Dell Force10 Z9000 Addendum

Addendum for Dell Networking OS 9.3(0.0)

Notes, Cautions, and Warnings

NOTE: A NOTE indicates important information that helps you make better use of your computer.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

Trademarks used in this text: Dell™, the Dell logo, Dell Boomi™, Dell Precision™ , OptiPlex™, Latitude™, PowerEdge™, PowerVault™, PowerConnect™, OpenManage™, EqualLogic™, Compellent™, KACE™, FlexAddress™, Force10™, Venue and Vostro™ are trademarks of Dell Inc. Intel®, Pentium®, Xeon®, Core® and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries. AMD® is a registered trademark and AMD Opteron™, AMD Phenom and AMD Sempron™ are trademarks of Advanced Micro Devices, Inc. Microsoft®, Windows®, Windows Server®, Internet Explorer®, MS-DOS®, Windows Vista® and Active Directory® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat® and Red Hat® Enterprise Linux® are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell® and SUSE® are registered trademarks of Novell Inc. in the United States and other countries. Oracle® is a registered trademark of Oracle Corporation and/or its affiliates. Citrix®, Xen®, XenServer® and XenMotion® are either registered trademarks or trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware®, vMotion®, vCenter®, vCenter SRM™ and vSphere® are registered trademarks or trademarks of VMware, Inc. in the United States or other countries. IBM® is a registered trademark of International Business Machines Corporation.

2014 - 02

Rev. A00

™

Contents

1 About this Document.............................................................................................23

Audience..............................................................................................................................................23

Conventions........................................................................................................................................ 23

Related Documents............................................................................................................................ 24

2 802.1X on the MXL 10/40GbE Switch............................................................... 25

3 ACL VLAN Groups and Content Addressable Memory (CAM)..................... 27

Optimizing CAM Utilization During the Attachment of ACLs to VLANs........................................... 27

Guidelines for Configuring ACL VLAN groups...................................................................................28

Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters..........................29

Configuring ACL VLAN Groups.....................................................................................................29

Configuring FP Blocks for VLAN Parameters............................................................................... 30

Viewing CAM Usage............................................................................................................................ 31

Allocating FP Blocks for VLAN Processes...........................................................................................32

member vlan........................................................................................................................................33

ip access-group.................................................................................................................................. 34

show acl-vlan-group ......................................................................................................................... 34

show cam-acl-vlan.............................................................................................................................36

cam-acl-vlan....................................................................................................................................... 37

show cam-usage................................................................................................................................ 38

show running config acl-vlan-group................................................................................................. 41

acl-vlan-group.....................................................................................................................................41

show acl-vlan-group detail................................................................................................................ 42

description (ACL VLAN Group)........................................................................................................... 43

4 Access Control Lists...............................................................................................45

Logging of ACL Processes..................................................................................................................45

Guidelines for Configuring ACL Logging...........................................................................................46

Configuring ACL Logging................................................................................................................... 47

deny (for Standard IP ACLs)................................................................................................................48

deny (for Extended IP ACLs)............................................................................................................... 49

seq (for Standard IPv4 ACLs).............................................................................................................. 50

deny tcp (for Extended IP ACLs)......................................................................................................... 51

deny udp (for Extended IP ACLs)........................................................................................................52

deny arp (for Extended MAC ACLs).................................................................................................... 53

deny icmp (for Extended IP ACLs)......................................................................................................54

deny ether-type (for Extended MAC ACLs)........................................................................................56

deny (for Standard MAC ACLs)............................................................................................................57

deny (for Extended MAC ACLs).......................................................................................................... 58

permit arp (for Extended MAC ACLs)................................................................................................. 59

permit ether-type (for Extended MAC ACLs).....................................................................................60

permit icmp (for Extended IP ACLs)....................................................................................................61

permit udp (for Extended IP ACLs)..................................................................................................... 62

permit (for Extended IP ACLs).............................................................................................................63

permit (for Standard MAC ACLs).........................................................................................................65

seq (for Standard MAC ACLs)............................................................................................................. 66

permit tcp (for Extended IP ACLs)...................................................................................................... 67

seq arp (for Extended MAC ACLs)...................................................................................................... 68

seq ether-type (for Extended MAC ACLs)..........................................................................................69

seq (for IP ACLs).................................................................................................................................. 70

seq (for IPv6 ACLs)...............................................................................................................................71

permit udp (for IPv6 ACLs)..................................................................................................................72

permit tcp (for IPv6 ACLs)................................................................................................................... 73

permit icmp (for IPv6 ACLs)................................................................................................................ 75

permit (for IPv6 ACLs)......................................................................................................................... 76

deny udp (for IPv6 ACLs).....................................................................................................................77

deny tcp (for IPv6 ACLs)......................................................................................................................78

deny icmp (for Extended IPv6 ACLs).................................................................................................. 79

deny (for IPv6 ACLs)............................................................................................................................80

Flow-Based Monitoring Support for ACLs......................................................................................... 81

Behavior of Flow-Based Monitoring.............................................................................................82

Enabling Flow-Based Monitoring.......................................................................................................84

5 Bare Metal Provisioning (BMP)............................................................................85

Support for BMP on the S6000 Switch..............................................................................................85

Enhanced Behavior of the stop bmp Command...............................................................................85

Removal of the Deprecated User-Defined String Parameter With reload-type Command............85

Inclusion of Service Tag Information in the Option 60 String.......................................................... 85

Replacement of stop jump-start Command With the stop bmp Command...................................86

6 Data Center Bridging (DCB).................................................................................87

Configuring DCB Maps and its Attributes.......................................................................................... 87

DCB Map: Configuration Procedure............................................................................................ 87

Important Points to Remember....................................................................................................88

Applying a DCB Map on a Port.....................................................................................................88

Configuring PFC without a DCB Map.......................................................................................... 89

Configuring Lossless Queues.......................................................................................................89

Data Center Bridging: Default Configuration.................................................................................... 90

Configuring PFC and ETS in a DCB Map............................................................................................ 91

PFC Configuration Notes.............................................................................................................. 91

