Dell PowerSwitch S6000 ON Configuration Guide for the S6000-ON System 9.100.0
Dell PowerSwitch S6000 ON Manual
View all Dell PowerSwitch S6000 ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerSwitch S6000 ON manual content summary:
- Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 1
Dell Configuration Guide for the S6000-ON System 9.10(0.0) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 2
use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 3
Contents 1 About this Guide...31 Audience...31 Conventions...31 Related Documents...31 2 Configuration Fundamentals...32 Accessing the Command Line...32 CLI Modes...32 Navigating CLI Modes...34 The do - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 4
a UNIX Logging Facility Level...66 Synchronizing Log Messages...67 Enabling Timestamp on Syslog Messages...67 File Transfer Services...68 Configuration Task List for File Transfer Services 68 Enabling the FTP Server...68 Configuring FTP Server Parameters...68 Configuring FTP Client Parameters...69 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 5
Port-Authentication Process...79 EAP over RADIUS...80 Configuring 802.1X...80 Related Configuration Tasks...80 Important Points to Remember...80 Enabling 802.1X...81 Configuring dot1x Profile ...82 Configuring MAC addresses for a do1x Profile...83 Configuring the Static MAB and MAB Profile ...83 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 6
137 Configure BFD for VRRP...144 Configuring Protocol Liveness...146 Troubleshooting BFD...146 8 Border Gateway Protocol IPv4 (BGPv4)...148 Autonomous BGP with Dell Networking OS...158 Additional Path (Add-Path) Support...158 Advertise IGP Cost as MED for Redistributed Routes 158 Ignore Router - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 7
AS4 Number Representation...159 AS Number Migration...161 BGP4 Management Information Base (MIB)...162 Important Points to Remember...162 Configuration Information...163 BGP Configuration...163 Enabling BGP...164 Configuring AS4 Number Representations...167 Configuring Peer Groups...168 Configuring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 8
CAM-ACL Settings...207 View CAM Usage...208 CAM Optimization...209 Troubleshoot CAM Profiling...209 CAM Profile Mismatches...209 QoS CAM Region Packets...232 Configuration Example for DSCP and PFC Priorities 233 SNMP Support for PFC and Buffer Statistics Tracking 233 Performing PFC Using - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 9
Gateway...265 Configure a Method of Hostname Resolution...265 Using DNS for Address Resolution...265 Using NetBIOS WINS for Address Resolution...266 Creating Manual Binding Entries...266 Debugging the DHCP Server...266 Using DHCP Clear Commands...267 Configure the System to be a DHCP Client...267 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 10
Paths...282 Creating an ECMP Group Bundle...282 Modifying the ECMP Group Threshold...282 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table 283 Support for ECMP in host table...283 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes 284 14 FIP Snooping...285 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 11
312 Setting the FRRP Timers...313 Clearing the FRRP Counters...314 Viewing the FRRP Configuration...314 Viewing the FRRP Information...314 Troubleshooting FRRP...314 Configuration Checks...314 Sample Configuration and Topology...315 17 GARP VLAN Registration Protocol (GVRP 317 Important Points to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 12
IGMP Version 3...323 Configure IGMP...325 Related Configuration Tasks...326 Viewing IGMP Enabled Interfaces...326 Selecting an IGMP Version...326 Viewing IGMP Groups...327 Adjusting Timers...327 Adjusting Query and Response Timers...327 Enabling IGMP Immediate-Leave...328 IGMP Snooping...328 IGMP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 13
Configuring EIS...346 Management Interfaces...347 Configuring Management Interfaces...347 Configuring a Management Interface on an Ethernet Port 349 VLAN Interfaces...349 Loopback Interfaces...350 Null Interfaces...350 Port Channel Interfaces...351 Port Channel Definition and Standards...351 Port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 14
-All Addresses...392 UDP Helper with Subnet Broadcast Addresses...393 UDP Helper with Configured Broadcast Addresses 393 UDP Helper with No Configured Broadcast Addresses 394 Troubleshooting UDP Helper...394 21 IPv6 Routing...395 Protocol Overview...395 14 Contents - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 15
Prefix Match (LPM) Table and IPv6 /65 - /128 support 397 IPv6 Header Fields...398 Extension Header Fields...400 Addressing...401 Implementing Overview...416 Monitoring iSCSI Traffic Flows...417 Application of Quality of Service to iSCSI Traffic Flows 418 Information Monitored in iSCSI Traffic - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 16
IS-IS Addressing...425 Multi-Topology IS-IS...426 Transition Mode...426 Interface Support...426 Adjacencies...427 Graceful Restart...427 Timers...427 Implementation Information...427 Configuration Information...428 Configuration Tasks for IS-IS...428 Configuring the Distance of a Route... - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 17
Setting the MAC Learning Limit...465 mac learning-limit Dynamic...465 mac learning-limit mac-address-sticky...465 mac learning-limit station-move...466 mac learning-limit no-station-move...466 Learning Limit Violation Actions...466 Setting Station Move Violation Actions...466 Recovering from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 18
Microsoft Clustering...497 Enable and Disable VLAN Flooding ...497 Configuring a Switch for NLB ...497 Enabling a Switch for Multicast NLB...498 28 Multicast Source Discovery Protocol (MSDP 499 Protocol Overview...499 Anycast RP...500 Implementation Information...501 Configure Multicast Source - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 19
Configuring an EdgePort...528 Flush MAC Addresses after a Topology Change...529 MSTP Sample Configurations...529 Router 1 Running-ConfigurationRouter 2 Running-ConfigurationRouter 3 RunningConfigurationSFTOS Example Running-Configuration 530 Debugging and Verifying MSTP Configurations...534 30 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 20
Interface...583 Redistributing Routes...583 Configuring a Default Route...584 Enabling OSPFv3 Graceful Restart...584 OSPFv3 Authentication Using IPsec...586 Troubleshooting OSPFv3...592 33 Policy-based Routing (PBR)...594 Overview...594 Implementing PBR...595 Configuration Task List for Policy-based - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 21
...643 PVST+ in Multi-Vendor Networks...643 Enabling PVST+ Extend System ID...643 PVST+ Sample Configurations...644 39 Quality of Service (QoS)...646 Implementation Information...648 Port-Based QoS Configurations...648 Setting dot1p Priorities for Incoming Traffic...648 Honoring dot1p Priorities on - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 22
Priority Queueing...663 Queue Classification Requirements for PFC Functionality 664 Support for marking dot1p value in L3 Input Qos Policy 664 Rate Shaping...669 Configuring Weights and ECN for WRED ...670 Global Service Pools With WRED and ECN Settings 670 Configuring WRED and ECN Attributes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 23
Configuring the RMON Collection History...694 42 Rapid Spanning Tree Protocol (RSTP)...696 Protocol Overview...696 Configuring Rapid Spanning Tree...696 Related Configuration Tasks...696 Important Points to Remember...696 RSTP and VLT...697 Configuring Interfaces for Layer 2 Mode...697 Enabling - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 24
Secure Shell Authentication...728 Troubleshooting SSH...730 Telnet...731 VTY Line and Access-Class Configuration...731 VTY Line Local Authentication and Authorization 731 VTY Line Remote Authentication and Authorization 732 VTY MAC-SA Filter Support...732 Role-Based Access Control...733 Overview - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 25
782 Obtaining a Value for MIB Objects...783 MIB Support to Display the Available Memory Size on Flash 784 Viewing the Available Flash Memory Size... 784 MIB Support to Display the Software Core Files Generated by the System 784 Viewing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 26
Monitor Port-Channels...790 Troubleshooting SNMP Operation...791 48 Storm Control...792 Configure Storm Control...792 Configuring SupportAssist Using a Configuration Wizard 812 Configuring SupportAssist Manually...812 Configuring SupportAssist Activity...814 Configuring SupportAssist Company...815 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 27
Enabling NTP...821 Configuring NTP Broadcasts...822 Disabling NTP on an Interface...822 Configuring a Source IP Address for NTP Packets 822 Configuring NTP Authentication...823 Configuring a Custom-defined Period for NTP time Synchronization 825 Dell Networking OS Time and Date...826 Configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 28
Snooping...854 VLT IPv6...854 VLT Port Delayed Restoration...855 PIM-Sparse Mode Support on VLT...855 VLT Routing ...857 Non-VLT ARP Sync...859 RSTP a VLT Configuration...874 Additional VLT Sample Configurations...877 Troubleshooting VLT...879 Reconfiguring Stacked Switches as VLT...880 Specifying - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 29
Configuring VxLAN Gateway...898 Connecting to an NVP Controller...898 Advertising VXLAN Access Ports to Controller 899 Displaying VXLAN Configurations...900 VXLAN Service nodes for BFD...901 Examples of the show bfd neighbors command 901 58 Virtual Routing and Forwarding (VRF)...902 VRF Overview - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 30
Buffer Tuning...953 Deciding to Tune Buffers...954 Using a Pre-Defined Buffer Profile...956 Sample Buffer Profile Configuration...957 Troubleshooting Packet Loss...957 Displaying Drop Counters...958 Dataplane Statistics...961 Display Stack Port Statistics...962 Display Stack Member Counters...962 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 31
including Internet Engineering Task Force (IETF) requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs). Topics: • Audience • Conventions • Related - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 32
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 33
when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, 10 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 34
QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 35
CLI Command Mode Management Ethernet Interface Null Interface Port-channel Interface Tunnel Interface VLAN Interface STANDARD ACCESS-LIST EXTENDED ACCESS-LIST IP COMMUNITY-LIST AUXILIARY CONSOLE VIRTUAL TERMINAL STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 36
-channel failover-group Dell(conf-pg)# priority-group Dell(config-gvrp)# protocol gvrp Dell(conf-qos-policy-out-ets)# qos-policy-output Dell(support-assist)# support-assist Dell(conf-vlt-domain)# vlt domain Dell(conf-if-interface-type- vrrp-group slot/port-vrid-vrrp-group-id)# Dell(conf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 37
4 Member 5 Member 6 Member not present not present not present -- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) 1 1 up AC absent 0 1 2 absent absent 0 -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 1 up up 0 up 0 1 2 up up 0 up 0 1 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 38
timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords. • Enter the minimum number of letters to uniquely identify a command. For example, you cannot enter cl as a partial - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 39
Filtering show Command Outputs Filter the output of a show command to display specific information by adding | [except | find | grep | no-more | save] specified_text after the command. The variable specified_text is the text for which you are filtering and it IS case sensitive unless you use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 40
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 41
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 42
Console Access The device has one RJ-45/RS-232 console port, an out-of-band (OOB) Ethernet port, and a micro USB-B console port. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the I/O side of the chassis. Figure 1. RJ-45 Console Port Accessing the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 43
Table 2. Pin Assignments Between the Console and a DTE Terminal Server Console Port Signal RJ-45 to RJ-45 Rollover RJ-45 to RJ-45 Rollover RJ-45 to DB-9 Adapter Cable Cable RJ-45 Pinout RJ-45 Pinout DB-9 Pin RTS 1 8 8 NC 2 7 6 TxD 3 6 2 GND 4 5 5 GND 5 4 5 RxD 6 3 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 44
3 Configure a username and password. Configure a Username and Password Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. 1 Enter INTERFACE mode for the Management port. CONFIGURATION mode interface ManagementEthernet slot/port 2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 45
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are three types of enable passwords: • enable password is stored in the running/startup configuration using a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 46
feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 47
the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on the device. Refer to your system's Release Notes for a list of approved USB vendors. Example of Copying a File to current File System - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 48
period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems. To view a list of files or the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 49
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drw- 32768 Jan 01 1980 00:00:00 . 2 drwx 512 Jul 23 2007 00:38:44 .. 3 drw- 8192 Mar 30 1919 10:31:04 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 50
keyword startup-config. • To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 51
NOTE: If the HTTP service is not VRF-aware, then it uses the global routing same as the published software image. This validation procedure, and the verify {md5 | sha256} command to support it, prevents the installation of corrupted or modified images. The verify {md5 | sha256} command calculates - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 52
MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin 52 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 53
and the Logging Configuration • Configuring a UNIX Logging Facility Level • Synchronizing Log Messages • Enabling Timestamp on Syslog Messages • File Transfer Services • Terminal Lines • Setting Timeout for EXEC Privilege Mode • Using Telnet to get to Another Network Device • Lock CONFIGURATION Mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 54
• restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands at his privilege level and below. Removing a Command from EXEC Mode To remove a command from the list of available commands in EXEC mode for a specific - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 55
CONFIGURATION mode privilege exec level level {command ||...|| command} • Move a command from EXEC Privilege to EXEC mode. CONFIGURATION mode privilege exec level level {command ||...|| command} • Allow access to CONFIGURATION mode. CONFIGURATION mode privilege exec level level configure • Allow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 56
Applying a Privilege Level to a Username To set the user privilege level, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 57
Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: • Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 58
.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security For information about the logging extended command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 59
Figure 2. Setting Up a Secure Connection to a Syslog Server Pre-requisites To configure a secure connection from the switch to the syslog server: 1 On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2 On the syslog server, create a reverse SSH tunnel from the syslog server to the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 60
Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 61
• Add line on a 4.1 BSD UNIX system. local7.debugging /var/log/ftos.log • Add line on a 5.7 SunOS UNIX system. local7.debugging /var/adm/ftos.log In the previous lines, local7 is the logging facility level and debugging is the severity level. Track Login Activity Dell Networking OS enables you to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 62
Display Login Statistics To view the login statistics, use the show login statistics command. Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 63
User: admin Last login time: 12:52:01 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.143 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 30 day(s): 0 Successful login attempt(s) in last 30 day(s): 1 The following is sample - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 64
Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: • Use the following command. CONFIGURATION mode login concurrent-session clear-line enable Example of Enabling the System to Clear Existing Sessions The following example - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 65
• Specify the minimum severity level for logging to the console. CONFIGURATION mode logging console level • Specify the minimum severity level for logging to terminal lines. CONFIGURATION mode logging monitor level • Specify the minimum severity level for logging to a syslog server. CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 66
%TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 67
the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 68
] command. File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 69
• Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir The default is the internal flash directory. • Specify a user name for all FTP users and configure either a plain text or encrypted password. CONFIGURATION mode ftp-server username username - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 70
Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 71
access-class testv6deny ipv6 ! Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 72
this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system during downtime. 0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet manual. 72 Management - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 73
can exit to EXEC Privilege mode, and re-enter CONFIGURATION mode without having to set the lock again. • Set manual lock using the configure terminal lock command from CONFIGURATION mode. When you configure a manual lock, which is the default, you must enter this command each time you want to enter - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 74
Use the install parameter to reload the system and enter the Install mode to install a networking OS. Use the uninstall parameter to reload the system and enter the Uninstall mode to uninstall a networking OS. Use the rescue parameter to reload the system and enter the Rescue mode to access the file - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 75
Restoring Factory Default Environment Variables The Boot line determines the location of the image that is used to boot up the chassis after restoring factory default settings. Ideally, these locations contain valid images, using which the chassis boots up. When you restore factory-default settings, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 76
BOOT_USER # boot change primary boot device : tftp file name : FTOS-SI-9-5-0-169.bin Server IP address : 10.16.127.35 BOOT_USER # 4 Assign an IP address and netmask to the Management Ethernet interface. BOOT_USER # interface management ethernet ip address ip_address_with_mask For example, 10.16.150. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 77
-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server. NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. The following figures show how the EAP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 78
Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 79
• Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: 1 When the authenticator senses a link state change, it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 80
in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Attribute 41 Attribute 61 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 81
• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 82
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.1X configuration information for an interface, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 83
Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses. • Configure a list of MAC addresses for a dot1x profile. DOT1X PROFILE CONFIG (conf- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 84
Auth-Fail VLAN id: 200 Auth-Fail Max-Attempts:3 Critical VLAN: Enable Critical VLAN id: 300 Mac-Auth-Bypass Only: Disable Static-MAB: Enable Static-MAB Profile: Sample Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 30 seconds Server Timeout: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 85
might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 86
The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 87
Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: 3600 seconds 10 SINGLE_HOST Initialize Initialize Initialize Initialize Re-Authenticating a Port You can configure the authenticator for periodic re-authentication. After the supplicant has - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 88
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. You can configure the amount of time the authenticator waits for a response. To terminate the authentication process, use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 89
Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 90
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 91
! interface TenGigabitEthernet 1/1/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-1/1/1)# Dell(conf-if-Te-1/1/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 switchport dot1x authentication dot1x - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 92
instances, you must carve out a separate CAM region. You can use the cam-acl command for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to allocate a CAM region: vrfv4acl. The order of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 93
