Dell PowerSwitch S6000 ON Configuration Guide for the S6000-ON System 9.100.1
Dell PowerSwitch S6000 ON Manual
View all Dell PowerSwitch S6000 ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S6000 ON manual content summary:
- Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 1
Dell Configuration Guide for the S6000-ON System 9.10(0.1) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 3
Contents 1 About this Guide...31 Audience...31 Conventions...31 Related Documents...31 2 Configuration Fundamentals...32 Accessing the Command Line...32 CLI Modes...32 Navigating CLI Modes...34 The do - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 4
a UNIX Logging Facility Level...66 Synchronizing Log Messages...67 Enabling Timestamp on Syslog Messages...67 File Transfer Services...68 Configuration Task List for File Transfer Services 68 Enabling the FTP Server...68 Configuring FTP Server Parameters...69 Configuring FTP Client Parameters...69 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 5
Port-Authentication Process...79 EAP over RADIUS...80 Configuring 802.1X...81 Related Configuration Tasks...81 Important Points to Remember...81 Enabling 802.1X...82 Configuring dot1x Profile ...83 Configuring MAC addresses for a do1x Profile 84 Configuring the Static MAB and MAB Profile ...84 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 6
138 Configure BFD for VRRP...145 Configuring Protocol Liveness...147 Troubleshooting BFD...147 8 Border Gateway Protocol IPv4 (BGPv4)...149 Implement BGP with Dell Networking OS...159 Additional Path (Add-Path) Support...159 Advertise IGP Cost as MED for Redistributed Routes 159 Ignore Router- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 7
AS4 Number Representation...160 AS Number Migration...162 BGP4 Management Information Base (MIB 164 Important Points to Remember...164 Configuration Information...165 BGP Configuration...165 Enabling BGP...166 Configuring AS4 Number Representations 169 Configuring Peer Groups...170 Configuring BGP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 8
CAM-ACL Settings...209 View CAM Usage...210 CAM Optimization...211 Troubleshoot CAM Profiling...211 QoS CAM Region Limitation...211 Syslog Error When Packets...235 Configuration Example for DSCP and PFC Priorities 235 SNMP Support for PFC and Buffer Statistics Tracking 236 Performing PFC Using - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 9
Gateway...268 Configure a Method of Hostname Resolution 269 Using DNS for Address Resolution...269 Using NetBIOS WINS for Address Resolution 269 Creating Manual Binding Entries...269 Debugging the DHCP Server...270 Using DHCP Clear Commands...270 Configure the System to be a DHCP Client...270 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 10
Paths...285 Creating an ECMP Group Bundle...285 Modifying the ECMP Group Threshold...285 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table 286 Support for ECMP in host table...287 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes 287 14 FIP Snooping...288 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 11
316 Setting the FRRP Timers...317 Clearing the FRRP Counters...317 Viewing the FRRP Configuration...317 Viewing the FRRP Information...317 Troubleshooting FRRP...318 Configuration Checks...318 Sample Configuration and Topology...318 17 GARP VLAN Registration Protocol (GVRP 320 Important Points to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 12
IGMP Version 2...324 IGMP Version 3...326 Configure IGMP...328 Related Configuration Tasks...329 Viewing IGMP Enabled Interfaces...329 Selecting an IGMP Version...329 Viewing IGMP Groups...330 Adjusting Timers...330 Adjusting Query and Response Timers...330 Enabling IGMP Immediate-Leave...331 IGMP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 13
Important Points to Remember...350 Configuring EIS...350 Management Interfaces...351 Configuring Management Interfaces...351 Configuring a Management Interface on an Ethernet Port 353 VLAN Interfaces...353 Loopback Interfaces...354 Null Interfaces...355 Port Channel Interfaces...355 Port Channel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 14
-All Addresses...397 UDP Helper with Subnet Broadcast Addresses 398 UDP Helper with Configured Broadcast Addresses 398 UDP Helper with No Configured Broadcast Addresses 399 Troubleshooting UDP Helper...399 21 IPv6 Routing...400 9.10(0.1) 14 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 15
Longest Prefix Match (LPM) Table and IPv6 /65 - /128 support 402 IPv6 Header Fields...403 Extension Header Fields...405 Addressing...406 Implementing ...421 Monitoring iSCSI Traffic Flows...422 Application of Quality of Service to iSCSI Traffic Flows 423 Information Monitored in iSCSI Traffic - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 16
IS-IS Protocol Overview...430 IS-IS Addressing...430 Multi-Topology IS-IS...431 Transition Mode...431 Interface Support...432 Adjacencies...432 Graceful Restart...432 Timers...432 Implementation Information...433 Configuration Information...433 Configuration Tasks for IS-IS...434 Configuring the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 17
MAC Learning Limit...469 Setting the MAC Learning Limit...470 mac learning-limit Dynamic...470 mac learning-limit mac-address-sticky...470 mac learning-limit station-move...471 mac learning-limit no-station-move...471 Learning Limit Violation Actions...471 Setting Station Move Violation Actions... - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 18
Limitations of the NLB Feature...504 Microsoft Clustering...504 Enable and Disable VLAN Flooding ...504 Configuring a Switch for NLB ...504 Enabling a Switch for Multicast NLB...505 28 Multicast Source Discovery Protocol (MSDP 506 Protocol Overview...506 Anycast RP...507 Implementation Information - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 19
Modifying the Interface Parameters...535 Configuring an EdgePort...536 Flush MAC Addresses after a Topology Change 537 MSTP Sample Configurations...538 Router 1 Running-ConfigurationRouter 2 Running-ConfigurationRouter 3 RunningConfigurationSFTOS Example Running-Configuration 538 Debugging and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 20
Interface...591 Redistributing Routes...592 Configuring a Default Route...592 Enabling OSPFv3 Graceful Restart...592 OSPFv3 Authentication Using IPsec...594 Troubleshooting OSPFv3...600 33 Policy-based Routing (PBR)...602 Overview...602 Implementing PBR...603 Configuration Task List for Policy-based - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 21
an EdgePort...651 PVST+ in Multi-Vendor Networks...651 Enabling PVST+ Extend System ID...651 PVST+ Sample Configurations...652 39 Quality of Service (QoS)...655 Implementation Information...657 Port-Based QoS Configurations...657 Setting dot1p Priorities for Incoming Traffic 657 Contents 21 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 22
Priority Queueing...672 Queue Classification Requirements for PFC Functionality 673 Support for marking dot1p value in L3 Input Qos Policy 673 Rate Shaping...678 Configuring Weights and ECN for WRED ...679 Global Service Pools With WRED and ECN Settings 679 Configuring WRED and ECN Attributes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 23
Configuring RMON Collection Statistics...704 Configuring the RMON Collection History 704 42 Rapid Spanning Tree Protocol (RSTP)...706 Protocol Overview...706 Configuring Rapid Spanning Tree...706 Related Configuration Tasks...706 Important Points to Remember...706 RSTP and VLT...707 Configuring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 24
List...738 Secure Shell Authentication...738 Troubleshooting SSH...741 Telnet...741 VTY Line and Access-Class Configuration...742 VTY Line Local Authentication and Authorization 742 VTY Line Remote Authentication and Authorization 743 VTY MAC-SA Filter Support...743 Role-Based Access Control...743 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 25
Statistics 794 Obtaining a Value for MIB Objects...794 MIB Support to Display the Available Memory Size on Flash 795 Viewing the Available Flash Memory Size 795 MIB Support to Display the Software Core Files Generated by the System 796 Viewing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 26
Deriving Interface Indices...800 Monitor Port-Channels...801 Troubleshooting SNMP Operation...802 48 Storm Control...803 Configure Storm Control SupportAssist Using a Configuration Wizard 823 Configuring SupportAssist Manually...823 Configuring SupportAssist Activity...825 Configuring SupportAssist - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 27
Configure the Network Time Protocol...832 Enabling NTP...832 Configuring NTP Broadcasts...833 Disabling NTP on an Interface...833 Configuring a Source IP Address for NTP Packets 833 Configuring NTP Authentication...834 Configuring a Custom-defined Period for NTP time Synchronization 836 Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 28
Snooping...867 VLT IPv6...867 VLT Port Delayed Restoration...867 PIM-Sparse Mode Support on VLT...868 VLT Routing ...869 Non-VLT ARP Sync...871 RSTP a VLT Configuration...887 Additional VLT Sample Configurations...890 Troubleshooting VLT...892 Reconfiguring Stacked Switches as VLT...893 Specifying - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 29
Configuring VxLAN Gateway...911 Connecting to an NVP Controller...911 Advertising VXLAN Access Ports to Controller 912 Displaying VXLAN Configurations...913 VXLAN Service nodes for BFD...914 Examples of the show bfd neighbors command 914 58 Virtual Routing and Forwarding (VRF)...915 VRF Overview - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 30
Buffer Tuning...966 Deciding to Tune Buffers...967 Using a Pre-Defined Buffer Profile...969 Sample Buffer Profile Configuration...970 Troubleshooting Packet Loss...970 Displaying Drop Counters...971 Dataplane Statistics...974 Display Stack Port Statistics...975 Display Stack Member Counters...975 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 31
including Internet Engineering Task Force (IETF) requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Topics: • Audience • Conventions • Related - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 32
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 33
when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, 10 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 34
PRIORITY-GROUP PROTOCOL GVRP QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 35
CLI Command Mode Loopback Interface Management Ethernet Interface Null Interface Port-channel Interface Tunnel Interface VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 36
-channel failover-group Dell(conf-pg)# priority-group Dell(config-gvrp)# protocol gvrp Dell(conf-qos-policy-out-ets)# qos-policy-output Dell(support-assist)# support-assist Dell(conf-vlt-domain)# vlt domain Dell(conf-if-interface-type- vrrp-group slot/port-vrid-vrrp-group-id)# Dell(conf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 37
3 Member 4 Member 5 Member 6 Member not present not present not present not present -- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) 1 1 up AC absent 0 1 2 absent absent 0 -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 1 up up 0 up 0 1 2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 38
• Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands. • The CLI is not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 39
Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. • When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 40
NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regular-expression | except regular-expression | grep otherregular-expression | find regular-expression | save. Multiple Users in Configuration Mode Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 41
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 42
Console Access The device has one RJ-45/RS-232 console port, an out-of-band (OOB) Ethernet port, and a micro USB-B console port. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the I/O side of the chassis. Figure 1. RJ-45 Console Port 1. RS-232 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 43
Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table 2. Pin Assignments Between the Console and a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 44
• You can manage all Dell Networking products in-band via the front-end data ports through interfaces assigned an IP address as well. Accessing the System Remotely Configuring the system for remote access is a three-step process, as described in the following topics: 1. Configure an IP address for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 45
username username password [encryption-type] password - encryption-type: specifies how you are inputting the password, is 0 by default, and is not required. * 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 46
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 47
the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on the device. Refer to your system's Release Notes for a list of approved USB vendors. Example of Copying a File to current File System - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 48
period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems. To view a list of files or the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 49
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drw- 32768 Jan 01 1980 00:00:00 . 2 drwx 512 Jul 23 2007 00:38:44 .. 3 drw- 8192 Mar 30 1919 10:31:04 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 50
keyword startup-config. • To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 51
that the local copy is exactly the same as the published software image. This validation procedure, and the verify {md5 | sha256} command to support it, prevents the installation of corrupted or modified images. The verify {md5 | sha256} command calculates and displays the hash of any file on - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 52
MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin Getting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 53
and the Logging Configuration • Configuring a UNIX Logging Facility Level • Synchronizing Log Messages • Enabling Timestamp on Syslog Messages • File Transfer Services • Terminal Lines • Setting Timeout for EXEC Privilege Mode • Using Telnet to get to Another Network Device • Lock CONFIGURATION Mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 54
• restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands at his privilege level and below. Removing a Command from EXEC Mode To remove a command from the list of available commands in EXEC mode for a specific - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 55
• Remove a command from the list of available commands in EXEC mode. CONFIGURATION mode privilege exec level level {command ||...|| command} • Move a command from EXEC Privilege to EXEC mode. CONFIGURATION mode privilege exec level level {command ||...|| command} • Allow access to CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 56
Dell(config-line-vty)#exit Dell(conf)# Applying a Privilege Level to a Username To set the user privilege level, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 57
Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: • Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 58
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 59
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Figure 2. Setting Up a Secure Connection to a Syslog Server Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 60
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 61
Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigning write permissions to the file. - Add line on a 4.1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 62
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 63
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin User: admin Last login time: 12: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 64
CONFIGURATION mode login concurrent-session limit number-of-sessions Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 65
Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 66
Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2-MMC_STATE: External flash disk missing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 67
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 68
] command. File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 69
ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 70
Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system. The console line (console) connects you through the console port in the route processor modules (RPMs). The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 71
seq 15 permit ipv6 any any ! Dell(conf)# Dell(conf)#line vty 0 0 Dell(config-line-vty)#access-class testv6deny ipv6 Dell(config-line-vty)#access-class testvpermit ipv4 Dell(config-line-vty)#show c line vty 0 exec-timeout 0 0 access-class testpermit ipv4 access-class testv6deny ipv6 ! Configuring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 72
reaches this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system during downtime. • Telnet 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 73
CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set auto-lock, every time a user is in CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 74
reload conditional nvram-cfg-change • Reload the system into the Dell diagnostics mode. EXEC Privilege mode reload dell-diag • Reload the system into the ONIE mode. EXEC Privilege mode reload onie [install | uninstall | rescue] Use the install parameter to reload the system and enter the Install - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 75
* After restoration the unit(s) will be powercycled immediately. * * Proceed with caution ! * Proceed with factory settings? Confirm [yes/no]:yes -- Restore status -- Unit Nvram Config 1 Success Power-cycling the unit(s). .... Restoring Factory Default Environment Variables The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 76
BOOT_USER # To boot from flash partition B: BOOT_USER # boot change primary boot device : flash file name : systemb BOOT_USER # To boot from network: BOOT_USER # boot change primary boot device : tftp file name : FTOS-SI-9-5-0-169.bin Server IP address : 10.16.127.35 BOOT_USER # 4. Assign an IP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 77
-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-overRADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. 802.1X 77 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 78
The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames. Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 79
• Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or out of the port. • The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally. NOTE: The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 80
Success frame. If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 5. EAP Port-Authentication EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 81
802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 82
Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3 Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 83
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.1X configuration information for an interface, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 84
Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses. • Configure a list of MAC addresses for a dot1x profile. DOT1X PROFILE CONFIG (conf- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 85
Auth-Fail VLAN id: 200 Auth-Fail Max-Attempts:3 Critical VLAN: Enable Critical VLAN id: 300 Mac-Auth-Bypass Only: Disable Static-MAB: Enable Static-MAB Profile: Sample Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 30 seconds Server Timeout: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 86
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 87
• re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1/1)#dot1x quiet-period 120 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 88
ReAuth Max: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: 2 30 seconds 30 seconds 3600 seconds 10 SINGLE_HOST Initialize Initialize Initialize Initialize Re-Authenticating a Port You can configure the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 89
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. You can configure the amount of time the authenticator waits for a response. To terminate the authentication process, use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 90
Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 91
5 Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic VLAN Assignment with Port Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 92
Example of Configuring Maximum Authentication Attempts Dell(conf-if-Te-1/1/1)#dot1x guest-vlan 200 Dell(conf-if-Te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-1/1/1)# Dell(conf-if-Te-1/1/1)#dot1x auth-fail- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 93
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 94
IP Prefix Lists • ACL Resequencing • Route Maps • Flow-Based Monitoring Support for ACLs IP Access Control Lists (ACLs) In Dell Networking switch/ information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 95
CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create a class map with all the required ACL rules, then execute the test - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 96
L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and in which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 97
Important Points to Remember • For route-maps with more than one match clause: - Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. - Two or more match clauses - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 98