PFC Prerequisites and Restrictions...............................................................................................92

ETS Configuration Notes.............................................................................................................. 92

ETS Prerequisites and Restrictions............................................................................................... 93

dcb-map..............................................................................................................................................94

S4810, S6000, and FC Flex IO Modules with MXL and I/O Aggregator..................................... 94

priority-pgid.........................................................................................................................................95

S4810, S6000, and FC Flex IO Modules with MXL and I/O Aggregator......................................95

pfc mode on........................................................................................................................................96

priority-group bandwidth pfc.............................................................................................................97

S4810, S6000, and FC Flex IO Modules with MXL and I/O Aggregator......................................97

dcb-map stack-unit all stack-ports all...............................................................................................98

S4810, S6000, and FC Flex IO Modules with MXL and I/O Aggregator..................................... 98

show qos dcb-map.............................................................................................................................99

S4810, S6000, and FC Flex IO Modules with MXL and I/O Aggregator..................................... 99

Priority-Based Flow Control Using Dynamic Buffer Method..........................................................100

Pause and Resume of Traffic......................................................................................................100

Buffer Sizes for Lossless or PFC Packets....................................................................................100

Interworking of DCB Map With DCB Buffer Threshold Settings..................................................... 101

Configuring the Dynamic Buffer Method........................................................................................ 102

Applying a DCB Map in a Switch Stack ........................................................................................... 103

dcb pfc-shared-buffer-size..............................................................................................................103

S6000 S4810 S4820T MXL......................................................................................................... 103

dcb-buffer-threshold .......................................................................................................................104

S6000 S4810 S4820T MXL......................................................................................................... 104

priority................................................................................................................................................105

S6000 S4810 S4820T MXL......................................................................................................... 105

qos-policy-buffer..............................................................................................................................106

S6000 S4810 S4820T MXL......................................................................................................... 106

dcb-policy buffer-threshold (Interface Configuration)...................................................................108

S6000 S4810 S4820T MXL......................................................................................................... 108

dcb-policy dcb-buffer-threshold (Global Configuration)...............................................................109

S4810 S4820T MXL..................................................................................................................... 109

show qos dcb-buffer-threshold.......................................................................................................109

show hardware stack-unit buffer-stats-snapshot (With Polling and History)................................ 110

dcb pfc-total-buffer-size.................................................................................................................. 117

S6000........................................................................................................................................... 117

show running-config dcb-buffer-threshold.................................................................................... 117

dcb pfc-queues................................................................................................................................. 119

7 Egress Interface Selection (EIS) for HTTP and IGMP Applications........... 121

Protocol Separation...........................................................................................................................121

Enabling and Disabling Management Egress Interface Selection................................................... 122

Handling of Management Route Configuration.............................................................................. 123

Handling of Switch-Initiated Traffic................................................................................................. 124

Handling of Switch-Destined Traffic................................................................................................ 125

Handling of Transit Traffic (Traffic Separation)................................................................................ 125

Mapping of Management Applications and Traffic Type.................................................................126

Behavior of Various Applications for Switch-Initiated Traffic .........................................................127

Behavior of Various Applications for Switch-Destined Traffic ....................................................... 128

Interworking of EIS With Various Applications.................................................................................128

application (for HTTP and ICMP)......................................................................................................129

Z9000 S4810 S4820T................................................................................................................. 129

8 Flex Hash and Optimized Boot-Up...................................................................131

Flex Hash Capability Overview..........................................................................................................131

load-balance ingress-port enable....................................................................................................132

load-balance flexhash.......................................................................................................................132

Configuring the Flex Hash Mechanism............................................................................................ 134

Configuring Fast Boot and LACP Fast Switchover...........................................................................135

reload-type fastboot......................................................................................................................... 135

S6000...........................................................................................................................................135

lacp fast-switchover..........................................................................................................................136

S6000...........................................................................................................................................136

Optimizing the Boot Time................................................................................................................ 136

Booting Process When Optimized Boot Time Mechanism is Enabled..................................... 137

Guidelines for Configuring Optimized Booting Mechanism..................................................... 137

Interoperation of Applications with Fast Boot and System States.................................................. 138

LACP and IPv4 Routing............................................................................................................... 139

LACP and IPv6 Routing............................................................................................................... 139

BGP Graceful Restart.................................................................................................................. 140

Cold Boot Caused by Power Cycling the System..................................................................... 140

Unexpected Reload of the System.............................................................................................140

Software Upgrade....................................................................................................................... 140

LACP Fast Switchover..................................................................................................................141

Changes to BGP Multipath..........................................................................................................141

Minimized Connection Setup Time............................................................................................ 141

Faster Local Route Aadvertisements...........................................................................................141

Delayed Installation of ECMP Routes Into BGP......................................................................... 142

Changes for BGP Graceful Restart Processes............................................................................142

Operation of LACP...................................................................................................................... 142

Operation of FIB.......................................................................................................................... 143

RDMA Over Converged Ethernet (RoCE) Overview........................................................................ 143

Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces............................................................. 144

encapsulation dot1q..........................................................................................................................145

9 Interfaces................................................................................................................ 147

Enabling the Management Address TLV on All Interfaces of an Aggregator..................................147

Enhanced Validation of Interface Ranges........................................................................................ 147

10 IPv4 Routing........................................................................................................ 149

IPv4 Path MTU Discovery Overview.................................................................................................149

Using the Configured Source IP Address in ICMP Messages..........................................................150

Configuring the ICMP Source Interface.....................................................................................150

Working of the Traceroute Utility...............................................................................................150

ip icmp source-interface...................................................................................................................151

ipv6 icmp source-interface...............................................................................................................152

Configuring the Duration to Establish a TCP Connection.............................................................. 154

ip tcp initial-time............................................................................................................................... 154

show ip tcp initial-time..................................................................................................................... 155

11 Link Aggregation Groups (LAGs)..................................................................... 157

Configuring the Minimum Number of Links to be Up for Uplink LAGs to be Active......................157

