Dell Force10 S4820T Configuration manual

Download

FTOS Configuration Guide for

the S4820T (FTOS 8.3.19.0)

System

Publication Date: March 2013

Notes, Cautions, and Warnings

NOTE: A NOTE indicates important information that helps you make better use of your computer.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to

avoid the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.

Trademarks used in this text: Dell™, the DELL logo, Dell Precision™, OptiPlex™, Latitude™, PowerEdge™, PowerVault™, PowerConnect™, OpenManage™, EqualLogic™, KACE™, FlexAddress™ and Vostro™ are trademarks of Dell Inc. Intel Core™ and Celeron Opteron™, AMD Phenom™, and AMD Sempron™ are trademarks of Advanced Micro Devices, Inc. Microsoft

Server

, MS-DOS® and Windows Vista® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat Enterprise Linux countries. Novell registered trademark of Oracle Corporation and/or its affiliates. Citrix or trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware

are registered trademarks of Intel Corporation in the U.S. and other countries. AMD® is a registered trademark and AMD

is a registered trademark and SUSE ™ is a trademark of Novell Inc. in the United States and other countries. Oracle® is a

and Enterprise Linux® are registered trademarks of Red Hat, Inc. in the United States and/or other

, Xen®, XenServer® and XenMotion® are either registered trademarks

, Virtual SMP®, vMotion®, vCenter®, and vSphere®

, Pentium®, Xeon®,

, Windows®, Windows

are registered trademarks or trademarks of VMWare, Inc. in the United States or other countries.

Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

March 2013

1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Information Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2 Configuration Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Accessing the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

CLI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Navigating CLI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

The do Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Undoing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Obtaining Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Entering and Editing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Filtering show Command Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Multiple Users in Configuration mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Console access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Serial console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Configure a Host Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Access the System Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Access the C-Series, E-Series, S4810, and the S4820T Remotely . . . . . . . . . . . . .48

Access the S-Series Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configure the Enable Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Copy Files to and from the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Save the Running-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Configure the Overload bit for Startup Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

View Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

File System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

View command history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Upgrading FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

4 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Configure Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Create a Custom Privilege Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Apply a Privilege Level to a Username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Apply a Privilege Level to a Terminal Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

| 3

Configure Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Log Messages in the Internal Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Configuration Task List for System Log Management . . . . . . . . . . . . . . . . . . . . . . . . 63

Disable System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Send System Messages to a Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Configure a Unix System as a Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Change System Logging Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Display the Logging Buffer and the Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . 65

Configure a UNIX logging facility level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

Synchronize log messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Enable timestamp on syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

www.dell.com | support.dell.com

File Transfer Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Configuration Task List for File Transfer Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Terminal Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Deny and Permit Access to a Terminal Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Configure Login Authentication for Terminal Lines . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Time out of EXEC Privilege Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Telnet to Another Network Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

Lock CONFIGURATION mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Viewing the Configuration Lock Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Recovering from a Forgotten Password on the S4810 or S4820T . . . . . . . . . . . . . . . . .75

Recovering from a Forgotten Enable Password on the S4810 or S4820T . . . . . . . .76

Recovering from a Failed Start on the S4810 or S4820T . . . . . . . . . . . . . . . . . . . . . . . . 76

5 802.1ag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Ethernet CFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

Maintenance Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Maintenance Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Maintenance End Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Configure CFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Enable Ethernet CFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Create a Maintenance Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Create a Maintenance Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Create Maintenance Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Create a Maintenance End Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Create a Maintenance Intermediate Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

MP Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Continuity Check Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Enable CCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87

Enable Cross-checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Loopback Message and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

4 |

Linktrace Message and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Link Trace Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Enable CFM SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Display Ethernet CFM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

6 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93

The Port-authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

EAP over RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95

Configuring 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Enabling 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring Request Identity Re-transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Configuring a Quiet Period after a Failed Authentication . . . . . . . . . . . . . . . . . . . . 100

Forcibly Authorizing or Unauthorizing a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Re-authenticating a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Periodic Re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Configuring Timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Dynamic VLAN Assignment with Port Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Guest and Authentication-fail VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Configuring a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

Configuring an Authentication-fail VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

7 Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

IP Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

CAM Profiling, CAM Allocation, and CAM Optimization . . . . . . . . . . . . . . . . . . . . . 110

Implementing ACLs on FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

IP Fragment Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Configure a standard IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Configure an extended IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Established Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Configuring Layer 2 and Layer 3 ACLs on an Interface . . . . . . . . . . . . . . . . . . . . . . . . .122

Assign an IP ACL to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Counting ACL Hits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Configuring Ingress ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Configuring Egress ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Egress Layer 3 ACL Lookup for Control-plane IP Traffic . . . . . . . . . . . . . . . . . . . .126

Configuring ACLs to Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

Applying an ACL on Loopback Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

IP Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

| 5

Configuration Task List for Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

ACL Resequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Resequencing an ACL or Prefix List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134

Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Configuration Task List for Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

8 Bidirectional Forwarding Detection (BFD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145

How BFD Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

www.dell.com | support.dell.com

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Configuring Bidirectional Forwarding Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Configuring BFD for Physical Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Configuring BFD for Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Configuring BFD for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

Configuring BFD for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Configuring BFD for VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171

Configuring BFD for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174

Configuring BFD for Port-Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175

Configuring Protocol Liveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177

Troubleshooting BFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177

9 Border Gateway Protocol IPv4 (BGPv4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Autonomous Systems (AS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Sessions and Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182

Route Reflectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183

Confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184

BGP Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185

Best Path Selection Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185

Weight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Local Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Multi-Exit Discriminators (MEDs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188

Origin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

AS Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Next Hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190

Multiprotocol BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Implementing BGP with FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

Additional Path (Add-Path) support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Advertise IGP cost as MED for redistributed routes . . . . . . . . . . . . . . . . . . . . . . . . 191

Ignore Router-ID for some best-path calculations . . . . . . . . . . . . . . . . . . . . . . . . . . 192

6 |

4-Byte AS Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192

AS4 Number Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

AS Number Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

BGP4 Management Information Base (MIB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

BGP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Configuration Task List for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

MBGP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

BGP Regular Expression Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Debugging BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Storing Last and Bad PDUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240

Capturing PDUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

PDU Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Example: Enable BGP, Router 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Example: Enable BGP, Router 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Example: Enable BGP, Router 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Example: Enable Peer Group, Router 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Example: Enable Peer Groups, Router 1 (Continued) . . . . . . . . . . . . . . . . . . . . . . 248

Example: Enable Peer Groups, Router 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249

Example: Enable Peer Groups, Router 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250

Example: Enable Peer Groups, Router 3 (Continued) . . . . . . . . . . . . . . . . . . . . . . 251

10 Bare Metal Provisioning 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Jumpstart mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258

Domain Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Switch boot and set-up behavior in Jumpstart Mode . . . . . . . . . . . . . . . . . . . . . . .258

11 Content Addressable Memory (CAM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Content Addressable Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

CAM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Microcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

CAM Profiling for ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Boot Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Example: EF Line Card with EG Chassis Profile (Card Problem) . . . . . . . . . . . . . .266

Example: EH Line Card with EG Chassis Profile (Card Problem) . . . . . . . . . . . . .266

When to Use CAM Profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

| 7

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Differences Between EtherScale and TeraScale . . . . . . . . . . . . . . . . . . . . . . . . . . .267

Select CAM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

CAM Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Test CAM Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

View CAM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270

View CAM-ACL settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271

View CAM Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272

Configure IPv4Flow Sub-partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Configure Ingress Layer 2 ACL Sub-partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Return to the Default CAM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

www.dell.com | support.dell.com

CAM Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Applications for CAM Profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

LAG Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

LAG Hashing based on Bidirectional Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279

CAM profile for the VLAN ACL group feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279

Troubleshoot CAM Profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

CAM Profile Mismatches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279

QoS CAM Region Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280

12 Control Plane Policing (CoPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Configure Control Plane Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Configure CoPP for protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283

Configure CoPP for CPU queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

Show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

13 Data Center Bridging (DCB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Ethernet Enhancements in Data Center Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Priority-Based Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290

Enhanced Transmission Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292

Data Center Bridging Exchange Protocol (DCBx) . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Data Center Bridging in a Traffic Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Enabling Data Center Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

QoS dot1p Traffic Classification and Queue Assignment . . . . . . . . . . . . . . . . . . . . . . . 295

Configuring Priority-Based Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296

Configuring Lossless Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Configuring the PFC Buffer in a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Configuring Enhanced Transmission Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301

ETS Prerequisites and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301

Creating a QoS ETS Output Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Creating an ETS Priority Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305

Applying an ETS Output Policy for a Priority Group to an Interface . . . . . . . . . . . .306

8 |

ETS Operation with DCBx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Configuring Bandwidth Allocation for DCBx CIN . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Applying DCB Policies in a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Configuring DCBx Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

DCBx Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

DCBx Port Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

DCB Configuration Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312

Configuration Source Election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Propagation of DCB Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313

Auto-Detection and Manual Configuration of the DCBx Version . . . . . . . . . . . . . . . 313

DCBx Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314

DCBx Prerequisites and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

DCBx Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316

Verifying DCB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

PFC and ETS Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334

Using PFC and ETS to Manage Data Center Traffic . . . . . . . . . . . . . . . . . . . . . . . .334

Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack . . . 338

Hierarchical Scheduling in ETS Output Policies . . . . . . . . . . . . . . . . . . . . . . . . . . .339

14 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341

DHCP Packet Format and Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342

Assigning an IP Address using DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Configure the System to be a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Configure the Server for Automatic Address Allocation . . . . . . . . . . . . . . . . . . . . . .345

Specify a Default Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Enable DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Configure a Method of Hostname Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348

Create Manual Binding Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348

Debug DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349

DHCP Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Configure the System to be a Relay Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349

Configure the System for User Port Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351

Configure Secure DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351

Option 82 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352

Drop DHCP packets on snooped VLANs only . . . . . . . . . . . . . . . . . . . . . . . . . . . .354

Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355

Source Address Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .357

| 9

15 Equal Cost Multi-Path (ECMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

ECMP for Flow-based Affinity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Configurable Hash Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361

Deterministic ECMP Next Hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Configurable Hash Algorithm Seed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362

Link Bundle Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

Managing ECMP Group Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364

16 Enabling FIPS Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Preparing the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Enabling FIPS Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

www.dell.com | support.dell.com

Generating Host-Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366

Monitoring FIPS Mode Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Disabling the FIPS Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367

17 FIP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Fibre Channel over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369

Ensuring Robustness in a Converged Ethernet Network . . . . . . . . . . . . . . . . . . . . . . .369

FIP Snooping on Ethernet Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

FIP Snooping in a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Configuring FIP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Enabling the FIP Snooping Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Enabling FIP Snooping on VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374

Configuring the FC-MAP Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374

Configuring a Port for a Bridge-to-Bridge Link . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Configuring a Port for a Bridge-to-FCF Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Impact on Other Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

FIP Snooping Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

FIP Snooping Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376

Displaying FIP Snooping Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377

FIP Snooping Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382

10 |

18 Force10 Resilient Ring Protocol (FRRP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385

Ring Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Multiple FRRP Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387

Important FRRP Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387

Important FRRP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Implementing FRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389

FRRP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390

Troubleshooting FRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Configuration Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395

Sample Configuration and Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

19 GARP VLAN Registration Protocol (GVRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399

Enabling GVRP Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399

Enabling GVRP on a Layer 2 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399

Configuring GVRP Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400

Configuring a GARP Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400

20 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Component Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404

RPM Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

Online Insertion and Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .410

RPM Online Insertion and Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .410

Linecard Online Insertion and Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Hitless Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414

Software Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Runtime System Health Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414

SFM Channel Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

Software Component Health Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

System Health Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Failure and Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

Hot-lock Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416

Warm Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .417

Configure Cache Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .418

Process Restartability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421

21 Internet Group Management Protocol (IGMP). . . . . . . . . . . . . . . . . . . . . . . . . . . 423

IGMP Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423

IGMP Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423

IGMP version 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423

IGMP version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425

Configuring IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428

Viewing IGMP Enabled Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429

Selecting an IGMP Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429

Viewing IGMP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430

| 11

Adjusting Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430

Adjusting Query and Response Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430

Adjusting the IGMP Querier Timeout Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431

Configuring a Static IGMP Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Enabling IGMP Immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431

IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432

IGMP Snooping Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432

Configuring IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432

Enabling IGMP Immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

Disabling Multicast Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

Specifying a Port as Connected to a Multicast Router . . . . . . . . . . . . . . . . . . . . . .433

www.dell.com | support.dell.com

Configuring the Switch as Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

Fast Convergence after MSTP Topology Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . .434

Designating a Multicast Router Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434

22 Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Interface Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436

View Basic Interface Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

Enable a Physical Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439

Configuration Task List for Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . .439

Overview of Layer Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439

Configure Layer 2 (Data Link) Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Configure Layer 3 (Network) Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

Management Interfaces on the E-Series, C-Series, S4810 and the S4820 . . . . . .442

Configure Management Interfaces on the S-Series . . . . . . . . . . . . . . . . . . . . . . . . 444

VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445

Loopback Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Null Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Port Channel Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446

Bulk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Interface Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Bulk Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Interface Range Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

Define the Interface Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

Choose an Interface-range Macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461

Monitor and Maintain Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462

Maintenance using TDR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Splitting QSFP ports to SFP+ ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Important Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Link Debounce Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Important Points to Remember about Link Debounce Timer . . . . . . . . . . . . . . . . . 465

12 |

Assign a debounce time to an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

Show debounce times in an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

Disable ports when one only SFM is available (E300 only) . . . . . . . . . . . . . . . . . .466

Disable port on one SFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467

Link Dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467

Enable Link Dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Link Bundle Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Ethernet Pause Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Threshold Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470

Enable Pause Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Configure MTU Size on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .472

Port-pipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Auto-Negotiation on Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .474

View Advanced Interface Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477

Display Only Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Configure Interface Sampling Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Dynamic Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Clear interface counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

23 IPv4 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Configuration Task List for IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Directed Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Resolution of Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489

ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491

Configuration Task List for ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

ARP Learning via Gratuitous ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

ARP Learning via ARP Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494

Configurable ARP Retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .495

ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Configuration Task List for ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496

Configuring UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Important Points to Remember about UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . .497

Enabling UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497

Configuring a Broadcast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .498

Configurations Using UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

UDP Helper with Broadcast-all Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

UDP Helper with Subnet Broadcast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 499

UDP Helper with Configured Broadcast Addresses . . . . . . . . . . . . . . . . . . . . . . . .500

UDP Helper with No Configured Broadcast Addresses . . . . . . . . . . . . . . . . . . . . .500

| 13

Troubleshooting UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

24 iSCSI Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

iSCSI Optimization Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .503

Monitoring iSCSI Traffic Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505

Application of Quality of Service to iSCSI Traffic Flows . . . . . . . . . . . . . . . . . . . . .505

Information Monitored in iSCSI Traffic Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505