map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found. The following is an example with two instances of a route map. The following example shows matching instances of a route-map. Dell#show route-map route-map zakho, permit, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 99
Dell(config-route-map)#match tag 2000 Dell(config-route-map)#match tag 3000 Example of the match Command to Match All Specified Values In the next example, there is a match only if a route has both of the specified characteristics. In this example, there a match only if the route has a tag value of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 100
match ipv6 address prefix-list-name • Match next-hop routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip next-hop {access-list-name | prefix-list prefix-list-name} • Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 101
CONFIG-ROUTE-MAP mode set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value} • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 102
with the fragments keyword for all Layer 3 rules applicable to all Layer protocols (permit/deny ip/tcp/udp/icmp). • Both standard and extended ACLs support IP fragments. • Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments. If the packet is to be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 103
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 104
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1 Enter - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 105
seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.0 /16 Dell# The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 25 was configured before filter 15, but the show config command displays the filters - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 106
seq 50 permit tcp 10.8.0.0 /16 10.50.188.118 /31 eq 49 seq 55 permit udp 10.15.1.0 /24 10.50.188.118 /31 range 1812 1813 To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the no seq sequence-number - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 107
CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 108
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 109
CONFIGURATION mode interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3 Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in} [implicit-permit] [vlan - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 110
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 111
Dell#configure terminal Dell(conf)#interface te 1/2/1 Dell(conf-if-te-1/2/1)#ip vrf forwarding blue Dell(conf-if-te-1/2/1)#show config ! interface TenGigabitEthernet 1/2/1 ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-1/2/1)# Dell(conf-if-te-1/2/1)# Dell(conf-if-te-1/2/1)#end Dell# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 112
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 113
The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 114
Viewing Prefix Lists To view all configured prefix lists, use the following commands. • Show detailed information about configured prefix lists. EXEC Privilege mode show ip prefix-list detail [prefix-name] • Show a table of summarized information about configured Prefix lists. EXEC Privilege mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 115
If you enter the name of a non-existent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name out [interface | connected | static | ospf] Example of Viewing Configured Prefix Lists (ROUTER RIP mode) To view the configuration, use the show config command in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 116
You can resequence IPv4 and IPv6 ACLs, prefixes, and MAC ACLs. No CAM writes happen as a result of resequencing, so there is no packet loss; the behavior is similar Hot-lock ACLs. NOTE: ACL resequencing does not affect the rules, remarks, or order in which they are applied. Resequencing merely - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 117
or no set commands. When there is no match command, all traffic matches the route map and the set command applies. Flow-Based Monitoring Support for ACLs Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 118
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 119
kar on TenGigabitEthernet 1/1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 120
Dell(conf)#interface TenGigabitEthernet 1/1/1 Dell(conf-if-te-1/1/1)#ip access-group testflow in Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 ip address 10.11.1.254/24 ip access-group testflow in shutdown Dell(conf-if-te-1/1/1)#exit Dell(conf)#do show ip accounting access- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 121
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 122
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Bidirectional Forwarding Detection (BFD) 122 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 123
The minimum rate at which the local system would like to receive echo packets. RX NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 124
inquiries from the Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State Administratively Down Down Init Up Description - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 125
state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged. Figure 10. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD) 125 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 126
system, the session state on the local system changes to Init. Figure 11. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 127
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 128
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1 Enter interface mode. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 129
State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 130
To disable and re-enable BFD on an interface, use the following commands. • Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24/1)#01:00:52: %RPM0-P:RP2 % - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 131
To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 132
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent notifies the BFD manager, which in turn notifies the OSPF protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 133
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 134
BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Bidirectional Forwarding Detection (BFD) 134 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 135
Configuring BFD for OSPFv3 is a two-step process: 1. Enable BFD globally. 2. Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 136
Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 137
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 138
of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 139
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1. Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2. Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 140
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 141
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 142
Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 143
Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2/1 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 144
2.2.2.2 1 273 273 0 3.3.3.2 1 282 281 0 0 (0) 04:32:26 0 0 0 00:38:12 0 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 145
Peer active in peer-group outbound optimization ... Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 146
Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to establish an individual VRRP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 147
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 148
debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24/1)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24/1 ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 149
BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are 2 (the transit AS) to connect to Router 4. Internet service providers (ISPs) are always transit ASs, Border Gateway Protocol IPv4 (BGPv4) 149 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 150
network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When connectivity and accessibility. Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 151
four routers connected in a full mesh have three peers each, six routers have five peers each, and eight routers in full mesh have seven peers each. Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 152
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 153
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 154
Best Path Selection Criteria Paths for active routes are grouped in ascending order according to their neighboring external AS number (BGP best path selection is deterministic by default, which means the bgp non-deterministic-med command is NOT applied). The best path in each group is selected based - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 155
Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate- address command. a Routes originated with the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 156
Weight The weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight is preferred. The route with the highest weight is installed in the IP routing table. Local - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 157
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In the following illustration, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 158
Network *> 7.0.0.0/29 *> 7.0.0.0/30 *> 9.2.0.0/16 Next Hop 10.114.8.33 10.114.8.33 10.114.8.33 Metric 0 0 10 LocPrf 0 0 0 Weight 18508 18508 18508 Path ? ? 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 159
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 160
allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 161
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 162
Dell(conf-router_bgp)#do sho ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS4 SUPPORT DISABLED Dell(conf-router_bgp)#no bgp four-octet-as-support Dell(conf-router_bgp)#sho conf ! router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 163
behavior to happen by allowing Router B to appear as if it still belongs to Router B's old network (AS 200) as far as communicating with Router C is concerned. Figure 24. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 164
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 165
at system boot reads the entire configuration file prior to sending messages to start BGP peer sessions) The following are not yet supported: • auto-summarization (the default is no auto-summary) • synchronization (the default is no synchronization) BGP Configuration To enable the BGP process and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 166
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 167
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 168
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 169
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 170
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 171
Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP Routes. NOTE: Sample Configurations for enabling peer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 172
• neighbor route-map out • neighbor route-reflector-client • neighbor send-community A neighbor may keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's and if the neighbor's configuration does not affect outgoing updates. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 173
10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 174
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 175
prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 176
24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura 24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 177
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 178
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 179
This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 180
Regular Expression ^ (caret) $ (dollar) . (period) * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 181
Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 182
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1 Create - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 183
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 184
deny 14551:666 Dell# Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1 Enter the ROUTE-MAP mode and assign a name to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 185
CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 186
*>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 195.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 100 0 100 0 100 0 100 0 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 187
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 188
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 189
• le: maximum prefix length to me matched. For information about configuring prefix lists, refer to Access Control Lists (ACLs). 3 Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 190
5 Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • map-name: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 191
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 192
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 193
default is 60 minutes. - route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 194
bgp non-deterministic-med NOTE: When you change the best path selection method, path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privilege mode. Examples of Configuring a Route and Viewing the Number of Dampened Routes To view the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 195
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 196
neighbor {ip-address | peer-group-name} soft-reconfiguration inbound BGP stores all the updates received by the neighbor but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. Outbound BGP soft reconfiguration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 197
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 198
• View information about BGP notifications received from or sent to neighbors. EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] • View information about BGP updates and filter by prefix name. EXEC Privilege mode debug ip bgp [ip-address | peer-group - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 199
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 200
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 201
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21/1 R1(conf-if-te-1/21/1)#ip address 10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 202
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 203
R3(conf-if-lo-0)#int te 3/21/1 R3(conf-if-te-3/21/1)#ip address 10.0.2.3/24 R3(conf-if-te-3/21/1)#no shutdown R3(conf-if-te-3/21/1)#show config ! interface TengigabitEthernet 3/21/1 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21/1)# R3(conf-if-te-3/21/1)#router bgp 100 R3(conf-router_bgp)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 204
BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 205
R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 206
9 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for Ingress - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 207
. The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 1024 entries. Even though you can perform CAM carving to allocate the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 208
mode show cam-acl 4 Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 209
cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing CAM-ACL Settings Dell(conf)#do show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) Next Boot(in block - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 210
L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 0 -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 211
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting. QoS CAM Region Limitation To store QoS service policies Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 212
default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables. The other supported UFT modes are scaled-l3-hosts (UFT mode 3) and scaledl3-routes (UFT mode 4). Table 12. UFT Modes - Table Size UFT Mode L2 MAC Table - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 213
show hardware forwarding-table mode Dell#show hardware forwarding-table mode Current Settings Mode : Default L2 MAC Entries : 160K L3 Host Entries : 144K L3 Route Entries : 16K Dell# Next Boot Settings scaled-l3-routes 32K 16K 128K Content Addressable Memory (CAM) 213 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 214
10 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 215
The following illustration shows an example of the difference between having CoPP implemented and not having CoPP implemented. Figure 26. Control Plane Policing Figure 27. CoPP Implemented Versus CoPP Not Implemented Control Plane Policing (CoPP) 215 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 216
-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and Quality of Service (QoS). The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then, create a QoS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 217
input name cpu-qos class-map name qos-policy name 7 Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8 Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 218
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1 Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 219
queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use the show cpu-queue rate cp command. Viewing Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Q0 1300 Q1 300 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 220
Example of Viewing Queue Mapping for MAC Protocols Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) ARP any 0x0806 Q5/Q6 CP _ FRRP 01:01:e8:00:00:10/11 any Q7 CP _ LACP 01:80:c2:00:00:02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 221
Map • Priority-Based Flow Control Using Dynamic Buffer Method • Behavior of Tagged Packets • Configuration Example for DSCP and PFC Priorities • SNMP Support for PFC and Buffer Statistics Tracking • Performing PFC Using DSCP Bits Instead of 802.1p Bits • PFC and ETS Configuration Examples • Using - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 222
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 223
DCBx • During DCBx negotiation with a remote peer: • DCBx communicates with the remote peer by LLDP TLV to determine current policies, such as PFC support and ETS bandwidth allocation. • If DCBx negotiation is not successful (for example, a version or TLV mismatch), DCBx is disabled and PFC or ETS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 224
Traffic Groupings Traffic Groupings Group ID Group bandwidth Group transmission selection algorithm (TSA) In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: - PFC enabled or disabled - No bandwidth limit or no ETS processing • ETS uses the DCB - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 225
TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters ETS parameters PFC Configuration center network. DCB is disabled by default. It must be enabled to support CEE. • Priority-based flow control • Enhanced transmission selection • Data center - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 226
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 227
between peer devices. PFC allows network administrators to create zero-loss links for Storage Area Network (SAN) traffic that requires nodrop service, while retaining packet-drop congestion management for Local Area Network (LAN) traffic. To configure PFC, follow these steps: 1 Create a DCB Map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 228
peer devices. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 229
set port-pipe command. NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays. In - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 230
to create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packetdrop congestion management for LAN to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 231
the same priority group. • A maximum of two PFC-enabled, lossless queues are supported on an interface. Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 232
map has been applied or which is already configured for lossless queues (pfc no-drop queues command). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface. The configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 233
as no- pfc no-drop drop queues for lossless traffic. For the dot1p-queue assignments. queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 234
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 235
Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 on PRIO2PG setting. All other Priorities for which PFC is not enabled are mapped to default PG - PG7. Classification rules on ingress (Ingress FP CAM - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 236
for each frame priority. The goal of this mechanism is to ensure zero loss under congestion in DCB networks. Dell Networking OS provides SNMP support for monitoring PFC and BST counters, and statistics. The enhancement is made on DELL-NETWORKING-FPSTATS-MIB with additional tables to display the PFC - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 237
these mappings are identical. This section discusses the Dell Networking OS configurations needed for above PFC generation and honoring mechanism to work for the untagged packets. PRIORITY to PG mapping (PRIO2PG) is on the ingress for each port. By default, all priorities are mapped to PG7. A - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 238
classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802 mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 239
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 240