Optimizing Traffic Disruption Over LAG Interfaces On IOA Switches in VLT Mode...................... 158

Preserving LAG and Port Channel Settings in Nonvolatile Storage................................................ 158

Enabling the Verification of Member Links Utilization in a LAG Bundle......................................... 159

Monitoring the Member Links of a LAG Bundle...............................................................................159

show link-bundle-distribution port-channel...................................................................................160

Setting Up a Threshold for Utilization of High-Gigabit Port Channels........................................... 161

Guidelines for Configuring the Mechanism to Monitor High-Gigabit Port Channels..............162

Enabling the Verification of Member Links Utilization in a High-Gigabit Port Channel................ 163

hg-link-bundle-monitor...................................................................................................................164

hg-link-bundle-monitor trigger-threshold .....................................................................................165

hg-link-bundle-monitor rate-interval..............................................................................................165

show hg-link-bundle-distribution....................................................................................................166

snmp-server enable traps (for High-Gigabit Port Channel)............................................................ 167

show hardware stack-unit (for high-Gigabit Ethernet ports)..........................................................167

Z9000 ......................................................................................................................................... 168

clear hardware stack-unit (for high-Gigabit Ethernet ports).......................................................... 169

Z9000.......................................................................................................................................... 169

Viewing Buffer Utilization and Queue Statistics on High-Gigabit Ethernet Backplane Ports........170

12 Miscellaneous Settings...................................................................................... 173

Setting a Threshold for Switching to the SPT...................................................................................173

ip pim spt-threshold..........................................................................................................................173

S6000...........................................................................................................................................173

ip route bfd (for S6000).................................................................................................................... 174

S6000...........................................................................................................................................174

Configure BFD for Static Routes.......................................................................................................175

Related Configuration Tasks....................................................................................................... 175

Changing Static Route Session Parameters................................................................................175

Establishing Sessions for Static Routes.......................................................................................176

Disabling BFD for Static Routes.................................................................................................. 176

source (port monitoring for 40-Gigabit Ethernet)........................................................................... 177

13 Microsoft Network Load Balancing............................................................... 179

NLB Unicast Mode Scenario............................................................................................................. 179

NLB Multicast Mode Scenario.......................................................................................................... 180

Limitations With Enabling NLB on Switches.................................................................................... 180

Benefits and Working of Microsoft Clustering.................................................................................180

Enable and Disable VLAN Flooding .................................................................................................180

Configuring a Switch for NLB .......................................................................................................... 181

......................................................................................................................................................181

arp (for Multicast MAC Address)........................................................................................................181

mac-address-table static (for Multicast MAC Address)................................................................... 182

ip vlan-flooding.................................................................................................................................184

14 Quality of Service (QoS)....................................................................................185

Specifying Policy-Based Rate Shaping in Packets Per Second....................................................... 185

Configuring Policy-Based Rate Shaping..........................................................................................186

Configuring Weights and ECN for WRED ....................................................................................... 186

Global Service Pools With WRED and ECN Settings..................................................................187

Configuring WRED and ECN Attributes........................................................................................... 188

Classifying Layer 2 Traffic on Layer 3 Interfaces .............................................................................189

Managing Hardware Buffer Statistics......................................................................................... 190

Enabling Buffer Statistics Tracking ...................................................................................................191

Classifying Packets Based on a Combination of DSCP Code Points and VLAN IDs.......................191

rate shape.......................................................................................................................................... 192

S6000...........................................................................................................................................192

buffer-stats-snapshot....................................................................................................................... 194

S6000.......................................................................................................................................... 194

service-class buffer shared-threshold-weight................................................................................ 195

S6000Z9000............................................................................................................................... 195

wred weight.......................................................................................................................................197

S6000Z9000................................................................................................................................197

service-class wred.............................................................................................................................197

Z9000...........................................................................................................................................197

service-pool wred.............................................................................................................................199

S6000Z9000............................................................................................................................... 199

service-class wred......................................................................................................................200

service-class wred ecn..................................................................................................................... 201

Z9000 ......................................................................................................................................... 201

show hardware stack-unit buffer.....................................................................................................202

show hardware stack-unit buffer-stats-snapshot ......................................................................... 204

show hardware stack-unit buffer-stats-snapshot (Total Buffer Information)............................... 206

15 Management Port Media Converter..............................................................209

Management Port Media Converter Components......................................................................... 209

Working of the Management Port Media Converter.......................................................................210

Online Insertion and Removal (OIR) of the Management Optic.....................................................212

16 Security for M I/O Aggregator.........................................................................215

aaa authentication enable.................................................................................................................215

aaa authentication login................................................................................................................... 216

access-class.......................................................................................................................................217

Authorization and Privilege Commands.......................................................................................... 218

banner exec.......................................................................................................................................218

banner login...................................................................................................................................... 219

banner motd..................................................................................................................................... 220

debug radius......................................................................................................................................221

debug tacacs+...................................................................................................................................221

enable secret..................................................................................................................................... 221

exec-banner......................................................................................................................................222

ip radius source-interface................................................................................................................ 223

ip tacacs source-interface................................................................................................................223

login authentication..........................................................................................................................224

motd-banner.....................................................................................................................................225

password-attributes..........................................................................................................................225

privilege level (CONFIGURATION mode).........................................................................................226

privilege level (LINE mode)............................................................................................................... 227

RADIUS Commands.......................................................................................................................... 227

radius-server deadtime.....................................................................................................................227

radius-server host.............................................................................................................................228

radius-server retransmit................................................................................................................... 229

radius-server timeout....................................................................................................................... 229

radius-server key.............................................................................................................................. 230

show privilege....................................................................................................................................231

Suppressing AAA Accounting for Null Username Sessions............................................................. 231

TACACS+ Commands.......................................................................................................................231

tacacs-server host.............................................................................................................................231

tacacs-server key..............................................................................................................................232

timeout login response.....................................................................................................................233

Understanding Banner Settings........................................................................................................233

AAA Authentication...........................................................................................................................234

Configuration Task List for AAA Authentication........................................................................ 234

RADIUS.............................................................................................................................................. 236