IP Prefix Lists • ACL Resequencing • Route Maps • Flow-Based Monitoring Support for ACLs IP Access Control Lists (ACLs) In Dell Networking switch/ information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 94
IPv6 ACLs. To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create a Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. 94 Access Control Lists (ACLs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 95
is a standard or extended ACL. Determine the Order in which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). As shown in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 96
• Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation. • If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 97
interface TenGigabitEthernet 1/1/1 Set clauses: tag 35 level stub-area Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax. Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 98
Also, if there are different instances of the same route-map, then it's sufficient if a permit match happens in any instance of that routemap. Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(config-route-map)#match metric 2000 In the following example, instance 10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 99
• Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source {access-list-name | prefix-list prefix-list-name - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 100
• Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route's next hop. CONFIG-ROUTE-MAP mode set next-hop ip-address • Assign an IPv6 address as the route's next hop. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 101
. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 102
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 103
mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1 Enter - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 104
ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log Dell(config-std-nacl)# To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 105
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. The traffic passes through the filter in the order of the filter's sequence and hence you can configure the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 106
Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence numbers to filters, you may have to insert a new filter. To prevent reconfiguring multiple - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 107
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 108
interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3 Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 109
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, you can apply an viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 110
ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-1/2/1)# Dell(conf-if-te-1/2/1)# Dell(conf-if-te-1/2/1)#end Dell# Applying Egress Layer 3 ACLs (Control-Plane) By default, packets originated from the system are not filtered by egress ACLs. For example, if you initiate a ping session from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 111
]). NOTE: It is important to know which protocol your system supports prior to implementing prefix-lists. Configuration Task List for Prefix Lists prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 112
ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a "permit all" statement. By including this line in a prefix list, you specify that all routes not matching any criteria - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 113
Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 114
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 115
Rules Rules After Resequencing: Resquencing seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 116
or no set commands. When there is no match command, all traffic matches the route map and the set command applies. Flow-Based Monitoring Support for ACLs Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 117
that you want to monitor, and the ACL in which you are creating the rule will be applied to the monitored interface. Flow monitoring is supported for standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard and extended MAC ACLs. CONFIG-STD-NACL mode seq sequence-number {deny - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 118
on TenGigabitEthernet 1/1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 119
seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 packets 0 bytes) seq 15 deny udp any any count bytes (0 packets 0 bytes) seq 20 deny tcp any any count bytes (0 packets 0 bytes) Dell(conf)#do show monitor session 0 ct-maa-s4820-2(conf-mon-sess-0)#do show monitor session 0 SessID Source - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 120
a session parameter. These control packets are sent without regard to transmit and receive intervals. NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 121
and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 122
The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, Authentication Length, Authentication Data An optional method for authenticating control packets. NOTE: Dell Networking OS does - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 123
A session can have four states: Administratively Down, Down, Init, and Up. State Administratively Down Down Init Up Description The local system does not participate in a particular session. The remote system is not sending control packets or at least not within the detection time for a particular - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 124
Figure 10. BFD Three-Way Handshake State Changes 124 Bidirectional Forwarding Detection (BFD) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 125
system, the session state on the local system changes to Init. Figure 11. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 126
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 127
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1 Enter interface mode. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 128
Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 129
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24/1)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 130
To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 131
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent notifies the BFD manager, which in turn notifies the OSPF protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 132
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 133
BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Bidirectional Forwarding Detection (BFD) 133 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 134
Configuring BFD for OSPFv3 is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 135
To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 136
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 137
of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 138
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1 Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2 Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 139
only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 140
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 141
Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 142
Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2/1 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 143
2.2.2.2 1 273 273 0 3.3.3.2 1 282 281 0 0 (0) 04:32:26 0 0 0 00:38:12 0 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 144
Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ... Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 145
vrrp bfd all-neighbors Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 146
placed in the Down state. To enable protocol liveness, use the following command. • Enable Protocol Liveness. CONFIGURATION mode bfd protocol-liveness Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 147
CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24/1)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 148
chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol connections from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP operates inside - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 149
with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 150
Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 151
State Idle Connect Description BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 152
in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 153
preferences. BGP sees that the Weight criteria results in two potential "best paths" and moves to local preference to reduce the options. If a number of best paths is determined, this selection criteria is applied to group's best to determine the ultimate best path. In non-deterministic mode (the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 154
c AS_CONFED_SET is not included in the AS_PATH length. d AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5 Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6 Prefer the path with the lowest multi- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 155
Figure 22. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 156
Figure 23. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 157
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 158
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 159
allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 160
172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 161
router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 162
-transitive attribute details. • Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "..." at the end of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 163
the f10BgpM2PeerInstance field in various tables is not used to locate a peer. • Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response. • The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used. • Carrying MPLS labels in BGP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 164
distance = 200 keepalive = 60 seconds holdtime = 180 seconds Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 165
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 166
information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide. The following example shows the show ip bgp neighbors command output. Dell#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 167
.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 168
shows the bgp asnotation asplain command output. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 169
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 170
• neighbor next-hop-self • neighbor route-map out • neighbor route-reflector-client • neighbor send-community A neighbor may keep its configuration after it was added to a peer group if the neighbor's configuration is more specific than the peer group's and if the neighbor's configuration does not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 171
10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 172
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 173
prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 174
24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura 24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 175
-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 176
for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. • Add graceful restart to a BGP neighbor or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 177
You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION mode. AS-PATH ACL mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Use a configured AS-PATH ACL for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 178
Regular Expression ^ (caret) $ (dollar) . (period) * (asterisk) + (plus) ? (question) ( ) (parenthesis) [ ] (brackets) - (hyphen) _ (underscore) | (pipe) Definition Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 179
Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 180
attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 - BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1 Create - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 181
community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 182
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1 Enter the ROUTE-MAP mode and assign a name to a route map. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 183
route-map map-name [permit | deny] [sequence-number] 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 184
*>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 205.171.0.16 205.171.0.16 100 0 100 0 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 185
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group's incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 186
filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 187
CONFIG-PREFIX LIST mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the configured prefix list. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} Configure the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 188
Configure the following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes. To view the BGP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 189
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. To configure a route reflector, use the following commands. • Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 190
Byte) or from 1 to 4294967295 (4 Byte). All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 191
default is 60 minutes. • route-map map-name: name of a configured route map. Only match commands in the configured route map are supported. Use this parameter to apply route dampening to selective routes. • Enter the following optional parameters to configure route dampening. CONFIG-ROUTE-MAP mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 192
The following example shows how to configure values to reuse or restart a route. In the following example, default = 15 is the set time before the value decrements, bgp dampening 2 ? is the set re-advertise value, bgp dampening 2 2000 ? is the suppress value, and bgp dampening 2 2000 3000 ? is the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 193
to the neighbor and receives all of the peer's updates. To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 194
can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes. When you configure a peer to support IPv4 multicast, Dell Networking OS takes the following actions: • Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 multicast as - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 195
using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 196
• Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp {ip-address | peer-group-name} soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only when route-refresh is not negotiated to avoid the peer from resending messages. In-BGP is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 197
-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 198
BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 199
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21/1 R1(conf-if-te-1/21/1)#ip address 10 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 200
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 201
R3(conf-if-lo-0)#int te 3/21/1 R3(conf-if-te-3/21/1)#ip address 10.0.2.3/24 R3(conf-if-te-3/21/1)#no shutdown R3(conf-if-te-3/21/1)#show config ! interface TengigabitEthernet 3/21/1 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21/1)# R3(conf-if-te-3/21/1)#router bgp 100 R3(conf-router_bgp)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 202
BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 203
R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 204
9 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for Ingress - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 205
The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 512 entries. Even though you can perform CAM carving to allocate the maximum - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 206
mode show cam-acl 4 Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command. To verify the actual CAM space required, create a Class Map with all required ACL rules, then execute - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 207
cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing CAM-ACL Settings Dell(conf)#do show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) Next Boot(in block - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 208
L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 0 -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 209
Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting this case, manually adjust the the non-EG line cards enter a problem state. • Before moving a card to supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 210
. By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables. The other supported UFT modes are scaled-l3-hosts (UFT mode 3) and scaled-l3-routes (UFT mode 4). Table 12. UFT Modes -Table Size UFT Mode L2 MAC - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 211
Hardware forwarding-table mode is changed. Save the configuration and reload to take effect. Dell(conf)#end Dell#write mem ! 01:13:36: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config in flash by default Dell(conf)# Dell(conf)#end Dell#01:13:44: %STKUNIT0-M:CP %SYS-5- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 212
10 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system's control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 213
-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Control Plane Policing (CoPP) 213 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 214
input name cpu-qos class-map name qos-policy name 7 Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8 Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 215
Dell(conf-policy-map-in-cpuqos)#exit The following example shows creating the control plane service policy. Dell(conf)#control-plane-cpuqos Dell(conf-control-cpuqos)#service-policy rate-limit-protocols egressFP_rate_policy Dell(conf-control-cpuqos)#exit Control Plane Policing (CoPP) 215 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 216
create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1 Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 217
applied to each queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 218
Example of Viewing Queue Mapping for IPv6 Protocols Dell#show ipv6 protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) TCP (BGP) any/179 179/any _ Q6 CP _ ICMP any any _ Q6 CP _ VRRP any any _ Q7 CP _ Dell# 218 Control Plane Policing (CoPP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 219
Map • Priority-Based Flow Control Using Dynamic Buffer Method • Behavior of Tagged Packets • Configuration Example for DSCP and PFC Priorities • SNMP Support for PFC and Buffer Statistics Tracking • Performing PFC Using DSCP Bits Instead of 802.1p Bits • PFC and ETS Configuration Examples • Using - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 220
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 221
DCBx • During DCBx negotiation with a remote peer: • DCBx communicates with the remote peer by LLDP TLV to determine current policies, such as PFC support and ETS bandwidth allocation. • If DCBx negotiation is not successful (for example, a version or TLV mismatch), DCBx is disabled and PFC or ETS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 222
Traffic Groupings Traffic Groupings Group ID Group bandwidth Group transmission selection algorithm (TSA) In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: • PFC enabled or disabled • No bandwidth limit or no ETS processing • ETS uses the DCB - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 223
TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters ETS parameters PFC Configuration center network. DCB is disabled by default. It must be enabled to support CEE. • Priority-based flow control • Enhanced transmission selection • Data center - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 224
and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 225
between peer devices. PFC allows network administrators to create zero-loss links for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network (LAN) traffic. To configure PFC, follow these steps: 1 Create a DCB Map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 226
peer devices. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 227
-set port-pipe command. NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays. In - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 228
to create zero-loss links for SAN traffic that requires no-drop service, while at the same time retaining packet-drop congestion management for to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 229
Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and Restrictions On a switch, PFC is globally enabled by default, but not applied - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 230
or which is already configured for lossless queues (pfc no-drop queues command). Command Mode CONFIGURATION INTERFACE Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 231
as no-drop pfc no-drop queues for lossless traffic. For the dot1p-queue assignments. queuesqueue-range The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 232
higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of is configured and applied on the interface. The number of lossless queues supported on the system is dependent on the availability of total buffers for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 233
for each frame priority. The goal of this mechanism is to ensure zero loss under congestion in DCB networks. Dell Networking OS provides SNMP support for monitoring PFC and BST counters, and statistics. The enhancement is made on DELLNETWORKING-FPSTATS-MIB with additional tables to display the PFC - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 234
to classify these untagged packets from the server based on their DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 235
ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 236
(refer to Configuring Bandwidth Allocation for DCBx CIN) and dot1p-queue mapping. NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported. Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 237
group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 238
the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Configuring ETS in a DCB Map A switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure ETS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 239
