area Dell Force10 recommends that the OSPFv2 Router ID be the interface IP addresses for easier management and troubleshooting. Use the show config command in CONFIGURATION ROUTER OSPF mode to view the configuration. OSPF, by default, sends hello packets out to all physical - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 497
10.168.253.2/32, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Force10# Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 498
www.dell.com | support.dell.com Step 3 4 Command Syntax Command Mode Usage router ospf process-id [vrf {vrf CONFIGURATION name}] Enter the ROUTER OSPF mode. Process ID is the ID assigned when configuring OSPFv2 globally (page 58). vrf name: Enter the VRF key word and instance name to tie the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 499
the router from sending updates on that interface. Command Syntax passive-interface {default | interface} Command Mode Usage CONFIG-ROUTEROSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process. Entering the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 500
www.dell.com | support.dell.com Figure 24-13. Command Example: show ip ospf process-id interface Force10#show ip ospf 34 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 501
. Command Example: show ip ospf process-id (fast-convergence enabled) Force10(conf-router_ospf-1)#fast-converge 2 Force10(conf-router_ospf-1)#ex Force10(conf)#ex Force10#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 502
1 to 65535 (default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Use the show config command in CONFIGURATION INTERFACE mode (Figure 24-16) to view interface configurations. Use the show ip ospf interface command in EXEC mode to view interface status in the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 503
This transmission stops when the period ends. The default is 0 seconds. Enable graceful restart Graceful Restart is enabled for the global OSPF process. Use these commands to configure OSPF graceful restart. Refer to Graceful Restart on page 488 for feature details. The Dell Force10 implementation - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 504
-only | unplanned-only] CONFIG-ROUTEROSPF-id Specify the operating mode in which graceful-restart functions. FTOS supports the following options: • Planned-only. The OSPF router supports graceful-restart for planned restarts only. A planned restart is when the user manually enters a fail-over - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 505
no graceful-restart grace-period Command Mode CONFIG-ROUTEROSPF-id Usage Disable OSPF graceful-restart. Returns OSPF graceful-restart to its default state. For more information on OSPF graceful restart, refer to the FTOS Command Line Interface Reference. Configure virtual links Areas within OSPF - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 506
www.dell.com | support.dell.com Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links. Command Syntax Command Mode Usage area area-id virtual-link router-id [hello-interval seconds | retransmit-interval seconds | transmit-delay seconds | dead-interval seconds | - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 507
Guide. Use the following commands in CONFIGURATION-ROUTER OSPF mode to apply prefix lists to incoming or outgoing OSPF routes Command Syntax Command Mode Usage distribute-list prefix-list-name in [interface] distribute-list prefix-list-name out [connected | isis | rip | static] CONFIG - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 508
www.dell.com | support.dell.com Redistribute routes You can add routes from other OSPF configuration, use the show running-config ospf command in the EXEC mode or the show config command in the ROUTER OSPF mode Figure 24-19. Command Example: show config Force10(conf-router_ospf)#show config ! - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 509
this is not a comprehensive list, just some examples of typical troubleshooting checks. • Has OSPF been enabled globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the interfaces configured for Layer 3 correctly? • Is the router in the correct area - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 510
www.dell.com | support.dell.com Figure 24-20. Command Example: show running-config ospf Force10#show run ospf ! router ospf 3 ! router mode to view the OSPFv2 configuration for a neighboring router: Command Syntax show ip ospf neighbor Command Mode Usage EXEC Privilege View the configuration - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 511
Process ID and an Area in the INTERFACE mode. If an OSPFv3 process has not yet been created, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. Note: IPv6 and OSPFv3 do not support Multi-Process OSPF. Only a single OSPFv3 process - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 512
routes • Configure a default route Enable IPv6 Unicast Routing Command Syntax ipv6 unicast routing Command Mode CONFIGURATION Usage Enables IPv6 unicast routing globally. Assign IPv6 addresses on an interface Command Syntax ipv6 address ipv6 address Command Mode CONF-INT-type slot/port no - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 513
for an OSPFv3 router is entered as an IPv4 IP address. Configure stub areas Command Syntax area area-id stub [no-summary] Command Mode CONF-IPV6-ROUTER-OSPF Usage Configure the area as a stub area. Use the no-summary keywords to prevent transmission in to the area of summary ASBR LSAs. Area ID - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 514
www.dell.com | support.dell.com Configure Passive-Interface Use the following command to suppress the interface's participation on an OSPFv3 interface. This command stops the router from sending updates on that interface. Command Syntax passive-interface {type slot/port} Command Mode CONF-IPV6- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 515
-value range: 0 to 4294967295. Configure a default route Configure FTOS to generate a default external route into the OSPFv3 routing domain. Command Syntax default-information originate [always [metric metric-value] [metric-type type-value]] [route-map map-name] Command Mode CONF-IPV6-ROUTER-OSPF - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 516
this is not a comprehensive list, just some examples of typical troubleshooting checks. • Has OSPF been enabled globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the interfaces configured for Layer 3 correctly? • Is the router in the correct area - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 517
keyword TenGigabitEthernet followed by the slot/port information ( e.g. passive-interface ten 2/3). • For a VLAN, enter the keyword vlan followed by a number from 1 to 4094 (e.g. passive-interface vlan 2222). E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 518
www.dell.com | support.dell.com Figure 24-21. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 GI 1/1 GI 1/2 GI 3/1 GI 2/1 GI 2/2 GI 3/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 519
Prune requests in the same message. • FTOS supports PIM-SM on physical, VLAN, and port-channel interfaces. • FTOS supports 2000 IPv6 multicast forwarding entries, with up to 128 PIM-SSM neighbors/interfaces. • PIM-SM on VLAN interfaces is supported on the E-Series on TeraScale platforms only. • IPv6 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 520
www.dell.com | support.dell.com Requesting Multicast Traffic A host Join message for which it already has a (*,G) entry, the interface on which the message was received is added to the outgoing interface list associated with the (*,G) entry, and the message is not RP and the 520 | PIM Sparse-Mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 521
list the interface on which the message was received as an outgoing interface, thus recreating a SPT to the source. 3. Once the RP starts receiving If a loopback interface with a /32 mask is used as the RP, you must enable PIM Sparse-mode on the interface. Configure PIM-SM Configuring PIM-SM is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 522
www.dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step Task 1 Enable multicast routing on the system. 2 Enable PIM-Sparse Mode Command ip multicast-routing ip pim sparse-mode Command Mode CONFIGURATION INTERFACE Display which interfaces are - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 523
SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, Default: 210 Command ip pim sparse-mode sg-expiry-timer seconds Command Mode CONFIGURATION Configure Mode CONFIGURATION CONFIG-EXT-NACL PIM Sparse - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 524
(config-ext-nacl)#exit Force10(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer Display the expiry time configuration using the show running-configuration [acl | pim] command from EXEC Privilege mode. Configure a Static Rendezvous Point The rendezvous point is a PIM-enabled interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 525
bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the default the DR priority value is 192, so the IP address determines the DR. • Assign a DR priority value using the command ip pim dr-priority priority-value from INTERFACE mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 526
hello information about that neighbor should be discarded and superseded by the information from the new hello message. FTOS supports graceful restart based on the GenID. A Dell Force10 PIM router announces its graceful restart capability to its neighbors up front as an option in its hello messages - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 527
pim graceful-restart nsf from CONFIGURATION mode. There are two options with this command: • restart-time is the time required by the Dell Force10 system to restart. The default value is 180 seconds. • refer to any timer show the time that the timer started; it is 0 otherwise. PIM Sparse-Mode | 527 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 528
528 | PIM Sparse-Mode www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 529
26 PIM Source-Specific Mode c e s PIM Source-Specific Mode is supported on platforms: PIM-Source-Specific Mode (PIM-SSM) is a switches to the SPT. PIM-SSM uses IGMPv3. Since receivers subscribe to a source and group, the RP and shared tree is unnecessary, so only SPTs are used. On Dell Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 530
IGMPv2 versus PIM-SM with IGMPv3 530 | PIM Source-Specific Mode www.dell.com | support.dell.com R2(conf )#do show ip pim tib PIM Multicast interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:02:12/Never interface Vlan 400 ip pim sparse-mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 531
The Dell Force10 implementation of PIM-SSM is based on RFC 3569. • C-Series supports a maximum of 31 PIM interfaces and 4K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors C-Series can have. • S-Series supports a maximum of 31 PIM interfaces and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 532
3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the command ip igmp ssm-map acl source from CONFIGURATION mode. In a standard access list, specify the groups or - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 533
command, FTOS displays an error message. If you apply an extended ACL before you create it, FTOS accepts the configuration, but when the ACL is later defined, FTOS ignores the ACL and the stated mapping has no effect. Display detail, as shown in Figure 26-4 on page 535. PIM Source-Specific Mode | 533 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 534
versus PIM-SSM with IGMPv2 534 | PIM Source-Specific Mode www.dell.com | support.dell.com R2(conf )#do show ip pim tib PIM Multicast interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:33/Never interface Vlan 400 ip pim sparse-mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 535
Figure 26-4. Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Member Ports: Gi 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 536
536 | PIM Source-Specific Mode www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 537
the S-Series. The C-Series and S-Series transmit power to connected IEEE 802.3af-compliant powered devices through ports that have been configured to supply PoE. Those platforms also support the protocols LLDP and LLDP-MED, which help optimize power distribution to PoE devices. See Chapter 46, Link - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 538
Phones require only 3-10 Watts. So, if the ports are configured optimally, more PDs can be powered with fewer PSUs. AC power supplies in order to support PoE. You can also add the external Dell Force10 470W Redundant Power Supply to power more PoE devices. For details, see Power Additional PoE Ports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 539
Additional PoE Ports on the S-Series on page 547 Enabling PoE on a Port PoE is disabled by default. Enable PoE on a port from INTERFACE mode using the port using the no power inline command. Ports configured with power inline auto have a lower priority for access to power than those configured - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 540
www.dell.com | support.dell.com View the amount of power that a port is consuming using the show power inline command from EXEC privilege mode. Figure 27-2. PoE Allocation Displayed with show power inline Command (example from C-Series) Force10#show power inline Interface Admin Gi 0/40 auto - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 541
W Table 27-4 describes the fields that the show power detail command displays. Table 27-4. show power detail Field Description Field Port Number Catalog Name Displays the Dell Force10 catalog number of the line card, RPM, and fan tray. Slot ID Displays the slot number in which the component - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 542