RADIUS Authentication and Authorization.................................................................................237

Configuration Task List for RADIUS............................................................................................238

TACACS+...........................................................................................................................................241

Configuration Task List for TACACS+........................................................................................ 241

TACACS+ Remote Authentication and Authorization...............................................................242

Command Authorization............................................................................................................244

Protection from TCP Tiny and Overlapping Fragment Attacks...................................................... 244

Enabling SCP and SSH......................................................................................................................244

Using SCP with SSH to Copy a Software Image........................................................................245

Secure Shell Authentication....................................................................................................... 246

Troubleshooting SSH..................................................................................................................248

Telnet................................................................................................................................................ 249

VTY Line and Access-Class Configuration...................................................................................... 249

VTY Line Local Authentication and Authorization.....................................................................249

VTY Line Remote Authentication and Authorization.................................................................250

VTY MAC-SA Filter Support.........................................................................................................251

17 Simple Network Management Protocol (SNMP)........................................ 253

SNMPv3 Compliance With FIPS........................................................................................................253

snmp-server user (for AES128-CFB Encryption)............................................................................. 254

Z-Series S4810 S4820T S6000 MXL I/O Aggregator................................................................ 254

18 Stacking.................................................................................................................257

Configuring the Uplink Speed of Interfaces as 40 Gigabit Ethernet...............................................257

stack-unit iom-mode uplink-speed.................................................................................................258

show system stack-unit iom-uplink-speed.....................................................................................259

stack-unit priority............................................................................................................................. 260

stack-unit renumber.........................................................................................................................260

19 Virtual Link Trunking (VLT).............................................................................. 263

Specifying VLT Nodes in a PVLAN....................................................................................................263

Association of VLTi as a Member of a PVLAN............................................................................264

MAC Synchronization for VLT Nodes in a PVLAN..................................................................... 264

PVLAN Operations When One VLT Peer is Down..................................................................... 265

PVLAN Operations When a VLT Peer is Restarted.....................................................................265

Interoperation of VLT Nodes in a PVLAN with ARP Requests...................................................265

Scenarios for VLAN Membership and MAC Synchrnoization With VLT Nodes in PVLAN........265

Configuring a VLT VLAN or LAG in a PVLAN....................................................................................267

Creating a VLT LAG or a VLT VLAN............................................................................................ 267

Associating the VLT LAG or VLT VLAN in a PVLAN....................................................................268

show vlt private-vlan........................................................................................................................ 269

Proxy ARP Capability on VLT Peer Nodes........................................................................................270

Working of Proxy ARP for VLT Peer Nodes................................................................................270

VLT Nodes as Rendezvous Points for Multicast Resiliency..............................................................271

20 Documentation Updates..................................................................................273

Configuring the Commands Without a Separate User Account for the

PMUX Mode of the I/O Aggregator.................................................................. 277

21 Data Center Bridging (DCB).............................................................................279

advertise dcbx-appln-tlv...................................................................................................................279

advertise dcbx-tlv..............................................................................................................................279

bandwidth-percentage.................................................................................................................... 280

dcb-enable........................................................................................................................................ 281

dcb-input.......................................................................................................................................... 282

dcb-output........................................................................................................................................282

dcb-policy input............................................................................................................................... 283

dcb-policy input stack-unit stack-ports all.....................................................................................284

dcb-policy output.............................................................................................................................284

dcb-policy output stack-unit stack-ports all...................................................................................285

dcb stack-unit all pfc-buffering pfc-port-count pfc-queues........................................................ 286

dcb stack-unit pfc-buffering pfc-port-count pfc-queues............................................................. 287

dcbx port-role...................................................................................................................................287

dcbx version......................................................................................................................................288

debug dcbx....................................................................................................................................... 289

description........................................................................................................................................ 290

ets mode on......................................................................................................................................290

fcoe priority-bits................................................................................................................................291

iscsi priority-bits................................................................................................................................ 291

pfc link-delay.................................................................................................................................... 292

pfc mode on......................................................................................................................................292

pfc no-drop queues..........................................................................................................................293

pfc priority.........................................................................................................................................294

priority-group................................................................................................................................... 294

priority-group qos-policy.................................................................................................................295

priority-list.........................................................................................................................................296

qos-policy-output ets.......................................................................................................................297

scheduler...........................................................................................................................................297

set-pgid.............................................................................................................................................298

show dcb...........................................................................................................................................299

show interface dcbx detail............................................................................................................... 299

show interface ets............................................................................................................................ 302

show interface pfc............................................................................................................................305

show interface pfc statistics.............................................................................................................308

show qos dcb-input......................................................................................................................... 309

show qos dcb-output.......................................................................................................................309

show qos priority-groups................................................................................................................. 310

show stack-unit stack-ports ets details........................................................................................... 310

show stack-unit stack-ports pfc details........................................................................................... 311

22 FIP Snooping........................................................................................................313

clear fip-snooping database interface vlan......................................................................................313

clear fip-snooping statistics..............................................................................................................313

feature fip-snooping......................................................................................................................... 314

fip-snooping enable..........................................................................................................................314

fip-snooping fc-map.........................................................................................................................315

fip-snooping port-mode fcf............................................................................................................. 315

23 High Availability (HA)......................................................................................... 317

redundancy force-failover................................................................................................................ 317

Z9000 S4810 S4820T..................................................................................................................317

show redundancy..............................................................................................................................318

Z9000 S4810 S4820T................................................................................................................. 318

24 iSCSI Optimization.............................................................................................323

advertise dcbx-app-tlv......................................................................................................................323

iscsi aging time..................................................................................................................................323

iscsi cos............................................................................................................................................. 324

iscsi enable........................................................................................................................................ 325

iscsi priority-bits................................................................................................................................325

iscsi profile-compellant....................................................................................................................325

iscsi target port................................................................................................................................. 326

iSCSI Optimization Prerequisites......................................................................................................326

Configuring iSCSI Optimization....................................................................................................... 327

25 Interfaces..............................................................................................................331