to the link bandwidth after scheduling non-ETS higher-priority traffic. • The configuration of bandwidth allocation and strict-queue scheduling is not supported at the same time for a priority group. • Bandwidth assignment: By default, equal bandwidth is assigned to each dot1p priority in a priority - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 240
(PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 241
are not compatibly configured on a peer device and the local switch. Mis-configuration detection is feature-specific because some DCB features support asymmetric configuration. • Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 242
priorities match the priorities in a received application priority TLV. • On manual ports, an application priority TLV is advertised only if the priorities on the port. DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 243
configuration negotiation with a DCBx peer again. Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 244
, the unrecognized TLVs cause the unrecognized TLV counter to increment, but the frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number and acknowledge the number sent in the DCBx control TLVs. DCBx - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 245
administer-configured DCB parameters. The port does not accept a DCB configuration received from a peer or a local configuration source. The default is Manual. 5 On manual ports only: Configure the PFC and ETS TLVs advertised to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 246
TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6 On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 247
pfc ets-reco. The default is All TLV types are enabled. 5 Configure the Application Priority TLVs that advertise on unconfigured interfaces with a manual port-role. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi} • fcoe: enables the advertisement of FCoE in Application Priority TLVs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 248
• Enable DCBx debugging. EXEC PRIVILEGE mode debug DCBx {all | auto-detect-timer | config-exchng | fail | mgmt | resource | sem | tlv} • all: enables all DCBx debugging operations. • auto-detect-timer: enables traces for DCBx auto-detect timers. • config-exchng: enables traces for DCBx configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 249
Examples of the show Commands The following example shows the show dot1p-queue mapping command. Dell(conf)# show qos dot1p-queue-mapping Dot1p Priority: 0 1 2 3 4 5 6 7 Queue : 0 0 0 1 2 3 3 3 Dell(conf)# show qos dot1p-queue-mapping Dot1p Priority: 0 1 2 3 4 5 6 7 Queue : 1 0 2 3 4 5 6 7 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 250
Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 251
0 0 0 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1/1 ets summary Interface TenGigabitEthernet 1/1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled PG-grp Priority# BW-% BW - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 252
The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1/1 ets detail Interface TenGigabitEthernet 1/1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : Admin is enabled TC-grp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 253
interface ets detail Command Description Field Interface Description Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 254
-ports all ets details Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is - 6 - - 7 - - 8 - - Stack unit 2 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: Admin - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 255
Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx In-Sync Peer DCBx Status DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Total DCBx Frames transmitted - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 256
as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. DCBx version configured on the port: CEE, CIN, IEEE v2 refer to Default dot1p to Queue Mapping) using the service-class dynamic dot1p command in INTERFACE configuration mode. You can use dot1p - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 257
Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB- CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured depends on the buffer. The default number - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 258
and scheduling). • One lossless queue is used. Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 259
DCB Dell(conf)#dcb enable 2 Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Or Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)# service-class dynamic dot1p 3 Apply DCB map to relevant interface dcb-map test priority-group 1 bandwidth 50 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 260
configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 261
Option Subnet Mask Number and Description Option 1 Specifies the client's subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client's default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 262
client starts the configuration process over by sending a DHCPDISCOVER. A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. A server sends this message to the client if it is not able to fulfill - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 263
configurations that exceed the allocated memory. • This platform supports 4000 DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. For Management Responding To Client Requests Providing Administration Services Description DHCP servers are the owners of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 264
1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands 264 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 265
Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses in a DHCP address pool are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To exclude an address, follow this step. • Exclude an address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 266
for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to recommends specifying clients as hybrid. DHCP mode netbios-node-type type Creating Manual Binding Entries An address binding is a mapping between the IP address and the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 267
stored on the server. For more information, refer to Configuring the Server for Automatic Address Allocation. • Dynamically assigned IP addresses are supported on Ethernet, VLAN, and port-channel interfaces. • The public out-of-band management interface and default VLAN 1 are configured by default - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 268
a new IP address, use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode. To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 269
using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management interfaces. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 270
The following criteria determine packets destined for the DHCP client: • DHCP is enabled on the interface. • The user data protocol (UDP) destination port in the packet is 68. • The chaddr (change address) in the DHCP header of the packet is the same as the interface's MAC address. • An entry in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 271
agent and the DHCP server, enter the trust-downstream option. • Manually reset the remote ID for Option 82. CONFIGURATION mode ip dhcp the relay agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer 2 interfaces - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 272
Enabling DHCP Snooping To enable DHCP snooping, use the following commands. 1 Enable DHCP snooping globally. CONFIGURATION mode ip dhcp snooping 2 Specify ports connected to DHCP servers as trusted. INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust 3 Enable DHCP snooping on a VLAN. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 273
ipv6 dhcp snooping binding mac address vlan-id vlan-id ipv6 ipv6-address interface interfacetype | interface-number lease value Clearing the Binding Table To clear the binding table, use the following command. • Delete all of the entries in the binding table. EXEC Privilege mode clear ip dhcp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 274
Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table, use the following command. • Display the contents of the binding table. EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 275
a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast MAC flooding Denial of service An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway's MAC address, resulting in all clients broadcasting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 276
command. • Specify an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dynamic ARP inspection is supported on Layer 2 and Layer 3. 276 Dynamic Host Configuration Protocol (DHCP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 277
Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 25. Three Types of Source Address Validation Source Address Validation IP Source Address Validation DHCP MAC Source Address Validation IP+MAC Source Address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 278
DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet's source hardware address against the client hardware address field (CHADDR) in the payload. Dell Networking OS ensures that the packet's source MAC address is checked against the CHADDR field in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 279
Total cam count 1 deny count (0 packets) deny access-list on TenGigabitEthernet 1/2/1 Total cam count 2 deny vlan 10 count (0 packets) deny vlan 20 count (0 packets) The following output of the show ip dhcp snooping source-address-validation discard-counters interface interface command displays the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 280
13 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 281
Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 282
Te 1/1/1 Up 36 Te 1/1/1 Up 52 Managing ECMP Group Paths To avoid path degeneration, configure the maximum number of paths for an ECMP route that the L3 CAM can hold. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 283
the IPv4 /32 route prefix entry in host table, more space is obtained that can be utilized for other route prefix entries. Support for ECMP in host table ECMP support in the L3 host table is available on the system. IPv6 /128 prefix route entries and IPv4 /32 prefix entries which are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 284
::1 00:00:20:d5:ec:a0 [ 132] 20::1 00:00:20:d5:ec:a1 Port Vid EC Fo 1/4 0 1 Fo 1/8 0 1 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes The software supports a command to program IPv6 /128 route prefixes in the route table. You can define IPv6 /128 route prefixes in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 285
works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. In addition, DCB provides types, such as LAN and SAN, according to 802.1p priority classes of service. DCBx should be enabled on the system before the FIP snooping feature is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 286
FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 287
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 288
Figure 36. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. • To assign a MAC - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 289
Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure on all VLANs, enable FIP snooping globally on a switch. • A switch can support a maximum eight VLANs. Configure at least one FCF/bridge-to-bridge port mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 290
fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe. Dell(conf)# NOTE: Manually add the CAM-ACL space to the FCoE region as it is not applied by default. To support FIP-Snooping and set CAM-ACL, usecam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 291
incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs. Configure the FC-MAP Value You can configure and FIP snooping is enabled on all or individual VLANs. FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is operationally - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 292
is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command. • The maximum number of FCFs supported per FIP snooping-enabled VLAN is twelve. Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 293
Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 28. Displaying FIP Snooping Information Command Output show fip-snooping sessions [interface vlan vlan-id] Displays information on FIP-snooped sessions on all VLANs or a specified - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 294
Table 29. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 295
Table 31. show fip-snooping fcf Command Description Field FCF MAC FCF Interface VLAN FC-MAP ENode Interface FKA_ADV_PERIOD No of ENodes FC-ID Description MAC address of the FCF. Slot/port number of the interface to which the FCF is connected. VLAN ID number used by the session. FC-Map value - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 296
The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 297
Field Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVLs Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Description Number of FIP FDISC reject frames received on the interface. Number of FIP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 298
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 37. Configuration Example: FIP Snooping on a Switch In this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 299
Dell(conf-if-te-1/1/1)# switchport Dell(conf-if-te-1/1/1)# protocol lldp Dell(conf-if-te-1/1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Dell(conf)# interface tengigabitethernet 1/5/1 Dell(conf-if-te - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 300
with the Flex Hash mechanism. Keep the following points in mind when you configure the flex hash capability: • A maximum of eight flex hash entries is supported. • A maximum of 4 bytes can be extracted from the start of the L4 header. • The offset range is 0 - 30 bytes from the start of the L4 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 301
With the reduced time that is taken to reboot the switch, upon a manually-initiated reload or an expected restart of the device, there is minimal servers in that rack. This functionality of minimized reload time is supported in a network deployment in which the servers are connected through - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 302
Symmetric Multiprocessing (SMP) utility that is enabled on the Intel CPU on the device to enhance the speed of the system startup. SMP is supported on the device. For the fast boot feature to reduce the traffic disruption significantly, the following conditions apply: 1 When LACP is used between the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 303
Interoperation of Applications with Fast Boot and System States This functionality is supported on the platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior to the system restart, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 304
boot and actions specific to this mode will not be performed. Software Upgrade When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases that were maintained in the older release from when you performed the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 305
computed and installed without the need for any manual intervention in any of the following conditions: Converged Ethernet (RoCE) Overview This functionality is supported on the platform. RDMA is a technology that lossless nature of disk input and output services. • Lossless connectivity: VMs require - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 306
for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the platform. All the frames in a Layer 2 VLAN are identified using a tag defined in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 307
against any single link/switch failure and thus provides for greater network uptime. Topics: • Protocol Overview • Implementing FRRP • FRRP Configuration • Troubleshooting FRRP • Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology. You can configure up to 255 rings - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 308
has been temporarily blocked and places it into a pre- forwarding state. When the Transit node in the pre-forwarding state receives the control frame instructing it to clear its routing table, it does so and unblocks the previously blocked ring ports on the newly restored port. Then the Transit node - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 309
In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 310
• Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) • Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. • Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 311
ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 312
the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 313
• The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1 Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 314
the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 315
• There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only. • Spanning Tree (if you enable it globally) must be disabled on both Primary and Secondary interfaces when you enable FRRP. • When the interface ceases to be a part of any FRRP process, if - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 316
Example of R3 TRANSIT interface TenGigabitEthernet 1/14/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/21/1 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 1/14/1,21/1 no shutdown ! interface Vlan 201 no ip address tagged - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 317
to register and deregister attribute values, such as VLAN IDs, with each other. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 318
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 319
Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode - figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 320
no ip address switchport gvrp enable gvrp registration fixed 34-35 gvrp registration forbidden 45-46 no shutdown Dell(conf-if-te-1/21/1)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 321
IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports an unlimited number of groups. • Dell Networking systems cannot serve as an IGMP host or an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 322
IGMP messages are encapsulated in IP packets, as shown in the following illustration. Figure 40. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 323
IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast routing protocols avoid forwarding traffic to subnets where there are no interested receivers. • To enable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 324
Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1 The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2 The host's second report - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 325
Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1 Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 326
router is 165.87.34.5 (this system) IGMP version is 2 Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 327
IGMP query interval is 60 seconds IGMP querier timeout is 125 seconds IGMP max query response time is 10 seconds IGMP last member query response interval is 1000 ms IGMP immediate-leave is disabled IGMP activity: 0 joins, 0 leaves, 0 channel joins, 0 channel leaves IGMP querying router is 1.1.1.1 ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 328
INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 329
• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 330
snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 331
association between applications and their port numbers. Table 33. Association Between Applications and Port Numbers Application Name Port Number SSH 22 Sflow-Collector 6343 Client Supported Supported Server Supported Internet Group Management Protocol (IGMP) 331 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 332
port for confd application 8888 secure HTTP server port for confd application Client Supported Supported Supported Supported Supported Supported Supported Supported Supported Server Supported Supported Supported If you configure a source interface is for any EIS management application, EIS might - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 333
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 334
the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared. • Because fallback support is removed, if the management port is down or the route lookup in EIS table fails packets are dropped. Therefore, switch-initiated traffic sessions that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 335
• If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management application drop counter is incremented. • Whenever IP address is assigned to the management port, it is stored in a global variable in the IP stack, which is used for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 336
• EIS is enabled implies that EIS feature is enabled and the application might or might not be configured as a management application • EIS is disabled implies that either EIS feature itself is disabled or that the application is not configured as a management application Transit Traffic This - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 337
Protocol radius Sflow-collector Snmp (SNMP Mib response and SNMP Traps) ssh syslog tacacs telnet tftp icmp (ping and traceroute) Behavior when EIS is Enabled EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior EIS Behavior for ICMP Behavior when EIS is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 338
table. It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 339
and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state. Basic Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 340
• Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting 40G Ports without Reload • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 341
.1 TenGigabitEthernet 1/7/1 unassigned TenGigabitEthernet 1/8/1 unassigned TenGigabitEthernet 1/9/1 unassigned OK? Method NO Manual NO Manual YES Manual YES Manual YES Manual YES Manual NO Manual NO Manual NO Manual Status administratively down administratively down up up up up administratively - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 342
interface TenGigabitEthernet 2/7/1 no ip address shutdown ! interface TenGigabitEthernet 2/8/1 no ip address shutdown ! interface TenGigabitEthernet 2/9/1 no ip address shutdown Resetting an Interface to its Factory Default State You can reset the configurations applied on an interface to its - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 343