allocates no power, and the PD does not power up. static: Ports configured in static mode reserve a fixed power allocation whether a device is connected or not. By default 15.4W is allocated, but this is user-configurable with the max_milliwatts option. No dynamic PoE class detection is performed on - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 543
maximum power for the device class is more than than the power limit you specified, FTOS does not allocate any power. Note: When a port is configured with power inline auto (with or without the max_milliwatts option) and the PoE device is disconnected, the allocated power is returned to the power - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 544
www.dell.com | support.dell.com • If there is not enough power in the budget, the configuration is maintained and port waits for load-sharing external DC PSU). Enabling PoE on more ports than is supported by the power budget produces one of these results: • If the newly PoE-enabled port has a lower - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 545
card and port number. The default prioritization is presented in Table 27-5. Note: For S-Series, where Table 27-5 refers to "line cards with the lowest slot number", substitute "S-Series stack members with the lowest unit ID".) Table 27-5. PoE Ports Priorities Configuration Ports configured with - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 546
www.dell.com | support.dell.com Recover from a Failed Power Supply If ports are PoE-enabled, and a PSU fails, power might be terminated on some ports to compensate for the power loss. This does not affect PoE individual port configurations. For C-Series, use the show power supply command to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 547
connecting the external Dell Force10 DC 470W Redundant Power Supply to the Current Sharing terminal of the S50V and S25V. This power supply is in backup mode by default, but you can use the power budget stack-unit command to allow that external power supply to be used for powering PoE ports. 790W is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 548
configured in the same way. Figure 27-8. Creating VLANs for an Office VOIP Deployment Force10#show running-config interface configured ! interface GigabitEthernet 6/0 no ip address no shutdown ! interface VLAN, dot1P, and DSCP configurations on the switch so that you do not need to manually configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 549
Figure 27-9. LLDP Configuration for Office VOIP Deployment Force10#show running-config lldp protocol lldp advertise med advertise med voice 200 6 46 advertise med voice-signaling 300 5 28 no disable Force10#show lldp neighbors Loc PortID Rem Chassis Id Rem Port Id Gi 6/10 Gi 6/11 Gi - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 550
550 | Power over Ethernet www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 551
page 553 • Configuring Port Monitoring on page 556 • Flow-based Monitoring on page 558 Important Points to Remember • Port Monitoring is supported on physical ports only; VLAN and port-channel interfaces do not support port monitoring. • A SONET port may only be a monitored port. • The Monitored - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 552
www.dell.com | support.dell.com • The C-Series and S-Series may only have four destination ports per port-pipe. There is no limitation on the total number of monitoring sessions. Table 28-1 lists the maximum number of monitoring sessions per system. For the C- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 553
Port Monitoring Configurations on the E-Series Line Card 0 Line Card 1 Port-Pipe 0 Port-Pipe 1 Port-Pipe 0 Port-Pipe 1 Monitor Session 0 MD MG Monitor Session 1 MD MG Monitor Session 2 MD Monitor Session 3 MD Port Monitoring 002 E-Series ExaScale FTOS on E-Series ExaScale supports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 554
20 Gi 0/15 Gi 0/3 rx interface 30 Gi 0/16 Gi 0/37 rx interface 300 Gi 0/17 Gi 0/1 tx interface Force10(conf-mon-sess-300)# Type ---Port-based Port-based Port-based Port-based Type ---Port-based Port-based Port-based Port-based Port-based In Figure 28-2, ports 0/13, 0/14, 0/15, and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 555
rx rx tx tx tx Mode ---interface interface interface interface interface interface interface Type ---Port-based Port-based Port-based Port-based Port-based Port-based Port-based A source port may only be monitored by one destination port (Message 6), but a destination port may monitor more than - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 556
, as shown in Figure 28-6. Figure 28-6. Configuring Port-based Monitoring Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 no ip address no shutdown Force10(conf-if-gi-1/2)#exit Force10(conf)#monitor session 0 Force10(conf-mon-sess-0)#source gig 1/1 dest gig 1/2 direction - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 557
1/3 Server Traffic 1/2 Host Server Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 no ip address no shutdown Sniffer Force10(conf )#monitor session 0 Force10(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction rx Port Monitoring 001 Port Monitoring | 557 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 558
-list Apply the ACL to the monitored port. See Chapter 7, ip access-group Access Control Lists (ACL), Prefix Lists, and Route-maps. access-list Command Mode MONITOR SESSION CONFIGURATION INTERFACE View an access-list that you applied to an interface using the command show ip accounting access - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 559
15 deny udp any any count bytes Force10(config-ext-nacl)#seq 20 deny tcp any any count bytes Force10(config-ext-nacl)#exit Force10(conf)#interface gig 1/1 Force10(conf-if-gi-1/1)#ip access-group testflow in Force10(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 ip address 10.11.1.254/24 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 560
560 | Port Monitoring www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 561
page 564 • Private VLAN Configuration Example on page 567 • Inspecting the Private VLAN Configuration on page 568 Private VLANs extend the FTOS security suite by providing Layer 2 isolation between ports within the same VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 562
and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports. • Host port: A host port, in the context of a private VLAN, is a port in a secondary VLAN: • The port must first be assigned that role in INTERFACE mode. • A port assigned the host role cannot be - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 563
port channels, see Port Channel Interfaces on page 305 in Chapter 15, Interfaces. For an introduction to VLANs, see Chapter 20, Layer 2. Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 29-1. Private VLAN Commands Task Command Syntax Command Mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 564
Layer 2 mode. Select the PVLAN mode: • host (port in isolated or community VLAN) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) For interface details, see Enable a Physical Interface on page 296 in Chapter 15, Interfaces. Note: Interfaces that are configured as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 565
-proxy-arp Command Mode Purpose CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. INTERFACE VLAN Enable the VLAN. INTERFACE VLAN Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN Map secondary VLANs to the selected primary - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 566
untagged interface Command Mode Purpose CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. INTERFACE VLAN Enable the VLAN. INTERFACE VLAN Set the PVLAN mode of the selected VLAN to community. INTERFACE VLAN Add one or more host ports to the VLAN. The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 567
mode community Force10(conf-vlan-101)# untagged Gi 2/10 Force10(conf)# interface vlan 100 Private VLAN Configuration Example Figure 29-3. Sample Private VLAN Topology The following configuration is based on the example diagram, above: On C300-1: • Gi 0/0 and Gi 23 are configured as promiscuous ports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 568
ports (0/25 in each switch). Inspecting the Private VLAN Configuration The standard methods of inspecting configurations also apply in PVLANs: • Within the INTERFACE and INTERFACE VLAN modes, use the show config command to display the specific interface configuration. • Inspect the running-config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 569
, I - Isolated Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack NUM * 1 100 P 200 I 201 Status Inactive Inactive Inactive Inactive Description primary VLAN in PVLAN isolated VLAN in VLAN 200 Q Ports T Gi 0/19-20 T Gi 0/21 PVLAN codes Private - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 570
dell.com | support.dell.com Figure 29-8. Example running-config Output of PVLAN Configuration from S50V ! interface GigabitEthernet 0/3 no ip address switchport switchport mode private-vlan promiscuous no shutdown ! interface GigabitEthernet 0/4 no ip address switchport switchport mode private-vlan - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 571
30 Per-VLAN Spanning Tree Plus c e s Per-VLAN Spanning Tree Plus is supported platforms: Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree-developed by a third party- that allows you to configure a separate Spanning Tree instance for each VLAN. For more - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 572
PVST+ on 254 VLANs. Configure Per-VLAN Spanning Tree Plus Configuring PVST+ is a four-step process: 1. Configure interfaces for Layer 2. 2. Place the interfaces in VLANs. 3. Enable PVST+. See page 573. 4. Optionally, for load balancing, select a non-default bridge-priority for a VLAN. See page 573 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 573
pvst Command Mode PROTOCOL PVST INTERFACE Display your PVST+ configuration by entering the command show config from PROTOCOL PVST context, as shown in fig. Figure 30-2. Display the PVST+ Configuration Force10_E600(conf-pvst)#show config verbose ! protocol spanning-tree pvst no disable vlan 100 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 574
use the default priority (until configured otherwise), lowest MAC address is used as a tie-breaker. Assign bridges a low non-default value for bridge bridge priority. Range: 0 to 61440 Default: 32768 Command Syntax vlan bridge-priority Command Mode PROTOCOL PVST Display the PVST+ forwarding - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 575
parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Command Syntax vlan forward-delay vlan hello-time Command Mode PROTOCOL PVST PROTOCOL PVST Per-VLAN Spanning Tree Plus | 575 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 576
Dell Force10 systems in a multi-vendor network, verify that the costs are values you intended. To change the port cost or priority of an interface: Task Change the port cost of an interface. Range: 0 to 200000 Default: see Table 30-2. Command Syntax spanning-tree pvst vlan cost Command Mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 577
the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 Command Syntax spanning-tree pvst vlan priority Command Mode INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 30-4. Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 578
-on-violation]] ). •Disable spanning tree on the interface (no spanning-tree in INTERFACE mode). •Disabling global spanning tree (no spanning-tree in CONFIGURATION mode). PVST+ in Multi-vendor Networks Some non-Dell Force10 systems which have hybrid ports participating in PVST+ transmit two kinds of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 579
to blocking unless Extended System ID is enabled VLAN unaware Hub Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST Force10(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 580
www.dell.com | support.dell.com Figure 30-6. PVST+ Sample Configuration: R1 Running-configuration interface GigabitEthernet 1/22 no ip address switchport no shutdown ! interface GigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 581
200 bridge-priority 4096 Figure 30-8. PVST+ Sample Configuration: R3 Running-configuration interface GigabitEthernet 3/12 no ip address switchport no shutdown ! interface GigabitEthernet 3/22 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged GigabitEthernet 3/12,22 no - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 582
582 | Per-VLAN Spanning Tree Plus www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 583
Table 31-1. FTOS Support for Port-based, Policy-based, and Multicast QoS Features Feature Port-based QoS Configurations Set dot1p Priorities for Incoming Traffic Honor dot1p Priorities on Ingress Traffic Configure Port-based Rate Policing Configure Port-based Rate Limiting Configure Port-based Rate - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 584
www.dell.com | support.dell.com Table 31-1. FTOS Support for Port-based, Policy-based, and Multicast QoS Features Feature Create a QoS Policy Create an input QoS policy Configure policy-based rate policing Set a DSCP value for egress packets Set a dot1p value for egress packets Create an output - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 585
2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface, and SONET line cards support only port-based QoS. Port-based QoS Configurations You can configure the following QoS features on an interface: • Set dot1p Priorities for Incoming Traffic on - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 586
| support.dell.com • Configure Port-based Rate Limiting on page 588 • Configure Port-based Rate Shaping on page 589 • Storm Control on page 769 Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 587