Basic Interface Commands...............................................................................................................331

clear counters....................................................................................................................................331

description.........................................................................................................................................332

flowcontrol........................................................................................................................................333

interface.............................................................................................................................................335

interface ManagementEthernet....................................................................................................... 336

interface range.................................................................................................................................. 337

interface vlan.....................................................................................................................................339

keepalive........................................................................................................................................... 340

mtu....................................................................................................................................................340

negotiation auto................................................................................................................................341

portmode hybrid...............................................................................................................................343

stack-unit portmode.........................................................................................................................345

Port Channel Commands.................................................................................................................346

channel-member..............................................................................................................................346

interface port-channel..................................................................................................................... 348

minimum-links..................................................................................................................................349

26 Internet Group Management Protocol (IGMP)...........................................351

IGMP Commands.............................................................................................................................. 351

Important Points to Remember..................................................................................................351

ip igmp group-join-limit............................................................................................................. 351

ip igmp last-member-query-interval......................................................................................... 352

ip igmp querier-timeout............................................................................................................. 353

ip igmp query-interval................................................................................................................ 354

ip igmp query-max-resp-time................................................................................................... 354

ip igmp version............................................................................................................................355

IGMP Snooping Commands.............................................................................................................356

Important Points to Remember for IGMP Snooping.................................................................356

Important Points to Remember for IGMP Querier.................................................................... 356

ip igmp snooping enable............................................................................................................ 357

ip igmp snooping fast-leave.......................................................................................................358

ip igmp snooping last-member-query-interval.........................................................................359

ip igmp snooping mrouter..........................................................................................................359

ip igmp snooping querier............................................................................................................361

27 Layer 2...................................................................................................................363

MAC Addressing Commands........................................................................................................... 363

mac-address-table aging-time........................................................................................................363

mac-address-table static................................................................................................................. 364

mac-address-table station-move refresh-arp................................................................................ 364

28 Link Aggregation Control Protocol (LACP).................................................367

lacp long-timeout.............................................................................................................................367

lacp port-priority...............................................................................................................................367

port-channel mode.......................................................................................................................... 368

port-channel-protocol lacp.............................................................................................................369

Configuration Tasks for Port Channel Interfaces............................................................................369

Creating a Port Channel................................................................................................................... 370

Adding a Physical Interface to a Port Channel................................................................................ 370

Reassigning an Interface to a New Port Channel............................................................................372

Configuring the Minimum Oper Up Links in a Port Channel.......................................................... 373

Adding or Removing a Port Channel from a VLAN..........................................................................373

Configuring VLAN Tags for Member Interfaces.........................................................................374

Deleting or Disabling a Port Channel...............................................................................................374

29 Link Layer Discovery Protocol (LLDP)...........................................................375

advertise dot1-tlv...............................................................................................................................375

advertise dot3-tlv..............................................................................................................................376

advertise management-tlv................................................................................................................376

clear lldp counters.............................................................................................................................377

clear lldp neighbors...........................................................................................................................377

debug lldp interface..........................................................................................................................378

disable................................................................................................................................................379

hello...................................................................................................................................................379

mode.................................................................................................................................................380

multiplier........................................................................................................................................... 380

Configure LLDP................................................................................................................................. 381

Related Configuration Tasks.......................................................................................................381

Important Points to Remember..................................................................................................381

LLDP Compatibility......................................................................................................................381

CONFIGURATION versus INTERFACE Configurations.................................................................... 381

Enabling LLDP...................................................................................................................................382

Disabling and Undoing LLDP......................................................................................................382

Enabling LLDP on Management Ports............................................................................................. 383

Disabling and Undoing LLDP on Management Ports................................................................383

Advertising TLVs................................................................................................................................383

Viewing the LLDP Configuration......................................................................................................385

Viewing Information Advertised by Adjacent LLDP Agents.............................................................385

Configuring LLDPDU Intervals......................................................................................................... 386

Configuring Transmit and Receive Mode........................................................................................ 387

Configuring a Time to Live...............................................................................................................388

30 Quality of Service (QoS)...................................................................................389

Per-Port QoS Commands................................................................................................................389

dot1p-priority....................................................................................................................................389

rate shape..........................................................................................................................................390

service-class dynamic dot1p............................................................................................................390

service-class dot1p-mapping...........................................................................................................392

Z9000 S4810 S4820T.................................................................................................................392

service-class bandwidth-percentage.............................................................................................. 392

Policy-Based QoS Commands.........................................................................................................393

bandwidth-percentage.....................................................................................................................393

clear qos statistics.............................................................................................................................394

description........................................................................................................................................ 395

policy-aggregate...............................................................................................................................395

policy-map-output...........................................................................................................................396

qos-policy-output............................................................................................................................ 397

rate police..........................................................................................................................................397

rate shape..........................................................................................................................................398

service-policy output....................................................................................................................... 399

service-queue................................................................................................................................... 399

set......................................................................................................................................................400

show qos policy-map.......................................................................................................................401

show qos policy-map-output..........................................................................................................402

show qos qos-policy-output...........................................................................................................402

show qos statistics............................................................................................................................403

show qos wred-profile.....................................................................................................................404

wred.................................................................................................................................................. 405

wred-profile......................................................................................................................................406

31 reload-type.......................................................................................................... 407

Z9000 S4810 S4820TS6000............................................................................................................407

32 Simple Network Management Protocol (SNMP) and Syslog...................411

SNMP Commands............................................................................................................................. 411

Important Points to Remember.................................................................................................. 411

snmp-server enable traps............................................................................................................411

snmp-server host........................................................................................................................ 413

Syslog Commands............................................................................................................................ 416

clear logging................................................................................................................................416

logging......................................................................................................................................... 417

logging buffered..........................................................................................................................418

logging console...........................................................................................................................419

logging monitor..........................................................................................................................420

logging source-interface............................................................................................................ 421

show logging...............................................................................................................................422

show logging driverlog stack-unit............................................................................................. 424

terminal monitor.........................................................................................................................424

33 Storm Control..................................................................................................... 427

Important Points to Remember....................................................................................................... 427

show storm-control unknown-unicast........................................................................................... 427