Detection and Auto-configuration for Dell EqualLogic Arrays . . . . . . . . . . . . . . . . . 506

Detection and Port Configuration for Dell Compellent Arrays . . . . . . . . . . . . . . . . . 506

Enabling and Disabling iSCSI Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .507

Default iSCSI Optimization Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508

www.dell.com | support.dell.com

iSCSI Optimization Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508

Configuring iSCSI Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508

Displaying iSCSI Optimization Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510

25 Intermediate System to Intermediate System . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513

IS-IS Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Multi-Topology IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Transition Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Interface support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516

Adjacencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516

Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .518

Configuration Task List for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

Configuring the distance of a route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529

Change the IS-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529

IS-IS Metric Styles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

Configure Metric Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

Maximum Values in the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .538

Changing the IS-IS Metric Style in One Level Only . . . . . . . . . . . . . . . . . . . . . . . .538

Leaking from One Level to Another . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540

Sample Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541

14 |

26 IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545

Extended Address Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546

Stateless Autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546

IPv6 Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546

IPv6 Header Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547

Extension Header fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549

Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550

Implementing IPv6 with FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551

ICMPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554

Path MTU Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

IPv6 Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

IPv6 Neighbor Discovery of MTU packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556

QoS for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557

IPv6 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .557

SSH over an IPv6 Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557

Configuration Task List for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558

Change your CAM-Profile on an E-Series system . . . . . . . . . . . . . . . . . . . . . . . . . 558

Adjust your CAM-Profile on a C-Series or S-Series . . . . . . . . . . . . . . . . . . . . . . . .559

Assign an IPv6 Address to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560

Assign a Static IPv6 Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561

Telnet with IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562

SNMP over IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562

Show IPv6 Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

Show an IPv6 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564

Show IPv6 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Show the Running-Configuration for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Clear IPv6 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

27 Link Aggregation Control Protocol (LACP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

Introduction to Dynamic LAGs and LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570

LACP modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

LACP Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

LACP Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Monitor and Debugging LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573

Shared LAG State Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Configure Shared LAG State Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Important Points about Shared LAG State Tracking . . . . . . . . . . . . . . . . . . . . . . . . 576

Configure LACP as Hitless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576

LACP Basic Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

28 Layer 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587

Managing the MAC Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Clear the MAC Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Set the Aging Time for Dynamic Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588

Configure a Static MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588

Display the MAC Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589

MAC Learning Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589

mac learning-limit dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590

| 15

mac learning-limit mac-address-sticky . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591

mac learning-limit station-move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591

Learning Limit Violation Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591

Station Move Violation Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592

Recovering from Learning Limit and Station Move Violations . . . . . . . . . . . . . . . . .592

Per-VLAN MAC Learning Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593

NIC Teaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594

MAC Move Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595

Microsoft Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595

Default Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596

Configuring the Switch for Microsoft Server Clustering . . . . . . . . . . . . . . . . . . . . . . 596

www.dell.com | support.dell.com

Enable and Disable VLAN Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597

Configuring Redundant Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .598

Important Points about Configuring Redundant Pairs . . . . . . . . . . . . . . . . . . . . . . .599

Restricting Layer 2 Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601

Far-end Failure Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .602

FEFD state changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .604

Configuring FEFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .604

Debugging FEFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .605

29 Link Layer Discovery Protocol (LLDP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607

802.1AB (LLDP) Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607

Protocol Data Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607

Optional TLVs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609

Management TLVs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609

TIA-1057 (LLDP-MED) Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .611

TIA Organizationally Specific TLVs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611

Configuring LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .615

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616

LLDP Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616

CONFIGURATION versus INTERFACE Configurations . . . . . . . . . . . . . . . . . . . . . . . . 616

Enabling LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617

Disabling and Undoing LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617

Advertising TLVs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .618

Viewing the LLDP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619

Viewing Information Advertised by Adjacent LLDP Agents . . . . . . . . . . . . . . . . . . . . . .620

Configuring LLDPDU Intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .621

Configuring Transmit and Receive Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .622

Configuring a Time to Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

Debugging LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624

Relevant Management Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .625

16 |

30 Multicast Source Discovery Protocol (MSDP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 631

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631

Anycast RP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .632

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632

Configuring Multicast Source Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 633

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633

Enable MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638

Manage the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .638

View the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639

Limit the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639

Clear the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639

Enable the Rejected Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639

Accept Source-active Messages that fail the RFP Check . . . . . . . . . . . . . . . . . . . . . . .640

Limit the Source-active Messages from a Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .642

Prevent MSDP from Caching a Local Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .643

Prevent MSDP from Caching a Remote Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644

Prevent MSDP from Advertising a Local Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Log Changes in Peership States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646

Terminate a Peership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646

Clear Peer Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647

Debug MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

MSDP with Anycast RP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

Reducing Source-active Message Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650

Specify the RP Address Used in SA Messages . . . . . . . . . . . . . . . . . . . . . . . . . . .650

MSDP Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .654

31 Multiple Spanning Tree Protocol (MSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .659

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660

Configure Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660

Enable Multiple Spanning Tree Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661

Add and Remove Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661

Create Multiple Spanning Tree Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .662

Influence MSTP Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663

Interoperate with Non-FTOS Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .663

Modify Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664

Modify Interface Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665

Configure an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666

Flush MAC Addresses after a Topology Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667

MSTP Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .668

Debugging and Verifying MSTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .672

| 17

32 Multicast Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675

Enable IP Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .675

Multicast with ECMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676

First Packet Forwarding for Lossless Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .677

Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678

IPv4 Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678

IPv6 Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683

Multicast Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685

www.dell.com | support.dell.com

33 Open Shortest Path First (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687

Networks and Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .689

Router Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689

Designated and Backup Designated Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .691

Link-State Advertisements (LSAs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .692

Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693

Router Priority and Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .693

Implementing OSPF with FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694

Fast Convergence (OSPFv2, IPv4 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695

Multi-Process OSPF (OSPFv2, IPv4 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .695

RFC-2328 Compliant OSPF Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .696

OSPF ACK Packing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697

OSPF Adjacency with Cisco Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697

Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697

Configuration Task List for OSPFv2 (OSPF for IPv4) . . . . . . . . . . . . . . . . . . . . . . .698

Troubleshooting OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .713

Sample Configurations for OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .715

Basic OSPFv2 Router Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716

18 |

34 PIM Sparse-Mode (PIM-SM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .717

Requesting Multicast Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718

Refusing Multicast Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718

Sending Multicast Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719

Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .719

Enable PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .720

Configurable S,G Expiry Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721

Configure a Static Rendezvous Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722

Override Bootstrap Router Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723

Configure a Designated Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723

Create Multicast Boundaries and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724

PIM-SM Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724

Monitoring PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725

35 Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727

Port Monitoring on E-Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .728

E-Series TeraScale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .728

E-Series ExaScale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729

Port Monitoring on C-Series and S-Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729

Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .732

Flow-based Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .733

36 Private VLANs (PVLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735

Private VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .735

Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .737

Private VLAN Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738

Private VLAN Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .741

37 Per-VLAN Spanning Tree Plus (PVST+) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .745

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746

Configure Per-VLAN Spanning Tree Plus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .746

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .746

Enable PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747

Disable PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747

Influence PVST+ Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747

Modify Global PVST+ Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .749

Modify Interface PVST+ Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750

Configure an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751

PVST+ in Multi-vendor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .752

PVST+ Extended System ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .752

PVST+ Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .753

38 Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 757

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 759

Port-based QoS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 759

Set dot1p Priorities for Incoming Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .760

Honor dot1p Priorities on Ingress Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 760

| 19

Configure Port-based Rate Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .761

Configure Port-based Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762

Configure Port-based Rate Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .763

Policy-based QoS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764

Classify Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764

Create a QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768

Create Policy Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771

QoS Rate Adjustment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .775

Strict-priority Queueing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .776

Weighted Random Early Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .776

Create WRED Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .777

www.dell.com | support.dell.com

Apply a WRED profile to traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778

Display Default and Configured WRED Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . .778

Display WRED Drop Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .779

Pre-calculating Available QoS CAM Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780

39 Routing Information Protocol (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .783

RIPv1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .783

RIPv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784

Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784

Configuration Task List for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784

RIP Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .792

40 Remote Monitoring (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 799

Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 799

Fault Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .800

41 Rapid Spanning Tree Protocol (RSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .805

Configuring Rapid Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .805

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 806

RSTP and VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 806

Configure Interfaces for Layer 2 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807

Enable Rapid Spanning Tree Protocol Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808

Add and Remove Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811

Modify Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811

Modify Interface Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .812

Configure an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813

Influence RSTP Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 814

20 |

SNMP Traps for Root Elections and Topology Changes . . . . . . . . . . . . . . . . . . . . . . . .815

Fast Hellos for Link State Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .815

42 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817

AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817

Configuration Task List for AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817

AAA Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 820

Configuration Task List for AAA Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 820

AAA Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .823

Privilege Levels Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823

Configuration Task List for Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .824

RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828

RADIUS Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .829

Configuration Task List for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 830

TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .833

Configuration Task List for TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .833

TACACS+ Remote Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . .835

Command Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837

Protection from TCP Tiny and Overlapping Fragment Attacks . . . . . . . . . . . . . . . . . . . 837

SCP and SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .837

Using SCP with SSH to copy a software image . . . . . . . . . . . . . . . . . . . . . . . . . . .839

Secure Shell Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840

Troubleshooting SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843

Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843

Trace Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844

Configuration Tasks for Trace Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844

VTY Line and Access-Class Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850

VTY Line Local Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . .850

VTY Line Remote Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . .851

VTY MAC-SA Filter Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851

43 Service Provider Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853

VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .853

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .854

Configure VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .854

Create Access and Trunk Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855

Enable VLAN-Stacking for a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855

Configure the Protocol Type Value for the Outer VLAN Tag . . . . . . . . . . . . . . . . . .856

FTOS Options for Trunk Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .856

Debug VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .857

VLAN Stacking in Multi-vendor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .858

VLAN Stacking Packet Drop Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .864

Enable Drop Eligibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .865

| 21

Honor the Incoming DEI Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865

Mark Egress Packets with a DEI Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866

Dynamic Mode CoS for VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .866

Layer 2 Protocol Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871

Enable Layer 2 Protocol Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871

Specify a Destination MAC Address for BPDUs . . . . . . . . . . . . . . . . . . . . . . . . . . .872

Rate-limit BPDUs on the E-Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .872

Rate-limit BPDUs on the C-Series and S-Series . . . . . . . . . . . . . . . . . . . . . . . . . .872

Debug Layer 2 Protocol Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873

Provider Backbone Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873

www.dell.com | support.dell.com

44 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .876

Enable and Disable sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877

Enable and Disable on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877

sFlow Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .878

Show sFlow Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .878

Show sFlow on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .878

Show sFlow on a Line Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .879

Specify Collectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .880

Polling Intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .880

Sampling Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880

Sub-sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .881

Back-off Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882

sFlow on LAG ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882

Extended sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .883

22 |

45 Simple Network Management Protocol (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . 885

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .885

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885

Configure Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886

Setting up SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886

Create a Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .887

Setting Up User-based Security (SNMPv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .887

Read Managed Object Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889

Write Managed Object Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .890

Configure Contact and Location Information using SNMP . . . . . . . . . . . . . . . . . . . . . . 890

Subscribe to Managed Object Value Updates using SNMP . . . . . . . . . . . . . . . . . . . . . 891

Copy Configuration Files Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895

Manage VLANs using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .901

Create a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901

Assign a VLAN Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .901

Display the Ports in a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .902

Add Tagged and Untagged Ports to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 904

Managing Overload on Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

Enable and Disable a Port using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .906

Fetch Dynamic MAC Entries using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .906

Deriving Interface Indices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908

Monitor Port-channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .909

Troubleshooting SNMP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910

46 Stacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911

S-Series Stacking Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912

Stack Management Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912

Stack Master Election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .913

Virtual IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914

Failover Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .914

MAC Addressing on S-Series Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914

Stacking LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .916

Supported Stacking Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916

High Availability on S-Series Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Management Access on S-Series Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918

Important Points to Remember - S4810 and S4820T Stacking . . . . . . . . . . . . . . . . . . . 919

S-Series Stacking Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 920

Create an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 920

Add Units to an Existing S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926

Split an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .929

S-Series Stacking Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .930

Assign Unit Numbers to Units in an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . 930

Create a Virtual Stack Unit on an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . 930

Display Information about an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 930

Influence Management Unit Selection on an S-Series Stack . . . . . . . . . . . . . . . . .933

Manage Redundancy on an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .934

Reset a Unit on an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934

Verifying a Stack Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .934

LED Status Indicators on an S4810 or S4820T Stack . . . . . . . . . . . . . . . . . . . . . .934

Display Status of Stacking Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935

Removing Units or Front End Ports from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937

Remove a Unit from an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .937

Remove Front End Port Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 938

| 23

Troubleshoot an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938

Recover from Stack Link Flaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938

Recover from a Card Problem State on an S-Series Stack . . . . . . . . . . . . . . . . . .939

Recover from a Card Mismatch State on an S-Series Stack . . . . . . . . . . . . . . . . .940

47 Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943

Configure Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .943

Configure storm control from INTERFACE mode . . . . . . . . . . . . . . . . . . . . . . . . . .943

Configure storm control from CONFIGURATION mode . . . . . . . . . . . . . . . . . . . . .944

48 Spanning Tree Protocol (STP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945

www.dell.com | support.dell.com

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .945

Configuring Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945

Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .945

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 946

Configuring Interfaces for Layer 2 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .946

Enabling Spanning Tree Protocol Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .948

Adding an Interface to the Spanning Tree Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .950

Removing an Interface from the Spanning Tree Group . . . . . . . . . . . . . . . . . . . . . . . . . 950

Modifying Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951

Modifying Interface STP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952

Enabling PortFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952

Preventing Network Disruptions with BPDU Guard . . . . . . . . . . . . . . . . . . . . . . . .953

STP Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .955

STP Root Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956

Root Guard Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .956

Root Guard Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .958

SNMP Traps for Root Elections and Topology Changes . . . . . . . . . . . . . . . . . . . . . . . .958

Configuring Spanning Trees as Hitless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .959

STP Loop Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 959

Loop Guard Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 959

Loop Guard Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .962

Displaying STP Guard Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963

24 |

49 System Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965

Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .965

Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 966

Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967

Configuring Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .967

Enable NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .968

Set the Hardware Clock with the Time Derived from NTP . . . . . . . . . . . . . . . . . . . 968

Configure NTP broadcasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .969

Disable NTP on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .969

Configure a source IP address for NTP packets . . . . . . . . . . . . . . . . . . . . . . . . . . .969

Configure NTP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 970

FTOS Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .973

Configuring time and date settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973

Set daylight saving time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .976

50 Uplink Failure Detection (UFD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981

Feature Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .981

How Uplink Failure Detection Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 982

UFD and NIC Teaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .983

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 984

Configuring Uplink Failure Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985

Clearing a UFD-Disabled Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 986

Displaying Uplink Failure Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .988