configure on the management optic ports alone. Without any optic, if you configure the speed, the configuration is assigned as the port speed to support Provisioning through BMP. User viewable Logs: Logs for optic insertion and removal are same as QSFP optics. You can use the show inventory media - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 344
QSFP 0 Transceiver Code QSFP 0 Encoding QSFP 0 Length(SFM) Km QSFP 0 Length(OM3) 2m QSFP 0 Length(OM2) 1m QSFP 0 Length(OM1) 1m QSFP 0 Length(Copper) 1m QSFP 0 Vendor Rev = 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 = 0x05 = 0x00 = 0x32 = 0x00 = 0x00 = 0x00 = 0 Overview of Layer Modes On all systems - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 345
Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 mode, use the show interfaces - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 346
preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 347
agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 348
• must not match the virtual IP address and must not be in the same subnet as the virtual IP. If there are 2 RPMs on the system, each Management interface must be configured with a different IP address. Unless the management route command is configured, you can only access the Management interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 349
Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet. To configure an IP address for the port, use the following commands. There is no separate management routing table, so configure all routes in the IP routing table ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 350
show interface loopback number • Delete a Loopback interface. CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface. Null Interfaces The Null interface is another virtual interface. There is only one Null - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 351
only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 352
Each port channel must contain interfaces of the same interface type/speed. Port channels can contain a mix of 1G/10G/40G. The interface speed that the port channel uses is determined by the first port channel member that is physically up. Dell Networking OS disables the interfaces that do not match - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 353
interface port-channel id-number 2 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode. To place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 354
Dell# Te 1/13/1 (Up) Te 1/14/1 (Up) The following example shows the port channel's mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port-channel 20 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 355
INTERFACE PORT-CHANNEL mode no channel-member interface 2 Change to the second port channel INTERFACE mode. INTERFACE PORT-CHANNEL mode interface port-channel id number 3 Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 356
in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3 Verify the manually configured VLAN membership (show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 357
Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command. • Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 358
seed-value } For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value. By default hash seed is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 359
The interface range command allows you to create an interface range allowing other commands to be applied to that range of interfaces. The interface range prompt offers the interface (with slot and port information) for valid interfaces. The maximum size of an interface range prompt is 32. If the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 360
Exclude Duplicate Entries The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 361
Define the Interface Range The following example shows how to define an interface-range macro named "test" to select Ten Gigabit Ethernet interfaces 5/1 through 5/4. Example of the define interface-range Command for Macros Dell(config)# define interface-range test tengigabitethernet 1/1/1 - 1/4/1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 362
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 363
,24,25,27,29,31) . These ports can be changed to 40G to 10G mode or vice-versa without reload. • When a non-supported profile release is upgraded to a supported profile release, the fan-out configured ports get automatically included in the profile. In fan-out mode, if a system is upgraded with 25 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 364
splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes). NOTE: When you split a 40G port (such as fo 1/4) into four 10G ports, the 40G interface configuration is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 365
not apply for QSFP to SFP+ conversions using the QSA. Important Points to Remember • Starting from Dell OS 9.7(0.0), as part of dynamic fan-out support, only 96 ports can be split into 10G mode. Remaining eight ports stay in 40G. For more information, see Fanning out 40G Ports Dynamically. • Before - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 366
Example Scenarios Consider the following scenarios: • QSFP port 0 is connected to a QSA with SFP+ optical cables plugged in. • QSFP port 4 is connected to a QSA with SFP optical cables plugged in. • QSFP port 8 in fanned-out mode is plugged in with QSFP optical cables. • QSFP port 12 in 40 G mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 367
and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 368
Dell#show interfaces dampening tengigabitethernet 1/1/1 Interface Supp Flaps Penalty Half-Life Reuse Suppress State Te 1/1/1 Up 0 0 1 2 3 Dell# Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 369
link bundle monitoring status. show link-bundle-distribution Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 370
To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to Control frames to carry the PAUSE commands. Ethernet pause frames are supported on full duplex only. If a port is over-subscribed, Ethernet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 371
• Flow-control buffer threshold in KB: the range is from 1 to 2013 (default = 49KB). • Flow-control discard threshold in KB: the range is from 1 to 2013 (default = 75KB). • Buffer threshold limit for generating PAUSE frames: the range is from 1 to 4096. • Offset value for generating PAUSE frames to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 372
10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command. When the speed is set to 10Mbps - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 373
no negotiation auto If the speed was set to 1000, do not disable auto-negotiation. 8 Verify configuration changes. INTERFACE mode show config Example of the show interfaces status Command to View Link Status NOTE: The show interfaces status command displays link status, but not administrative - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 374
refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 375
Vlan membership: Vlan 2 --More-- Configuring the Interface Sampling Size Although you can enter any value between 30 and 299 seconds (the default), software polling is done once every 15 seconds. So, for example, if you enter "19", you actually get a sample of the past 15 seconds. All LAG members - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 376
more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 377
the configuration files. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property. Support to store the operating configuration to the startup config in the compressed mode and to perform an image downgrade without any configuration loss - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 378
interface TenGigabitEthernet 1/2/1 no ip address shutdown ! interface TenGigabitEthernet 1/3/1 no ip address shutdown ! interface TenGigabitEthernet 1/4/1 no ip address shutdown ! interface TenGigabitEthernet 1/10/1 no ip address shutdown ! interface TenGigabitEthernet 1/34/1 ip address 2.1.1.1/16 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 379
flash by default copy compressed-config Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Interfaces 379 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 380
20 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 381
Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 382
)#show conf ! interface TenGigabitEthernet 1/1/1 ip address 10.11.1.1/24 no shutdown ! Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 383
----------S 2.1.2.0/24 S 6.1.2.0/24 S 6.1.2.2/32 S 6.1.2.3/32 S 6.1.2.4/32 S 6.1.2.5/32 S 6.1.2.6/32 S 6.1.2.7/32 S 6.1.2.8/32 S 6.1.2.9/32 S 6.1.2.10/32 S 6.1.2.11/32 S 6.1.2.12/32 S 6.1.2.13/32 S 6.1.2.14/32 S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- ------- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 384
is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages. feature is not supported on significantly high value to prevent the device from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 385
To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 386
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 387
the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: • and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry These entries do not age and can only be removed manually. To remove a static ARP entry, use the no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 388
Internet 10.1.2.4 17 Dell# 08:00:20:b7:bd:32 Ma 1/1 Enabling Proxy ARP - CP By default, Proxy ARP is enabled. To disable Proxy ARP, use the no proxy-arp command in the interface mode. To re-enable Proxy ARP, use the following command. • Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 389
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 390
(ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 391
UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 392
! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged TenGigabitEthernet 1/2/1 no shutdown To view the configured broadcast address for an interface, use show interfaces command. Dell#show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 393
Figure 47. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 394
that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 395
IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • Extended address space • Stateless autoconfiguration • Header format simplification • Improved - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 396
of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 397
prefix-length) or 3K IPv6 route entries (greater than /64 prefix-length). You can configure the LPM table with one of the following partitions to support the IPv4 and IPv6 prefix route entries: • Partition 1: IPv6 128-bit LPM entries can be stored in this partition. IPv4 and 64-bit IPv6 entries - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 398
the header itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. 398 IPv6 Routing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 399
Next Header (8 bits) The Next Header field identifies the next header's type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 400
the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet's Source IP Address identifying the unknown option type. 400 IPv6 Routing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 401
send an ICMP Parameter Problem, Code 2 message to to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 402
IPv6 BGP MD5 Authentication IS-IS for IPv6 IS-IS for IPv6 support for redistribution Documentation and Chapter Location IPv6 Basic Commands in the Dell Networking OS Command Line Interface Reference Guide. Extended Address Space IPv6 Neighbor Discovery Stateless Autoconfiguration Path MTU Discovery - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 403
support over IPv6 (outbound SSH) Layer 3 only Secure Shell (SSH) server support Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting Problem - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 404
Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages assigned, it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 405
Figure 52. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 406
, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fe8b:7570 Global Unicast address(es): 1212::12, subnet is 1212::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 407
IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 408
command. You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 409
Telnet connection from the router. NOTE: Telnet to link local addresses is supported on the system. • Enter the IPv6 Address for the device. EXEC mode and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 410
Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options. EXEC mode or EXEC Privileged mode show ipv6 ? Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting information cam IPv6 CAM Entries fib IPv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 411
412::/64 onlink autoconfig Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::1:ff8b:386e ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 412
Destination Dist/Metric, Gateway, Last Change C 600::/64 [0/0] Direct, Te 1/24/1, 00:34:42 C 601::/64 [0/0] Direct, Te 1/24/1, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 1/24/1, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 413
NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 414
router-lifetime value The router lifetime range is from 0 to 9,000 seconds. 11 Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12 Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value The MTU range is from 1,280 to 11,982 bytes. 13 Set - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 415
1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing 415 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 416
provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies on iSCSI traffic. When enabled, iSCSI optimization allows to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 417
• iSCSI QoS - A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier of congestion that would otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported. The following illustration shows iSCSI optimization between servers and a storage array in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 418
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 419
the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 420
Synchronizing iSCSI Sessions Learned on VLT-Lags with VLTPeer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 421
addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 422
in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2. You cannot disable LLDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 423
• remark: marks incoming iSCSI packets with the configured dot1p or DSCP value when they egress the switch. The default is: the dot1 and DSCP values in egress packets are not changed. 8 (Optional) Set the aging time for iSCSI session monitoring. CONFIGURATION mode [no] iscsi aging time time. The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 424
3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0 Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0 Target: iqn. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 425
-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS- called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 426
MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 427
recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually. Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. You can configure the system as a Level 1 router, a Level 2 router, or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 428
Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 429
Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 430
Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223 .2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22/1 Loopback 0 Redistributing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 431
failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 432
} • adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. • manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 433
Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value Current Mode/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 434
, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if you - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 435
wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs. Cost Range Supported on IS-IS Interfaces 0 to 63 0 to 16777215 0 to 63 0 to 63 0 to : System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 436
• default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 437
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 438
Enter the type of interface and the interface information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 439
• static: for user-configured routes. • bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 440
and Partial SNPs. • Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password The Dell OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 441
new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs. ROUTER ISIS mode set-overload-bit This setting prevents other routers from using it as - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 442
the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 443
to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is but set back to 63 because the higher value is not supported. wide wide narrow narrow narrow narrow transition transition transition narrow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 444
Beginning Metric Style transition narrow transition narrow transition narrow transition narrow transition wide transition wide transition wide transition wide transition Final Metric Style wide transition wide narrow wide transition transition wide narrow narrow transition transition Moving to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 445
on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 446
Figure 55. IPv6 IS-IS Sample Topography IS-IS Sample Configuration - Congruent Topology IS-IS Sample Configuration - Multi-topology IS-IS Sample Configuration - Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17/1)#show config ! interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 447
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17/1)#show config ! interface TenGigabitEthernet 3/17/1 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17/1)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 448
24 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 449
in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. Dell Networking OS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 450
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 451
Dell(conf-if-te-4/15/1-lacp)#port-channel 32 mode active ... Dell(conf)#interface TenGigabitethernet 4/16/1 Dell(conf-if-te-4/16/1)#no shutdown Dell(conf-if-te-4/16/1)#port-channel-protocol lacp Dell(conf-if-te-4/16/1-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 452
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 453
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 454
• If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 455
0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 456
Figure 59. Inspecting the LAG Configuration 456 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 457
Figure 60. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 457 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 458
Figure 61. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 459
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21/1)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 460
Figure 62. Inspecting a LAG Port on BRAVO Using the show interface Command 460 Link Aggregation Control Protocol (LACP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 461
Figure 63. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 461 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 462
The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 463
25 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 464
Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 465
NOTE: The CAM-check failure message beginning in Dell Networking OS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 466
mac learning-limit station-move The mac learning-limit station-move command allows a MAC address already in the table to be learned from another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 467
membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 468
mac-address-table disable-learning lacp • Disable source MAC address learning from LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning lldp • Disable source MAC address learning from LACP and LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning If you don't use any option, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 469
to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces. Apply all other configurations to each interface in the redundant pair such that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 470
dynamic LAG, the backup interface can be a static or dynamic LAG In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 471
Dell(conf-if-range-te-1/11/1-1/11/2)#do show ip int brief | find 1/11/1 TenGigabitEthernet 1/11/1 unassigned YES Manual up up TenGigabitEthernet 1/11/2 unassigned NO Manual up down [output omitted] Dell(conf-if-range-te-1/11/1-1/11/2)#interface TenGigabitEthernet 1/11/1 Dell(conf-if-te-1/11 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 472
to reset the interface to bring it back to an FEFD operational state. When you enable Aggressive mode on an interface in the same state, manual intervention is required to reset the interface. 472 Layer 2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 473
not received after three intervals, the state changes to Err-disabled. You must manually reset all interfaces in the Err-disabled state using the fefd reset [interface] Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 474
INTERFACE mode ip address ip address, switchport 2 Enable the necessary ports administratively. INTERFACE mode no shutdown 3 Enable fefd globally. CONFIGURATION mode fefd-global {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 475