strict-priority group and is given the priority-group (TCG) ID 15. - The CIN version supports two types of strict-priority scheduling: * Group strict priority: Use this to increase its bandwidth interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Data Center Bridging (DCB) 240 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 241
.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p to data queues, not to control queues. • Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 242
ETS bandwidth allocation or strict-priority queuing does not support weighted random early detection (WRED), explicit congestion notification map to a priority group. • The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues (4) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 243
) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-toend). For - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 244
configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual The port is configured to operate only with administrator-configured settings and does not autoconfigure with DCB settings received from a DCBx - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 245
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 246
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 247
LLDP is shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link down -source role. 4. Configure ports to operate in a manual role. 1 Enter INTERFACE Configuration mode. Data Center Bridging (DCB) 247 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 248
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6 On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 249
4 Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | the Application Priority TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-appln- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 250
NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-appln-tlv iscsi. 6 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 251
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 20. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 252
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test State :Complete PfcMode:ON PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 253
Table 21. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 254
0 0 0 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1/1 ets summary Interface TenGigabitEthernet 1/1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled PG-grp Priority# BW-% BW - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 255
The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1/1 ets detail Interface TenGigabitEthernet 1/1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : Admin is enabled TC-grp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 256
interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 257
-unit all stack-ports all ets details Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 258
port role: auto-upstream, autodownstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used . In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 259
global switch level (refer to Default dot1p to Queue Mapping) using the service-class dynamic dot1p command in INTERFACE configuration mode. Layer 2 class maps the following table and the maximum number of two lossless queues supported on a port (refer to Configuring Lossless Queues). Although Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 260
is from 0 to 3399. Default is 3088. 3 Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured depends on the buffer. The default number of PFC queues in the system is one. For each priority, you can - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 261
and scheduling). • One lossless queue is used. Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 262
Enabling DCB Dell(conf)#dcb enable 2. Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)# service-class dynamic dot1p 3. Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 263
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 264
The following table lists common DHCP options. Option Subnet Mask Number and Description Option 1 Specifies the client's subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client's default gateway. Domain Name Server Option 6 Specifies the domain name servers - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 265
case, the client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. Dynamic Host Configuration Protocol (DHCP) 265 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 266
is /17. Dell Networking OS displays an error message for configurations that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For more information, refer to Dynamic ARP Inspection. NOTE: If the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 267
Server Responsibilities Address Storage and Management Configuration Parameter Storage and Management Lease Management Responding To Client Requests Providing Administration Services Description DHCP servers are the owners of the addresses used by DHCP clients.The server stores the addresses and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 268
the Server for Automatic Address Allocation 2. Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands Excluding Addresses from the Address Pool The DHCP server - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 269
NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 270
stored on the server. For more information, refer to Configuring the Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported on Ethernet, VLAN, and port-channel interfaces. • The public out-of-band management interface and default VLAN 1 are configured by default - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 271
a new IP address, use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 272
added by the DHCP client. If you remove the statically configured IP route using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management routes added by the DHCP client that is removed or replaced by the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 273
new master reinitiates a DHCP packet transaction by sending a DHCP discovery packet on nonbound interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 274
Configure the System for User Port Stacking (Option 230) Set the stacking-option variable to provide stack-port detail on the DHCP server when you set the DHCP offer. A stack can be formed when the units are connected. Option 230 is the option for user port stacking. Use it to create up to eight - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 275
trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted. agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 276
Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1 Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2 Specify ports connected to IPv6 DHCP servers as trusted. INTERFACE mode ipv6 dhcp snooping trust 3 Enable IPv6 DHCP snooping on a VLAN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 277
clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command. • Display the contents of the binding table. EXEC Privilege mode show - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 278
Debugging the IPv6 DHCP To debug the IPv6 DHCP, use the following command. • Display debug information for IPV6 DHCP. EXEC Privilege mode debug ipv6 dhcp IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 279
a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 280
an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 281
port and the system drops the packet. If the IP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. Similarly, if the IP address does not belong to the permissible VLAN, the packet is dropped. To enable IP source address validation, use - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 282
INTERFACE mode ip dhcp source-address-validation ipmac • Enable IP+MAC SAV with VLAN option. INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 283
13 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 284
Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 285
Te 1/1/1 Up 36 Te 1/1/1 Up 52 Managing ECMP Group Paths To avoid path degeneration, configure the maximum number of paths for an ECMP route that the L3 CAM can hold. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 286
Host table since it cannot be written in LPM table, and IPv4 0/32 route entries are written in LPM table itself to support the ECMP since ECMP was not supported in Host table. On the system, unified forwarding table (UFT) is enabled, and the host table size is bigger compared to the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 287
host table can have ECMP. For other platforms, only the IPv6 /128 prefix route entries is stored in the L3 host table without ECMP support. The software supports a command to program IPv6 /128 route prefixes in the host table. The output of show IPv6 cam command has been enhanced to include the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 288
works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. In addition, DCB provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 289
FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network (SAN). FIP satisfies the Fibre Channel requirement for point-to-point connections by creating a unique virtual link for each - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 290
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 291
The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 292
FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure port must continue to operate with untagged frames. FIP snooping is not supported on a port that is configured for non-default untagged VLAN membership - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 293
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 294
incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure and FIP snooping is enabled on all or individual VLANs. FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is operationally - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 295
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 296
Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 28. Displaying FIP Snooping Information Command Output show fip-snooping sessions [interface vlan vlan-id] Displays information on FIP-snooped sessions on all VLANs or a specified - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 297
Table 29. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 298
Table 31. show fip-snooping fcf Command Description Field FCF MAC FCF Interface VLAN FC-MAP ENode Interface FKA_ADV_PERIOD No of ENodes FC-ID Description MAC address of the FCF. Slot/port number of the interface to which the FCF is connected. VLAN ID number used by the session. FC-Map value - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 299
The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 300
Field Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Description Number of FIP FLOGI reject - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 301
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 37. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 302
Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)# portmode hybrid Dell(conf-if-te-1/1/1)# switchport Dell(conf-if-te-1/1/1)# protocol lldp Dell(conf-if-te-1/1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 303
with the Flex Hash mechanism. Keep the following points in mind when you configure the flex hash capability: • A maximum of eight flex hash entries is supported. • A maximum of 4 bytes can be extracted from the start of the L4 header. • The offset range is 0 - 30 bytes from the start of the L4 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 304
With the reduced time that is taken to reboot the switch, upon a manually-initiated reload or an expected restart of the device, there is minimal servers in that rack. This functionality of minimized reload time is supported in a network deployment in which the servers are connected through - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 305
will operate even if some of the preceding conditions are not met. However, the duration of traffic loss might be longer. 6. Warm boot is supported because it enables faster convergence and reduced traffic loss. 7. BGP graceful restart must be configured with GR time left to default (120 seconds) or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 306
with an uplink speed of 40 Gigabit Ethernet per second. Interoperation of Applications with Fast Boot and System States This functionality is supported on the platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 307
boot and actions specific to this mode will not be performed. Software Upgrade When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases that were maintained in the older release from when you performed the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 308
computed and installed without the need for any manual intervention in any of the following conditions: Converged Ethernet (RoCE) Overview This functionality is supported on the platform. RDMA is a technology that lossless nature of disk input and output services. • Lossless connectivity: VMs require - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 309
for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the platform. All the frames in a Layer 2 VLAN are identified using a tag defined in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 310
against any single link/switch failure and thus provides for greater network uptime. Topics: • Protocol Overview • Implementing FRRP • FRRP Configuration • Troubleshooting FRRP • Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology. You can configure up to 255 rings - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 311
has been temporarily blocked and places it into a pre- forwarding state. When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the previously blocked ring ports on the newly restored port. Then the Transit node - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 312
Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP group and a Transit for another FRRP group, or it can be a Transit node for both rings. In the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 313
• The Master node transmits ring status check frames at specified intervals. • You can run multiple physical rings on the same switch. • One Master node per ring - all other nodes are Transit. • Each node has two member interfaces - primary and secondary. • There is no limit to the number of nodes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 314
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 315
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 316
no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter. Be sure to follow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 317
Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds - Hello-Interval: the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 318
Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 319
tagged TenGigabitEthernet 1/14/1,11/1 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 1/14/1,11/1 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 1/14/1 secondary TenGigabitEthernet 1/11/1 control-vlan 101 member-vlan 201 mode transit no disable Example - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 320
to register and de-register attribute values, such as VLAN IDs, with each other. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 321
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 322
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 323
interface TenGigabitEthernet 1/21/1 no ip address switchport gvrp enable gvrp registration fixed 34-35 gvrp registration forbidden 45-46 no shutdown Dell(conf-if-te-1/21/1)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 324
IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports an unlimited number of groups. • Dell Networking systems cannot serve as an IGMP host or an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 325
time. A host joins and leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 326
period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 327
Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2. The host's second - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 328
Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 329
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 330
IGMP query interval is 60 seconds IGMP querier timeout is 125 seconds IGMP max query response time is 10 seconds IGMP last member query response interval is 1000 ms IGMP immediate-leave is disabled IGMP activity: 0 joins, 0 leaves, 0 channel joins, 0 channel leaves IGMP querying router is 1.1.1.1 ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 331
• Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 332
ip igmp snooping enable • View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 333
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 334
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 335
confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported Supported If you configure a source interface is for any EIS management - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 336
NOTE: Egress Interface Selection (EIS) works only with IPv4 routing. When the feature is enabled using the management egress-interface-selection command, the following events are performed: • The CLI prompt changes to the EIS mode. • In this mode, you can run the application and no application - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 337
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 338
• Management application packet counter is incremented if EIS route lookup succeeds and packet is sent out of the management port. • If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management application drop counter is incremented. • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 339
Traffic type / Application type Switch initiated traffic Switch-destined traffic Transit Traffic destination uses the front-end port selected based on route lookup in EIS port to management default route only. No change in table. If the management port is down or the port is blocked the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 340
Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected. Table 35. Behavior of Various Applications for Switch-Initiated Traffic Protocol Behavior when EIS is Enabled dns EIS Behavior ftp EIS Behavior ntp EIS Behavior radius EIS Behavior - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 341
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 342
ip igmp snooping mrouter interface Internet Group Management Protocol (IGMP) 342 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 343
and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state. Basic Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 344
• Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting 40G Ports without Reload • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 345
.1 TenGigabitEthernet 1/7/1 unassigned TenGigabitEthernet 1/8/1 unassigned TenGigabitEthernet 1/9/1 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 346
interface TenGigabitEthernet 2/7/1 no ip address shutdown ! interface TenGigabitEthernet 2/8/1 no ip address shutdown ! interface TenGigabitEthernet 2/9/1 no ip address shutdown Resetting an Interface to its Factory Default State You can reset the configurations applied on an interface to its - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 347
configure on the management optic ports alone. Without any optic, if you configure the speed, the configuration is assigned as the port speed to support Provisioning through BMP. User viewable Logs: Logs for optic insertion and removal are same as QSFP optics. You can use the show inventory media - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 348
show interface transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id QSFP 0 Ext Id QSFP 0 Connector QSFP 0 Transceiver Code QSFP 0 Encoding QSFP 0 Length(SFM) Km QSFP 0 Length(OM3) 2m QSFP 0 Length(OM2) 1m QSFP 0 Length(OM1) 1m QSFP 0 Length(Copper) 1m QSFP 0 Vendor Rev = 0x0d = 0x00 = 0x0c = 0x04 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 349
no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 350
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 351
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 352
- across a platform must be in the same subnet. - must not match the virtual IP address and must not be in the same subnet as the virtual IP. If there are 2 RPMs on the system, each Management interface must be configured with a different IP address. Unless the management route command is configured - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 353
Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet. To configure an IP address for the port, use the following commands. There is no separate management routing table, so configure all routes in the IP routing table ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 354
Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP loopback number • Delete a Loopback interface. CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface. Interfaces 354 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 355
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 356
As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel. Member ports of a LAG are added and programmed into the hardware in a predictable order based on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 357