Sample Configuration: Uplink Failure Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .991

51 Upgrade Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993

Find the upgrade procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .993

Get Help with upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993

52 Virtual LANs (VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995

Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .996

Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997

VLANs and Port Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .997

Configuration Task List for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .998

VLAN Interface Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1002

Native VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1003

Enable Null VLAN as the Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1004

53 Virtual Link Trunking (VLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005

VLT on Core Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1006

Enhanced VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1008

VLT Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1008

Configuring Virtual Link Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1009

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1009

Configuration Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1010

RSTP and VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1014

VLT Bandwidth Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1014

VLT and Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1015

VLT and IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1015

| 25

VLT Port Delayed Restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1015

PIM-Sparse Mode Support on VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1016

RSTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1017

VLT Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1018

Verifying a VLT Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032

Sample Configuration: Virtual Link Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1037

Troubleshooting VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1040

Reconfiguring Stacked Switches as VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1041

54 Virtual Router Redundancy Protocol (VRRP) . . . . . . . . . . . . . . . . . . . . . . . . . . 1043

VRRP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043

www.dell.com | support.dell.com

VRRP Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045

VRRP Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045

VRRP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1046

Configuration Task List for VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1046

VRRP initialization delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1056

Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1057

VRRP for IPv4 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1057

VRRP for IPv6 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1059

VRRP in VRF Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1061

55 S-Series Debugging and Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067

Offline diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067

Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1068

Running Offline Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1068

Trace logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1071

Auto Save on Crash or Rollover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1072

Last restart reason (S4810 and S4820T) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1072

Hardware watchdog timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1072

show hardware commands (S4810 and S4820T) . . . . . . . . . . . . . . . . . . . . . . . . . . . .1073

Environmental monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1074

Recognize an overtemperature condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1074

Troubleshoot an overtemperature condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1075

Recognize an under-voltage condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1075

Troubleshoot an under-voltage condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1076

Buffer tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076

Deciding to tune buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1078

Buffer tuning commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1079

Sample buffer profile configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1081

Troubleshooting packet loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1082

Displaying Drop Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1082

Dataplane Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1084

Displaying Stack Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1086

26 |

Displaying Stack Member Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1086

Application core dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1087

Mini core dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1087

TCP dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1088

56 Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1091

IEEE Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1091

RFC and I-D Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1092

MIB Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1103

57 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105

| 27

www.dell.com | support.dell.com

28 |

About this Guide

Objectives

This guide describes the protocols and features supported by the Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series.

Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Force10 systems. For complete information on protocols, refer to other documentation including IETF Requests for Comment (RFCs). The instructions in this guide cite relevant RFCs, and Chapter 56, Standards Compliance contains a complete list of the supported RFCs and Management Information Base files (MIBs).

Audience

This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies.

Conventions

This document uses the following conventions to describe command syntax:

Convention Description

keyword

parameter

{X} Keywords and parameters within braces must be entered in the CLI.

[X] Keywords and parameters within brackets are optional.

x | y Keywords and parameters separated by bar require you to choose one.

Keywords are in bold and should be entered in the CLI as listed.

Parameters are in italics and require a number or word to be entered in the CLI.

About this Guide | 29

Information Symbols

Table 1-1 describes symbols contained in this guide.

Table 1-1. Information Symbols

Symbol Warning Description

Note This symbol informs you of important operational information.

ces

www.dell.com | support.dell.com

et e

4820

Platform Specific Feature

E-Series Specific Feature/Command

S4810

S4820T

Configuration Fundamentals

The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.

In FTOS, after a command is enabled, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration copy the running configuration to another location.

Note: Due to a differences in hardware architecture and the continued system development, features may occasionally differ between the platforms. These differences are identified by the information symbols shown on Table 1-1, "Information Symbols," in About this Guide.

Accessing the Command Line

Access the command line through a serial console port or a Telnet session as shown in the example below. When the system successfully boots, you enter the command line in the EXEC mode.

Note: You must have a password configured on a virtual terminal line before you can Telnet into the system. Therefore, you must use a console connection when connecting to the system for the first time.

telnet 172.31.1.53

Trying 172.31.1.53...

Connected to 172.31.1.53.

Escape character is '^]'.

Password:

FTOS>

Configuration Fundamentals | 33

CLI Modes

Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command see The do Command in the Configuration Fundamentals chapter). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Privilege Levels Overview in the Security chapter.

The FTOS CLI is divided into three major mode levels:

• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only

a limited selection of commands is available, notably system information.

www.dell.com | support.dell.com

• EXEC Privilege mode has commands to view configurations, clear counters, manage configuration

files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is unrestricted. You can configure a password for this mode; refer to Configure the Enable Password in

the Getting Started chapter.

• CONFIGURATION mode enables you to configure security features, time settings, set logging and

SNMP functions, configure static ARP and MAC addresses, and set line cards on the system.

Beneath CONFIGURATION mode are sub-modes that apply to interfaces, protocols, and features. The example below illustrates this sub-mode command structure. Two sub-CONFIGURATION modes are important when configuring the chassis for the first time:

do;

show commands, which allow you to view

• INTERFACE sub-mode is the mode in which you configure Layer 2 and Layer 3 protocols and IP

services specific to an interface. An interface can be physical (Management interface, 1-Gigabit Ethernet, or 10-Gigabit Ethernet, or SONET) or logical (Loopback, Null, port channel, or VLAN).

• LINE sub-mode is the mode in which you to configure the console and virtual terminal lines.

Note: At any time, entering a question mark (?) will display the available command options. For example, when you are in CONFIGURATION mode, entering the question mark first will list all available commands, including the possible sub-modes.

EXEC EXEC Privilege CONFIGURATION

ARCHIVE AS-PATH ACL

INTERFACE

GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOP BACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP

34 | Configuration Fundamentals

IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST

STANDARD ACCESS-LIST EXTENDED ACCESS-LIST

LINE

AUXILLIARY CONSOLE

VIRTUAL TERMINAL MAC ACCESS-LIST MONITOR SESSION MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP ROUTER ISIS ROUTER OSPF ROUTER RIP SPANNING TREE

TRACE-LIST

Note: In the example above, SONET is not supported on the S4810 or S4820T.

Navigating CLI Modes

The FTOS prompt changes to indicate the CLI mode. Table 2-1, "FTOS Command Modes," in

Configuration Fundamentals lists the CLI mode, its prompt, and information on how to access and exit this

CLI mode. You must move linearly through the command modes, with the exception of the

which takes you directly to EXEC Privilege mode; the

level.

Note: Sub-CONFIGURATION modes all have the letters “conf” in the prompt with additional modifiers to identify the mode and slot/port information. These are shown in Table 2-1, "FTOS Command Modes," in

Configuration Fundamentals.

Table 2-1. FTOS Command Modes

CLI Command Mode Prompt

EXEC

FTOS>

end command

exit command moves you up one command mode

Access Command

Access the router through the console or Telnet.

Configuration Fundamentals | 35

Table 2-1. FTOS Command Modes (continued)

CLI Command Mode Prompt

EXEC Privilege

CONFIGURATION

Note: Access all of the following modes from CONFIGURATION mode.

www.dell.com | support.dell.com

Note: SONET is not supported on the S4810 or S4820T.

The do Command

Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE,

SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with

the command

do. The following example illustrates the do command.

FTOS(conf-router_isis)#

FTOS(conf-router_ospf)#

FTOS(conf-router_rip)#

FTOS(config-span)#

FTOS(conf-trace-acl)#

router isis

router ospf

router rip

protocol spanning-tree 0

ip trace-list

Note: The following commands cannot be modified by the do command: enable, disable, exit, and configure.

Configuration Fundamentals | 37

FTOS(conf)#do show linecard all

-- Line cards --

Slot Status NxtBoot ReqTyp CurTyp Version Ports

---------------------------------------------------------------------------

0 not present

1 not present

2 online online E48TB E48TB 1-1-463 48

3 not present

4 not present

5 online online E48VB E48VB 1-1-463 48

www.dell.com | support.dell.com

6 not present

7 not present

The following example illustrates the do command for the S4810 and S4820T:

FTOS(conf)#do show system brief

Stack MAC : 00:01:e8:8b:5d:b9

Reload-Type : normal-reload [Next boot : normal-reload]

-- Stack Info --

Unit UnitType Status ReqTyp CurTyp Version Ports

----------------------------------------------------------------------------

0 Management online S4820 S4820 2D2-1-0-0-70 64

1 Member not present

2 Member not present

3 Member not present

4 Member not present

5 Member not present

6 Member not present

7 Member not present

8 Member not present

9 Member not present

10 Member not present

11 Member not present

-- Power Supplies --

Unit Bay Status Type

---------------------------------------------------------------------------

0 0 up UNKNOWN

0 1 absent

-- Fan Status --

Unit Bay TrayStatus Fan0 Speed Fan1 Speed

----------------------------------------------------------------------------

38 | Configuration Fundamentals

0 0 absent or down

0 1 up up 18995 up 18995

Speed in RPM

Undoing Commands

When you enter a command, the command line is added to the running configuration file. Disable a

command and remove it from the running-config by entering the original command preceded by the

command

ip-address

Note: Use the help or ? command as discussed in Obtaining Help in the Configuration Fundamentals

chapter command to help you construct the “no” form of a command.

FTOS(conf)#interface gigabitethernet 4/17

FTOS(conf-if-gi-4/17)#ip address 192.168.10.1/24

FTOS(conf-if-gi-4/17)#show config

interface GigabitEthernet 4/17

ip address 192.168.10.1/24

no shutdown

FTOS(conf-if-gi-4/17)#no ip address

FTOS(conf-if-gi-4/17)#show config

interface GigabitEthernet 4/17

no ip address

no shutdown

no. For example, to delete an ip address configured on an interface, use the no ip address

command, as shown in the following example.

Layer 2 protocols are disabled by default. Enable them using the no disable command. For example, in

PROTOCOL SPANNING TREE mode, enter

Obtaining Help

Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ?

help command:

• Enter

? at the prompt or after a keyword to list the keywords available in the current mode.

•

? after a prompt lists all of the available keywords. The output of this command is the same for the help command.

FTOS#?

calendar Manage the hardware calendar

cd Change current directory

no disable to enable Spanning Tree.

Configuration Fundamentals | 39

change Change subcommands

clear Reset functions

clock Manage the system clock

configure Configuring from terminal

copy Copy from one file to another

debug Debug functions

--More--

• ? after a partial keyword lists all of the keywords that begin with the specified letters.

FTOS(conf)#cl?

class-map

www.dell.com | support.dell.com

clock

FTOS(conf)#cl

• A keyword followed by [space]? lists all of the keywords that can follow the specified keyword.

FTOS(conf)#clock ?

summer-time Configure summer (daylight savings) time

timezone Configure time zone

FTOS(conf)#clock

Entering and Editing Commands

When entering commands:

• The CLI is not case sensitive.

• You can enter partial CLI keywords.

• You must enter the minimum number of letters to uniquely identify a command. For example, cannot be entered as a partial keyword because both the clock and class-map commands begin with the letters “cl.” begins with those three letters.

• The TAB key auto-completes keywords in commands. You must enter the minimum number of letters to uniquely identify a command.

• The UP and DOWN arrow keys display previously entered commands (see Command History in the

Configuration Fundamentals chapter).

• The BACKSPACE and DELETE keys erase the previous letter.

• Key combinations are available to move quickly across the command line, as described in Table 2-2,

"Short-Cut Keys and their Actions," in Configuration Fundamentals.

Table 2-2. Short-Cut Keys and their Actions

Key Combination Action

CNTL-A Moves the cursor to the beginning of the command line.

CNTL-B Moves the cursor back one character.

clo, however, can be entered as a partial keyword because only one command

40 | Configuration Fundamentals

Table 2-2. Short-Cut Keys and their Actions (continued)

Key Combination Action

CNTL-D Deletes character at cursor.

CNTL-E Moves the cursor to the end of the line.

CNTL-F Moves the cursor forward one character.

CNTL-I Completes a keyword.

CNTL-K Deletes all characters from the cursor to the end of the command line.

CNTL-L Re-enters the previous command.

CNTL-N Return to more recent commands in the history buffer after recalling commands with CTRL-P or the

UP arrow key.

CNTL-P Recalls commands, beginning with the last command

CNTL-R Re-enters the previous command.

CNTL-U Deletes the line.

CNTL-W Deletes the previous word.

CNTL-X Deletes the line.

CNTL-Z Ends continuous scrolling of command outputs.

Esc B Moves the cursor back one word.

Esc F Moves the cursor forward one word.

Esc D Deletes all characters from the cursor to the end of the word.

Command History

FTOS maintains a history of previously-entered commands for each mode. For example:

• When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.

• When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode commands.

Filtering show Command Outputs

Filter the output of a show command to display specific information by adding | [except | find | grep | no-more

| save

] specified_text after the command. The variable specified_text is the text for which you are filtering and

it IS case sensitive unless the

Starting with FTOS 7.8.1.0, the

case-insensitive. For example, the commands:

•

show run | grep Ethernet returns a search result with instances containing a capitalized “Ethernet,” such

as interface GigabitEthernet 0/0.

ignore-case sub-option is implemented.

grep command accepts an ignore-case sub-option that forces the search to

Configuration Fundamentals | 41

• show run | grep ethernet would not return that search result because it only searches for instances containing a non-capitalized “ethernet.”

Executing the command “Ethernet” and “ethernet.”

grep displays only the lines containing specified text. The following example shows this command

• used in combination with the command

FTOS(conf)#do show linecard all | grep 0

0 not present

Note: FTOS accepts a space or no space before and after the pipe. To filter on a phrase with spaces,

www.dell.com | support.dell.com

underscores, or ranges, enclose the phrase with double quotation marks.

• except displays text that does not match the specified text. The following example shows this command used in combination with the command

FTOS#show linecard all | except 0

-- Line cards --

Slot Status NxtBoot ReqTyp CurTyp Version Ports

------------------------------------------------------------------------

2 not present

3 not present

4 not present

5 not present

6 not present

• The following example shows the grep command used with the show system command on an S4810 or S4820T:

show run | grep Ethernet ignore-case would return instances containing both

show linecard all.