INTERFACE mode no shutdown 3 INTERFACE mode fefd {disable | interval | mode} Example of Viewing FEFD Configuration Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1/1)#do show fefd | grep 1/1/1 Te - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 476
An RPM Failover In the event that an RPM failover occurs, FEFD becomes operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again. 02-05-2009 12:40:38 Local7.Debug 10.16.151.12 Feb 5 07:06:09: %RPM1-S:CP %RAM-6-FAILOVER_REQ: RPM failover - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 477
26 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP - defined by IEEE 802.1AB - is a protocol that enables a local area network (LAN) device to advertise its configuration and receive - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 478
TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 70. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 479
to which a port belongs if the port is in Hybrid mode). Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV. Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the result of auto - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 480
LLDPMED framework. • LLDP-MED Network Connectivity Device - any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 481
formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELIN 4 Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. 5 6 7 8 9 10 11 12-255 Location Identification - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 482
Capabilities 1 Network Policy 2 Location Identification 3 Extended Power via MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved Dell Networking OS Support Yes Yes Yes Yes No No No Table 53. LLDP-MED Device Types Value 0 1 2 3 4 5-255 Device Type Type Not Defined Endpoint - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 483
8 9-255 Video Signaling Reserved Description - Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice control packets use a separate network policy than voice data. Specify this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 484
Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 485
advertise disable end exit hello mode multiplier no show Advertise TLVs Disable LLDP protocol globally Exit from configuration mode Exit from LLDP configuration mode LLDP hello configuration LLDP mode configuration (default = rx and tx) LLDP multiplier configuration Negate a command or set its - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 486
management-interface 3 Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2 Enter LLDP management-interface mode. LLDP- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 487
• softphone-voice • streaming-video • video-conferencing • video-signaling • voice • voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 75. Configuring LLDP Viewing the LLDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 488
PDT 1999-2014 Existing System Capabilities: Repeater Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled 488 Link Layer Discovery Protocol (LLDP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 489
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 490
! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 491
use the no debug lldp command. Figure 76. The debug lldp detail Command - LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 492
Table 55. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus msgTxHold msgTxInterval rxInfoTTL txInfoTTL Basic TLV Selection mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal statsFramesDiscardedTotal - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 493
TLV Type TLV Name TLV Variable 127 Port-VLAN ID PVID 127 Port and Protocol VLAN ID port and protocol VLAN supported System Local Remote Local Remote port and protocol VLAN enabled Local Remote PPVID Local LLDP MIB Object lldpLocPortDesc lldpRemPortDesc lldpLocSysName lldpRemSysName - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 494
TLV Type 127 TLV Name VLAN Name TLV Variable VID VLAN name length VLAN name System Remote Local Remote Local Remote Local Remote Table 58. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 1 LLDP-MED Capabilities TLV Variable LLDP-MED Capabilities System Local Remote LLDP-MED Class Type - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 495
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System Local Remote Local Remote Local Remote Local Remote Local Remote Power Priority Local Remote Power Value Local - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 496
27 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 497
SHA and ARP header SHA frames, a flooding of packets over the relevant VLAN occurs. • The maximum number of concurrent clusters that is supported is eight. Microsoft Clustering To provide transparent failover or balancing, Microsoft clustering allows multiple servers using Microsoft Windows to be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 498
There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets that use these ARP entries. Enabling a Switch for Multicast NLB To - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 499
28 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 500
Figure 78. MSDP SA Message Format Topics: • Anycast RP • Implementation Information • Configure Multicast Source Discovery Protocol • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 501
active sources in the area of the other RPs. If any of the RPs fail, IP routing converges and one of the RPs becomes the active RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 502
Figure 79. Configuring Interfaces for MSDP 502 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 503
Figure 80. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 503 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 504
Figure 81. Configuring PIM in Multiple Routing Domains 504 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 505
Figure 82. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP. CONFIGURATION mode ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 506
Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 507
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the SA cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 508
Figure 83. MSDP Default Peer, Scenario 2 508 Multicast Source Discovery Protocol (MSDP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 509
Figure 84. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 509 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 510
Figure 85. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 511
229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 73 00:13:49 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 512
UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1 OPTIONAL: Cache sources that the SA filter denies in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 513
ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache MSDP Source-Active - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 514
SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 515
• traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for the group must, at least initially, travel over the same part of the network. You can load balance source registration between multiple RPs by strategically mapping groups to RPs, but this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 516
CONFIGURATION mode interface loopback 2 Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3 In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 517
interface TenGigabitEthernet 1/2/1 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 518
neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.11 ip msdp originator-id Loopback 1 ! ip route 192.168.0.3/32 10.11.0. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 519
no shutdown ! interface TenGigabitEthernet 1/2/1 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 520
MSDP Sample Configuration: R3 Running-Config ip multicast-routing ! interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface TenGigabitEthernet 1/22/1 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 1/1 ip address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 521
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) - specified in IEEE 802.1Q-2003 - is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 522
and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP. • Dell Networking OS supports only one MSTP region. • When you enable MSTP, all ports in Layer 2 mode participate in MSTP. Configure Multiple Spanning Tree Protocol Configuring - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 523
• Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 524
PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 525
spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperate with Non-Dell Bridges Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 526
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure these values match on all devices. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 527
hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. 3 Change the max-age parameter. PROTOCOL MSTP mode max-age seconds The range is from 6 to 40 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 528
Port Cost 25-Gigabit Ethernet interfaces 40-Gigabit Ethernet interfaces 50-Gigabit Ethernet interfaces 100-Gigabit Ethernet interfaces Port Channel with 100 Mb/s Ethernet interfaces Port Channel with 1-Gigabit Ethernet interfaces Port Channel with 10-Gigabit Ethernet interfaces Port Channel with 25- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 529
this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Multiple Spanning Tree Protocol (MSTP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 530
Figure 88. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 531
tagged TenGigabitEthernet 1/21,31/1 no shutdown Router 2 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs mapped to MSTP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 532
tagged TenGigabitEthernet 2/11/1,31/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 2/11/1,31/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 2/11/1,31/1 no shutdown Router 3 Running-Configuration This example uses the following steps: 1 Enable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 533
no shutdown ! interface TenGigabitEthernet 3/21/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown ! interface Vlan 300 no ip address - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 534
tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • Display MSTP-triggered topology change messages. debug spanning-tree mstp events Examples of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 535
4w0d4h : INST 1: Flags: 0x6e, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 20 INST 2: Flags: 0x6e, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 20 4w0d4h : MSTP: Received BPDU on Te 2/21/1 : ProtId: 0, Ver: 3, Bpdu Type: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 536
across default and non-default virtual routing and forwarding (VRFs). The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Topics: • Enabling - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 537
5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 538
NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 539
Figure 89. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 61. Preventing a Host from Joining a Group - Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 • ip pim sparse-mode • ip - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 540
Location 2/1/1 2/11/1 2/31/1 3/1/1 3/11/1 3/21/1 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 541
ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the system. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 542
Figure 90. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 63. Preventing a Source from Transmitting to a Group - Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 • ip - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 543
Location 2/1/1 2/11/1 2/31/1 3/1/1 3/11/1 3/21/1 Receiver 1 Receiver 2 Description • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 544
not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 545
objects of interest, monitor their state, and report to a client when a change in an object's state occurs. The following tracked objects are supported: • Link status of Layer 2 interfaces • Routing status of Layer 3 interfaces (IPv4 and IPv6) • Reachability of IP hosts • Reachability of IPv4 and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 546
Figure 91. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 547
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 548
and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 549
track object-id interface interface line-protocol Valid object IDs are from 1 to 65535. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 550
To configure object tracking on the routing status of a Layer 3 interface, use the following commands. 1 Configure object tracking on the routing status of an IPv4 or IPv6 interface. CONFIGURATION mode track object-id interface interface {ip routing | ipv6 routing} Valid object IDs are from 1 to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 551
In order for an route's reachability or metric to be tracked, the route must appear as an entry in the routing table. A tracked route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table. For example, when - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 552
(Optional) E-Series only: For an IPv4 route, you can enter a VRF name to specify the virtual routing table to which the tracked route belongs. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked route. OBJECT TRACKING mode delay {[up seconds] [down - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 553
track resolution {ip route | ipv6 route} {isis resolution-value | ospf resolution-value} The range of resolution values is: • ISIS routes - 1 to 1000. The default is 1. • OSPF routes - 1 to 1592. The efault is 1. 2 Configure object tracking on the metric of an IPv4 or IPv6 route. CONFIGURATION mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 554
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv6 route: Dell(conf)#track 8 ipv6 route 2::/64 metric threshold Dell(conf-track-8)#threshold metric up 30 Dell(conf-track-8)#threshold metric down 40 Displaying - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 555
IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4/1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 556
in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter identifies and clarifies the differences between the two versions of OSPF. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 557
Figure 92. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 558
a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router's IP address reflect each other. The following example shows different router - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 559
Figure 93. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 560
(LSAs) A link-state advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA - The router lists links to other routers or networks in the same area - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 561
• Type 8: Link LSA (OSPFv3) - This LSA carries the IPv6 address information of the local links. • Type 9: Link Local LSA (OSPFv2), Intra-Area-Prefix LSA (OSPFv3) - For OSPFv2, this is a link-local "opaque" LSA as defined by RFC2370. For OSPFv3, this LSA carries the IPv6 prefixes of the router and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 562
000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 563
the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets. This behavior is supported because the forwarding tables previously computed by an active RPM have been downloaded into the forwarding information base (FIB) on the line - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 564
impact adjacency stability in larger topologies. Multi-Process OSPFv2 with VRF Multi-process OSPF with VRF is supported on the Dell Networking OS. Only one OSPFv2 process per VRF is supported. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 565
ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is equal intervals between the routers, use the following command. • Manually set the dead interval of the Dell Networking router to match - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 566
-Convergence • Changing OSPFv2 Parameters on Interfaces • Enabling OSPFv2 Authentication • Creating Filter Routes • Applying Prefix Lists • Redistributing Routes • Troubleshooting OSPFv2 1 Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 567
(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 568
using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 569
area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 570
Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the ABR - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 571
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 572
Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs, Min - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 573
Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 574
• Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds • seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 575
router-id • Planned-only - the OSPFv2 router supports graceful-restart for planned restarts only. A planned restart is when you manually enter a fail-over command to force the primary RPM , refer to the Dell Networking OS Command Line Reference Guide. Open Shortest Path First (OSPFv2 and OSPFv3) 575 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 576
Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following. Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 577
typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks. • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 578
directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 579
Figure 95. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 - Te 1/1/1 and 1/2/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 580
, it is created automatically. All IPv6 addresses configured on the interface are included in the specified OSPF process. NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 581
ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a packet on an interface. INTERFACE mode ipv6 ospf interface-cost • interface-cost:The range is from 1 to 65535. Default cost is based on the bandwidth - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 582
• process-id: the process ID number assigned. • area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 583
. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 584
• bgp | connected | static: enter one of the keywords to redistribute those routes. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. • route-map map-name: enter a name of a configured - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 585
graceful-restart mode [planned-only | unplanned-only] • Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM. During a planned - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 586
IPsec-compliant device decrypts each packet. NOTE: Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec. With IPsec The ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header after the IP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 587
refer to RFC 4303. In OSPFv3 communication, IPsec provides security services between a pair of communicating hosts or security gateways using either the headers have fields with variable lengths. • Manual key configuration is supported in an authentication or encryption policy (dynamic key - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 588
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. 588 Open Shortest Path First (OSPFv2 and OSPFv3) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 589
• key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AESCBC - 32 or 64 hex digits for AES-128 and 48 or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 590
used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 591
::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N Open Shortest Path First (OSPFv2 and OSPFv3) 591 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 592
: ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 593
Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 594
33 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 595
next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 596
PBR Exceptions (Permit) To create an exception to a redirect list, use thepermit command. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. The Dell Networking OS assigns the first available sequence number to a rule configured without - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 597
is the Destination's IP address • FORMAT: A.B.C.D/NN, or ANY or HOST IP address To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 598
the next command in the list with a different route is used. Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as virtual local area network (VLAN) and port-channel interfaces. NOTE: When you apply a redirect-list on a port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 599
multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 600
to give you a guidance with typical configurations. You can copy and paste from these examples to your CLI. Make the necessary changes to support your own IP addresses, interfaces, names, and so on. The Redirect-List GOLD defined in this example creates the following rules: • description Route - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 601
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23/1)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 602
Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 603
Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Dell(conf-track-1)#exit Dell(conf)#track 2 interface tunnel 2 ipv6 routing Dell(conf-track-2)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 604
PIM-SM. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • The platform supports a maximum of 95 PIM interfaces and 2000 multicast entries including (*,G), and (S,G) entries. The maximum number of PIM neighbors is the same as the maximum - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 605
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 606
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 607
TenGigabitEthernet 2/13/1 (10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11/1, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11/1 TenGigabitEthernet 1/12/1 TenGigabitEthernet 2/13/1 --More-- Configuring S,G Expiry - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 608