Creating a Port Channel You can create up to 4096 port channels with up to 16 port members per group on the platform. To configure a port channel, use the following commands. 1 Create a port channel. CONFIGURATION mode interface port-channel id-number 2 Ensure that the port channel is active. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 358
Examples of the show interfaces port-channel Commands To view the port channel's status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example. Dell#show int port brief LAG Mode Status Uptime Ports 1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 359
Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 360
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3 Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 361
Dell#show interfaces switchport te 1/1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged Name: TenGigabitEthernet 1/1/1 802.1QTagged: True Vlan membership - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 362
seed-value } For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value. By default hash seed is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 363
• xor8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 • xor16 - uses 16 bit XOR. Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 364
Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 1/1/1 - 1/2/3 Dell(config-if-range-te-1/1/1-1/2/3)# no shutdown Dell(config-if-range-te-1/1/1-1/2/3)# Create a Multiple-Range - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 365
Add Ranges The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1/1-1/2/1)# interface range Vlan 2 - 100 , Port 1 - 25 Dell(config-if-range-te-1/1/1-1/2/1-vl-2-100-po-1- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 366
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 367
,24,25,27,29,31) . These ports can be changed to 40G to 10G mode or vice-versa without reload. • When a non-supported profile release is upgraded to a supported profile release, the fan-out configured ports get automatically included in the profile. In fan-out mode, if a system is upgraded with 25 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 368
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: When you split a 40G port (such as fo 1/4) into four 10G ports, the 40G interface configuration is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 369
no stack-unit stack-unit-number port port-number portmode quad command. Important Points to Remember • Splitting a 40G port into four 10G ports is supported on standalone and stacked units. • You cannot use split ports as stack-link to stack a system. To verify port splitting, use the show system - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 370
Important Points to Remember • Starting from Dell OS 9.7(0.0), as part of dynamic fan-out support, only 96 ports can be split into 10G mode. Remaining eight ports stay in 40G. For more information, see Fanning out 40G Ports Dynamically. • Before - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 371
SFP+ 2/1 Serial ID Base Fields SFP+ 2/1 Id SFP+ 2/1 Ext Id SFP+ 2/1 Connector = 0x0d = 0x00 = 0x23 Dell#show interfaces tengigabitethernet 1/3/1 transceiver SFP+ 3/1 Serial ID Base Fields SFP+ 3/1 Id = 0x0d SFP+ 3/1 Ext Id = 0x00 SFP+ 3/1 Connector = 0x23 Dell#show interfaces - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 372
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 373
Dell#show interfaces dampening tengigabitethernet 1/1/1 Interface Supp Flaps Penalty Half-Life Reuse Suppress State Te 1/1/1 Up 0 0 1 2 3 Dell# Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 374
. To allow fullduplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 375
control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 376
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 377
Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization, and to manually synchronize them if necessary, use the following command sequence. 1 Determine the local interface status. Refer to the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 378
details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface sends - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 379
displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TenGigabitEthernet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 380
you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN Interfaces 380 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 381
the configuration files. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 382
Two existing exec mode CLIs are enhanced to display and store the running configuration in the compressed mode. show running-config compressed and write memory compressed The compressed configuration will group all the similar looking configuration thereby reducing the size of the configuration. For - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 383
! interface TenGigabitEthernet 1/10/1 no ip address shutdown ! interface TenGigabitEthernet 1/34/1 ip address 2.1.1.1/16 shutdown ! interface Vlan 2 no ip address no shutdown ! interface Vlan 3 tagged te 1/1/1 no ip address shutdown ! interface Vlan 4 tagged te 1/1/1 no ip address shutdown ! - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 384
flash by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Interfaces 384 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 385
20 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 386
Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 387
)#show conf ! interface TenGigabitEthernet 1/1/1 ip address 10.11.1.1/24 no shutdown ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 388
Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change S 2.1.2.0/24 Direct, Nu 0 0/0 00:02:30 S 6.1.2.0/24 via 6.1.20.2, Te 5/1/1 1/0 00:02:30 S 6.1.2.2/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 389
is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages. feature is not supported on significantly high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 390
command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature >show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 391
tomm-3 gxr f00-3 Dell> (perm, OK) - IP (perm, OK) - IP (perm, OK) - IP 192.68.99.2 192.71.18.2 192.71.23.1 To view the current configuration, use the show running-config resolve command. Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 392
related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • Configuring Static ARP Entries ( dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 393
Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 394
In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. Enabling ARP Learning via Gratuitous ARP To enable ARP learning via gratuitous ARP, use the following command. • Enable ARP learning via gratuitous ARP. CONFIGURATION mode arp learn- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 395
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 396
To view if ICMP unreachable messages are sent on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. UDP Helper User datagram protocol (UDP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 397
ip udp-broadcast-address Examples of Configuring and Viewing a Broadcast Address Dell(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 Dell(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged TenGigabitEthernet 1/2/1 no shutdown To - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 398
3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 47. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 399
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 400
IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended address space • Stateless autoconfiguration • Header format simplification • Improved - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 401
of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 402
/65 prefixlength) or 3K IPv6 route entries (greater than /64 prefix-length). You can configure the LPM table with one of the following partitions to support the IPv4 and IPv6 prefix route entries: • Partition 1: IPv6 128-bit LPM entries can be stored in this partition. IPv4 and 64-bit IPv6 entries - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 403
The optimized booting functionality does not use Openflow and therefore SDN support is not available. LPM partitioning might have a slight impact on the number packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. IPv6 Routing 403 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 404
Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 405
the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet's Source IP Address identifying the unknown option type. IPv6 Routing 405 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 406
send an ICMP Parameter Problem, Code 2 message to to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 407
IPv6 BGP MD5 Authentication IS-IS for IPv6 IS-IS for IPv6 support for redistribution Documentation and Chapter Location IPv6 Basic Commands in the Dell Networking OS Command Line Interface Reference Guide. Extended Address Space IPv6 Neighbor Discovery Stateless Autoconfiguration Path MTU Discovery - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 408
client support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 409
messages. The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 410
used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 52. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 411
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 412
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 413
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 414
Telnet connection from the router. NOTE: Telnet to link local addresses is supported on the system. • Enter the IPv6 Address for the device. EXEC mode and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 415
• snmp-server group access-list-name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options. EXEC mode or EXEC Privileged mode show ipv6 ? Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 416
Advertised by: fe80::201:e8ff:fe8b:3166 412::/64 onlink autoconfig Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::1:ff8b:386e ND MTU is 0 ICMP redirects are not sent DAD is enabled, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 417
Destination Dist/Metric, Gateway, Last Change C 600::/64 [0/0] Direct, Te 1/24/1, 00:34:42 C 601::/64 [0/0] Direct, Te 1/24/1, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 1/24/1, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 418
- mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 419
POLICY LIST CONFIGURATION mode router-lifetime value The router lifetime range is from 0 to 9,000 seconds. 11 Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12 Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value 13 Set the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 420
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing 420 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 421
provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies on iSCSI traffic. When enabled, iSCSI optimization allows to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 422
• iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier of congestion that would otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported. The following illustration shows iSCSI optimization between servers and a storage array in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 423
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 424
: %STKUNIT0-M:CP %LLDP-5-LLDP_EQL_DETECTED: EqualLogic Storage Array detected on interface Te 1/ 43 • At the first detection of an EqualLogic array, the maximum supported MTU is enabled on all ports and port-channels (if it has not already been enabled). • Spanning-tree portfast is enabled on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 425
Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 426
addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 427
in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2. You cannot disable LLDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 428
• dscp dscp-value: specifies the DSCP value assigned to incoming packets in an iSCSI session. The range is from 0 to 63. The default is: the DSCP value in ingress packets is not changed. • remark: marks incoming iSCSI packets with the configured dot1p or DSCP value when they egress the switch. The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 429
iSCSI Targets and TCP Ports TCP Port Target IP Address 3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0 Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 430
-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS- called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 431
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 432
redundant configuration) should not necessarily interrupt data packet forwarding. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into or by setting a specific amount of time manually. Intermediate System to Intermediate System 432 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 433
Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 434
Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 435
the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 436
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 437
Use this command for IPv6 route computation only when you enable multi-topology. If using single-topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. 4 Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 438
} - adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. - manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 439
LSP Interval: 33 Next IS-IS LAN Level-1 Hello in 4 seconds Next IS-IS LAN Level-2 Hello in 6 seconds LSP Interval: 33 Restart Capable Neighbors: 2, In Start: 0, In Restart: 0 Dell# Changing LSP Attributes IS-IS routers flood link state PDUs (LSPs) to exchange routing information. LSP attributes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 440
and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the : System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 441
Distance: 115 Generate narrow metrics: level-1-2 Accept narrow metrics: level-1-2 Generate wide metrics: none Accept wide metrics: none Dell# Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 442
Changing the IS-Type To change the IS-type, use the following commands. You can configure the system to act as a Level 1 router, a Level 1-2 router, or a Level 2 router. To change the IS-type for the router, use the following commands. • Configure IS-IS operating level for a router. ROUTER ISIS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 443
- For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Distribute Routes Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 444
ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and the interface information: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. - For a 40-Gigabit Ethernet interface, enter the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 445
redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: - process-id the range is from 1 to 65535. - level-1, level-1-2, or level-2: assign all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 446
mode domain-password [encryption-type | hmac-md5] password The Dell OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 447
eljefe.01-00 * 0x00000001 0x68DF 1108 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1099 0/0/0 Force10.00-00 0x00000002 0xD1A7 1088 0/0/0 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000006 0xC38A 1110 0/0/0 eljefe.00-00 * 0x0000000E - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 448
0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 449
to transition metric style. NOTE: A truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. default value (10) if the original value is greater than 63. A message is sent to the console. original value original value original value original - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 450
Moving to transition and then to another metric style produces different results. Table 46. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style wide transition truncated value wide wide transition - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 451
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 452
interface TenGigabitEthernet 3/17/1 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17/1)# Dell (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 453
24 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 454
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 455
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 456
... Dell(conf)#interface TenGigabitethernet 4/16/1 Dell(conf-if-te-4/16/1)#no shutdown Dell(conf-if-te-4/16/1)#port-channel-protocol lacp Dell(conf-if-te-4/16/1-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 457
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 458
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 459
• If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 460
0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 461
Figure 59. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP) 461 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 462
Figure 60. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 462 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 463
Figure 61. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 464
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21/1)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 465
Figure 62. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP) 465 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 466
Figure 63. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 466 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 467
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 468
25 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 469
Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 470
NOTE: The CAM-check failure message beginning in Dell Networking OS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 471
mac learning-limit station-move The mac learning-limit station-move command allows a MAC address already in the table to be learned from another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 472
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 473
Disabling MAC Address Learning on the System You can configure the system to not learn MAC addresses from LACP and LLDP BPDUs. To disable source MAC address learning from LACP and LLDP BPDUs, follow this procedure: • Disable source MAC address learning from LACP BPDUs. CONFIGURATION mode mac-address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 474
66. Configuring the mac-address-table station-move refresh-arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol (STP) - for example, networks with digital subscriber line access multiplexers (DSLAM) - cannot have redundant links between - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 475
dynamic LAG, the backup interface can be a static or dynamic LAG In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 476
Dell(conf-if-range-te-1/11/1-1/11/2)#do show ip int brief | find 1/11/1 TenGigabitEthernet 1/11/1 unassigned YES Manual up up TenGigabitEthernet 1/11/2 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-1/11/1-1/11/2)#interface TenGigabitEthernet 1/11/1 Dell(conf-if-te-1/11 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 477
Dell(conf-if-po-1)#switchport backup interface port-channel 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 478
received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 479
Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode. To enable FEFD globally on all interfaces, use the following command. • Enable FEFD globally on all interfaces. CONFIGURATION mode fefd-global To report interval - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 480
• Disable FEFD protocol on one interface. INTERFACE mode fefd disable Disabling an interface shuts down all protocols working on that interface's connected line. It does not delete your previous FEFD configuration which you can enable again at any time. To set up and activate two or more connected - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 481
Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port-Subport(Te 1/1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port-Subport(Te 4/1/1) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Te 4/1/1 Sender state -- Bi-directional Sender info - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 482
26 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 483
These sub-types are Management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Link Layer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 484
, Telephone, DOCSIS cable device, end station only, or other. Indicates the network address of the management interface. Dell Networking OS does not currently support this TLV. On Dell Networking systems, indicates the untagged VLAN to which a port belongs. Link Layer Discovery Protocol (LLDP) 484 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 485
to which a port belongs if the port is in Hybrid mode). Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV. Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the result of auto - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 486
MED TLVs it supports • LLDP device class Indicates the application type, VLAN ID, Layer 2 Priority, and DSCP value. Indicates that the physical location of the device expressed in one of three possible formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN Indicates power - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 487
. - LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • The value of the LLDP-MED capabilities field in the TLV is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 488
Voice Signaling 5 Softphone Voice Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 489
Signaling 9-255 Reserved Figure 73. LLDP-MED Policies TLV Description Specify this application type for dedicated video conferencing and other similar appliances supporting realtime interactive video. Specify this application type for dedicated video conferencing and other similar appliances - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 490
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 491
end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration no Negate a command or set its defaults show Show LLDP configuration Dell(conf-if-te-1/3/1- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 492
CONFIGURATION mode. protocol lldp 2 Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3 Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no. Advertising - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 493
In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 75. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 494
Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 495
• Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 496
tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 497
use the no debug lldp command. Figure 76. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 498
Table 55. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus Basic TLV Selection msgTxHold msgTxInterval rxInfoTTL txInfoTTL mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal statsFramesDiscardedTotal - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 499
Type TLV Name TLV Variable 127 Port-VLAN ID PVID 127 Port and Protocol VLAN port and protocol VLAN ID supported System Local Remote Local Remote port and protocol VLAN Local enabled LLDP MIB Object lldpRemPortId lldpLocPortDesc lldpRemPortDesc lldpLocSysName lldpRemSysName lldpLocSysDesc - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 500
TLV Type TLV Name 127 VLAN Name TLV Variable PPVID VID VLAN name length VLAN name System Remote Local Remote Local Remote Local Remote Local Remote Table 58. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 1 LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 501
TLV Sub-Type TLV Name TLV Variable L2 Priority System Local Remote DSCP Value Local Remote 3 Location Identifier Location Data Format Local Remote Location ID Data Local Remote 4 Extended Power via MDI Power Device Type Local Remote Power Source Local Remote Power Priority - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 502
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedRemXPoEPDPo werReq Link Layer Discovery Protocol (LLDP) 502 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 503
27 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 504
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering To provide transparent failover or balancing, Microsoft clustering allows multiple servers using Microsoft Windows to be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 505
CONFIGURATION mode ip vlan-flooding There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets that use these ARP entries. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 506
28 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 507
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the "Entry Count" field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 78. MSDP SA Message Format Topics: • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 508
With Anycast RP, all the RPs are configured to be MSDP peers of each other. When a source registers with one RP, an SA message is sent to the other RPs informing them that there is an active source for a particular multicast group. The result is that each RP is aware of the active sources in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 509
Figure 79. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP) 509 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 510
Figure 80. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 510 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 511
Figure 81. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) 511 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 512
Figure 82. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP. CONFIGURATION mode ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 513
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 514
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries. Clearing the Source- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 515
Figure 83. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP) 515 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 516
Figure 84. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 516 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 517
Figure 85. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 518
MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 Expire 73 73 73 UpTime 00:13:49 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 519
R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Reason Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 520
! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 521
Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 522
MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: • traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 523
3. RPs use MSDP to peer with each other using a unique address. Figure 86. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1 In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 524
4 Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer 5 Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 525
no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 526
The following example shows an R3 configuration for MSDP with Anycast RP. ip multicast-routing ! interface TenGigabitEthernet 3/21/1 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41/1 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 527
ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 528
ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 529
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 530
and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. Configure Multiple Spanning Tree Protocol Configuring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 531
• Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations • Prevent Network - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 532
PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 533
spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 534
• Revision is a 2-byte number. The default revision number OS is 0. • VLAN-to-instance mapping is the placement of a VLAN in an MSTI. For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 535
The default is 15 seconds. 2 Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. 3 Change - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 536
Table 60. Default Values for Port Costs by Interface Port Cost 100-Mb/s Ethernet interfaces 1-Gigabit Ethernet interfaces 10-Gigabit Ethernet interfaces 25-Gigabit Ethernet interfaces 40-Gigabit Ethernet interfaces 50-Gigabit Ethernet interfaces 100-Gigabit Ethernet interfaces Port Channel with 100 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 537
• Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: - If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 538
MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 88. MSTP with Three VLANs Mapped to Two Spanning - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 539
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 540
interface TenGigabitEthernet 2/31/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 2/11/1,31/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 2/11/1,31/1 no shutdown ! interface Vlan 300 no ip address tagged - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 541
revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 542
interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • Display MSTP- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 543
Dell# 4w0d4h : MSTP: Sending BPDU on Te 2/21/1 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.953e, CIST Port Id: 128:470 Msg Age: 0, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 544
across default and non-default virtual routing and forwarding (VRFs). The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Topics: • Enabling - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 545
5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 546
NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 547
entry is created only for group 239.0.0.1. VLAN 300 has no access list limiting Receiver 1, so both IGMP reports are accepted and two corresponding entries are created in the routing table. Figure 89. Preventing a Host from Joining a Group The following table lists the location and description - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 548
Location 2/1/1 2/11/1 2/31/1 3/1/1 3/11/1 3/21/1 Receiver 1 Receiver 2 Description • no shutdown • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 549
Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM. INTERFACE mode ip pim neighbor-filter Setting a Threshold for Switching to the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 550
Figure 90. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 63. Preventing a Source from Transmitting to a Group - Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 • ip - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 551
Location 2/1/1 2/11/1 2/31/1 3/1/1 3/11/1 3/21/1 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 552
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 553
objects of interest, monitor their state, and report to a client when a change in an object's state occurs. The following tracked objects are supported: • Link status of Layer 2 interfaces • Routing status of Layer 3 interfaces (IPv4 and IPv6) • Reachability of IP hosts • Reachability of IPv4 and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 554
the default route in each router changes, the mastership of the VRRP group is automatically reassigned to the router with the better metric. Figure 91. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 555
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 556
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 557
To configure object tracking on the status of a Layer 2 interface, use the following commands. 1 Configure object tracking on the line-protocol state of a Layer 2 interface. CONFIGURATION mode track object-id interface interface line-protocol Valid object IDs are from 1 to 65535. 2 (Optional) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 558
• The status of an IPv6 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IPv6 address. • The Layer 3 status of an IPv6 interface goes DOWN when its Layer 2 status goes down (for a Layer 3 VLAN, all VLAN ports must be down) or the IPv6 address is removed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 559
Track an IPv4/IPv6 Route You can create an object that tracks the reachability or metric of an IPv4 or IPv6 route. You specify the route to be tracked by its address and prefix-length values. Optionally, for an IPv4 route, you can enter a VRF instance name if the route is part of a VPN routing and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 560
CONFIGURATION mode track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} reachability [vrf vrf-name] Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format; valid IPv4 prefix lengths are from / 0 to /32. Enter an IPv6 address in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 561
Reachability is Down (route not in route table) 2 changes, last change 00:03:03 Tracking a Metric Threshold Use the following commands to configure object tracking on the metric threshold of an IPv4 or IPv6 route. To remove object tracking, use the no track object-id command. 1 (Optional) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 562
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 563
IP routing is Up 3 changes, last change 00:03:30 Tracked by: Example of the show track brief Command Router# show track brief ResId Resource State LastChange 1 IP route reachability Parameter 10.16.0.0/16 Example of the show track resolution Command Dell#show track resolution IP Route - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 564
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 565
area within the AS may not see the details of another area's topology. AS areas are known by their area number or the router's IP address. Figure 92. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 566
has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. Open Shortest Path First (OSPFv2 and OSPFv3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 567
The following example shows different router designations. Figure 93. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 568
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 569
• Type 7: External LSA - Routers in an NSSA do not receive external LSAs from ABRs, but are allowed to send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 570
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 571
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 572
impact adjacency stability in larger topologies. Multi-Process OSPFv2 with VRF Multi-process OSPF with VRF is supported on the Dell Networking OS. Only one OSPFv2 process per VRF is supported. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 573
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 574
Examples of Setting and Viewing a Dead Interval In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell(conf)#int tengigabitethernet 2/2/1 Dell(conf-if-te-2/2/1)#ip ospf hello-interval 20 Dell(conf-if-te-2/2/1)#ip ospf dead-interval 80 Dell(conf-if-te - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 575
• Troubleshooting OSPFv2 1 Configure a physical interface. Assign an IP address, physical or of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 576
using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 577
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 578
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 579
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 580
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 581
Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 582
• Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds - seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 583
. CONFIG-ROUTEROSPF- id mode graceful-restart helper-reject router-id • Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to force the primary RPM over to the secondary RPM. During a planned - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 584
For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 585
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 586
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Open Shortest Path First (OSPFv2 and OSPFv3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 587
Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology. Figure 95. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 - Te 1/1/1 and 1/2/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 588
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 589
Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 590
tasks - the router ospf command to create the OSPF process, then the network area command to enable OSPFv2 on an interface. NOTE: The OSPFv2 network area command enables OSPFv2 on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 591
router-id {number} - number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Configuring Stub - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 592
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 593
-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] - Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 594
of OSPFv3 packets between IPsec-enabled routers. IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: transport and tunnel. Open Shortest Path First (OSPFv2 and OSPFv3) 594 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 595
ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the because the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 596
for full confidentiality. - 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted keys are supported. NOTE: To encrypt all keys on a router, use the service password-encryption command in Global Configuration mode. However, this command does not provide a high - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 597
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 598
used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. - key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 599
• Display the configuration of IPsec encryption policies on the router. show crypto ipsec policy Displaying OSPFv3 IPsec Security Policies To display the configuration of IPsec authentication and encryption policies, use the following commands. • Display the AH and ESP parameters configured in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 600
: ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 601
the routes in the OSPF database? • Did you include the OSPF routes in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events and/or packets • show ipv6 neighbors • show ipv6 routes Viewing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 602
33 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 603
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 604
PBR Exceptions (Permit) To create an exception to a redirect list, use thepermit command. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. The Dell Networking OS assigns the first available sequence number to a rule configured without - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 605
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 606
and the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirectgroup IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 607
multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 608
to give you a guidance with typical configurations. You can copy and paste from these examples to your CLI. Make the necessary changes to support your own IP addresses, interfaces, names, and so on. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 609
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23/1)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 610
Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 611
Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Dell(conf-track-1)#exit Dell(conf)#track 2 interface tunnel 2 ipv6 routing Dell(conf-track-2)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 612
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 613
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 614
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 615
TenGigabitEthernet 1/11/1 TenGigabitEthernet 2/13/1 (10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11/1, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11/1 TenGigabitEthernet 1/12/1 TenGigabitEthernet 2/13/1 --More - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 616
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 617
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 618
protocol overhead. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if multiple applications use . • The default range is always supported, so range can never be smaller than the default. PIM Source-Specific Mode (PIM-SSM) 618 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 619
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 620
If you do not specify the group option, the display is a list of groups currently in the IGMP group table that has a group-tosource mapping. To display the list of sources mapped to a group currently in the IGMP group table, use the show ip igmp groups group detail command. Configuring PIM-SSM with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 621
port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 622
must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The platform supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 623
Dell Networking OS Behavior: The platform continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking. Configuring Port Monitoring To configure port monitoring, use the following commands. 1 Verify that the intended - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 624
In the following example, the host and server are exchanging traffic which passes through the uplink interface 1/1/1. Port 1/1/1 is the monitored port and port 1/32/1 is the destination port, which is configured to only monitor traffic received on tengigabitethernet 1/1/1 (host-originated traffic). - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 625
Enabling Flow-Based Monitoring Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You can - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 626
port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a timesaving and efficient way. In a remote-port be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 627
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 628
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 629
R 100 R 300 Active Active T Fo 1/20/1 T Fo 1/24/1 Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 630
Dell(conf)#inte te 1/30/1 Dell(conf-if-te-1/30)#no shutdown Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30/1 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 631
Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6/1 Dell(conf-mon-sess-3)#tagged destination te 1/6/1 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ----------- 1 remote-vlan - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 632