FTOS(conf)#do show system brief | grep 10

10 Member not present

FTOS(conf)#do show system brief | except 10

Stack MAC : 00:01:e8:8b:5d:b9

Reload-Type : normal-reload [Next boot : normal-reload]

-- Stack Info --

Unit UnitType Status ReqTyp CurTyp Version Ports

---------------------------------------------------------------

0 Management online S4820 S4820 2D2-1-0-0-70 64

1 Member not present

2 Member not present

3 Member not present

4 Member not present

5 Member not present

42 | Configuration Fundamentals

6 Member not present

7 Member not present

8 Member not present

9 Member not present

11 Member not present

-- Power Supplies --

Unit Bay Status Type

---------------------------------------------------------------

0 0 up UNKNOWN

0 1 absent

-- Fan Status --

Unit Bay TrayStatus Fan0 Speed Fan1 Speed

----------------------------------------------------------------

0 0 absent or down

0 1 up up 18950 up 18950

Speed in RPM

FTOS(conf)#do show system brief | find 10

10 Member not present

11 Member not present

-- Power Supplies --

Unit Bay Status Type

---------------------------------------------------------------

0 0 up UNKNOWN

0 1 absent

-- Fan Status --

Unit Bay TrayStatus Fan0 Speed Fan1 Speed

----------------------------------------------------------------

0 0 absent or down

0 1 up up 18950 up 18950

Speed in RPM

• find displays the output of the show command beginning from the first occurrence of specified text. The following example shows this command used in combination with the command

show linecard all.

FTOS(conf)#do show linecard all | find 0

0 not present

1 not present

2 online online E48TB E48TB 1-1-463 48

3 not present

4 not present

5 online online E48VB E48VB 1-1-463 48

6 not present

Configuration Fundamentals | 43

7 not present

• display displays additional configuration information.

•

no-more displays the output all at once rather than one screen at a time. This is similar to the command terminal length except that the no-more option affects the output of the specified command only.

save copies the output to a file for future reference.

•

Note: You can filter a single command output multiple times. The save option should be the last option entered. For example:

FTOS# command | grep regular-expression | except regular-expression | grep

other-regular-expression | find regular-expression | save

www.dell.com | support.dell.com

Multiple Users in Configuration mode

FTOS notifies all users in the event that there are multiple users logged into CONFIGURATION mode. A warning message indicates the username, type of connection (console or vty), and in the case of a vty connection, the IP address of the terminal on which the connection was established. For example:

• On the system that telnets into the switch, Message 1 appears:

Message 1 Multiple Users in Configuration mode Telnet Message

% Warning: The following users are currently configuring the system:

User "<username>" on line console0

• On the system that is connected over the console, Message 2 appears:

Message 2 Multiple Users in Configuration mode Telnet Message

% Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode

If either of these messages appears, Dell Force10 recommends that you coordinate with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.

44 | Configuration Fundamentals

Getting Started

This chapter contains the following major sections:

• Default Configuration

• Configure a Host Name

• Access the System Remotely

• Configure the Enable Password

• Configuration File Management

• File System Management

When you power up the chassis, the system performs a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.The system then loads FTOS and boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.

When the boot process is complete, the RPM and line card status LEDs remain online (green), and the console monitor displays the EXEC mode prompt.

For details on using the Command Line Interface (CLI), refer to Accessing the Command Line in the

Configuration Fundamentals chapter.

Console access

The S4810 has 2 management ports available for system access: a serial console port and an Out-of-Bounds (OOB) port.

Serial console

The RJ-45/RS-232 console port is labeled on the S4810 chassis. It is in the upper right-hand side, as you face the I/O side of the chassis.

RJ-45 Console Port

Getting Started | 45

The RJ-45/RS-232 console port is labeled on the S4820T chassis. It is to the left of Fan Module 0, as you face the PSU side of the chassis.

RJ-45 Console Port

To access the console port, follow the procedures below. Refer to Table 3-1, "Pin Assignments Between

the Console and a DTE Terminal Server," in Getting Started for the console port pinout.

www.dell.com | support.dell.com

Step Task

1 Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 or

S4820T console port to a terminal server.

2 Connect the other end of the cable to the DTE terminal server.

3 Terminal settings on the console port cannot be changed in the software and are set as follows:

9600 baud rate No parity 8 data bits 1 stop bit No flow control

Accessing the RJ-45 console port with a DB-9 adapter

You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, PC). Table 3-1, "Pin Assignments Between the Console and a

DTE Terminal Server," in Getting Started lists the pin assignments.

Table 3-1. Pin Assignments Between the Console and a DTE Terminal Server

S-Series Console Port RJ-45 to RJ-45 Rollover Cable

Signal RJ-45 pinout RJ-45 Pinout DB-9 Pin Signal

RTS 1 8 8 CTS

NC 2 7 6 DSR

TxD 3 6 2 RxD

GND 4 5 5 GND

GND 5 4 5 GND

RxD 6 3 3 TxD

RJ-45 to DB-9 Adapter

Terminal Server Device

46 | Getting Started

Table 3-1. Pin Assignments Between the Console and a DTE Terminal Server (continued)

S-Series Console Port RJ-45 to RJ-45 Rollover Cable

Signal RJ-45 pinout RJ-45 Pinout DB-9 Pin Signal

NC 7 2 4 DTR

CTS 8 1 7 RTS

Default Configuration

A version of FTOS is pre-loaded onto the chassis, however the system is not configured when you power

up for the first time (except for the default hostname, which is FTOS). You must configure the system using the CLI.

Configure a Host Name

The host name appears in the prompt. The default host name is FTOS.

RJ-45 to DB-9 Adapter

Terminal Server Device

• Host names must start with a letter and end with a letter or digit.

• Characters within the string can be letters, digits, and hyphens.

To configure a host name:

Step Task Command Syntax Command Mode

1 Create a new host name.

The example below illustrates the

FTOS(conf)#hostname R1 R1(conf)#

hostname name

hostname command.

CONFIGURATION

Access the System Remotely

You can configure the system to access it remotely by Telnet. The method for configuring the C-Series and E-Series for Telnet access is different from S-Series.

• The C-Series, E-Series, S4810 and the S4820T have a dedicated management port and a management routing table that is separate from the IP routing table.

Getting Started | 47

• The S-Series (except the S4810 and S4820T) does not have a dedicated management port, but is managed from any port. It does not have a separate management routing table.

Access the C-Series, E-Series, S4810, and the S4820T Remotely

Configuring the system for Telnet is a three-step process:

1. Configure an IP address for the management port. See Configure the Management Port IP Address.

2. Configure a management route with a default gateway. See Configure a Management Route.

www.dell.com | support.dell.com

Configure the Management Port IP Address

Assign IP addresses to the management ports in order to access the system remotely.

Note: Assign different IP addresses to each RPM’s management port.

To configure the management port IP address:

Step Task Command Syntax Command Mode

1 Enter INTERFACE mode for the

Management port.

3. Configure a username and password. See Configure a Username and Password.

Assign an IP address to the interface.

interface ManagementEthernet slot/port

• slot range: 0 to 1

• port range: 0

ip address ip-address/mask

• ip-address: an address in dotted-decimal format

(A.B.C.D).

• mask: a subnet mask in /prefix-length format (/

xx).

CONFIGURATION

INTERFACE

Enable the interface.

Configure a Management Route

Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port.

48 | Getting Started

no shutdown

INTERFACE

To configure a management route:

Step Task Command Syntax Command Mode

Configure a management route to

the network from which you are accessing the system.

management route ip-address/mask gateway

• ip-address: the network address in

dotted-decimal format (A.B.C.D).

• mask: a subnet mask in /prefix-length format (/

xx).

gateway: the next hop for network traffic

• originating from the management port.

CONFIGURATION

Configure a Username and Password

Configure a system username and password to access the system remotely.

To configure a username and password:

Step Task Command Syntax Command Mode

Configure a username and

password to access the system remotely.

username username password [encryption-type] password encryption-type

password, is 0 by default, and is not required.

• 0 is for inputting the password in clear text.

• 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Force10 system.

specifies how you are inputting the

CONFIGURATION

Access the S-Series Remotely

The S-Series does not have a dedicated management port nor a separate management routing table. Configure any port on the S-Series to be the port through which you manage the system and configure an IP route to that gateway.

Note: The S4810 and S4820T systems use management ports and should be configured similar to the C-Series and E-Series systems. Refer to Access the C-Series, E-Series, S4810, and the S4820T

Remotely

Configuring the system for Telnet access is a three-step process:

1. Configure an IP address for the port through which you will manage the system using the command

address

2. Configure a IP route with a default gateway using the command mode, as shown in the example below.

from INTERFACE mode, as shown in the example below.

ip route from CONFIGURATION

Getting Started | 49

3. Configure a username and password using the command username from CONFIGURATION mode, as shown in the example below.

R5(conf)#int gig 0/48 R5(conf-if-gi-0/48)#ip address 10.11.131.240 R5(conf-if-gi-0/48)#show config ! interface GigabitEthernet 0/48 ip address 10.11.131.240/24 no shutdown R5(conf-if-gi-0/48)#exit R5(conf)#ip route 10.11.32.0/23 10.11.131.254 R5(conf)#username admin pass FTOS

www.dell.com | support.dell.com

Configure the Enable Password

Access the EXEC Privilege mode using the enable command. The EXEC Privilege mode is unrestricted by

default. Configure a password as a basic security measure. There are two types of

enable password stores the password in the running/startup configuration using a DES encryption

• method.

•

enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.

enable passwords:

Dell Force10 recommends using the

enable secret password.

To configure an enable password:

Task Command Syntax Command Mode

Create a password to access EXEC Privilege mode.

enable [password | secret] [level level] [encryption-type] password

is the privilege level, is 15 by default, and is not required.

level encryption-type specifies how you are inputting the password, is 0 by

default, and is not required.

• 0 is for inputting the password in clear text.

• 7 is for inputting a password that is already encrypted using a DES hash. Obtain the encrypted password from the configuration file of another Dell Force10 system.

• 5 is for inputting a password that is already encrypted using an MD5 hash. Obtain the encrypted password from the configuration file of another Dell Force10 system.

CONFIGURATION

50 | Getting Started

Configuration File Management

Files can be stored on and accessed from various storage media. Rename, delete, and copy files on the system from the EXEC Privilege mode.

The E-Series EtherScale platform architecture uses MMC cards for both the internal and external Flash memory. MMC cards support a maximum of 100 files. The E-Series TeraScale and ExaScale platforms architecture use Compact Flash for the internal and external Flash memory. It has a space limitation but does not limit the number of files it can contain.

Note: Using flash memory cards in the system that have not been approved by Dell Force10 can cause unexpected system behavior, including a reboot.

Copy Files to and from the System

The command syntax for copying files is similar to UNIX. The copy command uses the format copy

source-file-url destination-file-url.

Note: See the FTOS Command Reference for a detailed description of the copy command.

• To copy a local file to a remote system, combine the file-origin syntax for a local file location with the

file-destination syntax for a remote file location shown in Table 3-2, "Forming a copy Command," in

Getting Started.

• To copy a remote file to Dell Force10 system, combine the with the

file-destination syntax for a local file location shown in Table 3-2, "Forming a copy Command,"

file-origin syntax for a remote file location

in Getting Started.

Table 3-2. Forming a copy Command

source-file-url Syntax destination-file-url Syntax

Local File Location

Internal flash:

primary RPM standby RPM copy rpm{0|1}flash://filename rpm{0|1}flash://filename

External flash:

primary RPM copy rpm{0|1}slot0://filename rpm{0|1}slot0://filename standby RPM copy rpm{0|1}slot0://filename rpm{0|1}slot0://filename

USB Drive (E-Series ExaScale)

USB drive on RPM0 copy rpm0usbflash://filepath rpm0usbflash://filename External USB drive copy usbflash://filepath

copy flash://filename flash://filename

usbflash://filename

Getting Started | 51

Table 3-2. Forming a copy Command (continued)

source-file-url Syntax destination-file-url Syntax

Remote File Location

FTP server

TFTP server copy tftp://{hostip | hostname}/filepath/

SCP server copy scp://{hostip | hostname}/filepath/

www.dell.com | support.dell.com

Important Points to Remember

copy ftp://username:password@{hostip |

hostname

filename

}/filepath/filename

• You may not copy a file from one remote system to another.

• You may not copy a file from one location to the same location.

• The internal flash memories on the RPMs are synchronized whenever there is a change, but only if both RPMs are running the same version of FTOS.

• When copying to a server, a hostname can only be used if a DNS server is configured.

• The

usbflash and rpm0usbflash commands are supported on E-Series ExaScale systems. Refer to your

system’s Release Notes for a list of approved USB vendors.

The following text is an example of using the

FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10/ /FTOS/FTOS-EF-8.2.1.0 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

27952672 bytes successfully copied

ftp://username:password filepath/filename

tftp://{hostip | hostname}/filepath/filename

scp://{hostip | hostname}/filepath/filename

copy command to save a file to an FTP server.

@{hostip | hostname}/

The following text is an example of using the copy command to import a file to the Dell Force10 system from an FTP server.

core1#$//copy ftp://myusername:mypassword@10.10.10.10//FTOS/ FTOS-EF-8.2.1.0.bin flash://

Destination file name [FTOS-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied

Save the Running-configuration

The running-configuration contains the current system configuration. Dell Force10 recommends that you copy your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup-configuration is stored in the internal flash on the primary RPM by default, but it can be saved onto an external flash (on an RPM) or a remote server.

52 | Getting Started

To save the running-configuration:

Note: The commands in this section follow the same format as those in Copy Files to and from the

System in the Getting Started chapter but use the filenames startup-configuration and

running-configuration. These commands assume that current directory is the internal flash, which is the

system default.

Task Command Syntax Command Mode

Save the running-configuration to:

the startup-configuration on the internal flash of the primary RPM

the internal flash on an RPM copy running-config rpm{0|1}flash://filename

Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of FTOS.

the external flash of an RPM copy running-config rpm{0|1}slot0://filename

an FTP server

a TFTP server copy running-config tftp://{hostip | hostname}/

an SCP server copy running-config scp://{hostip | hostname}/

Note: When copying to a server, a hostname can only be used if a DNS server is configured.

Save the running-configuration to the startup-configuration on the internal flash of the primary RPM. Then copy the new startup-config file to the external flash of the primary RPM.

copy running-config startup-config

copy running-config ftp://

username:password filename

filepath/filename

copy running-config startup-config duplicate

@{hostip | hostname}/filepath/

EXEC Privilege

FTOS Behavior: If you create a startup-configuration on an RPM and then move the RPM to another chassis, the

startup-configuration is stored as a backup file (with the extension .bak), and a new, empty startup-configuration file

is created. To restore your original startup-configuration in this situation, overwrite the new startup-configuration

with the original one using the command copy startup-config.bak startup-config.

Configure the Overload bit for Startup Scenario

For information on setting the router overload bit for a specific period of time after a switch reload is

implemented, see the FTOS Command Line Reference Guide, Chapter 18 - Intermediate System to

Intermediate System (IS-IS).