Z-Series S4810 S4820TS6000....................................................................................................427

storm-control broadcast (Configuration)........................................................................................428

Z-Series S4810 S4820TS6000................................................................................................... 428

storm-control multicast (Configuration).........................................................................................429

Z-SeriesS4810 S4820TS6000.................................................................................................... 429

storm-control broadcast (Interface)................................................................................................430

Z-Series S4810 S4820TS6000................................................................................................... 430

34 Uplink Failure Detection (UFD).......................................................................433

clear ufd-disable............................................................................................................................... 433

S4810 S4820T............................................................................................................................. 433

debug uplink-state-group................................................................................................................434

S4810 S4820T.............................................................................................................................434

description........................................................................................................................................ 435

S4810 S4820T............................................................................................................................. 435

downstream......................................................................................................................................436

S4810 S4820T.............................................................................................................................436

downstream auto-recover............................................................................................................... 437

S4810 S4820T............................................................................................................................. 437

downstream disable links................................................................................................................. 438

S4810 S4820T.............................................................................................................................438

enable................................................................................................................................................439

S4810 S4820T.............................................................................................................................439

show running-config uplink-state-group....................................................................................... 439

S4810 S4820T.............................................................................................................................439

show uplink-state-group................................................................................................................. 440

S4810 S4820T.............................................................................................................................440

uplink-state-group........................................................................................................................... 442

S4810 S4820T.............................................................................................................................442

upstream........................................................................................................................................... 443

S4810 S4820T.............................................................................................................................443

35 Virtual Link Trunking (VLT)..............................................................................445

back-up destination..........................................................................................................................445

Z9000 S4810 S4820T.................................................................................................................445

clear vlt statistics...............................................................................................................................446

Z9000 S4810 S4820T.................................................................................................................446

delay-restore.....................................................................................................................................447

Z-Series S4810 S4820T.............................................................................................................. 447

lacp ungroup member-independent...............................................................................................448

Z-Series S4810 S4820T.............................................................................................................. 448

peer-link port-channel.....................................................................................................................449

Z-Series S4810 S4820T.............................................................................................................. 449

primary-priority.................................................................................................................................450

S4810 S4820T.............................................................................................................................450

show vlt mismatch............................................................................................................................ 451

Z9000 S4810 S4820TS6000...................................................................................................... 451

system-mac.......................................................................................................................................451

Z-Series S4810 S4820T...............................................................................................................451

unit-id................................................................................................................................................452

Z-Series S4810S4820T............................................................................................................... 452

vlt domain......................................................................................................................................... 453

Z-Series S4810 S4820T.............................................................................................................. 453

vlt-peer-lag port-channel................................................................................................................454

Z-Series S4810 S4820T.............................................................................................................. 454

Overview........................................................................................................................................... 454

VLT on Core Switches.................................................................................................................455

Enhanced VLT............................................................................................................................. 456

VLT Terminology.............................................................................................................................. 456

Configure Virtual Link Trunking........................................................................................................457

Important Points to Remember..................................................................................................457

Configuration Notes................................................................................................................... 458

Primary and Secondary VLT Peers..............................................................................................461

VLT Bandwidth Monitoring.........................................................................................................462

VLT and Stacking.........................................................................................................................462

VLT and IGMP Snooping.............................................................................................................462

VLT IPv6.......................................................................................................................................462

VLT Port Delayed Restoration.................................................................................................... 463

PIM-Sparse Mode Support on VLT.............................................................................................463

VLT Routing ................................................................................................................................465

Non-VLT ARP Sync..................................................................................................................... 467

Verifying a VLT Configuration.......................................................................................................... 467

Additional VLT Sample Configurations.............................................................................................471

Configuring Virtual Link Trunking (VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer

2)Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access

Switch)..........................................................................................................................................471

Troubleshooting VLT........................................................................................................................ 473

FC Flex IO Modules..............................................................................................475

36 Understanding and Working of the FC Flex IO Modules......................... 477

FC Flex IO Modules Overview.......................................................................................................... 477

FC Flex IO Module Capabilities and Operations..............................................................................478

Guidelines for Working with FC Flex IO Modules............................................................................479

Port Numbering for FC Flex IO Modules................................................................................... 480

Installing the Optics.................................................................................................................... 481

Processing of Data Traffic.................................................................................................................481

Operation of the FIP Application................................................................................................ 481

Operation of the NPIV Proxy Gateway...................................................................................... 482

Installing and Configuring the Switch..............................................................................................482

Installing and Configuring Flowchart for FC Flex IO Modules..................................................483

Installation...................................................................................................................................484

Unpacking the Switch.................................................................................................................484

Interconnectivity of FC Flex IO Modules with Cisco MDS Switches.............................................. 485

37 Data Center Bridging (DCB) for FC Flex IO Modules.................................487

Interworking of DCB Map With DCB Buffer Threshold Settings.....................................................487

dcb-map..................................................................................................................................... 488

priority-pgid................................................................................................................................ 489

priority-group bandwidth pfc.................................................................................................... 490

dcb-map stack-unit all stack-ports all.......................................................................................491

show qos dcb-map.....................................................................................................................492

DCB Command................................................................................................................................ 493

dcb-enable..................................................................................................................................493

DCBX Commands.............................................................................................................................493

advertise dcbx-appln-tlv............................................................................................................ 494

advertise dcbx-tlv....................................................................................................................... 494

dcbx port-role.............................................................................................................................495

dcbx version................................................................................................................................496

debug dcbx................................................................................................................................. 496

fcoe priority-bits......................................................................................................................... 497

iscsi priority-bits..........................................................................................................................498

show interface dcbx detail......................................................................................................... 498