-class dynamic dot1p Command Example Force10#config t Force10(conf)#interface gigabitethernet 1/0 Force10(conf-if)#service-class dynamic dot1p Force10(conf-if)#end Force10# Priority-tagged Frames on the Default VLAN e c s Priority-tagged Frames on the Default VLAN is available only on platforms - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 588
Limiting e Configure Port-based Rate Limiting is supported only on platform FTOS Behavior: On the C-Series and S-Series, rate shaping is effectively rate limiting because of its smaller buffer size. Rate limit egress traffic on an interface using the command rate limit from INTERFACE mode, as shown - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 589
. Figure 31-8. Applying Rate Shaping to Outgoing Traffic Force10#config Force10(conf)#interface gigabitethernet 1/0 Force10(conf-if)#rate shape 500 50 Force10(conf-if)#end Force10# Policy-based QoS Configurations Policy-based QoS configurations consist of the components shown in Figure 31-9. Quality - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 590
www.dell.com | support.dell.com Figure 31-9. Constructing Policy-based QoS Configurations Interface Input Service Policy 0 Input Policy Map 7 Input Policy Map Output Service Policy 0 Output Policy Map 7 Output Policy Map Class Map DSCP Input QoS Policy L3 ACL L3 Fields Rate Policing - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 591
Force10(conf-policy-map-in)#service-queue 7 class-map cmap1 Force10(conf-policy-map-in)#service-queue 4 class-map cmap2 Force10(conf-policy-map-in)#exit Force10(conf)#interface gig 1/0 Force10(conf-if-gi-1/0)#service-policy input pmap Create a Layer 2 class map All class maps are Layer 3 by default - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 592
www.dell.com | support.dell.com Set DSCP values for egress packets based on match ip precedence 7 set-ip-dscp 1 Force10#show run qos-policy-input ! qos-policy-input flowbased set ip-dscp 3 Force10# show cam layer3 linecard 2 port-set 0 Cam Port Dscp Proto Tcp Src Dst SrcIp DstIp DSCP Queue - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 593
a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. Below, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is "match any," and ClassAF2 is "match all". Force10#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 594
www.dell.com | support.dell.com Create a QoS Policy There are two types of QoS policies: input qos statistics" command is reset. Create an input QoS policy To create an input QoS policy: 1. Create a Layer 3 input QoS policy using the command qos-policy-input from CONFIGURATION mode. Create a Layer 2 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 595
policy-based rate limiting is supported only on platform Policy-based rate limiting is configured the same way as port-based rate limiting except that the command from QOS-POLICY-OUT mode is rate-limit rather than rate limit as it is in INTERFACE mode. Configure policy-based rate shaping Rate - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 596
Table 31-3. Default Bandwidth Weights for C-Series and S-Series Queue 0 1 2 3 Default Weight 1 bandwidth to one queue, Dell Force10 recommends that you evaluate your supported only on platform Specify a WRED profile to yellow and/or green traffic using the command wred from QOS-POLICY-OUT mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 597
traffic on a Layer 2 interface using Layer 3 policy map. The packets always take the default queue, Queue 0, and cannot be rate-policed. Apply a class-map or input QoS policy to a queue Assign an input QoS policy to a queue using the command service-queue from POLICY-MAP-IN mode. Apply an input - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 598
; see Priority-tagged Frames on the Default VLAN. Fall Back to trust diffserve or dot1p e Fall Back to trust diffserve or dot1p is available only on platforms: When using QoS service policies with multiple class maps, you can configure FTOS to use the incoming DSCP or dot1p marking as a secondary - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 599
occurs, the packet is queued to the default queue, Queue 0. In the following configuration, packets are classified to queues using the three class maps: ! policy-map-input input-policy service-queue 1 class-map qos-BE1 service-queue 3 class-map qos-AF3 service-queue 4 class-map qos-AF4 ! class-map - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 600
mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. • You cannot apply a class-map and QoS policies to the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 601
an interface using the command service-policy output from INTERFACE mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. QoS Rate Adjustment The Ethernet packet format consists of: • Preamble: 7 bytes Preamble • Start Frame Delimiter - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 602
www.dell.com | support.dell.com Strict-priority Queueing You can assign strict-priority to one unicast queue, 1-7, using the command strict-priority from CONFIGURATION mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. • The strict- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 603
a 6 bit field. Dell Force10 uses the first three mode using the command wred. Configure WRED for Storm Control e Configure WRED for Storm Control is supported only on platform Storm control limits the percentage of the total bandwidth that broadcast traffic can consume on an interface (if configured - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 604
limit the amount of buffer space that broadcast traffic can consume. Display Default and Configured WRED Profiles Display default and configured WRED profiles and their threshold values using the command show qos wred-profile from EXEC mode, as shown in Figure 31-14. Figure 31-14. Displaying WRED - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 605
show qos statistics Command Example Force10#show qos statistics wred-profile Interface Gi 5/11 Queue# Drop port-pipe to multicast traffic using the command queue egress multicast bandwidth-percentage from CONFIGURATION mode. • If you configure bandwidth-percentage for unicast only, 1/8 of the port - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 606
test cam-usage service-policy input policy-map {linecard | stack-unit } all The output of this command, shown in Figure 31-16, displays: • the estimated number of CAM entries the policy-map will consume • whether or not the policy-map can be applied • the number of interfaces in a port-pipe to which - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 607
an interface cannot be determined without first measuring how many CAM entries the policy-map would consume; the command test cam-usage is useful because it provides this measurement. Figure 31-16. test cam-usage Command Example Force10# test cam-usage service-policy input pmap_l2 linecard 0 port - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 608
dell.com | support.dell.com Figure 31-17. Honoring the DSCP Value on Incoming Voice Data Force10#sh run policy-map-input ! policy-map-input HonorDSCP trust diffserv Force10#sh run int gigabitethernet 6/11 ! interface -19 depicts the topology and shows the configuration for a C-Series. The steps are - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 609
next-hop router. Command Mode CONFIGURATION CLASS-MAP CONFIGURATION POLICY-MAP-IN CONFIGURATION QOS-POLICY-IN CONFIGURATION POLICY-MAP-OUT CONFIGURATION INTERFACE Figure 31-20 on page 610 is a screenshot showing some of the steps, above, and the resulting running-config. Quality of Service | 609 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 610
.dell.com | support.dell.com Figure 31-20. Classifying VOIP Traffic and Applying QoS Policies for an Office VOIP Deployment Force10# service-queue 1 qos-policy data service-queue 2 qos-policy signalling Force10#sh run | grep strict-p strict-priority unicast 3 Force10#sh run int gi 6/10 ! interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 611
Protocol c e s Routing Information Protocol is supported only on platforms: RIP is supported on the S-Series following the release of Information on page 612 • Configuration Information on page 612 • RIP Configuration Example on page 620 RIP protocol port 520. Routing Information Protocol | 611 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 612
www.dell.com | support.dell.com RIP Configuration Information By default, RIP is disabled in FTOS. To configure RIP, you must use commands in two modes: ROUTER RIP and INTERFACE. Commands executed in the ROUTER RIP mode configure RIP globally, while commands executed in the INTERFACE mode configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 613
. Enable RIP globally By default, RIP is not enabled in FTOS. To enable RIP, use the following commands in sequence, starting in the CONFIGURATION mode: Step 1 Command Syntax router rip 2 network ip-address Command Mode CONFIGURATION ROUTER RIP Purpose Enter ROUTER RIP mode and enable the RIP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 614
globally, use the no router rip command in the CONFIGURATION mode. Configure RIP on interfaces When you enable RIP globally on the system, interfaces meeting certain conditions start receiving RIP routes. By default, interfaces that are enabled and configured with an IP address in the same subnet as - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 615
list; if not, FTOS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in the PREFIX LIST mode prior to assigning it to the RIP process. For configuration information on prefix lists, see Chapter 17, IP Access Control Lists, Prefix Lists, and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 616
sets the RIP version for RIP traffic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version. Use the show config command in the ROUTER RIP mode to see whether the version command is configured. You can also use the show ip protocols command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 617
GigabitEthernet 0/0 2 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120) Force10# RIPv2 configured globally and on the interface. To configure the interfaces to send or receive different RIP versions from the RIP version - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 618
2 1 2 Different RIP versions Routing for Networks: configured for this 10.0.0.0 interface Routing Information Sources: Gateway Distance Last Update Distance: (default is 120) Force10# Generate a default route Traffic is forwarded to the default route when the traffic's network is not - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 619
[access-list-name]] offset access-list-name {in | out} offset [interface] Command Mode Purpose ROUTER RIP Apply a weight to all routes or a specific route and ACL. Configure the following parameters: • weight range: 1 to 255 (default is 120) • ip-address mask: the IP address in dotted decimal - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 620
www.dell.com | support.dell.com Debug RIP The debug ip rip command enables RIP debugging. When debugging is enabled, you can view information on RIP protocol changes or RIP routes. To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax debug ip rip [interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 621
.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.0 version 2 Core2(conf-router_rip)# Core Example of RIP Configuration Response from Core 2 Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by Core2 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 622
www.dell.com | support.dell.com Figure 32-10. Using show ip route Command to Show RIP Configuration on Core 2 Core2#show ip route Codes: C interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 623
RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 624
.dell.com | support.dell. 15. Using show ip protocols Command to Show RIP Configuration Activity on Core 3 Core3#show ip protocols Routing interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 625
.20.0 Figure 32-17. Summary of Core 3 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface GigabitEthernet 3/21 ip address 10.11.20.1/24 no shutdown ! interface GigabitEthernet 3/43 ip address 192.168.1.1/24 no shutdown - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 626
www.dell.com | support.dell.com 626 | Routing Information Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 627
s Remote Monitoring is supported on platform This chapter facility and long-term statistics collection on Dell Force10 Ethernet Interfaces. RMON operates with SNMP and monitors all Set rmon alarm • Configure an RMON event • Configure RMON collection statistics • Configure RMON collection history • - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 628
down, all sampled data is lost. But the RMON configurations are saved in the configuration file, and the sampling process continues after the chassis returns to operation. Platform Adaptation-RMON supports all Dell Force10 chassis and all Dell Force10 Ethernet Interfaces. 628 | Remote Monitoring - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 629
CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Value at which the rising-threshold alarm is triggered or reset. For the rmon alarm command this is a 32- . Default is a null-terminated string. The following example configures an RMON alarm - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 630
20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Configure an RMON event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode. To disable RMON on the interface, use the no form of this command: Command Syntax - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 631
user nms1 owns the row that is created in the event table by this command. This configuration owner ownername] Command Mode Purpose CONFIGURATION INTERFACE (config-if) controlEntry: Default is a null-terminated string The following command enables the RMON statistics collection on the interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 632
dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode seconds] Command Mode Purpose CONFIGURATION INTERFACE (config-if) controlEntry: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 633
with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 34-1. Table 34-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 634
sends multiple messages to the RSTP task. When using the range command, Dell Force10 recommends limiting the range to 5 ports and 40 VLANs. Configure Interfaces for Layer 2 Mode All interfaces on all bridges that will participate in Rapid Spanning Tree must be in Layer 2 and enabled. Figure 34 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 635
switchport no shutdown Command Mode INTERFACE INTERFACE INTERFACE Verify that an interface is in Layer 2 mode and enabled using the show config command from INTERFACE mode. Figure 34-2. Verifying Layer 2 Configuration Force10(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 no ip - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 636
www.dell.com | support.dell.com Figure 34-3. Verifying RSTP is Enabled Force10(conf-rstp)#show config ! protocol spanning-tree rstp no disable Force10(conf-rstp)# Indicates that Rapid Spanning Tree is enabled When you enable Rapid Spanning Tree, all physical and port-channel interfaces that are - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 637
cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 9 The port is not in the Edge port mode Port 378 (GigabitEthernet 2/2) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.378 Designated root has priority 32768, address 0001.e801.cbb4 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 638
dell.com | support.dell Spanning Tree group. • Forward-delay is the amount of time an interface waits in the Listening State and the Learning State before it transitions configuration information before it refreshes that information by recomputing the RST topology. Note: Dell Force10 recommends - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 639
Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Change the max-age parameter. Range: 6 to 40 Default: 20 seconds Command Syntax forward-delay seconds hello - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 640
[bpduguard | shutdown-on-violation] Command Mode INTERFACE Verify that EdgePort is enabled on a port using the show spanning-tree rstp command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Force10 recommends using the show config command, as shown in Figure 34 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 641
spanning-tree in INTERFACE mode). •Disabling global spanning tree (no spanning-tree in CONFIGURATION mode). Figure 34-7. EdgePort Enabled on Interface Force10(conf-if-gi-2/0)#show config ! interface GigabitEthernet 2/0 no ip address switchport spanning-tree rstp edge-port shutdown Force10(conf-if - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 642
www.dell.com | support.dell.com Figure 34-8. bridge-priority Command Example Force10(conf-rstp)#bridge-priority 4096 0440 (x/1000)*256. Note: When millisecond hellos are configured, the default hello interval of 2 seconds is still used for edge ports; the millisecond hello interval is not used. 642 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 643
features are supported on platforms This chapter discusses several ways to provide access security to the Dell Force10 system. c services that users are accessing and the amount of network resources being consumed by those services. When AAA Accounting is enabled, the network server reports user - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 644
acknowledges the start notice before granting the user's process request • stop-only-Use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+ -Designate the security service. Currently, FTOS supports only - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 645
default start-stop tacacs+ Configure AAA Accounting for terminal lines Use the following commands to enable accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names): Force10(config-line-vty)# accounting commands 15 com15 Force10(config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 646
contains all user authentication and network service access information. Dell Force10 uses local usernames/passwords (stored on the Dell Force10 system) method list or use the default method list. User-defined method lists take precedence over the default method list. Configuration Task List for AAA - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 647
console 0 | vty number [... end-number]} CONFIGURATION Enter the LINE mode. 3 login authentication {method-list-name | LINE default} Assign a method-list-name or the default list to the terminal line. FTOS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 648
www.dell.com | support.dell.com To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Force10 recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 649
mymethodlist radius tacacs Force10(config)# line vty 0 9 Force10(config-line-vty)# enable authentication mymethodlist Server-side configuration TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password. The TACACS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 650
enable command for privilege level 15 (this is the default level for the command) and then enter the CONFIGURATION mode. You can configure passwords to control access to the box and assign different privilege levels to users. FTOS supports the use of passwords when you log in to the system and when - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 651
level, the default level 15 is assumed. To configure a password for a specific privilege level, use the following command in the CONFIGURATION mode: Command Syntax enable password [level level] [encryption-mode] password Command Mode CONFIGURATION Purpose Configure a password for a privilege - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 652
class access-list-name] [privilege level] [nopassword | password [encryption-type] password] 2 enable password [level level] [encryption-mode] password Command Mode CONFIGURATION CONFIGURATION Purpose Assign a user name and password. Configure the optional and required parameters: • name: Enter - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 653
(up to 5 keywords allowed). • reset: Return the command to its default privilege mode. To view the configuration, use the show running-config command in the EXEC Privilege mode. Figure 35-2 is an example of a configuration to allow a user "john" to view only the EXEC mode commands and all snmp - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 654
www.dell.com | support.dell.com Figure 35-3. User john's Login and the List of Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: john Password: Force10#show priv Current privilege level is 8 Force10#? configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 655
protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Force10 system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 656
| support.dell.com Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 657
To view the configuration, use the show config in the LINE mode or the show running-config command in the EXEC Privilege mode. Define a AAA method list to be used for RADIUS To configure RADIUS to authenticate or authorize users on the system, you must create a AAA method list. Default method lists - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 658
www.dell.com | support.dell.com Specify a RADIUS server host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server host and configure its communication - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 659
Command Syntax debug radius Command Mode Purpose EXEC Privilege View RADIUS transactions to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 660
user's name and password are sent for authentication to the TACACS hosts specified.To use TACACS+ to authenticate users, you must specify at least one TACACS+ server for the system to communicate with and configure default} Command Mode Purpose CONFIGURATION CONFIGURATION CONFIGURATION Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 661
Command Syntax debug tacacs+ Command Mode Purpose EXEC Privilege View TACACS+ transactions to troubleshoot problems. TACACS+ Remote Authentication and Authorization FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 662
} [port port-number] [timeout seconds] [key key] Command Mode CONFIGURATION Purpose Enter the host name or IP address of the TACACS+ server host. Configure the optional communication parameters for the specific host: • port port-number range: 0 to 65335. Enter a TCP port number. The default is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 663
before it is added to the running configuration. By default, the AAA authorization commands configure the system to check both EXEC mode and CONFIGURATION mode commands. Use the command no aaa authorization config-commands to enable only EXEC mode command checking. If rejected by the AAA - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 664
To enable the SSH server for version 1 and 2, use the following command in the CONFIGURATION mode: Command Syntax ip ssh server {enable | port port-number} Command Mode CONFIGURATION Purpose Configure the Dell Force10 system as an SCP/SSH server. To enable the SSH server for version 1 or - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 665
-7. Using SCP to copy from an SSH Server on another Switch .Force10#copy scp: flash: Address or name of remote host []: 10.10.10.1 Port number of the server [22]: 99 Source file name []: test.cfg User name to login remote host: admin Password to login remote host: Other SSH-related commands include - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 666
when attempting to connect to the Dell Force10 system. This is the simplest methods of authentication and uses SSH version 1. Enable SSH password authentication using the command ip ssh password-authentication enable from CONFIGURATION mode. View your SSH configuration using the command show ip ssh - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 667
key has been saved in /home/admin/.ssh/id_rsa.pub. Command Mode 2 Copy the public key id_rsa.pub to the Dell Force10 system. 3 Disable password authentication if enabled. no ip ssh password-authentication CONFIGURATION enable 4 Enable RSA authentication. ip ssh rsa-authentication enable EXEC - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 668
admin 4 Copy the file shosts and rhosts to the Dell Force10 system. 5 Disable password authentication and • no ip ssh password-authentication RSA authentication, if configured • no ip ssh rsa-authentication • CONFIGURATION • EXEC Privilege 6 Enable host-based authentication. ip ssh hostbased - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 669
Authentication Force10#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH config. Use the [no] ip telnet server enable command to enable or disable the Telnet daemon. Force10(conf)#ip telnet server enable Force10(conf - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 670
dell.com | support.dell.com Trace Lists e The Trace Lists feature is supported only on the E-Series: You can log packet activity on a port to an interface. Instead, Trace lists are enabled for all switched traffic entering 419. Configuration Tasks for Trace Lists The following configuration steps - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 671
by the filter. • byte: count bytes processed by the filter. • log: is supported. To create a filter for TCP packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax 1 ip trace-list trace-list-name Command - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 672
.com | support.dell.com Step Command Syntax Command Mode 2 seq sequence-number {deny | permit} tcp TRACE LIST {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [established] [count [byte] | log] Purpose Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 673
Force10(config-trace-acl)#seq 15 deny ip host 12.45.0.0 any log Force10(config-trace-acl)#seq 5 permit tcp 121.1.3.45 0.0.255.255 any Force10(config the order in which the filters are configured. FTOS assigns filters in multiples of 5. To configure a filter for a Trace list supported. Security | 673 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 674
{source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] | log] Command Mode Purpose TRACE LIST Configure a deny or permit filter to examine TCP packets. Configure the following required and optional parameters: • source: An - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 675
-acl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 Force10(config-trace-acl)#show config ! ip trace-list nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 To view all configured Trace lists and the number of packets processed through the Trace - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 676
subsequently can close the connection if a user is denied access). Figure 35-16 shows how to allow or deny a Telnet connection to a user. Users will see a login prompt, even if they cannot login. No access class is configured for the VTY line. It defaults from the local database. 676 | Security - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 677
Local Database Force10(conf)#user gooduser password abc privilege 10 access-class permitall Force10(conf)#user baduser password abc privilege 10 access-class denyall Force10(conf)# Force10(conf)#aaa authentication login localmethod local Force10(conf)# Force10(conf)#line vty 0 9 Force10(config-line - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 678