Getting Started | 53

View Files

File information and content can only be viewed on local file systems. To view a list of files on the internal or external Flash:

Step Task Command Syntax Command Mode

1 View a list of files on:

the external flash of an RPM

www.dell.com | support.dell.com

The output of the command modification for each file, as shown in the example below.

FTOS#dir Directory of flash:

1 drw- 32768 Jan 01 1980 00:00:00 . 2 drwx 512 Jul 23 2007 00:38:44 .. 3 drw- 8192 Mar 30 1919 10:31:04 TRACE_LOG_DIR 4 drw- 8192 Mar 30 1919 10:31:04 CRASH_LOG_DIR 5 drw- 8192 Mar 30 1919 10:31:04 NVTRACE_LOG_DIR 6 drw- 8192 Mar 30 1919 10:31:04 CORE_DUMP_DIR 7 d--- 8192 Mar 30 1919 10:31:04 ADMIN_DIR 8 -rw- 33059550 Jul 11 2007 17:49:46 FTOS-EF-7.4.2.0.bin 9 -rw- 27674906 Jul 06 2007 00:20:24 FTOS-EF-4.7.4.302.bin 10 -rw- 27674906 Jul 06 2007 19:54:52 boot-image-FILE 11 drw- 8192 Jan 01 1980 00:18:28 diag 12 -rw- 7276 Jul 20 2007 01:52:40 startup-config.bak 13 -rw- 7341 Jul 20 2007 15:34:46 startup-config 14 -rw- 27674906 Jul 06 2007 19:52:22 boot-image 15 -rw- 27674906 Jul 06 2007 02:23:22 boot-flash

--More--

dir flash:

dir slot:

dir also shows the read/write privileges, size (in bytes), and date of

EXEC Privilegethe internal flash of an RPM

To view the directories on a flash drive residing in the S4820T’s USB (Type-A) port, use the usbflash parameter, as in the following example:

FTOS#dir usbflash: Directory of usbflash:

1 drwx 4096 Jan 01 1980 00:00:00 +00:00 . 2 drwx 2048 Dec 01 2010 22:11:27 +00:00 .. 3 -rwx 21814334 Oct 05 2012 21:35:56 +00:00 s55_usb 15 -rwx 30661593 Oct 05 2012 08:01:42 +00:00 file 16 -rwx 524528 Oct 28 2010 23:27:34 +00:00

s4820t_uboot_FTOSBOOT-SE-1-0-0-31_recent 19 -rwx 8053 Dec 01 2010 23:00:22 +00:00 running-config 20 -rwx 28615614 Oct 05 2012 08:08:32 +00:00 s4820t-FTOS5-SE-1-0-0-26 21 -rwx 1000000000 Oct 05 2012 10:07:32 +00:00 s4820junk

54 | Getting Started

22 -rwx 30659825 Oct 05 2012 10:32:54 +00:00 1 23 -rwx 28615614 Oct 05 2012 08:58:26 +00:00 fiel1 24 -rwx 30659825 Oct 05 2012 10:32:30 +00:00 file2 25 -rwx 1000000000 Oct 05 2012 10:14:30 +00:00 s4820junk1 26 -rwx 1000000000 Oct 05 2012 10:18:26 +00:00 s4820junk2 27 -rwx 28615614 Oct 05 2012 10:30:06 +00:00 s4820t-FTOS5-SE-1-0-0-26file 30 -rwx 28615614 Oct 05 2012 10:31:36 +00:00 s4820t-FTOS5-SE-1-0-0-26file1 34 -rwx 30659825 Oct 05 2012 10:33:02 +00:00 2 35 -rwx 30659825 Oct 05 2012 10:33:08 +00:00 3 36 -rwx 30659825 Oct 05 2012 10:33:26 +00:00 4 37 -rwx 16644007 Oct 05 2012 11:22:56 +00:00 file19 39 -rwx 130000 Oct 05 2012 11:27:20 +00:00 junkfile1 usbflash: 4040642560 bytes total (151228416 bytes free)

To view the contents of a file:

Step Task Command Syntax Command Mode

1 View the:

contents of a file in the internal flash of an RPM

contents of a file in the external flash of an RPM

running-configuration

startup-configuration

show file rpm{0|1}flash://filename

show file rpm{0|1}slot0://filename

show running-config

show startup-config

EXEC Privilege

View Configuration Files

Configuration files have three commented lines at the beginning of the file, as shown in the example below, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.

In the running-configuration file, if there is a difference between the timestamp on the “Last configuration change,” and “Startup-config last updated,” then you have made changes that have not been saved and will not be preserved upon a system reboot.

FTOS#show running-config Current Configuration ... ! Version 8.2.1.0 ! Last configuration change at Thu Apr 3 23:06:28 2008 by admin ! Startup-config last updated at Thu Apr 3 23:06:55 2008 by admin ! boot system rpm0 primary flash://FTOS-EF-8.2.1.0.bin boot system rpm0 secondary flash://FTOS-EF-7.8.1.0.bin boot system rpm0 default flash://FTOS-EF-7.7.1.1.bin boot system rpm1 primary flash://FTOS-EF-7.8.1.0.bin boot system gateway 10.10.10.100

Getting Started | 55

--More--

An example of accessing the running configuration file on an external flash drive inserted into the

S4820T’s USB port:

FTOS#show file-systems

Size(b) Free(b) Feature Type Flags Prefixes 2056916992 1774563328 FAT32 USERFLASH rw flash: 4040642560 151228416 FAT32 USBFLASH rw usbflash:

- - - network rw ftp:

- - - network rw tftp:

- - - network rw scp:

www.dell.com | support.dell.com

File System Management

The Dell Force10 system can use the internal Flash, external Flash, or remote devices to store files. It stores files on the internal Flash by default but can be configured to store files elsewhere.

To view file system information:

Task Command Syntax Command Mode

View information about each file system.

The output of the command

show file-systems in the example below shows the total capacity, amount of free

show file-systems

EXEC Privilege

memory, file structure, media type, read/write privileges for each storage device in use.

FTOS#show file-systems Size(b) Free(b) Feature Type Flags Prefixes 520962048 213778432 dosFs2.0 USERFLASH rw flash: 127772672 21936128 dosFs2.0 USERFLASH rw slot0:

- - - network rw ftp:

- - - network rw tftp:

- - - network rw scp:

You can change the default file system so that file management commands apply to a particular device or memory.

To change the default storage location:

Task Command Syntax Command Mode

Change the default directory.

cd directory

EXEC Privilege

In the example below, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash.

56 | Getting Started

FTOS#cd slot0: FTOS#copy running-config test FTOS#copy run test ! 7419 bytes successfully copied FTOS#dir Directory of slot0:

1 drw- 32768 Jan 01 1980 00:00:00 . 2 drwx 512 Jul 23 2007 00:38:44 .. 3 ---- 0 Jan 01 1970 00:00:00 DCIM 4 -rw- 7419 Jul 23 2007 20:44:40 test 5 ---- 0 Jan 01 1970 00:00:00 BT 6 ---- 0 Jan 01 1970 00:00:00 200702~1VSN 7 ---- 0 Jan 01 1970 00:00:00 G 8 ---- 0 Jan 01 1970 00:00:00 F 9 ---- 0 Jan 01 1970 00:00:00 F

slot0: 127772672 bytes total (21927936 bytes free)

View command history

The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer. The system generates a trace message for each executed command. No password information is saved to the file.

To view the command-history trace, use the below.

FTOS#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 [12/5 10:57:12]: CMD-(CLI):ip telnet server enable [12/5 10:57:12]: CMD-(CLI):line console 0 [12/5 10:57:12]: CMD-(CLI):line vty 0 9 [12/5 10:57:13]: CMD-(CLI):boot system rpm0 primary flash://FTOS-CB-1.1.1.2E2.bin

Upgrading FTOS

Note: To upgrade FTOS, see the release notes for the version you want to load on the system.

show command-history command, as shown in the example

Getting Started | 57

www.dell.com | support.dell.com

58 | Getting Started

Management

Management is supported on platforms: e c s

This chapter explains the different protocols or services used to manage the Dell Force10 system including:

• Configure Privilege Levels

• Configure Logging

• File Transfer Services

• Terminal Lines

• Lock CONFIGURATION mode

• Recovering from a Forgotten Password on the S4810 or S4820T

• Recovering from a Failed Start on the S4810 or S4820T

Configure Privilege Levels

Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.

• Level 0—Access to the system begins at EXEC mode, and EXEC mode commands are limited to

enable, disable, and exit.

• Level 1—Access to the system begins at EXEC mode, and all commands are available.

• Level 15—Access to the system begins at EXEC Privilege mode, and all commands are available.

S4820T

Create a Custom Privilege Level

Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by:

• restricting access to an EXEC mode command

• moving commands from EXEC Privilege to EXEC mode

• restricting access

A user can access all commands at his privilege level and below.

Management | 59

Removing a command from EXEC mode

Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command

privilege exec from CONFIGURATION mode. In the command, specify a level greater

than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.

Move a command from EXEC privilege mode to EXEC mode

Move a command from EXEC Privilege to EXEC mode for a privilege level using the command privilege

exec

from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal

line, and specify all keywords in the command to which you want to allow access.

www.dell.com | support.dell.com

Allow Access to CONFIGURATION mode commands

Allow access to CONFIGURATION mode using the command privilege exec level level configure from

CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level, and has access to only two commands, mode command to which you want to allow access using the command

command, specify the privilege level of the user or terminal line, and specify all keywords in the command

to which you want to allow access.

end and exit. You must individually specify each CONFIGURATION

privilege configure level level. In the

Allow Access to INTERFACE, LINE, ROUTE-MAP, and ROUTER mode

1. Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes, you must first allow access to the command that enters you into the mode. For example, allow a user to enter INTERFACE mode using the command

level level interface

gigabitethernet

2. Then, individually identify the INTERFACE, LINE, ROUTE-MAP or ROUTER commands to which you want to allow access using the command

privilege {interface | line | route-map | router} level level. In

the command, specify the privilege level of the user or terminal line, and specify all keywords in the

command to which you want to allow access.

The following table lists the configuration tasks you can use to customize a privilege level:

Task Command Syntax Command Mode

Remove a command from the list of available commands in EXEC mode.

Move a command from EXEC Privilege to EXEC mode. privilege exec level level

Allow access to CONFIGURATION mode. privilege exec level level configure

privilege exec level level

{command ||...|| command}

privilege configure

CONFIGURATION

60 | Management

Task Command Syntax Command Mode

Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command.

Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command.

The configuration in the following example creates privilege level 3. This level:

• removes the

• moves the command

resequence command from EXEC mode by requiring a minimum of privilege level 4

capture bgp-pdu max-buffer-size from EXEC Privilege to EXEC mode by requiring

a minimum privilege level 3, which is the configured level for VTY 0

• allows access to CONFIGURATION mode with the

• allows access to INTERFACE and LINE modes are allowed with no commands

FTOS(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max-buffer-size privilege configure level 3 line privilege configure level 3 interface FTOS(conf)#do telnet 10.11.80.201 [telnet output omitted] FTOS#show priv Current privilege level is 3. FTOS#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from destination to source ping Send echo messages quit Exit from the EXEC show Show running system information [output omitted] FTOS#config [output omitted] FTOS(conf)#do show priv Current privilege level is 3. FTOS(conf)#?

privilege configure level level

{interface | line | route-map |

router} {command-keyword ||...|| command-keyword}

privilege {configure |interface | line

| route-map | router} level level {command ||...|| command}

banner command

CONFIGURATION

Management | 61

end Exit from configuration mode exit Exit from configuration mode interface Select an interface to configure line Configure a terminal line linecard Set line card type FTOS(conf)#interface ? fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port-channel Port-channel interface range Configure interface range

www.dell.com | support.dell.com

tengigabitethernet TenGigabit Ethernet interface vlan VLAN interface FTOS(conf)#interface gigabitethernet 1/1 FTOS(conf-if-gi-1/1)#? end Exit from configuration mode exit Exit from interface configuration mode FTOS(conf-if-gi-1/1)#exit FTOS(conf)#line ? aux Auxiliary line console Primary terminal line vty Virtual terminal FTOS(conf)#line vty 0 FTOS(config-line-vty)#? exit Exit from line configuration mode FTOS(config-line-vty)#

Apply a Privilege Level to a Username

To set a privilege level for a user:

Task Command Syntax Command Mode

Configure a privilege level for a user.

username username privilege level

CONFIGURATION

Apply a Privilege Level to a Terminal Line

To set a privilege level for a terminal line:

Task Command Syntax Command Mode

Configure a privilege level for a terminal line.

Note: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode,

but the prompt is hostname#, rather than hostname>.

privilege level level

LINE

62 | Management

Configure Logging

FTOS tracks changes in the system using event and error messages. By default, FTOS logs these messages on:

• the internal buffer

• console and terminal lines, and

• any configured syslog servers

Disable Logging

To disable logging:

Task Command Syntax Command Mode

Disable all logging except on the console.

Disable logging to the logging buffer.

Disable logging to terminal lines.

Disable console logging.

Log Messages in the Internal Buffer

All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.

Message 1 BootUp Events

%BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled

Configuration Task List for System Log Management

The following list includes the configuration tasks for system log management:

no logging on

no logging buffer

no logging monitor

no logging console

CONFIGURATION

• Disable System Logging

• Send System Messages to a Syslog Server

Disable System Logging

By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, console, and syslog servers.

Management | 63

Enable and disable system logging using the following commands:

Task Command Syntax Command Mode

Disable all logging except on the console.

Disable logging to the logging buffer.

Disable logging to terminal lines.

Disable console logging.

www.dell.com | support.dell.com

Send System Messages to a Syslog Server

Send system messages to a syslog server by specifying the server with the following command:

Task Command Syntax Command Mode

Specify the server to which you want to send system messages. You can configure up to eight syslog servers.

Configure a Unix System as a Syslog Server

logging {ip-address | hostname} CONFIGURATION

no logging on

no logging buffer

no logging monitor

no logging console

CONFIGURATION

Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the Unix

system and assigning write permissions to the file.

• on a 4.1 BSD UNIX system, add the line: local7.debugging /var/log/ftos.log

• on a 5.7 SunOS UNIX system, add the line: local7.debugging /var/adm/ftos.log

In the lines above, local7 is the logging facility level and debugging is the severity level.

Change System Logging Settings

You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control the number of system messages logged.

Task Command Syntax Command Mode

Specify the minimum severity level for logging to the logging buffer.

Specify the minimum severity level for logging to the console. logging console level

Specify the minimum severity level for logging to terminal lines.

logging buffered level CONFIGURATION

CONFIGURATION

logging monitor level

CONFIGURATION

64 | Management

Task Command Syntax Command Mode

Specifying the minimum severity level for logging to a syslog server. logging trap level

Specify the minimum severity level for logging to the syslog history table.