ETS Commands.................................................................................................................................501

bandwidth-percentage............................................................................................................... 501

clear ets counters....................................................................................................................... 502

dcb-map......................................................................................................................................502

dcb-output..................................................................................................................................503

dcb-policy output.......................................................................................................................504

dcb-policy output stack-unit stack-ports all............................................................................ 504

description...................................................................................................................................505

ets mode on................................................................................................................................ 505

priority-group............................................................................................................................. 506

priority-group bandwidth pfc.....................................................................................................507

priority-group qos-policy...........................................................................................................508

priority-list...................................................................................................................................509

qos-policy-output ets................................................................................................................ 509

scheduler..................................................................................................................................... 510

set-pgid........................................................................................................................................ 511

show interface ets........................................................................................................................511

show qos dcb-output..................................................................................................................515

show qos priority-groups............................................................................................................515

show stack-unit stack-ports ets details......................................................................................516

PFC Commands.................................................................................................................................517

clear pfc counters........................................................................................................................517

dcb stack-unit pfc-buffering pfc-port-count pfc-queues........................................................517

dcb-input.....................................................................................................................................518

dcb-policy input..........................................................................................................................519

dcb-policy input stack-unit stack-ports all............................................................................... 520

description.................................................................................................................................. 520

pfc link-delay............................................................................................................................... 521

pfc mode on................................................................................................................................ 521

pfc no-drop queues....................................................................................................................522

pfc priority................................................................................................................................... 523

show dcb..................................................................................................................................... 523

show interface pfc...................................................................................................................... 524

show interface pfc statistics........................................................................................................527

show qos dcb-input....................................................................................................................527

show stack-unit stack-ports pfc details.....................................................................................528

38 Data Center Bridging (DCB)............................................................................ 529

Ethernet Enhancements in Data Center Bridging........................................................................... 529

Priority-Based Flow Control.......................................................................................................530

Enhanced Transmission Selection..............................................................................................531

Configuring DCB Maps and its Attributes.................................................................................. 533

Data Center Bridging: Default Configuration............................................................................ 536

Configuring PFC and ETS in a DCB Map....................................................................................536

Applying a DCB Map in a Switch Stack ..................................................................................... 539

Data Center Bridging Exchange Protocol (DCBx)..................................................................... 539

Data Center Bridging in a Traffic Flow.......................................................................................540

Enabling Data Center Bridging.........................................................................................................540

QoS dot1p Traffic Classification and Queue Assignment............................................................... 541

Configure Enhanced Transmission Selection..................................................................................542

ETS Operation with DCBx...........................................................................................................542

Configuring Bandwidth Allocation for DCBx CIN..................................................................... 543

Configure a DCBx Operation........................................................................................................... 544

DCBx Operation..........................................................................................................................544

DCBx Port Roles..........................................................................................................................544

DCB Configuration Exchange.................................................................................................... 546

Configuration Source Election...................................................................................................546

Propagation of DCB Information............................................................................................... 547

Auto-Detection and Manual Configuration of the DCBx Version............................................ 547

DCBx Example............................................................................................................................ 548

DCBx Prerequisites and Restrictions..........................................................................................548

Configuring DCBx.......................................................................................................................549

Verifying the DCB Configuration......................................................................................................553

PFC and ETS Configuration Examples.............................................................................................564

Using PFC and ETS to Manage Data Center Traffic........................................................................ 564

PFC and ETS Configuration Command Examples.................................................................... 566

Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack........................ 567

Hierarchical Scheduling in ETS Output Policies........................................................................ 567

39 Fibre Channel over Ethernet for FC Flex IO Modules...............................569

40 NPIV Proxy Gateway for FC Flex IO Modules..............................................571

dcb-map............................................................................................................................................ 571

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module............................. 571

description (for FCoE maps)............................................................................................................. 572

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................572

fabric..................................................................................................................................................572

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................572

fabric-id vlan..................................................................................................................................... 573

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................573

fcf-priority......................................................................................................................................... 574

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................574

fc-map...............................................................................................................................................575

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................575

fcoe priority-bits............................................................................................................................... 576

fcoe-map...........................................................................................................................................576

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................576

fka-adv-period.................................................................................................................................. 577

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................577

interface vlan (NPIV proxy gateway)................................................................................................ 578

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................578

keepalive............................................................................................................................................579

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................579

priority-group bandwidth pfc...........................................................................................................579

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................579

show fcoe-map.................................................................................................................................581

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................581

show npiv devices.............................................................................................................................583

M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.............................583

NPIV Proxy Gateway Configuration on FC Flex IO Modules ......................................................... 586

NPIV Proxy Gateway Operations and Capabilities.......................................................................... 586

NPIV Proxy Gateway Operation .................................................................................................587

NPIV Proxy Gateway: Protocol Services.................................................................................... 587

NPIV Proxy Gateway Functionality.............................................................................................588

NPIV Proxy Gateway: Terms and Definitions.............................................................................588

Configuring an NPIV Proxy Gateway...............................................................................................590

Enabling Fibre Channel Capability on the Switch..................................................................... 590

Creating a DCB map ..................................................................................................................590

Applying a DCB map on server-facing Ethernet ports .............................................................592

Creating an FCoE VLAN..............................................................................................................592

Creating an FCoE map ...............................................................................................................592

Applying an FCoE map on server-facing Ethernet ports...........................................................593

Applying an FCoE Map on fabric-facing FC ports.....................................................................594

Sample Configuration.................................................................................................................595

Displaying NPIV Proxy Gateway Information.................................................................................. 595

show interfaces status Command Example.............................................................................. 596

show fcoe-map Command Examples ...................................................................................... 597

show qos dcb-map Command Examples ................................................................................ 598

show npiv devices brief Command Example............................................................................ 598

show npiv devices Command Example ....................................................................................599

show fc switch Command Example .........................................................................................600

About this Document

This document describes the new functionalities and enhancements in the Dell Networking OS Release version 9.3.0.0. All of the behavioral-changes and new features are covered in this single, consolidated Addendum. Use this document in conjunction with the hardware and software manuals of Release

9.2.0.0, which contains comprehensive information on the working and usage of the different platforms and their associated functionalities. You can obtain a copy of the latest documents of Release 9.2.0.0 from the technical documentation website at http://www.dell.com/manuals

We are not publishing the entire documentation set for Release version 9.3.0.0. Instead, this document presents the new and changed hardware and software processes for this release. It supplements the Release version 9.2.0.0 set of documents and allows you to locate information in an easy, streamlined way.