www.dell.com | support.dell.com Figure 35-18. Example Access Class Configuration Using TACACS+ Without Prompt Force10(conf)#mac access-list standard sourcemac Force10(config-std-mac)#permit 00:00:5e:00:01:01 Force10(config-std-mac)#deny any Force10(conf)# Force10(conf)#line vty 0 9 Force10(config- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 679
36 Service Provider Bridging c e s Service Provider Bridging is supported on platforms: This chapter contains the following major sections: • VLAN Stacking on page 679 • VLAN Stacking Packet Drop Precedence on page 690 • Dynamic Mode CoS for VLAN Stacking on page 692 • Layer 2 Protocol Tunneling on - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 680
/ VLAN STACKING VLAN 100 Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, these interfaces must be added to a non-default VLAN-Stack-enabled VLAN. • Dell Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 681
-stack access vlan-stack trunk member Command Mode INTERFACE INTERFACE INTERFACE VLAN Display the VLAN-Stacking configuration for a switchport using the command show config from INTERFACE mode, as shown in Figure 36-2. Figure 36-2. Displaying the VLAN-Stack Configuration on a Layer 2 Port Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 682
) field of the S-Tag is user-configurable: Task Select a value for the S-Tag TPID. Default: 9100 Command Syntax CONFIGURATION Command Mode vlan-stack protocol-type Display the S-Tag TPID for a VLAN using the command show running-config from EXEC privilege mode. FTOS displays the S-Tag TPID only - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 683
Mode INTERFACE INTERFACE VLAN In Figure 36-4 GigabitEthernet 0/1 a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Figure 36-4. Hybrid Port as VLAN-Stack Trunk Port and as Member of other VLANs Force10 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 684
www.dell.com | support.dell.com Debug VLAN Stacking To debug the internal state and membership of a VLAN and its ports, use the debug member command, as shown in Figure 36-5. The port notations in Figure 36-5 are as follows: • MT - stacked trunk • MU - stacked access port • T- 802.1Q trunk port • - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 685
First-byte Match on the E-Series TeraScale Building D INTERNET VLAN BLUE SERVICE PROVIDER TPID 0x9191 VLAN GREEN VLAN BLUE R2-E-Series TeraScale TPID: 0x9100 R1-E-Series TeraScale TPID: 0x9191 VLAN GREEN, VLAN PURPLE VLAN PURPLE VLAN RED R3-E-Series TeraScale TPID: 0x9100 TPID PCP CFI - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 686
) (0x8100) Building C R4-Non-Force10 System TPID: 0x8100 TPID PCP (0x8100) CFI VID (0) (VLAN Red) CFI VID (0) (VLAN Red) VLAN RED Building A VLAN Stacking with E-Series ExaScale Systems E-Series ExaScale, beginning with FTOS version 8.2.1.0, allows you to configure both bytes of the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 687
-byte match mismatch switch as is (no decapsulation) drop ExaScale Behavior drop drop drop drop drop VLAN Stacking with C-Series and S-Series The default TPID for the outer VLAN tag is 0x9100. Beginning with FTOS version 8.2.1.0, both the C-Series and S-Series allow you to configure both bytes of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 688
www.dell.com | support.dell.com VLAN BLUE You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 689
TPID: 0x8181 VLAN GREEN, VLAN PURPLE VLAN GREEN VLAN RED VLAN BLUE DEFAULT VLAN R1-C-Series w/ FTOS =8.2.1.0 TPID: 0x8181 TPID PCP (0x8100) R4-Non-Force10 System CFI (0) VID (VLAN Red) TERNET TPID: 0x8100 SERVICE PROVIDER Building - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 690
VLAN switch to default VLAN switch to default VLAN switch to VLAN switch to default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence c s VLAN Stacking Packet Drop Precedence is available only on platform: The Drop Eligible Indicator (DEI) bit in the S-Tag indicates to a service - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 691
By default, packets are colored green, and DEI is marked 0 on egress. Command Syntax dei enable Command Mode CONFIGURATION When Drop honoring configuration. show interface dei-honor [interface slot/ port | linecard number port-set number] Command Mode INTERFACE EXEC Privilege Service Provider - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 692
port-set number] Force10#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI Gi 0/1 Green 0 Gi 0/1 Yellow 1 Gi 8/9 Yellow 0 Gi 8/40 Yellow 0 Command Mode INTERFACE EXEC Privilege Dynamic Mode CoS for VLAN Stacking c s Dynamic Mode CoS for VLAN - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 693
Assigned dot1p for VLAN Stacking Untagged S-Tag with statically-assigned dot1p DATA 0x0800 SA DA S-Tag DATA 0x0800 1 400 0x9100 SA DA C-Tag 3 100 0x8100 SA DA C-Tagged C-Tag S-Tag 3 100 0x8100 4 400 0x9100 SA DA S-Tag with mapped dot1p When configuring Dynamic Mode CoS, you have - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 694
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 695
by commas, and dashed ranges are permitted. Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts. vlan-stack dot1p-mapping c-tag-dot1p values sp-tag-dot1p value Command Mode CONFIGURATION EXEC Privilege INTERFACE Note: Since dot1p-mapping marks and queues packets - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 696
www.dell.com | support.dell.com SPANNING T INTERNE SPANNING TR Figure 36-13. VLAN Stacking without L2PT EE TREE REE NETWORK no spanning-tree T SERVICE PROVIDER the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Force10 systems can recognize and rewrite the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 697
the default CAM profile; you must use this CAM profile for L2PT. Enable protocol tunneling globally on the system. Tunnel BPDUs the VLAN. Command Syntax show cam-profile protocol-tunnel enable protocol-tunnel stp Command Mode EXEC Privilege CONFIGURATION INTERFACE VLAN Service Provider Bridging - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 698
startup-config 3 Reload the system. reload 4 Set a maximum rate at which the RPM will protocol-tunnel rate-limit process BPDUs for L2PT. Default: no rate limiting C-Series Range: 64 to 640 kbps S-Series Range: 64 to 320 kbps Command Mode CONFIGURATION EXEC Privilege EXEC Privilege VLAN STACKING - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 699
Mode EXEC Privilege Provider Backbone Bridging c s Provider Backbone Bridging is supported only on platforms: IEEE 802.1ad-Provider Bridges amends 802.1Q-Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs of core switches, as opposed - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 700
700 | Service Provider Bridging www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 701
LAG ports on page 708 • Extended sFlow on page 708 Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and to, packet header, ingress and egress interfaces, sampling parameters, and interface counters. Packet sampling is typically done by - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 702
FTOS implementation of the sFlow MIB supports sFlow configuration via snmpset. • Collection through management interface is supported on E-Series only • Dell Force10 recommends that the sFlow Collector be connected to the Dell Force10 chassis through a line card port rather than the RPM Management - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 703
. To enable sFlow on a specific interface, use the sflow enable command in INTERFACE mode. Use the no version of this command to disable sFlow on an interface. This CLI is supported on physical ports and LAG ports. Command Syntax [no] sflow enable Command Mode Usage INTERFACE Enable sFlow on an - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 704
Example: show sflow Force10#show sflow sFlow services are enabled Indicates sFlow is globally enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 705
, shown in Figure 37-2, is also displayed in the running configuration (Figure 37-4): Figure 37-4. Command Example: show running-config interface Force10#show running-config interface gigabitethernet 1/16 ! interface GigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 706
-size number ] Command Mode CONFIGURATION Usage Identify sFlow collectors to which sFlow datagrams are forwarded. Default UDP port: 6343 Default max-datagram-size: 1400 Polling Intervals The sflow polling-interval command configures the polling interval for an interface in the maximum number - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 707
The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.If the value entered is not a correct power of 2, the command generates an error - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 708
sampling-rate of the interface and the configured sample-rate can be viewed by using the show sflow command. sFlow on LAG ports When a physical port becomes a member of a LAG, it inherits the sFlow configuration from the LAG port. Extended sFlow e Extended sFlow is supported fully on platform - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 709
sampling rate: 4096 Global default counter polling interval: 15 Extended sFlow settings show all 3 types are enabled Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.0, UDP port: 6343 77 UDP packets - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 710
www.dell.com | support.dell.com Table 37-1. Extended Gateway Summary IP SA static/connected/IGP static/connected/IGP BGP BGP IP DA static/connected/IGP BGP static/connected/IGP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 711
have a textual name called an object descriptor. Implementation Information • FTOS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, you can use to manage your Dell Force10 system using SNMP. Also, these configurations use SNMP version 2c. Configuring SNMP requires only a single step: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 712
Value Updates using SNMP on page 715 • Copy Configuration Files on page 113 • Manage VLANs using SNMP on page 724 • Enable and Disable a Port using SNMP on page 728 • Fetch Dynamic MAC Entries using SNMP on page 728 • Deriving Interface Indices on page 730 Important Points to Remember • Typically - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 713
SNMP configuration, using the command show running-config snmp from EXEC Privilege mode, as shown in Figure 38-1. Figure 38-1. Creating an SNMP Community Force10#snmp-server community my-snmp-community ro 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START. Force10#do - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 714
location information from the Dell Force10 system: Task Command Identify the system manager along with this person's contact information (e.g E-mail address or phone number). You may use up to 55 characters. Default: None snmp-server contact text Command Mode CONFIGURATION 714 | Simple Network - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 715
-ip sysContact.0 s "contact-info" snmpset -v version -c community agent-ip sysLocation.0 s "location-info" CONFIGURATION CONFIGURATION Subscribe to Managed Object Value Updates using SNMP By default, the Dell Force10 system displays some unsolicited SNMP messages (traps) upon certain events and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 716
www.dell.com | support.dell.com Step Task 2 Specify which traps the Dell Force10 system sends to the trap receiver. • Enable all Dell Force10 enterpriseSpecific and RFC-defined traps using the command snmp-server enable traps from CONFIGURATION mode. • Enable all of the RFC-defined traps using - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 717
Dell Force10 Switch fabric down MAJOR_SFM_CLR: Major alarm cleared: Switch vlan %d PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module dC) MAJOR_TEMP: Major alarm: chassis temperature high (%s temperature reaches or exceeds threshold of %dC - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 718
Files Using SNMP Use SNMP from a remote client to: • copy the running-config file to the startup-config file, or • copy configuration files from the Dell Force10 system to a server • copy configuration files from a server to the Dell Force10 system 718 | Simple Network Management Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 719
Copying Configuration Files values are: • If the copySrcFileType is running-config or startup-config, the default copySrcFileLocation is flash. • If the copySrcFileType is the copyUserName is specified so must copyUserPassword. Password for the server. Password for the FTP, TFTP, or SCP server. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 720
www.dell.com | support.dell.com To copy a configuration file: Step 1 2 3 Task Command Syntax Command Mode Create an SNMP community string with read/ snmp-server community write privileges. community-name rw CONFIGURATION Copy the f10-copy-config.mib MIB from the Dell Force10 iSupport - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 721
FORCE10-COPY-CONFIG-MIB::copySrcFileType.101 = INTEGER: runningConfig(2) FORCE10-COPY-CONFIG-MIB::copyDestFileType.101 = INTEGER: startupConfig(3) Figure 38-7. Copying Configuration Files .index s server-login-id copyUserPassword.index s server-login-password Simple Network Management Protocol | 721 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 722
-configuration on the Dell Force10 system via FTP using the following command from the Unix server: snmpset -v 2c -c public -m ./f10-copy-config.mib login-password Figure 38-12. Copying Configuration Files via SNMP and FTP from a Remote Server > snmpset -v 2c -c private -m ./f10-copy-config.mib - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 723
Dell Force10 provides additional MIB Objects to view copy statistics. These are provided in Table 8. Table 38-5. MIB Objects for Copying Configuration time clock that the copy operation started. Time value Specifies the point , and • the file f10-copy-config.mib is in the current directory. Note: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 724