Task Command Syntax Command Mode

Specify the size of the logging buffer.

Note: When you decrease the buffer size, FTOS deletes

all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer.

Specify the number of messages that FTOS saves to its logging history table.

logging buffered size CONFIGURATION

logging history size size

logging history level

CONFIGURATION

To change one of the settings for logging system messages, use any or all of the following commands in the CONFIGURATION mode:

To view the logging buffer and configuration, use the

show logging command in the EXEC privilege mode

as shown in the example for Display the Logging Buffer and the Logging Configuration.

To change the severity level of messages logged to a syslog server, use the following command in the CONFIGURATION mode:

To view the logging configuration, use the

show running-config logging command in the EXEC privilege

mode as shown in the example for Configure a UNIX logging facility level.

Display the Logging Buffer and the Logging Configuration

Display the current contents of the logging buffer and the logging settings for the system, use the show

logging

FTOS#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2-MMC_STATE: External flash disk missing in 'slot0:' %CHMGR-5-CARDDETECTED: Line card 0 present %CHMGR-5-CARDDETECTED: Line card 2 present %CHMGR-5-CARDDETECTED: Line card 4 present %CHMGR-5-CARDDETECTED: Line card 5 present

command in the EXEC privilege mode as shown in the example below.

Management | 65

%CHMGR-5-CARDDETECTED: Line card 8 present %CHMGR-5-CARDDETECTED: Line card 10 present %CHMGR-5-CARDDETECTED: Line card 12 present %TSM-6-SFM_DISCOVERY: Found SFM 0 %TSM-6-SFM_DISCOVERY: Found SFM 1 %TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8

www.dell.com | support.dell.com

%TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 5 is up %CHMGR-5-CHECKIN: Checkin from line card 12 (type S12YC12, 12 ports) %TSM-6-PORT_CONFIG: Port link status for LC 12 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 12 is up %IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8

To view any changes made, use the show running-config logging command in the EXEC privilege mode as shown in the example for Configure a UNIX logging facility level.

Configure a UNIX logging facility level

You can save system log messages with a UNIX system logging facility.

66 | Management

To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode:

Command Syntax Command Mode Purpose

logging facility [facility-type] CONFIGURATION Specify one of the following parameters.

• auth (for authorization messages)

• cron (for system scheduler messages)

• daemon (for system daemons)

• kern (for kernel messages)

• local0 (for local use)

• local1 (for local use)

• local2 (for local use)

• local3 (for local use)

• local4 (for local use)

• local5 (for local use)

• local6 (for local use)

• local7 (for local use). This is the default.

• lpr (for line printer system messages)

• mail (for mail system messages)

• news (for USENET news messages)

• sys9 (system use)

• sys10 (system use)

• sys11 (system use)

• sys12 (system use)

• sys13 (system use)

• sys14 (system use)

• syslog (for syslog messages)

• user (for user programs)

• uucp (UNIX to UNIX copy protocol) The default is local7.

To view nondefault settings, use the

show running-config logging command in the EXEC mode as shown in

the example below.

FTOS#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10.4 FTOS#

Management | 67

Synchronize log messages

You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.

To synchronize log messages, use these commands in the following sequence starting in the CONFIGURATION mode:

Step Command Syntax Command Mode Purpose

1 line {console 0 | vty number [end-number]

www.dell.com | support.dell.com

| aux 0}

logging synchronous [level severity-level | all] [limit]

CONFIGURATION Enter the LINE mode. Configure the

LINE Configure a level and set the maximum

To view the logging synchronous configuration, use the

Enable timestamp on syslog messages

following parameters for the virtual terminal lines:

• number range: zero (0) to 8.

• end-number range: 1 to 8. You can configure multiple virtual terminals at one time by entering a number and an end-number.

number of messages to be printed. Configure the following optional parameters:

• level severity-level range: 0 to 7.

Default is 2. Use the all keyword to include all messages.

• limit range: 20 to 300. Default is 20.

show config command in the LINE mode.

By default, syslog messages do not include a time/date stamp stating when the error or message was created.

To have FTOS include a timestamp with the syslog message, use the following command syntax in the CONFIGURATION mode:

Command Syntax Command Mode Purpose

service timestamps [log | debug

] [datetime [localtime]

msec] [show-timezone] |

[

uptime]

68 | Management

CONFIGURATION Add timestamp to syslog messages. Specify the following

optional parameters:

• datetime: You can add the keyword localtime to include the

localtime, msec, and show-timezone. If you do not add

the keyword localtime, the time is UTC.

• uptime. To view time since last boot. If neither parameter is specified, FTOS configures uptime.

To view the configuration, use the show running-config logging command in the EXEC privilege mode.

To disable time stamping on syslog messages, enter

File Transfer Services

With FTOS, you can configure the system to transfer files over the network using File Transfer Protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on VLAN interfaces.

For more information on FTP, refer to RFC 959, File Transfer Protocol.

Note: To transmit large files, Dell Force10 recommends configuring the switch as an FTP server.

Configuration Task List for File Transfer Services

The following list includes the configuration tasks for file transfer services:

• Enable FTP server (mandatory)

• Configure FTP server parameters (optional)

• Configure FTP client parameters (optional)

no service timestamps [log | debug].

Enable FTP server

To enable the system as an FTP server, use the following command in the CONFIGURATION mode:

Command Syntax Command Mode Purpose

ftp-server enable

To view FTP configuration, use the show running-config ftp command in the EXEC privilege mode as shown in the example below.

FTOS#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar FTOS#

CONFIGURATION Enable FTP on the system.

Configure FTP server parameters

After the FTP server is enabled on the system, you can configure different parameters.

Management | 69

To configure FTP server parameters, use any or all of the following commands in the CONFIGURATION mode:

Command Syntax Command Mode Purpose

ftp-server topdir dir CONFIGURATION Specify the directory for users using FTP to reach the

system. The default is the internal flash directory.

ftp-server username username password [encryption-type]

password

www.dell.com | support.dell.com

Note: You cannot use the change directory (cd) command until ftp-server topdir has been configured.

To view the FTP configuration, use the

Configure FTP client parameters

To configure FTP client parameters, use the following commands in the CONFIGURATION mode:

Command Syntax Command Mode Purpose

ip ftp source-interface interface CONFIGURATION Enter the following keywords and slot/port or number

CONFIGURATION Specify a user name for all FTP users and configure either

a plain text or encrypted password. Configure the following optional and required parameters:

• username: Enter a text string

• encryption-type: Enter 0 for plain text or 7 for

encrypted text.

• password: Enter a text string.

show running-config ftp command in EXEC privilege mode.

information:

• For a Gigabit Ethernet interface, enter the keyword

GigabitEthernet followed by the slot/port information.

• For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383.

• For a port channel interface, enter the keyword

port-channel followed by a number from 1 to 255 for

TeraScale and ExaScale, 1 to 32 for EtherScale.

• For a SONET interface, enter the keyword sonet followed by the slot/port information.

• For a 10-Gigabit Ethernet interface, enter the keyword

TenGigabitEthernet followed by the slot/port

information.

• For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094.

• For a 40-Gigabit Ethernet interface, enter the keyword

fortyGigE followed by the slot/port information.

ip ftp password password ip ftp username name CONFIGURATION Enter username to use on FTP client.

To view FTP configuration, use the shown in the example for Enable FTP server.

70 | Management

CONFIGURATION Configure a password.

show running-config ftp command in the EXEC privilege mode as

Terminal Lines

You can access the system remotely and restrict access to the system by creating user profiles. The terminal lines on the system provide different means of accessing the system. The console line (console) connects you through the Console port in the RPMs. The virtual terminal lines (VTY) connect you through Telnet to the system. The auxiliary line (aux) connects secondary devices such as modems.

Deny and Permit Access to a Terminal Line

Dell Force10 recommends applying only standard ACLs to deny and permit access to VTY lines.

• Layer 3 ACL deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny any traffic.

• You cannot use

VTY line.

To apply an IP ACL to a line:

Task Command Syntax Command Mode

Apply an ACL to a VTY line. ip access-class access-list LINE

show ip accounting access-list to display the contents of an ACL that is applied only to a

To view the configuration, enter the

show config command in the LINE mode, as shown in the example

below.

FTOS(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 FTOS(config-std-nacl)#line vty 0 FTOS(config-line-vty)#show config line vty 0 access-class myvtyacl

FTOS Behavior: Prior to FTOS version 7.4.2.0, in order to deny access on a VTY line, you must apply an ACL and

AAA authentication to the line. Then users are denied access only after they enter a username and password.

Beginning in FTOS version 7.4.2.0, only an ACL is required, and users are denied access before they are

prompted for a username and password.

Configure Login Authentication for Terminal Lines

You can use any combination of up to 6 authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, FTOS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are:

Management | 71

• enable—Prompt for the enable password.

•

line—Prompt for the e password you assigned to the terminal line. You must configure a password for

the terminal line to which you assign a method list that contains the

line authentication method.

Configure a password using the command password from LINE mode.

•

local—Prompt for the system username and password.

none—Do not authenticate the user.

•

radius—Prompt for a username and password and use a RADIUS server to authenticate.

tacacs+—Prompt for a username and password and use a TACACS+ server to authenticate.

•

To configure authentication for a terminal line:

www.dell.com | support.dell.com

Step Task Command Syntax Command Mode

1 Create an authentication method list.

You may use a mnemonic name or use the keyword default. The default authentication method for terminal lines is local, and the default method list is empty.

2 Apply the method list from Step 1 to

a terminal line.

3 If you used the line authentication

method in the method list you applied to the terminal line, configure a password for the terminal line.

In the example below, VTY lines 0-2 use a single authentication method,

FTOS(conf)#aaa authentication login myvtymethodlist line FTOS(conf)#line vty 0 2 FTOS(config-line-vty)#login authentication myvtymethodlist FTOS(config-line-vty)#password myvtypassword FTOS(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist FTOS(config-line-vty)#

aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3]

[method-4] [method-5] [method-6]

password

line.

CONFIGURATION

LINE

72 | Management

Time out of EXEC Privilege Mode

EXEC timeout is a basic security feature that returns FTOS to the EXEC mode after a period of inactivity on terminal lines.

To change the timeout period or disable EXEC timeout.

Task Command Syntax Command Mode

Set the number of minutes and seconds. Default: 10 minutes on console, 30 minutes on VTY. Disable EXEC timeout by setting the timeout period to 0.

Return to the default timeout values.

View the configuration using the command

FTOS(conf)#line con 0 FTOS(config-line-console)#exec-timeout 0 FTOS(config-line-console)#show config line console 0 exec-timeout 0 0 FTOS(config-line-console)#

exec-timeout minutes [seconds]

no exec-timeout

show config from LINE mode.

LINE

Telnet to Another Network Device

To telnet to another device:

Task Command Syntax Command Mode

Telnet to the peer RPM. You do not need to configure the management port on the peer RPM to be able to telnet to it.

telnet-peer-rpm

EXEC Privilege

Telnet to a device with an IPv4 or IPv6 address. If you do not enter an IP address, FTOS enters a Telnet dialog that prompts you for one.

• Enter an IPv4 address in dotted decimal format (A.B.C.D).

• Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported.

FTOS# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: FTOS>exit

telnet [ip-address]

EXEC Privilege

Management | 73

FTOS#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1) login: admin FTOS#

Lock CONFIGURATION mode

FTOS allows multiple users to make configurations at the same time. You can lock CONFIGURATION

www.dell.com | support.dell.com

mode so that only one user can be in CONFIGURATION mode at any time (Message 2).

A two types of locks can be set: auto and manual.

• Set an auto-lock using the command

configuration mode exclusive auto from CONFIGURATION mode.

When you set an auto-lock, every time a user is in CONFIGURATION mode all other users are denied

access. This means that you can exit to EXEC Privilege mode, and re-enter CONFIGURATION mode without having to set the lock again.

• Set a manual lock using the command configure terminal lock from CONFIGURATION mode. When you configure a manual lock, which is the default, you must enter this command time you want to enter CONFIGURATION mode and deny access to others.

FTOS(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console

FTOS#config ! Locks configuration mode exclusively. FTOS(conf)#

If another user attempts to enter CONFIGURATION mode while a lock is in place, Message 1 appears on their terminal.

Message 1 CONFIGURATION mode Locked Error

% Error: User "" on line console0 is in exclusive configuration mode

If any user is already in CONFIGURATION mode when while a lock is in place, Message 2 appears on

their terminal.

Message 2 Cannot Lock CONFIGURATION mode Error

% Error: Can't lock configuration mode exclusively since the following users are

currently configuring the system:

User "admin" on line vty1 ( 10.1.1.1 )

74 | Management

Note: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you

configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION

mode, when you attempt to re-enter CONFIGURATION mode, you are denied access even though you

are the one that configured the lock.

Note: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is unconfigured.

Viewing the Configuration Lock Status

If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which user has control of CONFIGURATION mode using the command Privilege mode.

show configuration lock from EXEC

You can then send any user a message using the you can clear any line using the command

send command from EXEC Privilege mode. Alternatively

clear from EXEC Privilege mode. If you clear a console session,

the user is returned to EXEC mode.

Recovering from a Forgotten Password on the S4810 or S4820T

If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter.

If you forget your password:

Step Task Command Syntax Command Mode

1 Log onto the system via console.

2 Power-cycle the chassis by switching off all of the power modules and then switching them back on.

3 Hit any key to abort the boot process.

You enter uBoot i mme id at ely, as indicated by the => prompt.

hit any key (during bootup)

4 Set the system parameters to ignore

the startup configuration file when the system reloads.

5 To save the changes use the saveenv

command.

6 Reload the system.

7 Copy startup-config.bak to the

running config.

setenv stconfigignore true

saveenv

reset

copy flash://startup-config.bak running-config

uBoot

EXEC Privilege

Management | 75

Step Task Command Syntax Command Mode

8 Remove all authentication statements

you might have for the console.

9 Save the running-config.

10 Set the system parameters to use the

startup configuration file when the system reloads.

11 Save the running-config. copy running-config startup-config EXEC Privilege

www.dell.com | support.dell.com

Recovering from a Forgotten Enable Password on the S4810 or S4820T

If you forget the enable password:

Step Task Command Syntax Command Mode

1 Log onto the system via console.

2 Power-cycle the chassis by switching off all of the power modules and then switching them back on.

3 Hit any key to abort the boot process.

You enter uBoot immediately, as indicated by the => prompt.

no authentication login no password

copy running-config startup-config

setenv stconfigignore false

hit any key (during bootup)

LINE

EXEC Privilege

uBoot

4 Set the system parameters to ignore

the enable password when the system reloads.