direction. • A flow-based source VLAN is monitored only for ingress traffic (not egress traffic). direction. Changes to Default Behavior • Rate-limiting ïs not supported for ERSPAN traffic. • You can configure the same port as both source and destination in an ERSPAN session. • You can configure TTL - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 633
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1/1-1/1/3 mac access-group flow in Only ingress packets are supported for mirroring shutdown Port Monitoring 633 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 634
address (Port D's ip address) on the sniffer. The Header that gets attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 635
- Some tools support options to edit the capture file. We can make use of such features (for example: editcap ) and chop the ERPM header part and save it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 636
supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide direct access between the guest ports. • A service provider can provide Layer 2 security for customers - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 637
- A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. - A primary VLAN has one or more promiscuous ports. - A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN - a subdomain of the primary VLAN. - There are two types of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 638
the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN. • Creating PVLAN Ports • Creating a Primary VLAN • Creating - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 639
NOTE: You cannot add interfaces that are configured as PVLAN ports to regular VLANs. You also cannot add "regular" ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 640
6 (OPTIONAL) Assign an IP address to the VLAN. INTERFACE VLAN mode ip address ip address 7 (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 641
INTERFACE VLAN mode private-vlan mode isolated 4 Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 642
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 99. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 643
is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 644
Primary Isolated Community : 4000 : 4003 : 4001 NOTE: In the following example, notice the addition of the PVLAN codes - P, I, and C - in the left column. The following example shows viewing the VLAN status. S50V#show vlan Codes: * - Default VLAN, G - GVRP VLANs, P - Primary, C - Community, I - - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 645
38 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree - developed by a third party - that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 646
three other variations of spanning tree, as shown in the following table. Table 66. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 647
2. Place the interfaces in VLANs. 3. Enable PVST+. 4. Optionally, for load balancing, select a nondefault bridge-priority for a VLAN. Related Configuration Tasks • Modifying Global PVST+ Parameters • Modifying Interface PVST+ Parameters • Configuring an EdgePort • Flush MAC Addresses after a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 648
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 649
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 650
The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 651
The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 652
To keep both ports in a Forwarding state, use extend system ID. Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST+ does not detect a loop and both ports can remain in a Forwarding state. Figure 102. PVST+ with Extend System ID • Augment the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 653
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 654
protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+) 654 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 655
how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 68. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 656
Ingress Ingress Ingress Egress Egress Egress Egress Egress Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations • Enabling QoS Rate Adjustment Quality of Service (QoS) 656 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 657
Queueing • Queue Classification Requirements for PFC Functionality • Support for marking dot1p value in L3 Input Qos Policy 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 658
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 659
rate shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#rate shape 500 50 Dell(conf-if-te-1/1/1)#end Quality of Service (QoS) 659 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 660
. Figure 104. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 661
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4 Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 662
4 Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class -maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 663
policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: - ACK - FIN - SYN Quality of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 664
the specific match criteria as 'yellow', Dell Networking OS does not support Policer based coloring and this feature concurrently. • If single rate percentage, scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 665
or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p table shows the default bandwidth percentage for each queue. Quality of Service (QoS) 665 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 666
for 8- Queue System 1% 2% 3% 4% 5% 10% 25% 50% NOTE: The system supports 8 data queues. When you assign a percentage to one queue, note that this change also You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 667
Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 red 20,30 Quality of Service (QoS) 667 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 668
the keyword layer2 with the policy-map-input command. 2 After you create an input policy map, do one or more of the following: Quality of Service (QoS) 668 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 669
policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map. POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 670
Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 671
an ACL exists in the CAM rather than writing it to the CAM multiple times. • Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps 1 Create an output policy map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 672
, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast the strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue- based rate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 673
as PFC is not enabled on dot1p priority 5. Support for marking dot1p value in L3 Input Qos Policy PFC will be based on that dot1p priority. Support is added to mark the dot1p value in You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 674
threshold, for example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. Quality of Service (QoS) 674 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 675
Ingress Packets), all traffic defaults to green drop precedence. • Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred Quality of Service (QoS) 675 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 676
DroppedBytes -- 0 UCAST 0 0 0 0 1 UCAST 0 0 0 0 2 UCAST 0 0 0 0 3 UCAST 0 0 0 0 4 UCAST 0 0 0 0 5 UCAST 0 0 0 0 6 UCAST 0 0 0 0 7 UCAST 0 0 0 0 8 UCAST 204 13056 0 0 9 MCAST 0 0 0 0 10 MCAST 0 0 0 0 Quality of Service (QoS) 676 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 677
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) Quality of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 678
)# rate shape pps peak-rate burst-packets committed pps committedrate burst-packets 4 Alternatively, configure the committed rate and committed burst size in bytes. Quality of Service (QoS) 678 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 679
. You can set up these parameters for both front-end and backplane ports. Global Service Pools With WRED and ECN Settings Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 680
for backplane ports. Also, WRED/ECN is not supported for multicast packets. The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 681
conf) #service-pool wred weight pool0 11 pool1 4 Guidelines for Configuring ECN for Classifying and Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 682
match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map "ecn_0_pmap" will mark Attach the policy-map to the interface. Dell Networking OS support different types of match qualifiers to classify the incoming traffic. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 683
at the level where the 'DSCP' qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the DSCP for the packet • set the packet color as 'yellow' Quality of Service (QoS) 683 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 684
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 685
Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Managing Hardware Buffer Statistics The memory management MMU space is shared across a maximum of 104 logical ports to support the egress admission-control functionality to implement scheduling and shaping on per - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 686
OS Release 9.3(0.0), only the Max Use count mode of operation is supported for the computation of maximum counter values. Depending on the buffer space the system processes a PFC PAUSE frame. You can use the service-class buffer shared-threshold-weight queue0 ... queue7 number command in Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 687
hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0) Q# TYPE Q# TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 Quality of Service (QoS) 687 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 688
UCAST UCAST UCAST UCAST UCAST UCAST UCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST 5 0 6 0 7 0 8 0 9 0 10 0 11 0 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 Quality of Service (QoS) 688 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 689
variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 690
suited for small, homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List The following is , refer to the Dell Networking OS Command Reference Interface Guide. Routing Information Protocol (RIP) 690 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 691
Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands. 1 Enter ROUTER RIP mode and enable the RIP process on Dell Networking OS. CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 692
192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 192.162.3.0/24 auto-summary Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 693
You can use this command multiple times to exchange RIP information with as many RIP networks as you want. • Disable a specific interface from sending or receiving RIP routing information. ROUTER RIP mode passive-interface interface Assigning a Prefix List to RIP Routes Another method of controlling - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 694
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 695
The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 696
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 697
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 698
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 699
10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)#router rip - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 700
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- R 10.11.10.0/24 via 10.11.20.2, Te 3/21/1 120/1 00:01:14 C 10.11.20.0/24 Direct, Te 3/21/1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 701
router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/1/1 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/2/1 ip address 10.11.20.1/24 no shutdown ! interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 702
is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Remote Monitoring (RMON) 702 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 703
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value eventnumber] falling-threshold - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 704
[no] rmon event number [log] [trap community] [description string] [owner string] - number: assigned event number, which is identical to the eventIndex in the eventTable in the RMON MIB. The value must be an integer from 1 to 65,535 and be unique in the RMON Event Table. - log: (Optional) generates - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 705
[no] rmon collection history {controlEntry integer} [owner ownername] [buckets bucket-number] [interval seconds] - controlEntry: specifies the RMON group of statistics using a value. - integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 706
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 75. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 707
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 708
Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • Only one path from any - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 709
no disable Dell(conf-rstp)# Figure 107. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 710
Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.379, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 5 The port is not in the Edge port mode Port 380 (TenGigabitEthernet 2/4/1) is designated Forwarding Port path - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 711
The following table displays the default values for RSTP. Table 76. RSTP Default Values RSTP Parameter Forward Delay Hello Time Max Age Port Cost: • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • 40-Gigabit Ethernet interfaces • Port Channel with 100 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 712
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. • Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 713
PROTOCOL SPANNING TREE RSTP mode bridge-priority priority-value - priority-value The range is from 0 to 65535. The lower the number assigned, the more likely this bridge becomes the root bridge. The default is 32768. Entries must be multiples of 4096. Example of the bridge-priority Command A console - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 714
no ip address switchport spanning-tree rstp edge-port shutdown Dell(conf-if-te-2/1/1)# Configuring Fast Hellos for Link State Detection Use RSTP fast hellos to achieve sub-second link-down detection so that convergence is triggered faster. The standard RSTP link-state detection mechanism does not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 715
43 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN) 715 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 716
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 717
process request. - stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. - tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 718
actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 719
whether you configure RADIUS authorization. NOTE: RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS and TACACS groups and to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 720
LINE mode login authentication {method-list-name | default} To view the configuration, use the show config command in LINE mode or the show running-config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 721
-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and keys, use the following command. • Turn on the obscuring of passwords and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 722
to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 723
username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level][secret] Configure the optional and required parameters: - name: Enter a text string up to 63 characters long. - access-class access-list-name: Enter the name of a configured IP ACL. - - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 724
CONFIGURATION mode username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password Secret] Configure the optional and required parameters: • name: Enter a text string up to 63 characters(maximum) long. • access-class access-list-name: Restrict access - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 725
Dell(conf)#end Dell#show running-config Current Configuration ... ! hostname Force10 ! enable password level 8 notjohn enable password Force10 ! username admin password 0 admin username john password 0 john privilege 8 ! The following example shows the Telnet session for user john. The show - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 726
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 727
ACL, and a message is logged. NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can configure the system through the RADIUS server to automatically execute a command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 728
listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 729
Specifying a RADIUS Server Host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server host and configure its communication parameters, use the following command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 730
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 731
Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2 Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 732
use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 733
a countermeasure to the problem. This countermeasure is and other secure network services over an insecure network. Command Line Interface Reference Guide. Dell Networking OS supported for secure copying between a PC and a Dell Networking OS-based system. Unix-based SCP client software is supported - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 734
ssh {hostname} [-l username | -p port-number | -v {1 | 2}| -c encryption cipher | -m HMAC algorithm hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in dotted decimal format (A.B.C.D). • SSH V2 is enabled by default on all the modes. • Display SSH - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 735
Example of Using SCP to Copy from an SSH Server on Another Switch The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to the local switch. Other SSH related command include: • crypto key generate : generate keys for the SSH - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 736
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 737
how to configure a HMAC algorithm list. Dell(conf)# ip ssh mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 738
cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 739
• Enable SSH password authentication. CONFIGURATION mode ip ssh password-authentication enable Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable Dell(conf)#ip ssh password- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 740
Configuring Host-Based SSH Authentication Authenticate a particular host. This method uses SSH version 2. To configure host-based authentication, use the following commands. 1 Configure RSA Authentication. Refer to Using RSA Authentication of SSH. 2 Create shosts by copying the public RSA key to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 741
-l User name option -m HMAC algorithm to use (for v2 clients only) -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 742
, local, or remote. Table 77. VTY Access Authentication Method Line Local TACACS+ RADIUS VTY access-class support? YES NO YES Username access-class support? NO YES NO YES NO Remote authorization support? NO NO YES (with Dell Networking OS version 5.2.1.0 and later) YES (with Dell Networking OS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 743
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 744
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 745
Configuring Role-based Only AAA Authorization You can configure authorization so that access to commands is determined only by the user's role. If the user has no user role, access to the system is denied as the user will not be able to login successfully. When you enable role-based only AAA - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 746
System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: • Network Operator (netoperator) - This user role - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 747
Consider the following when creating a user role: • Only the system administrator and user-defined roles inherited from the system administrator can create roles and user names. Only the system administrator, security administrator, and roles inherited from these can use the "role" command to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 748
The following output displays the modes available for the role command. Dell (conf)#role ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 749
Dell(conf)#do show role mode ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell(conf)#do show role mode configure line Role access:sysadmin - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 750
they do not have a role. For information about role only mode, see Configuring Role-based Only AAA Authorization. NOTE: Authentication services only validate the user ID and password combination. To determine which commands are permitted for users, configure authorization. For information about how - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 751
privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 752
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. Force10-avpair= "shell:priv-lvl=15" Example for Creating a AVP Pair for System Defined or User-Defined Role The following section shows you how to create an AV pair - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 753