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 609
INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 610
. PIM-SSM also solves the multicast address allocation problem. Applications must use unique multicast addresses because if ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default. Configure PIM-SSM Configuring PIM-SSM - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 611
/ MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 612
Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 613
port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces. • Source port (MD) can be a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 614
must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The platform supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 615
Configuring Port Monitoring To configure port monitoring, use the following commands. 1 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in the following example. EXEC Privilege mode show interface 2 Create a monitoring session using the command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 616
Figure 96. Port Monitoring Example Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. 1 Configure monitor QoS multicast queue ID. CONFIGURATION mode monitor multicast-queue queue-id Dell(conf)#monitor multicast-queue 7 2 Verify information - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 617
port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way. In a remote be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 618
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 619
restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported. • In mirrored traffic, packets that have the same destination MAC address as an intermediate or destination switch in the path used by the reserved VLAN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 620
port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 621
Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 622
Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30/1 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28/1 - 1/28/2 Dell(conf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 623
Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6/1 Dell(conf-mon-sess-3)#tagged destination te 1/6/1 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ----------- 1 remote-vlan 10 Te 1/4/1 N/A N/A N/A 2 remote- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 624
direction. • A flow-based source VLAN is monitored only for ingress traffic (not egress traffic). direction. Changes to Default Behavior • Rate-limiting ïs not supported for ERSPAN traffic. • You can configure the same port as both source and destination in an ERSPAN session. • You can configure TTL - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 625
monitor Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1/1-1/1/3 mac access-group flow in Only ingress packets are supported for mirroring shutdown Port Monitoring 625 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 626
attached to the packet is 38 bytes long. If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM bytes of the header needs to be ignored/ chopped off. • Some tools support options to edit the capture file. We can make use of such features ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 627
b Using Python script • Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and forward - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 628
supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide direct access between the guest ports. • A service provider can provide Layer 2 security for customers - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 629
• A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. • A primary VLAN has one or more promiscuous ports. • A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN - a subdomain of the primary VLAN. • There are two types of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 630
the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN. • Creating PVLAN Ports • Creating a Primary VLAN • Creating - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 631
NOTE: You cannot add interfaces that are configured as PVLAN ports to regular VLANs. You also cannot add "regular" ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 632
6 (OPTIONAL) Assign an IP address to the VLAN. INTERFACE VLAN mode ip address ip address 7 (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 633
INTERFACE VLAN mode private-vlan mode isolated 4 Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 634
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 99. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 635
is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 636
Primary Isolated Community : 4000 : 4003 : 4001 NOTE: In the following example, notice the addition of the PVLAN codes - P, I, and C - in the left column. The following example shows viewing the VLAN status. S50V#show vlan Codes: * - Default VLAN, G - GVRP VLANs, P - Primary, C - Community, I - - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 637
38 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree - developed by a third party - that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 638
three other variations of spanning tree, as shown in the following table. Table 66. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term Spanning Tree Protocol (STP) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) Per-VLAN Spanning Tree Plus (PVST - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 639
2 Place the interfaces in VLANs. 3 Enable PVST+. 4 Optionally, for load balancing, select a nondefault bridge-priority for a VLAN. Related Configuration Tasks • Modifying Global PVST+ Parameters • Modifying Interface PVST+ Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 640
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 641
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 642
The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 643
The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 644
Figure 102. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 645
no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 2/12/1 no ip address switchport no shutdown ! interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 646
how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 68. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 647
Ingress Egress Egress Egress Egress Egress Figure 103. Dell Networking QoS Architecture Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations Quality of Service (QoS) 647 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 648
Strict-Priority Queueing • Queue Classification Requirements for PFC Functionality • Support for marking dot1p value in L3 Input Qos Policy • Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 649
hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p. When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 650
shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#rate shape 500 50 Dell(conf-if-te-1/1/1)#end 650 Quality of Service (QoS) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 651
. Figure 104. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 652
-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4 Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 653
4 Link the class-map to a queue. POLICY MAP mode service-queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class -maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 654
policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: • ACK • FIN • SYN • PSH 654 Quality of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 655
the specific match criteria as 'yellow', Dell Networking OS does not support Policer based coloring and this feature concurrently. • If single rate percentage, scheduler strict, rate shaping and WRED. NOTE: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 656
dscp or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p shows the default bandwidth percentage for each queue. 656 Quality of Service (QoS) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 657
for 8- Queue System 1% 2% 3% 4% 5% 10% 25% 50% NOTE: The system supports 8 data queues. When you assign a percentage to one queue, note that this change also You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 658
. Examples for Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 658 Quality of Service (QoS) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 659
the keyword layer2 with the policy-map-input command. 2 After you create an input policy map, do one or more of the following: Quality of Service (QoS) 659 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 660
policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map. POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 661
Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 662
an ACL exists in the CAM rather than writing it to the CAM multiple times. • Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps 1 Create an output policy map - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 663
, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast the strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue-based rate- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 664
as PFC is not enabled on dot1p priority 5. Support for marking dot1p value in L3 Input Qos Policy PFC will be based on that dot1p priority. Support is added to mark the dot1p value in You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 665
threshold, for example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. Quality of Service (QoS) 665 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 666
Packets), all traffic defaults to green drop precedence. • Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred 666 Quality of Service (QoS) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 667
DroppedBytes -- 0 UCAST 0 0 0 0 1 UCAST 0 0 0 0 2 UCAST 0 0 0 0 3 UCAST 0 0 0 0 4 UCAST 0 0 0 0 5 UCAST 0 0 0 0 6 UCAST 0 0 0 0 7 UCAST 0 0 0 0 8 UCAST 204 13056 0 0 9 MCAST 0 0 0 0 10 MCAST 0 0 0 0 Quality of Service (QoS) 667 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 668
. • Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 L2ACL 500 200 Allowed(2) 668 Quality - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 669
)# rate shape pps peak-rate burst-packets committed pps committedrate burst-packets 4 Alternatively, configure the committed rate and committed burst size in bytes. Quality of Service (QoS) 669 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 670
. You can set up these parameters for both front-end and backplane ports. Global Service Pools With WRED and ECN Settings Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 671
for backplane ports. Also, WRED/ECN is not supported for multicast packets. The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 672
conf) #service-pool wred weight pool0 11 pool1 4 Guidelines for Configuring ECN for Classifying and Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 673
! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map " through one or more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet. As - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 674
, all packets are considered as 'green' (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as 'yellow' alone will be provided. By default Dell Networking be achieved using either of the two approaches. 674 Quality of Service (QoS) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 675
class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 676
entire MMU space is shared across a maximum of 104 logical ports to support the egress admission-control functionality to implement scheduling and shaping on per-port system processes a PFC PAUSE frame. You can use the service-class buffer shared-threshold-weight queue0 ... queue7 number command in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 677
the shared buffer for the queues you want. In this example, this setting is configured for queues 5 and 7. Dell(conf-if-te-1/1/1)#Service-class buffer shared-threshold-weight queue5 4 queue7 6 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 678
0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 678 Quality of Service (QoS) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 679
variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 680
homogeneous networks. You must configure all devices within the RIP network to support RIP if they are to participate in the RIP. Configuration Task List related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 681
CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange routing information. ROUTER RIP mode network ip-address Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 682
[120/1] via 29.10.10.12, 00:01:22, Fa 1/49 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 12.0.0.0/8 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 683
Assigning a Prefix List to RIP Routes Another method of controlling RIP (or any routing protocol) routing information is to filter the information through a prefix list. A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 684
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 685
The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 686
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 687
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration - Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 688
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 689
10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 690
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- R 10.11.10.0/24 via 10.11.20.2, Te 3/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 691
no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/1/1 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/2/1 ip address 10.11.20.1/24 no shutdown ! - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 692
is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation - RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. 692 Remote Monitoring (RMON) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 693
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value eventnumber] falling-threshold - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 694
• number: assigned event number, which is identical to the eventIndex in the eventTable in the RMON MIB. The value must be an integer from 1 to 65,535 and be unique in the RMON Event Table. • log: (Optional) generates an RMON log entry when the event is triggered and sets the eventType in the RMON - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 695
• integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in the RMON History Table. • owner: (Optional) specifies the name of the owner of the RMON group of statistics. The default is a null-terminated string. • ownername: (Optional) records - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 696
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 75. Spanning Tree Variations Dell Networking OS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 697
the second-best bridge ID in the network. If the primary VLT peer node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 698
Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • Only one path from any - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 699
Figure 107. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 700
Number of transitions to forwarding state 1 BPDU : sent 121, received 5 The port is not in the Edge port mode Port 380 (TenGigabitEthernet 2/4/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.380 Designated root has priority 32768, address 0001.e801.cbb4 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 701
Table 76. RSTP Default Values RSTP Parameter Forward Delay Hello Time Max Age Port Cost: • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • 40-Gigabit Ethernet interfaces • Port Channel with 100 Mb/s Ethernet interfaces • Port Channel with 1-Gigabit - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 702
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. • Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 703
bridge-priority priority-value • priority-value The range is from 0 to 65535. The lower the number assigned, the more likely this bridge becomes the root bridge. The default is 32768. Entries must be multiples of 4096. Example of the bridge-priority Command A console message appears when a new root - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 704
shutdown Dell(conf-if-te-2/1/1)# Configuring Fast Hellos for Link State Detection Use RSTP fast hellos to achieve sub-second link-down detection so that convergence is triggered faster. The standard RSTP link-state detection mechanism does not offer the same low link-state detection speed. To - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 705
43 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN) 705 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 706
, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services. When you enable AAA accounting, the network server reports user activity to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 707
process request. • stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 708
actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 709
For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to five authentication methods to a method list. Dell Networking OS evaluates the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 710
NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 711
-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command. To enable the obscuring of passwords and keys, use the following command. • Turn on the obscuring of passwords and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 712
to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 713
Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 714
CONFIGURATION mode enable password [level level] [encryption-mode] password Configure the optional and required parameters: • level level: specify a level from 0 to 15. Level 15 includes all levels. • encryption-type: enter 0 for plain text or 7 for encrypted text. • password: enter a string up to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 715
Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC no Negate a command show Show running system - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 716
server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 717
a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 718
Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list. Default method lists do not need to be explicitly applied to the line, so they are not mandatory. To create a method list, use the following commands. • - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 719
• retransmit retries: the range is from 0 to 100. Default is 3. • timeout seconds: the range is from 0 to 1000. Default is 5 seconds. • key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 720
troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 721
use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 722
closes the Telnet session immediately. The following example demonstrates how to configure the access-class from a TACACS+ server. This configuration ignores the configured access-class on the VTY line. If you have configured a deny10 ACL on the TACACS+ server, the system downloads it and applies it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 723
proposes a countermeasure to the problem. This countermeasure is configured into remote login and other secure network services over an insecure network. Dell Networking Networking OS Command Line Interface Reference Guide. Dell Networking OS SCP, which SCP client software is supported. To use the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 724
RSA Authentication : disabled. Vty Encryption HMAC Dell(conf)# Remote IP To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 725
User name to login remote host: admin Password to login remote host: Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 726
server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server. The following HMAC algorithms are available: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 727
cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 728
The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc. Example of Configuring a Cipher List The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 729
Using RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. 1 On the SSH client (Unix machine), generate an RSA key, as shown in the following example. 2 Copy the public key id_rsa.pub to the Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 730
-l User name option -m HMAC algorithm to use (for v2 clients only) -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 731
you use - line, local, or remote. Table 77. VTY Access Authentication Method Line Local TACACS+ RADIUS VTY access-class support? YES NO YES YES Username access-class support? NO YES NO NO Dell Networking OS provides several ways to configure access classes for VTY lines, including: • VTY Line - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 732
Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 733
their associated job function. Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 734
NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need to enter an enable password because you will be automatically placed in EXEC Priv mode. For greater security, the ability to view event, audit, and security system log is associated with user roles. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 735
login authentication test authorization exec test exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 736
permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles. Important Points to Remember - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 737
When you modify a command for a role, you specify the role, the mode, and whether you want to restrict access using the deleterole keyword or grant access using the addrole keyword followed by the command you are controlling access. For information about how to create new roles, see also Creating a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 738
The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode. Dell(conf)#role configure deleterole secadmin ? LINE Initial keywords of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 739