5 Reload the system. reset uBoot

6 Configure a new enable password. enable {secret | password} CONFIGURATION

7 Save the running-config to the

startup-config.

setenv

enablepwdignore true uBoot

copy running-config startup-config EXEC Privilege

Recovering from a Failed Start on the S4810 or S4820T

A system that does not start correctly might be attempting to boot from a corrupted FTOS image or from a

mis-specified location. In that case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the command, its supporting commands, and other commands that can help recover from a failed start, see the

Boot User chapter in the FTOS Command Line Reference for the S4810 and S4820T.

Step Task Command Syntax Command Mode

1 Power-cycle the chassis (pull the power cord and reinsert it).

setenv command, as described below. For details on the setenv

76 | Management

Step Task Command Syntax Command Mode

2 Hit any key to abort the boot process.

hit any key (during bootup) You enter uBoot immediately, as indicated by the => prompt.

3 Assign the new location to the FTOS

image to be used when the system reloads.

4 Assign an IP address to the

setenv [primary_image f10boot location |

uBoot

secondary_image f10boot location |

default_image f10boot location]

setenv ipaddre address uBoot

Management Ethernet interface.

6 Assign an IP address as the default

setenv gatewayip address uBoot

gateway for the system.

7 Reload the system. reset uBoot

Management | 77

www.dell.com | support.dell.com

78 | Management

802.1ag

802.1ag is available only on platform: s

Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas:

1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM)

2. Link Layer OAM: IEEE 802.3ah OAM

3. Ethernet Local management Interface (MEF-16 E-LMI)

Ethernet CFM

Ethernet CFM is an end-to-end per-service-instance Ethernet OAM scheme which enables: proactive connectivity monitoring, fault verification, and fault isolation.

The service-instance with regard to OAM for Metro/Carrier Ethernet is a VLAN. This service is sold to an end-customer by a network service provider. Typically the service provider contracts with multiple network operators to provide end-to-end service between customers. For end-to-end service between customer switches, connectivity must be present across the service provider through multiple network operators.

4820

Layer 2 Ethernet networks usually cannot be managed with IP tools such as ICMP Ping and IP Traceroute. Traditional IP tools often fail because:

• there are complex interactions between various Layer 2 and Layer 3 protocols such as STP, LAG, VRRP and ECMP configurations.

• Ping and traceroute are not designed to verify data connectivity in the network and within each node in

the network (such as in the switching fabric and hardware forwarding tables).

• when networks are built from different operational domains, access controls impose restrictions that

cannot be overcome at the IP level, resulting in poor fault visibility. There is a need for hierarchical domains that can be monitored and maintained independently by each provider or operator.

• routing protocols choose a subset of the total network topology for forwarding, making it hard to detect

faults in links and nodes that are not included in the active routing topology. This is made more complex when using some form of Traffic Engineering (TE) based routing.

• network and element discovery and cataloging is not clearly defined using IP troubleshooting tools.

802.1ag | 79

There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.

In addition to providing end-to-end OAM in native Layer 2 Ethernet Service Provider/Metro networks, you can also use CFM to manage and troubleshoot any Layer 2 network including enterprise, datacenter, and cluster networks.

Maintenance Domains

www.dell.com | support.dell.com

Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in the illustration below.

A CFM maintenance domain is a management space on a network that is owned and operated by a single

management entity. The network administrator assigns a unique maintenance level (0 to 7) to each domain to define the hierarchical relationship between domains. Domains can touch or nest but cannot overlap or intersect as that would require management by multiple entities.

Customer Network

Ethernet Access

Operator Domain (5)

Service Provider Network

MPLS Core MPLS Access

Customer Domain (7)

Provider Domain (6)

Operator Domain (5)

MPLS Domain (4)

Customer Network

Operator Domain (5)

Maintenance Points

Domains are comprised of logical entities called Maintenance Points. A maintenance point is an interface demarcation that confines CFM frames to a domain. There are two types of maintenance points:

• Maintenance End Points (MEPs): a logical entity that marks the end-point of a domain

• Maintenance Intermediate Points (MIPs): a logical entity configured at a port of a switch that is an

intermediate point of a Maintenance Entity (ME). An ME is a point-to-point relationship between two MEPs within a single domain. MIPs are internal to a domain, not at the boundary, and respond to CFM only when triggered by linktrace and loopback messages. MIPs can be configured to snoop Continuity Check Messages (CCMs) to build a MIP CCM database.

80 | 802.1ag

These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Maintenance points drop all lower-level frames and forward all higher-level frames.

Service Provider Network

Customer Network

Ethernet Access

Operator Domain (5)

MEP

Maintenance End Points

A Maintenance End Point (MEP) is a logical entity that marks the end-point of a domain. There are two

types of MEPs defined in 802.1ag for an 802.1 bridge:

• Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on

Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine.

• Down-MEP: monitors the forwarding path external another bridge.

Configure Up- MEPs on ingress ports, ports that send traffic towards the bridge relay. Configure Down-MEPs on egress ports, ports that send traffic away from the bridge relay.

MPLS Core MPLS Access

Customer Domain (7)

Provider Domain (6)

Operator Domain (5)

MPLS Domain (4)

MIP

Operator Domain (5)

Customer Network

towards relay

Up-MEP

Down-MEP

away from relay

Service Provider Ethernet Access

802.1ag | 81

Implementation Information

• Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed

per MA (per VLAN or per MD level).

Configure CFM

Configuring CFM is a five-step process:

1. Configure the ecfmacl CAM region using the

www.dell.com | support.dell.com

ACL Sub-partitions.

2. Enable Ethernet CFM.

3. Create a Maintenance Domain.

4. Create a Maintenance Association.

5. Create Maintenance Points.

6. Use CFM tools:

a Continuity Check Messages

b Loopback Message and Response

c Linktrace Message and Response

Related Configuration Tasks

• Enable CFM SNMP Traps.

• Display Ethernet CFM Statistics

cam-acl command. Refer to Configure Ingress Layer 2

82 | 802.1ag

Enable Ethernet CFM

Task Command Syntax Command Mode

Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned.

Disable Ethernet CFM without stopping the CFM process.

ethernet cfm

disable

CONFIGURATION

ETHERNET CFM

Create a Maintenance Domain

Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in the illustration in Maintenance Domains.

Step Task Command Syntax Command Mode

1 Create maintenance domain. domain name md-level number

Range: 0-7

2 Display maintenance domain information. show ethernet cfm domain [name |

brief]

FTOS# show ethernet cfm domain

Domain Name: customer Level: 7 Total Service: 1 Services MA-Name VLAN CC-Int X-CHK Status

My_MA 200 10s enabled

Domain Name: praveen Level: 6 Total Service: 1 Services MA-Name VLAN CC-Int X-CHK Status

Your_MA 100 10s enabled

ETHERNET CFM

EXEC Privilege

802.1ag | 83

Create a Maintenance Association

A Maintenance Association MA is a subdivision of an MD that contains all managed entities

corresponding to a single end-to-end service, typically a VLAN. An MA is associated with a VLAN ID.

Task Command Syntax Command Mode

Create maintenance association. service name vlan vlan-id ECFM DOMAIN

Create Maintenance Points

www.dell.com | support.dell.com

Domains are comprised of logical entities called Maintenance Points. A maintenance point is a interface demarcation that confines CFM frames to a domain. There are two types of maintenance points:

• Maintenance End Points (MEPs): a logical entity that marks the end-point of a domain

• Maintenance Intermediate Points (MIPs): a logical entity configured at a port of a switch that

constitutes intermediate points of an Maintenance Entity (ME). An ME is a point-to-point relationship between two MEPs within a single domain.

These roles define the relationships between all devices so that each device can monitor the layers under its responsibility.

Create a Maintenance End Point

A Maintenance End Point (MEP) is a logical entity that marks the end-point of a domain. There are two

types of MEPs defined in 802.1ag for an 802.1 bridge:

• Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on

Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine.

• Down-MEP: monitors the forwarding path external another bridge.

Configure Up- MEPs on ingress ports, ports that send traffic towards the bridge relay. Configure Down-MEPs on egress ports, ports that send traffic away from the bridge relay.

Task Command Syntax Command Mode

Create an MEP. ethernet cfm mep {up-mep | down-mep} domain {name | level }

ma-name name mepid mep-id

Range: 1-8191

Display configured MEPs and MIPs.

show ethernet cfm maintenance-points local [mep | mip] EXEC Privilege

INTERFACE

84 | 802.1ag

Task Command Syntax Command Mode

FTOS#show ethernet cfm maintenance-points local mep

------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC

-------------------------------------------------------------------------------

100 cfm0 7 MEP Gi 4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45

200 cfm1 6 MEP Gi 4/10 Enabled test1 20 DOWN 00:01:e8:59:23:45

300 cfm2 5 MEP Gi 4/10 Enabled test2 30 DOWN 00:01:e8:59:23:45

Create a Maintenance Intermediate Point

Maintenance Intermediate Point (MIP) is a logical entity configured at a port of a switch that constitutes intermediate points of an Maintenance Entity (ME). An ME is a point-to-point relationship between two MEPs within a single domain. An MIP is not associated with any MA or service instance, and it belongs to the entire MD.

Task Command Syntax Command Mode

Create an MIP. ethernet cfm mip domain {name | level } ma-name name INTERFACE

Display configured MEPs and MIPs.

FTOS#show ethernet cfm maintenance-points local mip

------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC

-------------------------------------------------------------------------------

0 service1 4 MIP Gi 0/5 Disabled My_MA 3333 DOWN 00:01:e8:0b:c6:36

0 service1 4 MIP Gi 0/5 Disabled Your_MA 3333 UP 00:01:e8:0b:c6:36

show ethernet cfm maintenance-points local [mep | mip] EXEC Privilege

MP Databases

CFM maintains two MP databases:

• MEP Database (MEP-DB): Every MEP must maintain a database of all other MEPs in the MA that

have announced their presence via CCM.

802.1ag | 85

• MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that

have announced their presence via CCM

Task Command Syntax Command Mode

Display the MEP Database.

FTOS#show ethernet cfm maintenance-points remote detail

MAC Address: 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7

www.dell.com | support.dell.com

VLAN: 10 MP ID: 900 Sender Chassis ID: Force10 MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active

Display the MIP Database.

MP Database Persistence

Task Command Syntax Command Mode

Set the amount of time that data from a missing MEP is kept in the Continuity Check Database.

show ethernet cfm maintenance-points remote detail [active | domain {level | name} | expired | waiting]

show ethernet cfm mipdb

database hold-time minutes

Default: 100 minutes Range: 100-65535 minutes

EXEC Privilege

ECFM DOMAIN

Continuity Check Messages

Continuity Check Messages (CCM) are periodic hellos used to:

• discover MEPs and MIPs within a maintenance domain

• detect loss of connectivity between MEPs

• detect misconfiguration, such as VLAN ID mismatch between MEPs

• to detect unauthorized MEPs in a maintenance domain

Continuity Check Messages (CCM) are multicast Ethernet frames sent at regular intervals from each MEP. They have a destination address based on the MD level (01:80:C2:00:00:3X where X is the MD level of the transmitting MEP from 0 to 7). All MEPs must listen to these multicast MAC addresses and process these messages. MIPs may optionally processes the CCM messages originated by MEPs and construct a MIP CCM database.

86 | 802.1ag

MEPs and MIPs filter CCMs from higher and lower domain levels as described in Table 5-1, "Continuity

Check Message Processing," in 802.1ag.

Table 5-1. Continuity Check Message Processing

Frames at Frames from UP-MEP Action Down-MEP Action MIP Action

Less than my level Bridge-relay side or Wire side Drop Drop Drop

My level Bridge-relay side Consume Drop Add to MIP-DB

Wire side Drop Consume

Greater than my level Bridge-relay side or Wire side Forward Forward Forward

and forward

All the remote MEPs in the maintenance domain are defined on each MEP. Each MEP then expects a

periodic CCM from the configured list of MEPs. A connectivity failure is then defined as:

1. Loss of 3 consecutive CCMs from any of the remote MEP, which indicates a network failure

2. Reception of a CCM with an incorrect CCM transmission interval, which indicates a configuration

error.

3. Reception of CCM with an incorrect MEP ID or MAID, which indicates a configuration or

cross-connect error. This could happen when different VLANs are cross-connected due to a configuration error.

4. Reception of a CCM with an MD level lower than that of the receiving MEP, which indicates a

configuration or cross-connect error.

5. Reception of a CCM containing a port status/interface status TLV, which indicates a failed bridge or

aggregated port.

The Continuity Check protocol sends fault notifications (Syslogs, and SNMP traps if enabled) whenever any of the above errors are encountered.

Enable CCM

Step Task Command Syntax Command Mode

1 Enable CCM.

2 Configure the transmit interval (mandatory).

The interval specified applies to all MEPs in the domain.

no ccm disable

Default: Disabled

ccm transmit-interval seconds

Default: 10 seconds

ECFM DOMAIN

802.1ag | 87

Enable Cross-checking

Task Command Syntax Command Mode

Enable cross-checking.

Start the cross-check operation for an MEP.

Configure the amount of time the system waits for a remote MEP to come up before the cross-check operation is started.

www.dell.com | support.dell.com

Loopback Message and Response

Loopback Message and Response (LBM, LBR), also called Layer 2 Ping, is an administrative echo transmitted by MEPs to verify reachability to another MEP or MIP within the maintenance domain. LBM and LBR are unicast frames.

Task Command Syntax Command Mode

Send a Loopback message.

ping ethernet domain name ma-name ma-name remote {mep-id

| mac-addr mac-address} source {mep-id | port interface}

mep cross-check enable

Default: Disabled

mep cross-check mep-id mep cross-check start-delay number

ETHERNET CFM

EXEC Privilege

Linktrace Message and Response

Linktrace Message and Response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frames transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain respond to an LTM with a unicast LTR. Intermediate MIPs forward the LTM toward the target MEP.

MPLS Core

MEP

MIP MIP

MIP

88 | 802.1ag

Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]). The MPs on the path to the target MAC address reply to the LTM with an LTR, and relays the LTM towards the target MAC until the target MAC is reached or TTL equals 0.

Task Command Syntax Command Mode

Send a Linktrace message. Since the LTM is a Multicast message sent to the entire ME, there is no need to specify a destination.

traceroute ethernet domain

EXEC Privilege

Link Trace Cache

After a Link Trace command is executed, the trace information can be cached so that you can view it later

without retracing.