dell.com | support.dell -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FORCE10-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) .3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 Manage VLANs using SNMP The qBridgeMIB managed objects in the Q-BRIDGE-MIB, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 725
01:00 Display the Ports in a VLAN FTOS identifies VLAN interfaces using an interface index number that is displayed in the output of the command show interface vlan, as shown in Figure 38-17. Figure 38-17. Identifying the VLAN Interface Index Number Force10(conf)#do show interface vlan id 10 % Error - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 726
from 00 to 04. Figure 38-19. Displaying Ports in a VLAN using SNMP [Force10 system output] R5(conf)#do show vlan id 10 Codes: * - Default VLAN, G - GVRP VLANs Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack NUM Status Description 10 Inactive - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 727
pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating that Port 0/2 is in VLAN 10. The remaining - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 728
Port using SNMP Step 1 2 3 Task Command Syntax Command Mode Create an SNMP community on the Dell Force10 system. snmp-server community CONFIGURATION From the Dell Force10 system, identify the interface index of the port of port GigabitEthernet 1/21, which a member of the default VLAN, VLAN 1. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 729
MAC address concatenated with the port-channel number. Figure 38-24. Fetching Dynamic MAC Addresses on the Default VLAN MAC Addresses on Force10 System R1_E600(conf)#do show mac-address-table VlanId Mac Address Type Interface State 1000 00:01:e8:06:95:ac Dynamic Po 1 Active Query - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 730
www.dell.com | support.dell.com Deriving Interface Indices FTOS assigns an interface number to each (configured or unconfigured) physical and logical interface. Display the interface index number using the command show interface from EXEC Privilege mode, as shown in Figure 38-25. Figure 38-25. - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 731
bits 7 bits 4 bits 14 bits 10 0010110 Slot Port Number Number 0011 00000000111010 Interface Card Type Type For interface indexing, slot and port numbering begins with the binary one. If the Dell Force10 system begins slot and port numbering from 0, then the binary 1 represents slot and - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 732
www.dell.com | support.dell.com 732 | Simple Network Management Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 733
Protocols Dell Force10 Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning Tree Plus IEEE Specification 802.1d 802.1w 802.1s Third Party Configuring Spanning Tree Configuring Spanning Tree is a two-step process: 1. Configure interfaces for - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 734
at any one time. • All ports in VLANs and all enabled interfaces in Layer 2 mode are automatically added to the Spanning Tree topology at the time you enable the protocol. • To add interfaces to the Spanning Tree topology after STP is enabled, enable the port and configure it for Layer 2 using the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 735
interfaces on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 39-1. Example of Configuring Interfaces for Layer 2 Mode R1(conf)# int range gi 1/1 - 4 R1(conf-if-gi-1/1-4)# switchport R1(conf-if-gi-1/1-4)# no shutdown R1(conf-if-gi-1/1-4)#show config - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 736
39-3. Verifying STP is Enabled Force10(conf)#protocol spanning-tree 0 Force10(config-span)#show config ! protocol spanning-tree 0 no disable Indicates that Spanning Tree is enabled Force10# When you enable Spanning Tree, all physical, VLAN, and port-channel interfaces that are enabled and in - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 737
: message age 1, forward delay 0, hold 0 Number of transitions to forwarding state 1 BPDU: sent 21, received 486 The port is not in the portfast mode View the Spanning Tree configuration and the interfaces that are participating in STP using the show spanning-tree 0 command from EXEC privilege - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 738
dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. Figure 39-6. show spanning-tree brief Command Example Force10 .2462 Configured hello time 2, max age 20, forward delay 15 Interface Designated - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 739
parameter (the wait time before the interface enters the forwarding state). • Range: 4 to 30 • Default: 15 seconds Change the hello-time parameter (the BPDU transmission interval). Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 740
www.dell.com | support.dell.com View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. See Figure 39-5. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • Port cost is a - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 741
the BPDU, the physical interface remains up and spanning-tree will only drop packets after a BPDU violation. Figure 39-8 shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Force10 system is configured with Portfast. If the switch is connected to the hub - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 742
EDS 20000 P2P No Force10(conf-if-gi-0/7)#do show ip int br gi 0/7 Interface IP-Address OK Method Status GigabitEthernet 0/7 unassigned YES Manual up Protocol up FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 743
Force10(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch likely this bridge will become the root bridge. The default is 32768. • The primary option specifies a bridge priority - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 744
using the command redundancy protocol xstp from CONFIGURATION mode, as shown in Figure 39-10. Figure 39-10. Configuring all Spanning Tree Types to be Hitless Force10(conf)#redundancy protocol xstp Force10#show running-config redundancy ! redundancy protocol xstp Force10# 744 | Spanning Tree Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 745
example, to access GigabitEthernet Port 1 on Stack Unit 0, enter interface gigabitethernet 0/1 from CONFIGURATION mode. High Availability on S-Series Stacks S-Series stacks have primary and secondary management units analogous to Dell Force10 Route Processor Modules (Message 40-1). The management - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 746
-- Last Data Block Sync Record: -- Stack Unit Config: succeeded Mar 24 2009 20:35:14 Start-up Config: failed Mar 24 2009 20:35:14 existing stack manager. If the new unit has the higher priority, it becomes the new stack manager after the stack reloads. All switches have a default priority - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 747
has three MAC addressees: the chassis MAC, interface MAC, and null interface MAC. All interfaces in the stack use the interface MAC address of the management unit (stack manager), and the chassis MAC for the stack is the master's chassis MAC. The stack continues to use the master's chassis MAC - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 748
www.dell.com | support.dell.com Figure 40-3. Adding a Standalone with a Lower MAC Address to a Stack- Before STANDALONE BEFORE CONNECTION Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 749
Version Ports 0 Standby online S50V S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Member online S50V S50V 7.8.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present Stacking S-Series Switches | 749 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 750
www.dell.com | support.dell.com Figure 40-5. Adding a Standalone with a Lower MAC Address but Higher Priority to a Stack- Before STANDALONE BEFORE CONNECTION Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 751
units provide a severely limited set of commands, as shown in Figure 40-7. • Remote access: You may access the stack with SNMP, SSH, or Telnet through any enabled, Layer 3 interface on any stack unit. There is no dedicated management port or management route table. Stacking S-Series Switches | 751 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 752
page 760 • Split an S-Series Stack on page 761 Create an S-Series Stack Stacking modules are pluggable units in the back of the unit that switch traffic between units in a stack. Units are connected using bi-directional stacking cables; if you stacking modules have two ports, it does not matter if - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 753
two 12-Gigabyte stacking modules, the stack-ports are 49, 50, 51, and 52, starting from the left. To add a unit to an existing stack: Step 1 2 3 4 5 Task Command Syntax Verify that each unit has the same FTOS version prior to stacking them together. show version Pre-configure unit numbers for - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 754
www.dell.com | support.dell.com To display the status of the stacking ports, including the topology: Task Display the stacking ports. Command Syntax show system stack-ports Command Mode EXEC Privilege Figure 40-9 shows a daisy-chain topology. Figure 40-10 shows the same stack converted to a - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 755
the new unit a position in the stack, or • manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it Three configurable system variables affect how a new unit joins a stack: priority, stack number, and provision. • Depending on - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 756
www.dell.com | support.dell.com To manually assign a new unit a position in the stack: Step 1 2 3 4 5 6 Task Command Syntax While the unit is unpowered, install stacking modules in the new unit. On the stack, determine the next available stack-unit number, and the management prioritity of the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 757
Version Ports 0 Member not present S25N 1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present [output omitted] Stacking S-Series Switches - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 758
www.dell.com | support.dell.com Figure 40-15. Adding a Stack Unit with a Conflicting Stack Number-After STANDALONE AFTER CONNECTION 01:38:34: %STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 01:38:34: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 759
reset-self Reset this unit alone show Show running system information Standalone(stack-member-2)#show ? version Software version STACK BEFORE DISCONNECTION Stack#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 760
and online. To merge two stacks, connect one stack to the other using stacking cables. You may not connect 12G and 24G stack ports. • FTOS selects a primary stack manager from the two existing mangers. • FTOS resets all the units in the losing stack, and they all become stack members. • If there is - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 761
primary nor the secondary management unit, the stack is reset so that a new election can take place. S-Series Stacking Configuration Tasks • Assign Unit Numbers to Units in an S-Series Stack on page 761 • Create a Virtual Stack Unit on an S-Series Stack on page 762 • Display Information about an - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 762
| support.dell.com Create a Virtual Stack Unit on an S-Series Stack Use virtual stack units to configure ports on the stack before adding a new unit, or to prevent FTOS from assigning a particular stack-number. Task Create a virtual stack unit. Command Syntax stack-unit provision Command Mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 763
:81 No Of MACs : 3 -- Module 0 -- Status : not present -- Module 1 -- Status : online Module Type : S50-01-12G-2S Num Ports : 2 Hot Pluggable : no - 2-port 12G Stacking (SB) -- Power Supplies -- Unit Bay Status Type 0 0 up AC 0 1 absent -- Fan Status -- Unit TrayStatus - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 764
www.dell.com | support.dell.com Figure 40-19. Displaying Information about an S-Series Stack-show system brief Force10#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Member online S50V S50V 7.8.1.0 52 1 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 765
, and the unit with the second highest priority is the secondary management unit. Default: 0 Range: 1-14 stack-unit priority Command Mode CONFIGURATION Manage Redundancy on an S-Series Stack Task Command Syntax Reset the current management unit, and make the secondary management unit the new - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 766
problem state. Command Syntax reset-self reset stack-unit 0-7 hard Command Mode EXEC Privilege EXEC Privilege Monitor an S-Series Stack with SNMP S-Series supports the following tables in f10-ss-chassis.mib for stack management through SNMP: • chStackUnitTable • chSysStackPortTable Troubleshoot - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 767
51 has flapped 5 times within 10 seconds.Shutting down this stack port now. Error: Please check the stack cable/module and power-cycle the stack. Recover from a Card Problem State on an S-Series Stack If a unit added to a stack has a different FTOS version, the unit does not come online, and FTOS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 768
www.dell.com | support.dell.com Figure 40-23. Recovering from a Card Mismatch State on an S-Series Stack STANDALONE UNIT BEFORE Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S50V - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 769
port-pipes or on the same/different line cards. FTOS Behavior: The minimum number of packets per second (PPS) that storm control can limit on the S60 is 2. Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode Configure storm control from INTERFACE mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 770