for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 740
privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled "Force10-avpair". - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 741
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 742
Sessions for Roles Dell#show accounting Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 743
line route-map router Line Configuration mode Route map configuration mode Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 744
only 802.1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated, and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network. Even under ideal conditions, customers and the provider - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 745
Figure 108. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are Trunk Ports 2 Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3 Enabling VLAN-Stacking for a VLAN. Service Provider Bridging 745 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 746
provider bridge that is connected to another provider bridge. INTERFACE mode vlan-stack trunk 3 Assign all access ports and trunk ports to service provider VLANs. INTERFACE VLAN mode member Example of Displaying the VLAN-Stack Configuration for a Switchport To display the VLAN-Stacking configuration - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 747
-1/1/1)#portmode hybrid Dell(conf-if-te-1/1/1)#switchport Dell(conf-if-te-1/1/1)#vlan-stack trunk Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 no ip address Service Provider Bridging 747 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 748
at R4. The TPID on the outer tag is 0x9100. R2's TPID must also be 0x9100, and it is, so R2 forwards the frame. 748 Service Provider Bridging - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 749
the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Service Provider Bridging 749 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 750
Figure 109. Single and Double-Tag TPID Match 750 Service Provider Bridging - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 751
Figure 110. Single and Double-Tag First-byte TPID Match Service Provider Bridging 751 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 752
Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 753
Privilege mode. Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence Te 1/1/1 0 Green Te 1/1/1 1 Yellow Te 2/9/1 1 Red Te 2/10/1 0 Yellow Service Provider Bridging 753 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 754
CFI/DEI Te 1/1/1 Green 0 Te 1/1/1 Yellow 1 Te 2/9/1 Yellow 0 Te 2/10/1 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 755
3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21/1 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 756
the intermediate network might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). 756 Service Provider Bridging - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 757
MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Service Provider Bridging 757 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 758
tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode 758 Service Provider Bridging - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 759
processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Service Provider Bridging 759 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 760
-00-00, originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs -C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 761
any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe's lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe's hardware sampling rate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 762
datagram depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional switch. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 763
displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 764
Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum second bold lines indicate sFlow is enabled on Te 1/16/1 and Te 1/17/1 Dell#show sflow sFlow services are enabled 764 sFlow - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 765
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 766
sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 767
output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling of the packet. • The sFlow sampling functionality is supported only for egress traffic and not for ingress traffic. The previous points are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 768
Table 79. Extended Gateway Summary IP SA IP DA static/connected/IGP static/connected/IGP static/connected/IGP BGP BGP static/connected/IGP BGP BGP srcAS and srcPeerAS - 0 - Exported Exported dstAS and dstPeerAS - Exported - Exported Exported Description Extended gateway data is not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 769
• MIB Support to Display the Software Core Files Generated by the System • Manage VLANs using SNMP • Managing Overload on Startup • Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Deriving Interface Indices • Monitor Port-Channels • Troubleshooting SNMP Operation - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 770
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC 3826. The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 771
the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 772
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 773
(read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 774
The following example shows reading the value of the many managed objects at one time. > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Real Time Operating System Software Dell Operating System Version: 1.0 Dell Application Software Version: E_MAIN4 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 775
also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps - coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss. • Dell Networking - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 776
Move threshold exceeded for Mac %s in vlan %d CAM-UTILIZATION: Enable SNMP envmon CAM utilization traps. envmon supply PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major alarm: insufficient power %s MAJOR_PS_CLR - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 777
than or equal to 5 minutes. This restriction also applies to the console message. NOTE: If a syslog server failure event is generated before the SNMP agent service starts, the SNMP trap is not sent. Simple Network Management Protocol (SNMP) 777 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 778
To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following command: CONFIGURATION MODE snmp-server enable traps snmp syslog-unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity, enter the following command: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 779
MIB Object copySrcFileLocation copySrcFileName copyDestFileType copyDestFileLocation copyDestFileName copyServerAddress copyUserName OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 .1.3.6.1.4.1.6027.3.5.1.1.1.1.6 .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 780
appears. In this case, increment the index value and enter the command again. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 • To complete the command, use as many MIB objects in the command as required - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 781
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 782
a 11.11.11.11 copyUserName.110 s mylogin copyUserPassword.110 s mypass FTOS-COPY-CONFIG-MIB::copySrcFileType.110 = INTEGER: runningConfig(2) FTOS-COPY-CONFIG-MIB::copyDestFileName.110 = STRING: /home/startup-config FTOS-COPY-CONFIG-MIB::copyDestFileLocation.110 = INTEGER: ftp(4) FTOS-COPY-CONFIG-MIB - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 783
MIB Object copyTimeStarted copyTimeCompleted copyFailCause copyEntryRowStatus OID .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13 .1.3.6.1.4.1.6027.3.5.1.1.1.1.14 .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Values 3 = failed Time value Time value 1 = bad filename 2 = copy in progress 3 = - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 784
2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 785
MIB Object chSysCoresStackUnitNumber chSysCoresProcess OID 1.3.6.1.4.1.6027.3.10.1.2.10.1.4 1.3.6.1.4.1.6027.3.10.1.2.10.1.5 Description Contains information that includes which stack unit or processor the core file was originated from. Contains information that includes the process names that - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 786
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 787
Example of Adding a Tagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as a tagged member of VLAN 10. >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 788
i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 789
Example of Fetching MAC Addresses Learned on a Port-Channel Using SNMP Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number. MAC Addresses on Force10 System Dell( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 790
= INTEGER: 1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 791
: IF-MIB::linkUp IF-MIB::ifIndex.1107755009 = INTEGER: 1107755009 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 792
storm-control unknown-unicast [interface] command. EXEC Privilege Topics: • Configure Storm Control • PFC Storm Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 793
mode you can configure storm control for ingress and egress traffic. Do not apply per-virtual local area network (VLAN) quality of service (QoS) on an interface that has storm-control enabled (either on an interface or globally). • Configure storm control. CONFIGURATION mode • Configure the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 794
traffic through other ports and priorities are not affected. For more information about the above commands, see the Dell Networking OS Command Line Reference Guide. Restore Queue Drop State You can restore the queue drop triggered due to the storm control PFC detection to the normal state. Once the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 795
6 Te 0/3 3 4 5 6 Te 0/4 3 4 5 6 Te 0/5 3 4 5 6 Te 0/80 3 4 5 6 Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Normal Normal Normal Normal 14780 14780 14760 14760 14760 14760 14760 14740 14740 14740 14640 14540 14540 0 0 0 0 8686064 8682775 8690918 8690786 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 796
three other variations of spanning tree, as shown in the following table. Table 88. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 797
and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 798
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 115. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 799
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1/1)# Enabling Spanning Tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 800
Figure 116. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 801
Topology change flag not set, detected flag not set Number of topology changes 3 last change occurred 0:16:11 ago from TenGigabitEthernet 2/3/1 Timers: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Times: hello 0, topology change 0, notification 0, aging Normal Port 289 ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 802
Table 89. STP Default Values STP Parameters Forward Delay Hello Time Max Age Port Cost • 100-Mb/s Ethernet interfaces • 1-Gigabit Ethernet interfaces • 10-Gigabit Ethernet interfaces • Port Channel with 100 Mb/s Ethernet interfaces • Port Channel with 1-Gigabit Ethernet interfaces • Port Channel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 803
The default values are listed in Modifying Global Parameters. To change the port cost or priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree 0 cost cost The range is from 0 to 65535. The default values are listed in Modifying - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 804
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 805
Figure 117. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. • drops the BPDU after it reaches the RP and generates a console - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 806
Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7/1 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 807
on any STP-enabled port or port-channel interface except when used as a stacking port. • Root guard is supported on a port in any Spanning Tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 808
• mstp: enables root guard on an MSTP-enabled port. • rstp: enables root guard on an RSTP-enabled port. • pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no spanning-tree 0 rootguard command in an interface configuration mode. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 809
per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 810
• Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 811
troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support information on SmartScripts, see Dell Networking Open Automation guide. Figure 120. SupportAssist NOTE: SupportAssist is Wizard • Configuring SupportAssist Manually • Configuring SupportAssist - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 812
data entry. Enable the SupportAssist service. CONFIGURATION mode support-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 813
. NOTE: This step is not mandatory and you can configure SupportAssist manually without performing this step. Even before you accept or reject the EULA activities and servers for the SupportAssist service. SUPPORTASSIST mode enable all Dell(conf)#support-assist Dell(conf-supportassist)#enable all - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 814
mac-address-table" "show trace" "show command-history" "show logging" "show tech-support" } : "alarms_records", : "arp_records", : "ip_route_records", : "mac-address-table_records", : "trace_records", : "command_history_records", : "system_logging_records", : "tech-support_records" 3 Configure - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 815
allows you to configure name, address and territory information of the company. SupportAssist Company configurations are optional for the SupportAssist service. To configure SupportAssist company, use the following commands. 1 Configure the contact information for the company. SUPPORTASSIST mode [no - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 816
[no] contact-person [first ] last Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 2 Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 817
feature status including any activities, status of communication, last time communication sent, and so on. EXEC Privilege mode show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 818
save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure. Dell SupportAssist also collects and stores - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 819
They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF. Topics - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 820
Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 821
Figure 121. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 822
Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 823
CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 824
in dotted decimal format (A.B.C.D). • ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. • key keyid : Configure a text string as the key exchanged between the NTP server and the client. • prefer: Enter the keyword prefer to set - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 825
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) - This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 826
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 827
CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 828
• Set the clock to the appropriate timezone and adjust to daylight saving time every year. CONFIGURATION mode clock summer-time time-zone recurring start-week start-day start-month start-time end-week end-day end-month end-time [offset] • time-zone: Enter the three-letter name for the time zone. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 829
. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • Configuring a Tunnel • Configuring Tunnel Keepalive Settings • Configuring a Tunnel Interface • Configuring Tunnel Allow-Remote Decapsulation • Configuring Tunnel - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 830
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 831
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 832
Receive-Only Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination. • The IP MTU configured on the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 833
Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.com/support • By email: [email protected] • By phone: US and Canada: 866.965.5800, International - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 834
VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-based VLANs and one default VLAN, as specified in Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) • Service Provider Bridging • Per- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 835
be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 836
frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size. Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 837
the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 838
interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1/1 Po1(So 0/0-1) Te 1/2/1 Po1(So 0/0-1) When you remove a tagged interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 839
does not understand VLAN tags), and you must connect a tagged port to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 840
VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 841
the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: • Proxy Gateway in VLT Domains • Configuring a Static VLT Proxy Gateway • Configuring an LLDP VLT Proxy Gateway Proxy Gateway in VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 842
(VLAN) configuration, such as the same VLAN configured with Layer 2 (L2) mode on one VLT domain and L3 mode on another VLT domain is not supported. You must always configure the same mode for the VLANs across the VLT domain. • You must maintain VLAN symmetry within a VLT domain. • The connection - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 843
-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 844
• The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. • You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 845
Figure 124. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 846
Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address exclude-vlan 10 • Packet duplication may happen with "Exclude-VLAN" configuration - Assume you used the exclude-vlan option (called VLAN 10) in C - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 847
the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 848
, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT. The following example - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 849
Figure 126. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) - The combined port channel between an attached device and the VLT peer switches. • VLT backup link - The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 850
ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the the link local address that is redirecting to the VLTi link. • VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 851
. • A VLT interconnect over 1G ports is not supported. • The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. • The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. • VLT peer switches operate as separate - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 852
. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). • In a VLT domain, ingress and egress QoS policies are supported on physical VLT ports, which can be members of VLT port channels in the domain. • Ingress and egress QoS policies applied on VLT ports must - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 853
ports: 802.1p, LLDP, flow control, IPv6 dynamic routing, port monitoring, and jumbo frames. • Software features not supported with VLT • In a VLT domain, the following software features are not supported on VLT ports: 802.1x, DHCP snooping, FRRP, GVRP, ERSPAN, RSPAN, VXLAN, ingress and egress QOS - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 854
node fails, the secondary VLT peer node becomes the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or the VLT peer node. VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync - Entries learned on the VLT interface are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 855
that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 856
Figure 127. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 857
. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 858
vlt domain domain-id 2 Enable peer-routing. VLT DOMAIN mode peer-routing 3 Configure the peer-routing timeout. VLT DOMAIN mode peer-routing-timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 859
station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 860
VLTi. NOTE: If you use a third-party ToR unit, to avoid potential problems if you reboot the VLT peers, Dell recommends using static LAGs on the address. 3 Configure a backup link for the VLT domain. 4 (Optional) Manually reconfigure the default VLT settings, such as the MAC address and VLT primary/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 861
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 862
back-up destination {ipv4-address | ipv6-address} [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. VLT DOMAIN CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 863
To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. For more information, refer to VLT Port Delayed Restoration. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1 Enter - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 864
To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the unit ID assigned - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 865
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 Enter the port-channel number that acts as - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 866
You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 6 When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations. VLT DOMAIN CONFIGURATION mode system-mac mac- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 867