Task Command Syntax Command Mode

Enable Link Trace caching. Set the amount of time a trace result is cached. traceroute cache hold-time minutes

Set the size of the Link Trace Cache. traceroute cache size entries

Display the Link Trace Cache.

traceroute cache

Default: 100 minutes Range: 10-65535 minutes

Default: 100 Range: 1 - 4095 entries

show ethernet cfm traceroute-cache

CONFIGURATION

ETHERNET CFM

EXEC Privilege

FTOS#show ethernet cfm traceroute-cache

Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2

----------------------------------------------------------------------------- Hops Host IngressMAC Ingr Action Relay Action Next Host Egress MAC Egress Action FWD Status

------------------------------------------------------------------------------

4 00:00:00:01:e8:53:4a:f8 00:01:e8:52:4a:f8 IngOK RlyHit 00:00:00:01:e8:52:4a:f8 Terminal MEP

Delete all Link Trace Cache entries.

clear ethernet cfm traceroute-cache

EXEC Privilege

802.1ag | 89

Enable CFM SNMP Traps.

Task Command Syntax Command Mode

Enable SNMP trap messages for Ethernet CFM.

A Trap is sent only when one of the five highest priority defects occur, as shown in Table 5-2, "ECFM

SNMP Traps," in 802.1ag.

Table 5-2. ECFM SNMP Traps

www.dell.com | support.dell.com

Cross-connect defect

Error-CCM defect

MAC Status defect

Remote CCM defect

RDI defect

%ECFM-5-ECFM_XCON_ALARM: Cross connect fault detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000

%ECFM-5-ECFM_ERROR_ALARM: Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000

%ECFM-5-ECFM_MAC_STATUS_ALARM: MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000

%ECFM-5-ECFM_REMOTE_ALARM: Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000

%ECFM-5-ECFM_RDI_ALARM: RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000

Three values are giving within the trap messages: MD Index, MA Index, and MPID. You can reference these values against the output of

mep

snmp-server enable traps ecfm

CONFIGURATION

show ethernet cfm domain and show ethernet cfm maintenance-points local

FTOS#show ethernet cfm maintenance-points local mep

------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC

-------------------------------------------------------------------------------

100 cfm0 7 MEP Gi 4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45

FTOS(conf-if-gi-0/6)#do show ethernet cfm domain

Domain Name: My_Name

MD Index: 1

Level: 0 Total Service: 1 Services

MA-Index MA-Name VLAN CC-Int X-CHK Status

1 test 0 1s enabled

Domain Name: Your_Name MD Index: 2 Level: 2 Total Service: 1 Services

MA-Index MA-Name VLAN CC-Int X-CHK Status

1 test 100 1s enabled

90 | 802.1ag

Display Ethernet CFM Statistics

Task Command Syntax Command Mode

Display MEP CCM statistics.

FTOS# show ethernet cfm statistics

Domain Name: Customer Domain Level: 7 MA Name: My_MA MPID: 300

CCMs: Transmitted: 1503 RcvdSeqErrors: 0 LTRs: Unexpected Rcvd: 0 LBRs: Received: 0 Rcvd Out Of Order: 0 Received Bad MSDU: 0 Transmitted: 0

Display CFM statistics by port. show ethernet cfm port-statistics [interface] EXEC Privilege

FTOS#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 ==================================

RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417

TX Statistics ============= Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0

show ethernet cfm statistics [domain {name | level}

vlan-id

vlan-id mpid mpid

EXEC Privilege

802.1ag | 91

www.dell.com | support.dell.com

92 | 802.1ag

802.1X

802.1X is supported on platforms: e c s

Protocol Overview

802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed

from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.

802.1X employs Extensible Authentication Protocol (EAP)* to transfer a device’s credentials to an

authentication server (typically RADIUS) via a mandatory intermediary network access device, in this case, a Dell Force10 switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP over Ethernet (EAPOL) to communicate with the end-user device and EAP over RADIUS to communicate with the server.

End-user Device

EAP over LAN (EAPOL)

Force10 switch

EAP over RADIUS

RADIUS Serv

4820

fnC0033mp

Figure 6-1 and Figure show how EAP frames are encapsulated in Ethernet and Radius frames.

Note: FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.

802.1X | 93

Figure 6-1. EAPOL Frame Format

Preamble

Start Frame Delimiter

Range: 0-4

Type: 0: EAP Packet

1: EAPOL Start

2: EAPOL Logoff

3: EAPOL Key

4: EAPOL Encapsulated-ASF-Alert

Destination MAC (1:80:c2:00:00:03)

Source MAC (Auth Port MAC)

www.dell.com | support.dell.com

The authentication process involves three devices:

• The device attempting to access the network is the supplicant. The supplicant is not allowed to

communicate on the network until the port is authorized by the authenticator. It can only communicate with the authenticator in response to 802.1X requests.

• The device with which the supplicant communicates is the authenticator. The authenicator is the gate

keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Force10 switch is the authenticator.

• The authentication-server selects the authentication method, verifies the information provided by the

supplicant, and grants it network access privileges.

Protocol Version (1)

Range: 1-4 Codes: 1: Request 2: Response 3: Success 4: Failure

Ethernet Type (0x888e)

Packet Type

Range: 1-255 Codes: 1: Identity 2: Notification 3: NAK 4: MD-5 Challenge 5: One-Time Challenge 6: Generic Token Card

Code (0-4)

Length

ID (Seq Number)

EAPOL Frame

Length

EAP-Method Code (0-255)

EAP Frame

Length

Padding

FCS

EAP-Method Frame

EAP-Method Data (Supplicant Requested Credentials)

Ports can be in one of two states:

• Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in

• The authenticator changes the port state to authorized if the server can authenticate the supplicant. In

The Port-authentication Process

The authentication process begins when the authenticator senses that a link status has changed from down to up:

1. When the authenticator senses a link state change, it requests that the supplicant identify itself using an

2. The supplicant responds with its identity in an EAP Response Identity frame.

94 | 802.1X

or out of the port.

this state, network traffic can be forwarded normally.

Note: The Dell Force10 switches place 802.1X-enabled ports in the unauthorized state by default.

EAP Identity Request Frame.

3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a

EAP {Sucess | Failure}

RADIUS Access-Request frame, and forwards the frame to the authentication server.

4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the

supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator.

5. The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant provides

the requested challenge information in an EAP Response, which is translated and forwarded to the authentication server as another Access-Request.

6. If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port

state to authorized, and forwards an EAP Success frame. If the identity information is invalid, the server sends and Access-Reject frame. The port state remains unauthorized, and the authenticator forwards EAP Failure frame.

Figure 6-2. 802.1X Authentication Process

Supplicant

Authenticator

Authenticati Server

EAP over LAN (EAPOL)

Request Identity

Response Identity

EAP Request

EAP Reponse

EAP over RADIUS

Access Request

Access Challenge

Access Request

Access {Accept | Reject}

EAP over RADIUS

802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as

defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type,

Length, Value (TLV) format. The Type value for EAP messages is 79.

802.1X | 95

Figure 6-3. RADIUS Frame Format

R C

Code

ange: 1-4

odes: 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge

www.dell.com | support.dell.com

RADIUS Attributes for 802.1 Support

Identifier

Length

Dell Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages:

• Attribute 5—NAS-Port: the physical port number by which the authenticator is connected to the

supplicant.

• Attribute 31—Calling-station-id: relays the supplicant MAC address to the authentication server.

• Attribute 41—NAS-Port-Type: NAS-port physical port type. 5 indicates Ethernet.

• Attribute 81—Tunnel-Private-Group-ID: associate a tunneled session with a particular group of

users.

Message-Authenticator Attribute

Type (79)

Length

EAP-Message Attribute

EAP-Method Data (Supplicant Requested Credentials)

fnC0034m

96 | 802.1X

Configuring 802.1X

Configuring 802.1X on a port is a two-step process:

1. Enable 802.1X globally. See page 97.

2. Enable 802.1X on an interface. See page 97.

Related Configuration Tasks

• Configuring Request Identity Re-transmissions on page 99

• Configuring Port-control on page 101

• Re-authenticating a Port on page 102

• Configuring Timeouts on page 103

• Configuring a Guest VLAN on page 106

• Configuring an Authentication-fail VLAN on page 106

Important Points to Remember

• FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.

• E-Series, C-Series, and S-Series support only RADIUS as the authentication server.

• 802.1X is not supported on port-channels or port-channel members.

Enabling 802.1X

802.1X must be enabled globally and at interface level.

802.1X | 97

Figure 6-4. Enabling 802.1X

F F ! i

F !

Supplicant

Authenticator

Authenticati Server

TOS(conf-if-te-2/1-2)#dot1x authentication TOS(conf-if-te-2/1-2)#show config

nterface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown

www.dell.com | support.dell.com

TOS(conf-if-te-2/1)#

To enable 802.1X:

Step Task Command Syntax Command Mode

1 Enable 802.1X globally.

2 Enter INTERFACE mode on an interface or a range of

interfaces.

3 Enable 802.1X on an interface or a range of interfaces.

2/1

2/2

dot1x authentication

CONFIGURATION

interface [range] INTERFACE

dot1x authentication

INTERFACE

98 | 802.1X

Verify that 802.1X is enabled globally and at interface level using the command

dot1x

from EXEC Privilege mode, as shown in Figure 6-5.

show running-config | find

Figure 6-5. Verifying 802.1X Global Configuration

FTOS#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface GigabitEthernet 2/1 ip address 2.2.2.2/24 dot1x authentication no shutdown ! interface GigabitEthernet 2/2 ip address 1.0.0.1/24 dot1x authentication no shutdown

--More--

802.1X Enabled

802.1X Enabled on

View 802.1X configuration information for an interface using the command show dot1x interface, as shown in Figure 6-6.

Figure 6-6. Verifying 802.1X Interface Configuration

FTOS#show dot1x interface gigabitethernet 2/1

802.1x information on Gi 2/1:

----------------------------Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Auth Type: SINGLE_HOST

Auth PAE State: Initialize Backend State: Initialize

802.1X Enabled on

All ports unauthorized by default

Configuring Request Identity Re-transmissions

If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable.

Note: There are several reasons why the supplicant might fail to respond; the supplicant might have been booting when the request arrived, or there might be a physical layer problem.

To configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame:

Step Task Command Syntax Command Mode

1 Configure the amount of time that the authenticator

waits before re-transmitting an EAP Request Identity frame.

dot1x tx-period number

Range: 1-65535 (1 year) Default: 30

INTERFACE

To configure a maximum number of Request Identity re-transmissions:

Step Task Command Syntax Command Mode

1 Configure a maximum number of times that a Request

Identity frame can be re-transmitted by the authenticator.

dot1x max-eap-req number

Range: 1-10 Default: 2

INTERFACE

802.1X | 99

Figure 6-7 shows configuration information for a port for which the authenticator re-transmits an EAP

Request Identity frame after 90 seconds and re-transmits a maximum of 10 times.

Configuring a Quiet Period after a Failed Authentication

If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default, but this period can be configured.

Note: The quiet period (dot1x quiet-period) is an transmit interval for after a failed authentication where as the Request Identity Re-transmit interval (dot1x tx-period) is for an unresponsive supplicant.

www.dell.com | support.dell.com

To configure the quiet period after a failed authentication:

Step Task Command Syntax Command Mode

1 Configure the amount of time that the authenticator

waits to re-transmit a Request Identity frame after a failed authentication.

Figure 6-7 shows configuration information for a port for which the authenticator re-transmits an EAP

Request Identity frame:

• after 90 seconds and a maximum of 10 times for an unresponsive supplicant

• Re-transmits an EAP Request Identity frame

Figure 6-7. Configuring a Request Identity Re-transmissions

FTOS(conf-if-range-gi-2/1)#dot1x tx-period 90 FTOS(conf-if-range-gi-2/1)#dot1x max-eap-req 10 FTOS(conf-if-range-gi-2/1)#dot1x quiet-period 120 FTOS#show dot1x interface gigabitethernet 2/1

802.1x information on Gi 2/1:

----------------------------Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 10 Auth Type: SINGLE_HOST

dot1x quiet-period seconds

INTERFACE

Range: 1-65535

Default: 60

New Re-transmit Interval

New Quiet Period

New Maximum Re-transmissions

100 | 802.1X

Auth PAE State: Initialize Backend State: Initialize

Dell Force10 S4820T Configuration manual

Specifications and Main Features

Frequently Asked Questions

User Manual

About this Guide

Objectives

Audience

Conventions

Information Symbols

Related Documents

Configuration Fundamentals

Accessing the Command Line

CLI Modes

Navigating CLI Modes

The do Command

Undoing Commands

Obtaining Help

Entering and Editing Commands

Command History

Filtering show Command Outputs

Multiple Users in Configuration mode

Getting Started

Console access

Serial console

Accessing the RJ-45 console port with a DB-9 adapter

Default Configuration

Configure a Host Name

Access the System Remotely

Access the C-Series, E-Series, S4810, and the S4820T Remotely

Configure the Management Port IP Address

Configure a Management Route

Configure a Username and Password

Access the S-Series Remotely

Configure the Enable Password

Configuration File Management

Copy Files to and from the System

Important Points to Remember

Save the Running-configuration

Configure the Overload bit for Startup Scenario

View Files

View Configuration Files

File System Management

View command history

Upgrading FTOS

Management

Configure Privilege Levels

Create a Custom Privilege Level

Removing a command from EXEC mode

Move a command from EXEC privilege mode to EXEC mode

Allow Access to CONFIGURATION mode commands

Allow Access to INTERFACE, LINE, ROUTE-MAP, and ROUTER mode

Apply a Privilege Level to a Username

Apply a Privilege Level to a Terminal Line

Configure Logging

Log Messages in the Internal Buffer

Configuration Task List for System Log Management

Disable System Logging

Send System Messages to a Syslog Server

Configure a Unix System as a Syslog Server

Change System Logging Settings

Display the Logging Buffer and the Logging Configuration

Configure a UNIX logging facility level

Synchronize log messages

Enable timestamp on syslog messages

File Transfer Services

Configuration Task List for File Transfer Services

Enable FTP server

Configure FTP server parameters

Configure FTP client parameters

Terminal Lines

Deny and Permit Access to a Terminal Line

Configure Login Authentication for Terminal Lines

Time out of EXEC Privilege Mode

Telnet to Another Network Device

Lock CONFIGURATION mode

Viewing the Configuration Lock Status

Recovering from a Forgotten Password on the S4810 or S4820T

Recovering from a Forgotten Enable Password on the S4810 or S4820T

Recovering from a Failed Start on the S4810 or S4820T

802.1ag