the speed setting. Configure storm control from CONFIGURATION mode Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic. Do not apply per-VLAN QoS on an interface that has storm-control - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 771
the accumulated error. Temporarily or permanently insane time sources will be detected and avoided. Dell Force10 recommends configuring NTP for the most accurate time. In FTOS, other time sources can be configured (the hardware clock and the software clock). NTP is designed to produce three products - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 772
.dell.com | support.dell.com offset and delay, but also definitive maximum error bounds, so that the user interface can determine not only the time, but the quality of the time the replies as received. The server interchanges addresses and ports, fills in or overwrites certain fields in the message, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 773
Figure 42-1. NTP Fields Source Port (123) Destination Port (123) Length Checksum NTP Packet Payload interface/link failure Recieve Timestamp Transmit Timestamp Implementation Information • Dell Force10 systems can only be an NTP client. Configuring Network Time Protocol Configuring NTP - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 774
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Force10 system NTP server to which the Dell Force10 system will synchronize. Command ntp server ip-address Command Mode CONFIGURATION Display the system clock state with - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 775
12:24:11 UTC Thu Mar 12 2009 Command Mode CONFIGURATION Configure NTP broadcasts With FTOS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast. To configure an interface to receive NTP broadcasts, use the following - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 776
.dell.com | support.dell.com To disable NTP on an interface, use the following command in the INTERFACE mode: Command Syntax ntp disable Command Mode Purpose INTERFACE Disable NTP on the interface. To view whether NTP is configured on the interface, use the show config command in the INTERFACE - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 777
. The number must be the same as the number used in the ntp authentication-key command. To view the NTP configuration, use the show running-config ntp command (Figure 40) in the EXEC privilege mode. Figure 42-5 shows an encrypted authentication key. All keys are encrypted. Figure 42-5. show running - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 778
dell.com | support.dell.com Command Syntax ntp server ip-address [key keyid] [prefer] [version number] Command Mode CONFIGURATION Purpose Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure of insertion and reset after 00:00 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 779
and date can be set using the FTOS CLI. Configuring time and date settings The following list includes the configuration tasks for setting the system time: • Set the time and date for the switch hardware clock • Set the time and date for the switch software clock • Set the timezone • Set daylight - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 780
www.dell.com | support.dell.com Set the time and date for the switch hardware clock Command Syntax calendar set time month day year Command Mode EXEC Privilege Purpose Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 781
on the hardware clock, when the switch reboots. Command Syntax clock set time month day year Command Mode EXEC Privilege Purpose Set the system of -8. Command Syntax clock timezone timezone-name offset Command Mode Purpose CONFIGURATION Set the clock to the appropriate timezone. timezone-name: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 782
www.dell.com | support.dell.com Command Syntax Command Mode Purpose Force10#conf Force10(conf)#clock timezone Pacific -8 Force10(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Force10# Set daylight savings time - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 783
switch to daylight savings time on a one-time basis. Command Syntax clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] Command Mode CONFIGURATION -time period. Range: 1 to1440. Default: 60 minutes System Time and Date | 783 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 784
www.dell.com | support.dell.com Command Syntax Command Mode Purpose Force10(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Force10(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 785
the summer-time period. Range: 1 to1440. Default: 60 minutes Force10(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Force10(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 786
www.dell.com | support.dell.com Command Syntax Command Mode Purpose Force10(conf)#clock summer-time pacific recurring ? Week number to start first Week number to start last Week number to start Force10(conf)#clock summer-time pacific recurring Force10(conf)#02:10:57: %RPM0-P: - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 787
upgrades Direct any questions or concerns about FTOS Upgrade Procedures to the Dell Force10 Technical Support Center. You can reach Technical Support: • On the Web: www.force10networks.com/support/ • By email: [email protected] • By phone: US and Canada: 866.965.5800, International: 408 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 788
788 | Upgrade Procedures www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 789
Area Networks. In this guide, see also: • Bulk Configuration on page 317 in Chapter 15, "Interfaces," on page 293 • VLAN Stacking on page 679 For a complete listing of all commands related to FTOS VLANs, see these FTOS Command Reference chapters: • Interfaces chapter • Port Authentication (802.1x - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 790
)#int gi 3/2 Force10(conf-if)#no shut Force10(conf-if)#switchport Force10(conf-if)#show config ! interface GigabitEthernet 3/2 no ip address switchport no shutdown Force10(conf-if)#end Force10#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM * 1 2 Status Active Active Force10# Q Ports U Gi - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 791
VLANs configured on one switch, thus segmenting the device. Interfaces within a port-based VLAN must be in Layer 2 mode and can be tagged or untagged in the VLAN ID. VLANs and Port Tagging To add an interface to a VLAN, it must be in Layer 2 mode. After you place an interface in Layer 2 mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 792
in the CONFIGURATION mode: Command Syntax interface vlan vlan-id Command Mode CONFIGURATION Purpose Configure a port-based VLAN (if the vlan-id is different from the Default VLAN ID) and enter INTERFACE VLAN mode. After you create a VLAN, you must assign interfaces in Layer 2 mode to the VLAN to - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 793
vlan Command Example Force10#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM * 1 2 3 4 5 6 Force10# Status Inactive Active Active Active Active Active Q Ports U So 9/4-11 U Gi 0/1,18 U Gi 0/2,19 T Gi 0/3,20 U Po 1 U Gi 0/12 U So 9/0 A VLAN is active only if the VLAN contains interfaces - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 794
T Gi 3/1 Force10#config Force10(conf)#int vlan 4 Force10(conf-if-vlan)#tagged po 1 Force10(conf-if-vlan)#show conf ! interface Vlan 4 no ip address tagged Port-channel 1 Force10(conf-if-vlan)#end Force10#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM * 1 2 3 4 Force10# Status - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 795
(conf-if-vlan)#show config ! interface Vlan 4 no ip address untagged GigabitEthernet 3/2 Force10(conf-if-vlan)#end Force10#show vlan Use the show vlan command to determine interface status. Interface (gi 3/2) is untagged and in the Default VLAN (vlan 1). In a port-based VLAN (vlan 4), use the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 796
VLAN, which, by default, is VLAN 1. To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. To assign an IP address, use the following command in INTERFACE mode: Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 797
cannot be configured for Native VLAN. Interfaces must have no other Layer 2 or Layer 3 configurations when entering the command portmode hybrid or a message like Message 1 is displayed. Message 1 Native VLAN Error % Error: Port is in Layer-2 mode Gi 5/6. Enable Null VLAN as the Default VLAN In - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 798
798 | Virtual LANs (VLAN) www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 799
hosts on the network 10.10.10.0 with the IP address of either Router A or Router B as their default router; their default router is the IP Address configured on the virtual router. When any host on the LAN segment wants to access the Internet, it sends packets to the IP address of the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 800
www.dell.com | support.dell.com FN0001_lp In Figure 45-1 below, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface GigabitEthernet 1/1 to the Internet. As the BACKUP router, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 801
supported. Virtual IP addresses can belong to the primary or secondary IP address' subnet configured on the interface. You can ping all the virtual IP addresses configured packets, Dell Force10 recommends you to increase the VRRP advertisement interval to a value higher than the default value of - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 802
increased dead interval may cause packets to be dropped during that switch-over time. VRRP Configuration By default, VRRP is not configured. Configuration Task List for VRRP The following list specifies the configuration tasks for VRRP: • Create a Virtual Router on page 802 (mandatory) • Assign - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 803
120 VRRP groups on a switch with FTOS or a total of 20 VRRP groups when using SFTOS. The S-Series supports varying number of maximum VRRP groups per interface (Table 45-1). To activate a VRRP Group on an interface (so that VRRP group starts transmitting VRRP packets), configure at least one Virtual - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 804
www.dell.com | support.dell.com For example, an interface (on which VRRP is to be enabled) contains a interface primary or secondary IP address. Configure a Virtual IP address with these commands in the following sequence in the INTERFACE mode. Step 1 Task Configure a VRRP group. 2 Configure - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 805
.10.2.2 10.10.2.3 Authentication: (none) Force10# Different Virtual IP addresses When the VRRP choosing the router with the highest priority. THe default priority for a Virtual Router is 100. The time and have the same priority value, the interface's physical IP addresses are used as tie-breakers - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 806
support.dell.com Configure the VRRP Group's priority with the following command in the VRRP mode: Task Configure the priority for the VRRP group. Command Syntax INTERFACE -VRID Command Mode priority priority Range: 1-255 Default: 100 Figure 45-7. Command Example: priority in Interface VRRP mode - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 807
(conf-if-gi-1/1-vrid-111)#authentication-type ? Force10(conf-if-gi-1/1-vrid-111)#authentication-type simple 7 force10 Encryption type (encrypted) Password Figure 45-10. Command Example: show config in VRID mode with a Simple Password Configured Force10(conf-if-gi-1/1-vrid-111)#show conf ! vrrp - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 808
45-11. Command Example: no preempt Force10(conf-if-gi-1/1)#vrrp-group 111 Force10(conf-if-gi-1/1-vrid-111)#no preempt Force10(conf-if-gi-1/1-vrid-111)#show conf Command Mode INTERFACE-VRID Figure 45-12. Command Example Display: show config in VRID mode Force10(conf-if-gi-1/1-vrid-111)#show conf - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 809
a value to be subtracted from the interface's VRRP group priority. track interface [priority-cost cost] Cost Range: 1-254 Default: 10 Command Mode INTERFACE-VRID The sum of all the costs for all tracked interfaces must be less than or equal to the configured priority of the VRRP group. Virtual - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 810
to give you a some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. Figure 45-17 is a sample configuration for enabling VRRP. Figure 45-18 illustrates the - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 811
Figure 45-17. Configure VRRP Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip vrid-99)#virtual 10.1.1.2 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 virtual-address 10.1.1.3 no shutdown R2(conf-if-gi-2/31 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 812
www.dell.com | support.dell.com Figure 45-18. VRRP Topography Illustration State Master: R2 was the first interface configured with VRRP Virtual MAC is automatically assigned and is the same on both Routers R2#show vrrp GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 813
• Last restart reason (S60) • show hardware commands (S60) • Hardware watchdog timer • Buffer tuning • Troubleshooting packet loss • Application loopback mode, and test packets are transmitted through those components. These diagnostics also perform snake tests using VLAN configurations. S-Series - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 814
-Diags [confirm yes/no]:y 5w6d12h: %STKUNIT0-M:CP %CHMGR-2-STACKUNIT_DOWN: Stack unit 2 down - stack unit offline 5w6d12h: %STKUNIT0-M:CP %IFMGR-1-DEL_PORT: Removed port: Gi 2/1-48 Force10#5w6d12h: %STKUNIT1-S:CP %IFMGR-1-DEL_PORT: Removed port: Gi 2/1-48 2. Use the show system brief command from - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 815