INTERFACE mode port-channel number mode [active] 15 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the first VLT node in Domain 2. 18 Repeat steps 1 through 15 for the VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 868
-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 869
3 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vltpeer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured in VLT peer 2). Dell-2#show running-config interface tengigabitethernet 1/4/1 ! - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 870
-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:31 Te 1/18/1 (Up) PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 871
Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 90b1.1cf4.9b79 We are the root of Vlan 1000 Configured hello time 2, max age 20, forward delay 15 Interface Name PortID Prio Cost Po 1 128.2 128 188 Po 2 128.3 128 2000 Te 1/10/1 128.230 128 2000 Te 1/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 872
Figure 128. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8/1-1/8/2 Domain_1_Peer1(conf)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 873
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 874
router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally. VLT_Peer1 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 875
EXEC mode show vlt role • Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode show running-config vlt • Display statistics on VLT operation. EXEC mode show vlt statistics • Display the RSTP configuration on a VLT peer switch, including the status of - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 876
Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : 6(3) : 00:01:e8:8a:e9:91 : 00:01:e8:8a:e9:76 : 6(3) : 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 60 seconds : - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 877
HeartBeat Messages Received: 986 ICL Hello's Sent: 148 ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 878
Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 879
running-config interface port-channel 11 ! interface Port-channel 11 no ip address switchport channel-member fortyGigE 1/5,6 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 880
Description Spanning tree mismatch at global level Behavior at Peer Up All VLT port channels go down on both VLT peers. A syslog error message is generated. Behavior During Run Time No traffic is passed on the port channels. A one-time informational syslog message is generated. Action to Take - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 881
PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 882
PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not made a part of that VLAN. MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 883
Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN. • The ARP request packet originates on the primary VLAN for the intended destination IP address. The ARP request received on ICLs are not proxied, even if they are - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 884
VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved. This section describe how to configure - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 885
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 4 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 886
. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 887
different domains. However, you cannot configure the VLT peers as MSDP peers in the same VLT domain. In such instances, the VLT peer does not support the RP functionality. If the same source or RP can be accessed over both a VLT and a non-VLT VLAN, configure better metrics for the VLT - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 888
routing timeout value command. You can configure an optimal time for a VLT node to retain synced multicast routes or synced multicast outgoing interface (OIF), after a VLT peer node failure, using the multicast peer-routing-timeout command in VLT DOMAIN mode. Using the bootstrap router (BSR) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 889
no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 890
back-up destination 10.16.151.115 system-mac mac-address 00:00:00:11:11:11 unit-id 1 Dell# Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 891
Dell# V Po1(Te 1/30-32/1) Virtual Link Trunking (VLT) 891 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 892
57 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN from the NVP Controller GUI • Configuring VxLAN Gateway • Displaying VXLAN Configurations • VXLAN Service nodes for BFD 892 Virtual Extensible LAN (VXLAN) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 893
and logical network based on messages from the NVP. • Advertises MACs learnt on south-facing VXLAN capable-ports to the NVP client. VXLAN Hypervisor Service Node(SN) Legacy TOR It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. It - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 894
Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1 Provides connectivity between a Virtual server infrastructure and a Physical server infrastructure. 2 Provides the functions performed by a VTEP in a virtual server infrastructure. The functions - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 895
• Source Address : It is the source MAC address of the router that routes the packet. • VLAN: It is optional in a VXLAN implementation and will be designated by an ethertype of 0×8100 and has an associated VLAN ID tag. • Ethertype: It is set to 0×0800 because the payload packet is an IPv4 packet. - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 896
Hypervisor Figure 132. Edit Hypervisor Figure 133. Create Transport Connector 2 Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication. The - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 897
Figure 134. Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of the user - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 898
For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the 2 vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 899
fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller, use the following command. In - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 900
Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command. The following example shows the show vxlan vxlan-instance unicast-mac-remote command. Dell# show vxlan vxlan-instance unicast-mac-remote Total Local Mac Count: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 901
. Dell# show vxlan vxlan-instance unicast-mac-remote Total Local Mac Count: 1 VNI MAC TUNNEL 4656 00:00:01:00:00:01 36.1.1.1 VXLAN Service nodes for BFD When multiple service nodes are available for a given Logical Network, Network Virtualization Overlay (NVO) gateway picks one of the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 902
devices. Using VRF also increases network security and can eliminate the need for encryption and authentication due to traffic segmentation. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is also referred to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 903
VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 904
-VRF ports. Yes Yes No No No No Yes No Yes NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non-default-VRFs also. IPv6 ACLs are supported on default-VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. No Yes Yes No No Yes No No - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 905
IPv6 capabilities Basic OSPFv3 IS-IS BGP ACL Multicast NDP RAD Ingress/Egress Storm-Control (perinterface/global) Support Status for Default VRF Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Support Status for Non-default VRF Yes Yes No No No Yes Yes Yes No No Yes Yes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 906
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 907
the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 908
Task Command Syntax vrrp-group 10 virtual-address 10.1.1.100 no shutdown View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 TenGigabitEthernet 1/13/1, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 909
displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route • Configure a static route that points to a management interface. CONFIGURATION management - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 910
Figure 140. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1/1 ip vrf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 911
no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 912
interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 913
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric ----------- ------- ----------- C 2.0.0.0/24 Direct, Vl 192 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 914
----------- ------- ----------- C 1.0.0.0/24 Direct, Vl 128 0/0 O 10.0.0.0/24 via 1.0.0.1, Vl 128 110/2 C 11.0.0.0/24 Direct, Te 2/1/1 0/0 ----------00:27:21 00:14:24 00:19:46 Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 915
that particular prefix will fail and an error-log will be thrown. Manual intervention is required to clear the unneeded prefixes. The source route will VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRF-Blue but not - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 916
3 Configure VRF-red. ip vrf vrf-red interface-type slot/port[/subport] ip vrf forwarding VRF-red ip address ip-address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4 Configure the import target in VRF-red. ip route-import 1:1 5 Configure the export - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 917
ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11/1 0/0 00:00:10 22:39:59 Dell# show ip route vrf VRF- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 918
• If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG ("Duplicate prefix found %s in the target VRF %d", address, import_vrf_id) with The type/level is - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 919
to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options. Other options that are configured in the route-maps are ignored. Virtual Routing and Forwarding (VRF - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 920
• You can expose a unique set of routes from the Source VRF for Leaking to other VRFs. For example, in VRF-red there is no option for exporting one set of routes (for example, OSPF) to VRF- blue and another set of routes (for example, BGP routes) to some other VRF. Similarly, when two VRFs leak or - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 921
the Internet. Router B receives and forwards them on interface TenGigabitEthernet 10/1. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. For more detailed information about VRRP, refer to RFC 2338, Virtual - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 922
on the interface. You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet. Z-Series supports a total of 255 VRRP groups on a switch. The total number of VRRP groups per system should be less than 512. The following recommendations shown - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 923
• Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 924
no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 925
2 Set the master switch to VRRP protocol version 3. Dell_master_switch(conf-if-te-1/1/1-vrid-100)#version 3 3 Set the backup switches to version 3. Dell_backup_switch1(conf-if-te-1/1/1-vrid-100)#version 3 Dell_backup_switch2(conf-if-te-1/2/1-vrid-100)#version 3 Assign Virtual IP addresses Virtual - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 926
NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1/1)#show conf ! interface TenGigabitEthernet 1/1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 927
same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 928
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 929
• Change the advertisement interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second. • For VRRPv3, change the advertisement centisecs interval setting. INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 930
For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object ( - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 931
The following example shows verifying the tracking status. Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is TenGigabitEthernet 1/3/1 Tracked by: VRRP - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 932
the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 933
Figure 142. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31/1 R2(conf-if-te-2/31/1)#ip address 10.1.1.1/24 R2(conf-if-te-2/31/1)#vrrp-group 99 R2(conf-if-te-2/31/1-vrid-99 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 934
TenGigabitEthernet 2/31/1, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 935
Figure 143. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 936
R2(conf-if-te-1/1/1-vrid-10)#no shutdown R2(conf-if-te-1/1/1)#show config interface TenGigabitEthernet 1/1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1/1)#end R2#show vrrp TenGigabitEthernet 1/1/1, IPv6 VRID: 10, - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 937
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 938
Figure 144. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#ip vrf - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 939
, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario. This VLAN scenario often occurs in a service-provider network in which you configure VLAN tags for traffic from multiple customers on customer-premises equipment (CPE), and separate VRF instances associated with - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 940
VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#no ip address S1(conf-if-te-1/1/1)#switchport S1(conf-if-te-1/1/1)#no shutdown ! S1(conf-if-te-1/1/1)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 941
VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 1/1/1 S2(conf-if-te-1/1/1)#no ip address S2(conf-if-te-1/1/1)#switchport S2(conf-if-te-1/1/1)#no shutdown ! S2(conf-if-te-1/1/1)# - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 942
guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on. 942 Virtual Router Redundancy Protocol (VRRP) - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 943
NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface tengigabitethernet 1/1/1 R2(conf- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 944
Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 1/1/1 TenGigabitEthernet 1/1/1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 945
Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Virtual Router Redundancy Protocol (VRRP) 945 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 946
60 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 - Level 0 diagnostics check for - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 947
3 Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-1.txt Diags completed... Rebooting the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 948
[163]: ERROR: platform cpld cache disabled ioctl failed, rv: 9 S6000 DIAGNOSTICS Board CPU Version Stack Unit Board Temp Stack Unit Number Board Service Tag System Cpld Rev Master Cpld Rev Slave Cpld Rev Image Build Version : S6000 Dell Inc. : Intel Centerton Processor : 32 Degree - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 949
Test 5 - Psu Status Monitor Test NOT PRESENT Test 6.000 - Psu0 Fan Speed Monitor Test PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 6.001 - Psu1 Fan Speed Monitor Test NOT PRESENT Test 6 - Psu Fan Speed Monitor Test NOT PRESENT Test 7.000 - Psu0 Fan Status Monitor - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 950
a ring buffer. You can save the messages to a file either manually or automatically after failover. Auto Save on Crash or Rollover Exception information directory. NOTE: Non-management member units do not support this functionality. Hardware Watchdog Timer The hardware watchdog command - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 951
QSFP 52 Temp High Alarm threshold QSFP 52 Voltage High Alarm threshold QSFP 52 Bias High Alarm threshold QSFP 52 RX Power High Alarm threshold QSFP 52 Temp Low Alarm threshold QSFP 52 Voltage Low Alarm threshold QSFP 52 Bias Low Alarm threshold QSFP 52 RX Power Low Alarm threshold QSFP 52 Temp - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 952
down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 953
going from the FP to the CSF IDP links. 3 Front-End Link - Output queues going from the FP to the front-end PHY. All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 954
• Dynamic Pool= Total Available Pool(16384 cells) - Total Dedicated Pool = 5904 cells • Oversubscription ratio = 10 • Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 146. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 955
BUFFER PROFILE mode buffer dedicated • Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE mode buffer packet-pointers • Apply the buffer profile to a line card. CONFIGURATION - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 956
256 Using a Pre-Defined Buffer Profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, non-quality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications. You must reload the system for the global buffer profile to take - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 957
profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 958
• show hardware stack-unit stack-unit-number unit unit-number {counters | details | port-stats [detail] | register | ipmc-replication | table-dump} • show hardware {ip | ipv6 | mac} {eg-acl | in-acl} stack-unit stack-unit-number port-set 0 pipeline 0-3 • show hardware ip qos stack-unit stack-unit- - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 959
HOL DROPS on COS12 : 0 HOL DROPS on COS13 : 0 HOL DROPS on COS14 : 0 HOL DROPS on COS15 : 0 HOL DROPS on COS16 : 0 HOL DROPS on COS17 : 0 TxPurge CellErr : 0 Aged Drops : 0 --- Egress MAC counters--- Egress FCS Drops : 0 --- Egress FORWARD PROCESSOR Drops --- IPv4 L3UC Aged & - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 960
0 0 19 19 0 0 0 0 0 20 20 0 0 0 0 0 21 21 0 0 0 0 0 22 22 0 0 0 0 0 23 23 0 0 0 0 0 24 24 0 0 0 0 0 25 25 0 0 0 0 0 26 26 0 0 0 0 0 27 27 0 0 0 0 0 28 28 0 0 0 0 0 29 29 0 0 0 0 0 30 30 0 0 0 0 0 31 31 0 0 0 0 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 961
52 62 0 0 0 0 0 52 63 0 0 0 0 0 52 64 0 0 0 0 0 53 65 0 0 0 0 0 53 66 0 0 0 0 0 53 67 0 0 0 0 0 53 68 0 0 0 0 0 54/1 69 0 0 0 0 0 54/2 70 0 0 0 0 0 54/3 71 0 0 0 0 0 54/4 72 0 0 0 0 0 Internal 53 0 0 0 0 0 Internal - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 962
txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0 ) :0 txPkt(COS1 ) :0 txPkt(COS2 ) :0 txPkt(COS3 ) :0 txPkt(COS4 ) :0 txPkt(COS5 ) :0 txPkt(COS6 ) :0 txPkt(COS7 ) :0 txPkt(COS8 ) :0 txPkt(COS9 ) :0 txPkt(COS10) :0 txPkt(COS11) :0 txPkt(UNIT0) :0 Example of Viewing Party Bus Statistics - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 963
RX - 64 Byte Frame Counter RX - 64 to 127 Byte Frame Counter RX - 128 to 255 Byte Frame Counter RX - 256 to 511 Byte Frame Counter RX - 512 to 1023 Byte Frame Counter RX - 1024 to 1518 Byte Frame Counter RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048 to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 964
RX - 512 to 1023 Byte Frame Counter 0 RX - 1024 to 1518 Byte Frame Counter 0 RX - 1519 to 1522 Byte Good VLAN Frame Counter 0 RX - 1519 to 2047 Byte Frame Counter 0 RX - 2048 to 4095 Byte Frame Counter 0 RX - 4096 to 9216 Byte Frame Counter 0 RX - Good Packet Counter 0 RX - Packet/ - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 965
dumps. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 966
- Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 967
describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 968
Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 97. General 2460 Internationalization of the File Transfer Protocol 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 969
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 98. General IPv4 Protocols R Full Name F C # Z-Series 79 Internet Protocol 1 79 Internet Control 2 Message Protocol 82 An Ethernet - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 970
a 28 Variant of the Tiny Fragment Attack S-Series 7.6.1 7.6.1 7.7.1 7.8.1 7.8.1 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 99. General IPv6 Protocols RF Full Name C# Z-Series 188 DNS 6 Extensions to - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 971
S-Series 7.8.1 8.3.12.0 7.8.1 8.3.12.0 7.8.1 7.8.1 8.3.12.0 8.3.12.0 8.3.12.0 Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 100. Border Gateway Protocol (BGP) RFC# Full Name 1997 BGP ComAmtturnibituitees 2385 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 972
Gateway Protocol 4 (BGP-4) 7.8.1 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 101. Open Shortest Path First (OSPF) RFC# Full Name 1587 The OSPF Not-So-Stubby Area - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 973
4191 Default Router Preferences and More-Specific Routes S-Series 7.8.1 7.8.1 8.3.12.0 Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 104. Multicast RFC# Full Name 1112 Host Extensions for IP Multicasting 2236 Internet Group - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 974
Protocol Specification (Revised) S-Series 7.8.1 7.8.1 SSM for IPv4 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 105. Network Management RFC# 1155 1156 1157 1212 1215 1493 1724 1850 1901 2011 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 975
Control Table, Ethernet History Table, Alarm Table, Event Table, Log Table The Interfaces Group MIB 7.6.1 Remote Authentication Dial In User Service (RADIUS) 7.6.1 Remote Network Monitoring Management Information 7.6.1 Base for High Capacity Networks (64 bits): Ethernet Standards Compliance 975 - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 976
for High Capacity 7.6.1 Alarms, High-Capacity Alarm Table (64 bits) IEEE 802.1X Remote Authentication Dial In User 7.6.1 Service (RADIUS) Usage Guidelines Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) Textual Conventions - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 977
that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) Force10 C-Series Enterprise Chassis MIB Force10 Enterprise IF Extension MIB (extends the - Dell PowerSwitch S6000 ON | Configuration Guide for the S6000-ON System 9.100.0 - Page 978
https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance. 978 Standards Compliance
Dell
Configuration
Guide for the S6000–ON
System
9.10(0.0)