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 754
Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line Role access: netadmin,sysadmin Displaying - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 755
only 802.1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated, and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network. Even under ideal conditions, customers and the provider - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 756
Figure 108. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and tagged traffic). Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports Service Provider Bridging 756 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 757
provider bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3 Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 758
by making it a hybrid port. INTERFACE mode portmode hybrid 2 Add the port to a 802.1Q VLAN as tagged or untagged. INTERFACE VLAN mode [tagged | untagged] Service Provider Bridging 758 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 759
2/4/1 (MT), Te 3/1/1(MU), Te 3/25/1(MT), Te 3/26/1(MT), Te 3/27/1(MU) Dell#debug member port tengigabitethernet 2/4/1 vlan id : 603 (MT), 100(T), 101(NU) Dell# Service Provider Bridging 759 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 760
system is able to differentiate between 0x8100 and untagged traffic and maps each to the appropriate VLAN, as shown by the packet originating from Building A. Service Provider Bridging 760 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 761
Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 109. Single and Double-Tag TPID Match Service Provider Bridging 761 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 762
Figure 110. Single and Double-Tag First-byte TPID Match Service Provider Bridging 762 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 763
Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 764
Privilege mode. Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence Te 1/1/1 0 Green Te 1/1/1 1 Yellow Te 2/9/1 1 Red Te 2/10/1 0 Yellow Service Provider Bridging 764 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 765
CFI/DEI Te 1/1/1 Green 0 Te 1/1/1 Yellow 1 Te 2/9/1 Yellow 0 Te 2/10/1 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 766
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21/1 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 767
traverse the intermediate network might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). Service Provider Bridging 767 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 768
MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Service Provider Bridging 768 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 769
2 protocol tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode Service Provider Bridging 769 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 770
processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Service Provider Bridging 770 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 771
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 772
any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling rate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 773
in the sFlow datagram depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional information in the sFlow setting is enabled for extended switch. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 774
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 775
Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum second bold lines indicate sFlow is enabled on Te 1/16/1 and Te 1/17/1 Dell#show sflow sFlow services are enabled sFlow 775 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 776
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 777
sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 778
output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 779
Table 79. Extended Gateway Summary IP SA IP DA static/connected/IGP static/connected/IGP srcAS and srcPeerAS - static/connected/IGP BGP 0 BGP static/connected/IGP - Exported BGP BGP Exported dstAS and dstPeerAS - Exported - Exported Exported Description Extended gateway data is not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 780
• MIB Support to Display the Software Core Files Generated by the System • Manage VLANs using SNMP • Managing Overload on Startup • Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Deriving Interface Indices • Monitor Port-Channels • Troubleshooting SNMP Operation - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 781
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC 3826. The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 782
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 783
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 784
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 785
The following example shows reading the value of the next managed object. > snmpgetnext -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1.3.0 SNMPv2-MIB::sysContact.0 = STRING: > snmpgetnext -v 2c -c mycommunity 10.11.131.161 sysContact.0 The following example shows reading the value of the many - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 786
also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Dell Networking - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 787
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 788
temperature is within threshold of %dC) envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan tray %d are down FAN_OK: Minor alarm cleared: all fans in fan tray %d are good vlt Enable VLT traps - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 789
than or equal to 5 minutes. This restriction also applies to the console message. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, the SNMP trap is not sent. To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 790
Copy Configuration Files Using SNMP To do the following, use SNMP from a remote client. • copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 791
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 792
NOTE: You can use the entire OID rather than the object name. Use the form: OID.index i object-value. To view more information, use the following options in the snmpset command. • -c: View the community, either public or private. • -m: View the MIB files for the SNMP command. • -r: Number of retries - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 793
The following example shows how to copy configuration files from a UNIX machine using OID. >snmpset -c public -v 2c 10.11.131.162 .1.3.6.1.4.1.6027.3.5.1.1.1.1.2.8 i 3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5.8 i 2 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.2.8 = INTEGER: 3 SNMPv2-SMI::enterprises.6027 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 794
filename copyDestFileType.index i 3 copyServerAddress.index a server-ip-address copyUserName.index s server-login-id copyUserPassword.index s server-login-password Example of Copying a Binary File From the Server to the Startup-Configuration via FTP > snmpset -v 2c -c private -m ./f10-copy-config. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 795
2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 796
MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 797
enterprises.6027.3.10.1.2.10.1.5.1.3 = "vrrp" Hex: 76 72 72 70 enterprises.6027.3.10.1.2.10.1.5.2.1 = "sysd" Hex: 73 79 73 64 The output above displays that the software core files generated by the system. Manage VLANs using SNMP The qBridgeMIB managed objects in Q-BRIDGE-MIB, defined in RFC 2674, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 798
NOTE: Whether adding a tagged or untagged port, specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts. Example of Adding an Untagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as an untagged member of VLAN 10. >snmpset -v2c -c mycommunity 10. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 799
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 800
Each object comprises an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 801
the final, unused bit are not given. The interface is physical, so represent this type of interface by a 0 bit, and the unused bit is always 0. These 2 bits are not given because they are the most significant bits, and leading zeros are often omitted. To display the interface number, use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 802
of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 803
control unknown-unicast [interface] command. EXEC Privilege Topics: • Configure Storm Control • PFC Storm Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 804
mode you can configure storm control for ingress and egress traffic. Do not apply per-virtual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on an interface or globally). • Configure storm control. CONFIGURATION mode • Configure the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 805
traffic through other ports and priorities are not affected. For more information about the above commands, see the Dell Networking OS Command Line Reference Guide. Restore Queue Drop State You can restore the queue drop triggered due to the storm control PFC detection to the normal state. Once the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 806
Te 0/1 3 4 5 6 Te 0/2 3 4 5 6 Te 0/3 3 4 5 6 Te 0/4 3 4 5 6 Te 0/5 3 4 5 6 Te 0/80 3 4 5 6 Normal Normal Normal Normal Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Normal Normal Normal Normal 0 0 0 0 14880 14880 14880 14780 14780 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 807
three other variations of spanning tree, as shown in the following table. Table 88. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 808
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 809
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 115. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 810
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1/1)# Enabling Spanning Tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 811
Figure 116. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 812
Root Port is 289 (TenGigabitEthernet 2/1/1), cost of root path is 4 Topology change flag not set, detected flag not set Number of topology changes 3 last change occurred 0:16:11 ago from TenGigabitEthernet 2/3/1 Timers: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Times: hello 0, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 813
Table 89. STP Default Values STP Parameters Forward Delay Hello Time Max Age Port Cost • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • 40-Gigabit Ethernet interfaces • Port Channel with 100 Mb/s Ethernet interfaces • Port Channel with 1-Gigabit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 814
• Port priority - influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The default values are listed in Modifying Global Parameters. To change the port cost or priority of an interface, use the following commands. • Change the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 815
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 816
- Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 117. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 817
Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7/1 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 818
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per-VLAN Spanning Tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 819
- 0: enables root guard on an STP-enabled port assigned to instance 0. - mstp: enables root guard on an MSTP-enabled port. - rstp: enables root guard on an RSTP-enabled port. - pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 820
As shown in the following illustration (STP topology 2, upper right), a loop can also be created if the forwarding port on Switch B becomes busy and does not forward BPDUs within the configured forward-delay time. As a result, the blocking port on Switch C transitions to a forwarding state, and both - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 821
on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: - Spanning Tree Protocol (STP) - Rapid Spanning Tree Protocol (RSTP) - Multiple Spanning Tree Protocol (MSTP) - Per- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 822
troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support information on SmartScripts, see Dell Networking Open Automation guide. Figure 120. SupportAssist NOTE: SupportAssist is enabled • Configuring SupportAssist Manually • Configuring SupportAssist - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 823
data entry. Enable the SupportAssist service. CONFIGURATION mode support-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 824
NOTE: This step is not mandatory and you can configure SupportAssist manually without performing this step. Even before you accept or reject the EULA all activities and servers for the SupportAssist service. SUPPORTASSIST mode enable all Dell(conf)#support-assist Dell(conf-supportassist)#enable all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 825
mac-address-table" "show trace" "show command-history" "show logging" "show tech-support" } : "alarms_records", : "arp_records", : "ip_route_records", : "mac-address-table_records", : "trace_records", : "command_history_records", : "system_logging_records", : "tech-support_records" 3 Configure - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 826
email addresses, phone, method and time zone for contacting the person. SupportAssist Person configurations are optional for the SupportAssist service. To configure SupportAssist person, use the following commands. 1 Configure the contact name for an individual. SUPPORTASSIST mode SupportAssist 826 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 827
[no] contact-person [first ] last Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 2 Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 828
feature status including any activities, status of communication, last time communication sent, and so on. EXEC Privilege mode show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 829
save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure. Dell SupportAssist also collects and stores - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 830
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF. Topics - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 831
Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 832
Figure 121. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 833
Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 834
CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: - For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. - For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 835
in dotted decimal format (A.B.C.D). - ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. - key keyid : Configure a text string as the key exchanged between the NTP server and the client. - prefer: Enter the keyword prefer to set - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 836
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 837
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 838
CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 839
To set a recurring daylight saving time, use the following command. • Set the clock to the appropriate timezone and adjust to daylight saving time every year. CONFIGURATION mode clock summer-time time-zone recurring start-week start-day start-month start-time end-week end-day end-month end-time [ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 840
7 2009" to "Summer time starts 02:00:00 Pacific Sun Mar 8 2009;Summer time ends 02:00:00 pacific Sun Nov 1 2009" System Time and Date 840 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 841
. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • Configuring a Tunnel • Configuring Tunnel Keepalive Settings • Configuring a Tunnel Interface • Configuring Tunnel Allow-Remote Decapsulation • Configuring Tunnel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 842
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 843
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 844
ReceiveOnly Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination. • The IP MTU configured on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 845
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 846
VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 portbased VLANs and one default VLAN, as specified in IEEE Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 847
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 848
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 849
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 850
Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf ! interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 851
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 852
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 853
the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: • Proxy Gateway in VLT Domains • Configuring a Static VLT Proxy Gateway • Configuring an LLDP VLT Proxy Gateway Proxy Gateway in VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 854
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 855
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 856
The LLDP organizational TLV passes local destination MAC address information to peer VLT domain devices so they can act as a proxy gateway. To enable proxy gateway LLDP, two configurations are required: • You must configure the global proxy gateway LLDP to enable the proxy-gateway LLDP TLV. • You - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 857
• LLDP packets fail to reach the remote VLT domain devices (for example, because the system is down, rebooting, or the port physical link connection is down). Figure 124. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 858
Sample Configuration LLDP Method Dell(conf-vlt-domain)#proxy-gateway ll Dell(conf-vlt-domain-pxy-gw-lldp)#peer-domain-link port-channel 1 exclude-vlan 10 Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 859
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 860
following example shows how VLT is deployed. The switches appear as a single virtual switch from the point of view of the switch or server supporting link aggregation control protocol (LACP). Figure 125. Example of VLT Deployment VLT on Core Switches Uplinks from servers to the access layer and from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 861
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 862
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 863
. - A VLT interconnect over 1G ports is not supported. - The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. - The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. - VLT peer switches operate as separate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 864
you change the default VLAN ID on a VLT peer switch, the VLT interconnect may flap. - In a VLT domain, the following software features are supported on VLTi: link layer discovery protocol (LLDP), flow control, port monitoring, jumbo frames, and data center bridging (DCB). - When you enable the VLTi - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 865
. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). - In a VLT domain, ingress and egress QoS policies are supported on physical VLT ports, which can be members of VLT port channels in the domain. * Ingress and egress QoS policies applied on VLT ports must - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 866
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 867
, the dynamically learned groups and multicast router ports are automatically learned on the VLT peer node. VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync - Entries learned on non-VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 868
router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers receivers and as a first-hop router for multicast sources. Figure 127. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 869
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 870
NOTE: If the CAM is full, do not enable peer-routing. NOTE: The peer routing and peer-routing-timeout is applicable for both IPv6/ IPv4. Configuring VLT Unicast To enable and configure VLT unicast, follow these steps. 1 Enable VLT on a switch, then configure a VLT domain and enter VLT-domain - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 871
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 872
Preventing Forwarding Loops in a VLT Domain During the bootup of VLT peer switches, a forwarding loop may occur until the VLT configurations are applied on each switch and the primary/secondary roles are determined. To prevent the interfaces in the VLT interconnect trunk and RSTP-enabled VLT ports - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 873
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the VLTi . 3. Configure a backup link for the VLT domain. 4. (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 874
Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1 Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 875
Configuring a VLT Backup Link To configure a VLT backup link, use the following command. 1 Specify the management interface to be used for the backup link through an out-of-band management network. CONFIGURATION mode interface managementethernet slot/port Enter the slot (0-1) and the port (0). 2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 876
CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 After you configure a VLT domain on each peer switch and connect (cable) the two VLT peers on each side of the VLT interconnect, the system elects a primary and secondary VLT peer device. To configure the primary - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 877
INTERFACE PORT-CHANNEL mode switchport 4 Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 878
CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the . 2 Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 879
8 Configure enhanced VLT. Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the . 9 Place - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 880
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 881
2. Configure the peer-link port-channel in the VLT domains of each peer unit. Dell-2(conf)#interface port-channel 1 Dell-2(conf-if-po-1)#channel-member TenGigabitEthernet 1/4/1-1/4/4 Dell-4(conf)#interface port-channel 1 Dell-4(conf-if-po-1)#channel-member TenGigabitEthernet 1/4/1-1/4/4 Configure - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 882
! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface tengigabitethernet 1/30/1 ! interface TenGigabitEthernet 1/30/1 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface port- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 883
PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 884
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example, you are configuring two domains. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4, as shown in the following example. In Domain 1, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 885
Figure 128. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8/1-1/8/2 Domain_1_Peer1(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 886
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 887
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 888
EXEC mode show vlt role • Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode show running-config vlt • Display statistics on VLT operation. EXEC mode show vlt statistics • Display the RSTP configuration on a VLT peer switch, including the status of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 889
Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : 6(3) : 00:01:e8:8a:e9:91 : 00:01:e8:8a:e9:76 : 6(3) : 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 60 seconds : - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 890
HeartBeat Messages Received: 986 ICL Hello's Sent: 148 ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 891
Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 892
running-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/5,6 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 893
Description Spanning tree mismatch at global level Behavior at Peer Up All VLT port channels go down on both VLT peers. A syslog error message is generated. Behavior During Run Time No traffic is passed on the port channels. A one-time informational syslog message is generated. Action to Take - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 894
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 895
information is synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity. For VLT VLANs, the association between primary VLAN and secondary VLANs is examined on both the peers. Only if the association is identical on both the peers, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 896
Interoperation of VLT Nodes in a PVLAN with ARP Requests When an ARP request is received, and the following conditions are applicable, the IP stack performs certain operations. • The VLAN on which the ARP request is received is a secondary VLAN (community or isolated VLAN). • Layer 3 communication - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 897
VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section describe how to configure - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 898
Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2 Remove an IP address from the interface. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 899
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 900
the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast and broadcast ARP requests. Control packets, other than receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 901
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 902
Dell#show running-config vlt ! vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.116 primary-priority 100 system-mac mac-address 00:00:00:11:11:11 unit-id 0 Dell# Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 903
G - GVRP tagged, M - Vlan-stack i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM Status Description 50 Active Dell# Q Ports M Po10(Te 1/8/1) M Po20(Te 1/12/1) V Po1(Te 1/30-32/1) Sample Configuration of VLAN-Stack Over VLT (Peer 2) Configure the VLT domain - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 904
! interface Vlan 50 vlan-stack compatible member Port-channel 10,20 shutdown Dell# Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Dell#show vlan id 50 Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C Community, I - - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 905
57 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway from the NVP Controller GUI • Configuring VxLAN Gateway • Displaying VXLAN Configurations • VXLAN Service nodes for BFD Virtual Extensible LAN (VXLAN) 905 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 906
. The top-level functions of NVP are: • Provide a GUI for creating service gateways. • Manage the VTEPs.: - Binds Port and VLAN - Install VTEP Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. Service Node(SN) It is also another VTEP, but it is fully managed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 907
Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1. Provides connectivity between a Virtual server infrastructure and a Physical server infrastructure. 2. Provides the functions performed by a VTEP in a virtual server infrastructure. The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 908
• Destination Address: Generally, it is a first hop router's MAC address when the VTEP is on a different address. • Source Address : It is the source MAC address of the router that routes the packet. • VLAN: It is optional in a VXLAN implementation and will be designated by an ethertype of 0×8100 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 909
Figure 131. Create Hypervisor Figure 132. Edit Hypervisor Figure 133. Create Transport Connector 2. Create Service Node Virtual Extensible LAN (VXLAN) 909 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 910
for broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service node: Figure 134. Create Service Node 3. Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 911
: For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the 2 vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 912
6 fail-mode (Optional) VxLAN INSTANCE mode fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 913
The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command. The following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 914
. Dell# show vxlan vxlan-instance unicast-mac-remote Total Local Mac Count: 1 VNI MAC TUNNEL 4656 00:00:01:00:00:01 36.1.1.1 VXLAN Service nodes for BFD When multiple service nodes are available for a given Logical Network, Network Virtualization Overlay (NVO) gateway picks one of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 915
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 916
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 917
. Yes Yes No No No No Yes No Yes NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non-default-VRFs also. IPv6 ACLs are supported on default-VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. No Yes Yes No No Yes No Virtual Routing and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 918
capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF No Yes Yes No No No Yes Yes Yes No No Yes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 919
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 920
the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 921
Task View VRRP command output for the VRF vrf1 Command Syntax ip vrf forwarding vrf1 ip address 10.1.1.1/24 ! vrrp-group 10 virtual-address 10.1.1.100 no shutdown show vrrp vrf vrf1 TenGigabitEthernet 1/13/1, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 922
displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route • Configure a static route that points to a management interface. CONFIGURATION management - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 923
Figure 140. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1/1 ip vrf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 924
ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 925
! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1/1 ! router ospf 2 vrf orange router-id 2.0.0.2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 926
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 927
Destination Gateway Dist/Metric ----------- ------- ----------- C 1.0.0.0/24 Direct, Vl 128 0/0 O 10.0.0.0/24 via 1.0.0.1, Vl 128 110/2 C 11.0.0.0/24 Direct, Te 2/1/1 0/0 Last Change ----------- 00:27:21 00:14:24 00:19:46 Dell#show ip route vrf orange Codes: C - connected, S - - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 928
that particular prefix will fail and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes. The source route will VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRF-Blue but not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 929
ip route-export 1:1 3 Configure VRF-red. ip vrf vrf-red interface-type slot/port[/subport] ip vrf forwarding VRF-red ip address ip-address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4 Configure the import target in VRF-red. ip route-import 1:1 5 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 930
ip route-export 1:1 ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11/1 0/0 00:00:10 22:39:59 Dell# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 931
• If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG ("Duplicate prefix found %s in the target VRF %d", address, import_vrf_id) with The type/level is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 932
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. • You can expose a unique set - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 933
to some other VRF. Similarly, when two VRFs leak or export routes, there is no option to discretely filter leaked routes from each source VRF. Meaning, you cannot import one set of routes from VRF-red and another set of routes from VRF-blue. Virtual Routing and Forwarding (VRF) 933 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 934
the Internet. Router B receives and forwards them on interface TenGigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 935
on the interface. You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet. Z-Series supports a total of 255 VRRP groups on a switch. The total number of VRRP groups per system should be less than 512. The following recommendations shown - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 936
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 937
no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 938
2. Set the master switch to VRRP protocol version 3. Dell_master_switch(conf-if-te-1/1/1-vrid-100)#version 3 3. Set the backup switches to version 3. Dell_backup_switch1(conf-if-te-1/1/1-vrid-100)#version 3 Dell_backup_switch2(conf-if-te-1/2/1-vrid-100)#version 3 Assign Virtual IP addresses Virtual - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 939
NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1/1)#show conf ! interface TenGigabitEthernet 1/1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 940
same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 941
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 942
• Change the advertisement interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second. • For VRRPv3, change the advertisement centisecs interval setting. INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 943
For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 944
The following example shows verifying the tracking status. Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is TenGigabitEthernet 1/3/1 Tracked by: VRRP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 945
the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 946
Figure 142. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31/1 R2(conf-if-te-2/31/1)#ip address 10.1.1.1/24 R2(conf-if-te-2/31/1)#vrrp-group 99 R2(conf-if-te-2/31/1-vrid- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 947
TenGigabitEthernet 2/31/1, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 948
10.1.1.3 Authentication: (none) Figure 143. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 949
R2(conf-if-te-1/1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1/1-vrid-10)#no shutdown R2(conf-if-te-1/1/1)#show config interface TenGigabitEthernet 1/1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 950
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 951
Figure 144. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#ip vrf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 952
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 953
VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#no ip address S1(conf-if-te-1/1/1)#switchport S1(conf-if-te-1/1/1)#no shutdown ! S1(conf-if-te-1/1/1)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 954
VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 1/1/1 S2(conf-if-te-1/1/1)#no ip address S2(conf-if-te-1/1/1)#switchport S2(conf-if-te-1/1/1)#no shutdown ! S2(conf-if-te-1/1/1)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 955
VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 419, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) VRRP for IPv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 956
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 957
State: Backup, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 11, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Dell#show - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 958
Port-channel 1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 2 vrf2 State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 959
60 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 960
EXEC Privilege mode show system brief 3 Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-1.txt - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 961
[163]: ERROR: platform cpld cache disabled ioctl failed, rv: 9 S6000 DIAGNOSTICS Board CPU Version Stack Unit Board Temp Stack Unit Number Board Service Tag System Cpld Rev Master Cpld Rev Slave Cpld Rev Image Build Version : S6000 Dell Inc. : Intel Centerton Processor : 32 Degree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 962
Test 5.000 - Psu0 Status Monitor Test PASS diagS6000PsuStatusMonitorTest[1099]: ERROR: Psu:1, It is not present... Test 5.001 - Psu1 Status Monitor Test NOT PRESENT Test 5 - Psu Status Monitor Test NOT PRESENT Test 6.000 - Psu0 Fan Speed Monitor Test PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 963
a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information directory. NOTE: Non-management member units do not support this functionality. Hardware Watchdog Timer The hardware watchdog command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 964
QSFP 52 Diagnostic Information QSFP 52 Rx Power measurement type QSFP 52 Temp High Alarm threshold QSFP 52 Voltage High Alarm threshold QSFP 52 Bias High Alarm threshold QSFP 52 RX Power High Alarm threshold QSFP 52 Temp Low Alarm threshold QSFP 52 Voltage Low Alarm threshold QSFP 52 Bias Low - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 965
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 966
going from the FP to the CSF IDP links. 3. Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 967
You can configure dynamic buffers per port on both 1G and 10G FPs and per queue on CSFs. By default, the FP dynamic buffer allocation is 10 times oversubscribed. For the 48-port 1G card: • Dynamic Pool= Total Available Pool(16384 cells) - Total Dedicated Pool = 5904 cells • Oversubscription ratio = - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 968
buffer-profile csf csqueue • Change the dedicated buffers on a physical 1G interface. BUFFER PROFILE mode buffer dedicated • Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 969
256 Using a Pre-Defined Buffer Profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, non-quality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications. You must reload the system for the global buffer profile to take - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 970
profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 971
• show hardware drops interface interface • show hardware buffer-stats-snapshot resource interface interface • show hardware buffer inteface interface{priority-group { id | all } | queue { id| all} } buffer-info • show hardware buffer-stats-snapshot resource interface interface{priority-group { id | - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 972
Egress FCS Drops : 0 --- Egress FORWARD PROCESSOR Drops --- IPv4 L3UC Aged & Drops : 0 TTL Threshold Drops : 0 INVALID VLAN CNTR Drops : 0 L2MC Drops : 0 PKT Drops of ANY Conditions : 0 Hg MacUnderflow : 0 TX Err PKT Counter : 0 --- Error counters--- Internal Mac Transmit Errors : 0 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 973
23 23 0 0 0 0 0 24 24 0 0 0 0 0 25 25 0 0 0 0 0 26 26 0 0 0 0 0 27 27 0 0 0 0 0 28 28 0 0 0 0 0 29 29 0 0 0 0 0 30 30 0 0 0 0 0 31 31 0 0 0 0 0 32 32 0 0 0 0 0 33 33 0 0 0 0 0 34 34 0 0 0 0 0 35 35 0 0 0 0 0 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 974
0 0 53 67 0 0 0 0 0 53 68 0 0 0 0 0 54/1 69 0 0 0 0 0 54/2 70 0 0 0 0 0 54/3 71 0 0 0 0 0 54/4 72 0 0 0 0 0 Internal 53 0 0 0 0 0 Internal 57 4659499 0 0 0 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 975
txPkt(COS6 ) :0 txPkt(COS7 ) :0 txPkt(COS8 ) :0 txPkt(COS9 ) :0 txPkt(COS10) :0 txPkt(COS11) :0 txPkt(UNIT0) :0 Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 1 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 976
RX - 2048 to 4095 Byte Frame Counter RX - 4096 to 9216 Byte Frame Counter RX - Good Packet Counter RX - Packet/frame Counter RX - Unicast Packet Counter RX - Multicast Packet Counter RX - Broadcast Frame Counter RX - Byte Counter RX - Control frame counter RX - PAUSE frame counter RX - Oversized - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 977
RX - Unicast Packet Counter 0 RX - Multicast Packet Counter 0 RX - Broadcast Frame Counter 0 RX - Byte Counter 0 RX - Control frame counter 0 RX - PAUSE frame counter 0 RX - Oversized frame counter 0 RX - Jabber frame counter 0 RX - VLAN tag frame counter 0 RX - Double VLAN tag - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 978
dumps. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 979
- Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 980
describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 981
Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 97. General 2460 Internationalization of the File Transfer Protocol 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 982
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 98. General IPv4 Protocols R Full Name F C # Z-Series 7 Internet Protocol 91 7 Internet Control 9 Message Protocol 2 8 An Ethernet 2 Address Resolution 6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 983
a Variant of the 8 Tiny Fragment Attack S-Series 7.6.1 7.6.1 7.6.1 7.7.1 7.8.1 7.8.1 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 99. General IPv6 Protocols RFC Full Name # Z-Series 188 DNS 6 Extensions to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 984
RFC Full Name # Z-Series (IPv6) Specification 246 IPv6 Stateless 2 Address (Par Autoconfigura tial) tion 246 Transmission 4 of IPv6 Packets over Ethernet Networks 267 IPv6 5 Jumbograms 271 IPv6 Router 1 Alert Option 358 IPv6 Global 7 Unicast Address Format 400 IPv6 Scoped 7 Address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 985
draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 101. Open Shortest Path First (OSPF) RFC# Full Name S-Series/Z-Series 1587 The OSPF Not-So - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 986
System (IS-IS) Pointto-Point Adjacencies 3567 IS-IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 987
(Revised) S-Series 7.8.1 7.8.1 7.8.1 7.8.1 SSM for IPv4 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 105. Network Management RFC# 1155 1156 1157 1212 1215 1493 Full Name Structure and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 988
RFC# 1724 1850 1901 2011 2012 2013 2024 2096 2558 2570 2571 2572 2574 2575 2576 2578 2579 2580 2618 2698 Full Name RIP Version 2 MIB Extension OSPF Version 2 Management Information Base Introduction to Community-based SNMPv2 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 989
Table, Ethernet History Table, Alarm Table, Event Table, Log Table 7.6.1 The Interfaces Group MIB 7.6.1 Remote Authentication Dial In User Service (RADIUS) 7.6.1 Remote Network Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 990
that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) Force10 C-Series Enterprise Chassis MIB Force10 Enterprise IF Extension MIB (extends the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.1 - Page 991
RFC# FORCE10-PRODUCTS-MIB FORCE10-SS-CHASSIS-MIB FORCE10-SMI FORCE10-SYSTEM-COMPONENTMIB FORCE10-TC-MIB FORCE10-TRAP-ALARM-MIB MIB Location Full Name S4810 Force10 Product Object Identifier MIB 7.6.1 Force10 S-Series Enterprise Chassis MIB 7.6.1 Force10 Structure of Management Information
Dell Configuration Guide for the S6000–ON
System
9.10(0.1)