Unit Module No Status Module Type Ports 0 0 online S50-01-10GE-2C 2 0 1 online S50-01-12G-2S 2 1 0 online S50-01-10GE-2P 2 1 1 online S50-01-12G-2S 2 2 0 not present No Module 0 2 1 offline S50-01-12G-2S 2 -- Power Supplies -- Unit Bay Status Type 0 0 up AC - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 816
dell.com | support.dell.com Figure 46-3. Running Offline Diagnostics on an S-Series Standalone Unit Force10#diag stack 03:43:46 +00:00 startup-config Nov 05 2008 17:15:16 + ports Proceed with Diags [confirm yes/no]: yes Force10#00:03:13: %S25P:2 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 817
the Results of Offline Diagnostics on a Standalone Unit Force10#show file flash://TestReport-SU-0.txt S-Series Diagnostics Stack Unit Board Serial Number : DL267160098 CPU Version : can be saved to a file either manually or automatically upon failover. S-Series Debugging and Diagnostics | 817 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 818
crash push button reset soft reset soft reset show hardware commands (S60) Note: The show hardware command tree is supported on the S60 only. The latest FTOS version on the S60. Note: The show hardware commands should only be used under the guidance of Dell Force10 Technical Assistance Center. 818 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 819
stats show hardware stack-unit {0-11} cpu management statistics View internal interface status of the stack-unit CPU port which connects to the external management interface. show hardware stack-unit {0-11} cpu data-plane statistics View driver-level statistics for the data-plane port on the CPU - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 820
www.dell.com | support.dell.com Table 46-2. show hardware Commands Command show hardware stack-unit {0-11} buffering-unit port-stats show hardware stack-unit {0-11} buffering-unit queue-stats [cpu | multicast | unicast] show hardware stack-unit {0-11} buffering-unit registers show hardware stack- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 821
). Each packet is managed in the buffer using a unique packet pointer. Thus, each interface can manage up to 2k packets. You can configure dynamic buffers per port on both 1G and 10G FPs and per queue on CSFs. By default, the FP dynamic buffer allocation is 10 times oversubscribed. For the 48 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 822
-end Links CSF Unit 3 1 2 FP Unit 1 IDP Switch Links 3 PHY PHY Deciding to tune buffers Dell Force10 recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 823
reset, the buffer profile correctly returns to the default values, but the profile name remains. Remove it from the show buffer-profile [detail | summary] command output by entering no buffer [fp-uplink |csf] linecard port-set buffer-policy from CONFIGURATION mode and no buffer-policy from INTERFACE - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 824
dell.com | support.dell.com Figure 46-7. Display the Default Buffer Profile Force10#show buffer-profile detail interface gigabitethernet 0/1 Interface 3.00 256 7 3.00 256 Force10#sho buffer-profile detail fp-uplink stack-unit 0 port-set 0 Linecard 0 Port-set 0 Buffer-profile fsqueue-hig - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 825
already applied. Failed to apply user-defined buffer profile on interface Gi 0/1. Please remove global pre-defined buffer profile. If the default buffer profile (4Q) is active, FTOS displays an error message instructing you to remove the default configuration using the command no buffer-profile - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 826
fsqueue-hig buffer fp-uplink stack-unit 0 port-set 1 buffer-policy fsqueue-hig ! Interface range gi 0/1 - 48 buffer-policy fsqueue-fp Force10#sho run int gi 0/10 ! interface GigabitEthernet 0/10 no ip address Multicast Buffering on the S60 The S60 supports multicast buffering for all multicast - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 827
is intended primarily to troubleshoot packet loss. • show hardware stack-unit cpu data-plane statistics • show hardware stack-unit cpu party-bus statistics • show hardware stack-unit 0-11 drops unit 0-1 port 0-49 • show hardware stack-unit 0-11 stack-port 48-51 • show hardware stack-unit 0-11 unit - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 828
www.dell.com | support.dell.com • show hardware ipv6 {e.g.-acl |in-acl} stack-unit 0-11 port-set 0-1 • show hardware system-flow layer2 stack-unit 0-11 port-set 0-1 [counters] • clear hardware stack-unit 0-11 counters • clear hardware stack-unit 0-11 unit 0-1 counters • clear hardware stack-unit 0- - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 829
Counters Force10#show hardware stack-unit 0 drops unit 0 port 1 --- Ingress Drops --- Ingress Drops : 30 IBP CBP Full Drops : 0 PortSTPnotFwd Drops : 0 IPv4 L3 Discards : 0 Policy Discards : 0 Packets dropped by FP : 14 (L2+L3) Drops : 0 Port bitmap zero Drops : 16 Rx VLAN Drops - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 830
www.dell.com | support.dell.com Figure 46-15. Displaying Dataplane Statistics Force10#show hardware stack-unit 2 cpu data-plane statistics bc pci driver statistics for device: rxHandle :0 noMhdr :0 noMbuf :0 noClus :0 recvd :0 dropped :0 recvToNet :0 rxError :0 rxDatapathErr :0 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 831
Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface, as shown in Figure 46-17. Figure 46-17. Displaying Stack Unit Statistics Force10#show hardware stack-unit 2 stack-port 49 Input Statistics: 27629 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 832
with the following: Task Enable RPM core dumps and specify the shutdown mode. Command Syntax logging coredump server Command Mode CONFIGURATION Undo this command using the no logging coredump server. Mini core dumps FTOS supports mini core dumps on the for application and kernel crashes. The - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 833
:56 +00:00 startup-config Sep 03 2009 16:44:22 +00:00 startup-config.bak Aug 28 2009 16 .mini.txt flash: 3104256 bytes total (2959872 bytes free) Force10# When a member or standby unit crashes, the mini core STRING panic string is : - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 834
www.dell.com | support.dell.com 834 | S-Series Debugging and Diagnostics - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 835
cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way - VLAN Tagging, Double VLAN Tagging, GVRP • 802.1s - MSTP • 802.1w - RSTP • 802.1X - Network Access Control (Port Authentication) • Force10 - FRRP (Force10 Redundant Ring Protocol) Standards Compliance | 835 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 836
www.dell.com | support.dell.com • Force10 - PVST+ • SFF-8431 - SFP+ Direct Attach Cable (10GSFP+Cu) • MTU - 9,252 bytes RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 837
(client) A Standard for the Transmission of IP Datagrams over IEEE 802 for IP Version 4 Routers Dynamic Host Configuration Protocol Virtual Router Redundancy Protocol (VRRP) VLAN Aggregation for Efficient IP Address Allocation Protection Against a Variant of the Tiny Fragment Attack FTOS support, - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 838
dell.com | support.dell.com General IPv6 Protocols RFC# 1886 1981 (Partial) 2460 2461 (Partial) 2462 (Partial) 2463 2464 2675 3587 4291 Full Name DNS Extensions to support IP version 6 Path MTU Discovery for IP version 6 FTOS support 7.8.1 7.8.1 8.2.1 Transmission of IPv6 Packets over - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 839
for BGP-4 2918 Route Refresh Capability for BGP-4 3065 Autonomous System Confederations for BGP 4360 BGP Extended Communities Attribute 4893 BGP Support for Four-octet AS Number Space 5396 Textual Representation of Autonomous System (AS) Numbers draft-ietf-id A Border Gateway Protocol - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 840
www.dell.com | support.dell.com Open Shortest Path First (OSPF) RFC# Full Name 1587 2154 2328 2370 2740 3623 Graceful OSPF Restart Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance FTOS support, per platform E-Series E-Series S-Series C-Series TeraScale ExaScale - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 841
-IS Cryptographic Authentication Intermediate System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 8.1.1 8.1.1 8.1.1 8.1.1 8.1.1 8.1.1 8.1.1 5120 5306 M-ISIS: Multi Topology (MT) Routing in Intermediate System - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 842
www.dell.com | support.dell.com Routing Information Protocol (RIP) RFC# 1058 2453 Full Name Routing Information Protocol RIP Version 2 FTOS support, per platform E-Series E-Series S-Series C-Series TeraScale ExaScale 7.8.1 7.6.1 8.1.1 7.8.1 7.6.1 8.1.1 Multiprotocol Label Switching - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 843
Multicast FTOS support, per platform RFC# Full Name S-Series C-Series E-Series E-Series v2) (IGMPv1/v2) Listener Discovery (MLD) Snooping Switches IGMPv1/v2/ v3, MLDv1 Snooping draft-ietf-pi Protocol Independent Multicast - Sparse Mode 7.8.1 m-sm-v2-ne (PIM-SM): Protocol Specification - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 844
Protocol using SMIv2 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 Definitions of Managed Objects for Data Link Switching using SMIv2 IP Forwarding Table MIB Definitions of Managed - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 845
2576 2578 2579 2580 2618 2665 2674 2787 2819 2863 2865 FTOS support, per platform Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale Event Table, Log Table The Interfaces Group MIB 7.6.1 7.5.1 8.1.1 Remote Authentication Dial In User Service 7.6.1 7.5.1 8.1.1 (RADIUS - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 846
www.dell.com | support.dell.com Network Management Dial In User Service (RADIUS) Usage Guidelines 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label module for LLDP configuration, statistics, local system data and remote systems data components. FTOS support - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 847
determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) FORCE10-CS- Force10 C-Series Enterprise Chassis MIB CHASSIS-MIB FORCE10-IF-E Force10 Enterprise IF Extension - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 848
www.dell.com | support.dell.com Network Management (continued) FTOS support, per platform RFC# Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale FORCE10-PRO Force10 Product Object Identifier MIB DUCTS-MIB 7.6.1 7.5.1 8.1.1 FORCE10-SS- Force10 S-Series Enterprise Chassis - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 849
MIBs are under the Force10 MIBs subhead on the Documentation page of iSupport: https://www. , go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell Force10 TAC for assistance. Standards Compliance | 849 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 850
850 | Standards Compliance www.dell.com | support.dell.com - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 851
auto negotiation 332 100/1000 Ethernet interfaces port channels 306 4-Byte AS Numbers and authorization, local by default 649 aaa authentication configuring 647 enable method 647 prerequisites 213 DHCP server requirement 215 restrictions 214 base VLAN 562 BGP 138 Attributes 143 Autonomous Systems 138 - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 852
configuring 180 community port 562 community VLAN 562 Console terminal line 64 coredumps 832 crypto key generate 665 C-Series and S-Series load-balancing 315 D debug ip ssh 665 Default VLAN changing the VLAN id 790 implementation 790 Layer 2 mode 790 remove interface 795 remove untagged interface - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 853
IP ACLs 104, 113 standard IP ACL 104 types 104 viewing configuration 111 IP addresses assigning IP address to interface 299 assigning to interface 341 assigning to port channel 312 assigning to VLAN 796 composition 340 configuring static routes 342 IP fragmentation 327 IP hashing scheme 315 ip - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 854
ISIS redistribute OSPF 178 isolated port 562 isolated VLAN 562 J Jumpstart mode default in BMP 2.0 214 L LAG hash algorithm 308, 310, 313 LAG. See Port Channels. Layer 2 mode configuring 298 Layer 2 protocols configuring 298 Layer 3 mode enable traffic 299 Layer 3 protocols configuring 299 line card - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 855
313 passwords configuring password 651 port channel definition 305 port channel (LAG), configure 307 port channel, minimum oper up links 311 Port Channels configuring MTU values 330 member of VLANs 792 Port channels benefits 305 defaults 298 port channels adding physical interface 308 assigning - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 856
RFC Compliance 836 RIP adding routes 616 auto summarization default 612 changing RIP version 616 856 | Index configuring interfaces to run RIP 614 debugging RIP 620 default values 612 default version 613 disabling RIP 614 ECMP paths supported 612 enabling RIP 613 route information 615 setting route - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 857
Things to Remember 301 VLAN configuration, automatic 275 VLAN Protocol Identifier 791 VLAN types 562 VLAN types (private VLAN) 561 VLANs 298, 789 adding a port channel 312 adding interface 791 assigning IP address 796 benefits 789 configuring MTU values 330 defaults 790 definition 789 enabling - Dell Force10 S60-44T | FTOS Configuration Guide for the S60 System FTOS 8.3.3.8 - Page 858
www.dell.com | support.dell.com tagged interfaces 792, 793 TFTP 796 untagged interfaces 793 viewing configured 792 VLSM 339 VLSM (Variable Length Subnet Masks) 612 VRRP 799 advertisement interval 808 benefits 801 changing advertisement interval 808 configuring priority 806 configuring simple
FTOS Configuration Guide for
the S60 System
FTOS 8.3.3.8