For topics that highlight the syntax and usage of commands, only the parameters that have been introduced or modified from the previous release are included in this document. However, the newly introduced commands, are however, covered in depth. For a complete description of all commands that have been enhanced or modified in Release 9.3.0.0 and were present in Release 9.2.0.0, refer the respective Command Line Reference Guide of the applicable platform.

For topics that provide a conceptual overview of new functionalities, and configuration procedures, only the enhancements and changes that have been implemented in Release 9.3.0.0 are mentioned in this Addendum. For complete information about such features that have been only enhanced and are not newly introduced in this release, refer the respective Configuration Guide of the applicable platform of Release 9.2.0.0.

NOTE: Although information that describes functionalites on the S4810 and S4820T platforms is included in this document, Dell Networking OS Release 9.3(0.0) is not supported on the S4810 and S4820T platforms.

Audience

This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 and Layer 3 networking technologies.

Conventions

This guide uses the following conventions to describe command syntax.

Keyword

parameter Parameters are in italics and require a number or word to be entered in the CLI.

{X} Keywords and parameters within braces must be entered in the CLI.

[X] Keywords and parameters within brackets are optional.

x|y Keywords and parameters separated by a bar require you to choose one option.

About this Document

Keywords are in Courier (a monospaced font) and must be entered in the CLI as listed.

x||y Keywords and parameters separated by a double bar allows you to choose any or

all of the options.

802.1X on the MXL 10/40GbE Switch

In Dell Networking OS Release 9.3(0.0), the MXL 10/40GbE Switch supports 802.1X port authentication.

802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). For details on the command syntaxes and the keywords, refer the

802.1X chapter of the MXL Command Reference Guide of Release 9.2(0.2). For details on the conceptual overview and step-wise procedures to enable and configure 802.1X settings, refer the 802.1X chapter of the MXL Configuration Guide of Release 9.2(0.2).

802.1X on the MXL 10/40GbE Switch

ACL VLAN Groups and Content Addressable Memory (CAM)

This chapter describes the ACL VLAN group and CAM enhancements, and contains the following sections:

• Optimizing CAM Utilization During the Attachment of ACLs to VLANs

• Allocating FP Blocks for VLAN Processes

Optimizing CAM Utilization During the Attachment of ACLs to VLANs

This functionality is supported on the S4810, S4820T, Z9000, I/O Aggregator and MXL platforms.

You can enable and configure the access control list (ACL) content addressable memory (CAM) optimization functionality to minimize the number of entries in CAM while ACLs are applied on a VLAN or a set of VLANs and also while ACLS are applied on a set of ports. This capability enables effective usage of CAM space when Layer 3 ACLs are applied to a set of VLANs and when Layer 2 or Layer 3 ACLs are applied on a set of ports.

In releases of Dell Networking OS that does not support the CAM optimization functionality to reduce the usage of CAM area for application of ACLs, when an ACL is applied on a VLAN, the rules of the ACL are configured in the ACL region with the rule-specific parameters along with the Vlan as additional attributes. Therefore, when the ACL is applied on multiple VLAN interfaces, the consumption of CAM area increases proportionally. For example, when an ACL with ‘n’ number of rules is applied on ‘m’ number of VLAN interfaces, totally (n*m) entries are configured in the CAM region that is allocated for ACLs. Similarly, when an L2 or L3 ACL is applied on a set of ports, the same problem with large usage of CAM area occurs because a port is used as a parameter to be saved in CAM.

To avoid this problem of excessive consumption of CAM area, you can configure ACL VLAN groups that combines all the VLANs that are applied with the same ACL in a single group. A class identifier (Class ID) for each of ACL attached to the VLAN is assigned and this Class ID is used as an identifier or locator in the CAM area instead of the VLAN id. This method of processing signficiantly reduces the number of entries in the CAM area and saves memory space by using the class ID as filtering criterion in CAM instead of the VLAN ID.

You can create an ACL VLAN group and attach the ACL with the VLAN members. The optimization is applicable only when you create an ACL VLAN group. If you apply an ACL separately on the VLAN interface, each ACL has a mapping with the VLAN and increased CAM space utilization occurs. Attaching an ACL individually to VLAN interfaces is similar to the behavior of ACL-VLAN mapping storage in CAM prior to the implementation of the ACL VLAN group functionality.

The ACL manager application on router processor (RP1) contains all the state information about all the Acl Vlan groups that are present. The ACL handler on control processor (CP) and the ACL agent on line cards do not contain any stateful information about the group. The ACL manager application performs all the validation after you enter an acl-vlan-group command. If the command is valid, it is processed and sent to the agent if required. If a configuration error is found or if the maximum limit is exceeded for

ACL VLAN Groups and Content Addressable Memory (CAM)

the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL manager application processes the following parameters when you enter an acl-vlan-group command:

• Whether the CAM profile is set in VFP

• Whether the maximum number of groups in the system is exceeded

• Whether the maximum number of VLAN numbers permitted per ACL group is exceeded

• When a VLAN member that is being added is already a part of another ACL group

After these verification steps are performed, the ACL manager considers the command as valid and sends the information to the ACL agent on the line card as applicable. The ACL manager notifies the ACL agent in the following cases:

• A VLAN member is added or removed from a group and previously associated VLANs exist in the group

• Egress ACL is applied or removed from the group and the group contains VLAN members VLAN members are added or deleted from a vlan, which itself is a group member.

• A line card returns to the active state after going down and this line card contains a VLAN that is a member of an ACL group

• The ACL VLAN group is deleted and it contains VLAN members

The ACL manager does not notify the ACL agent in the following cases:

• The ACL VLAN group is created.

• The ACL VLAN group is deleted and it does not contain any VLAN members.

• The ACL is applied or removed from a group, and the ACL group does not contain a VLAN member.

• The description of the ACL group is added or removed.

Guidelines for Configuring ACL VLAN groups

This functionality is supported on the S4810, S4820T, Z9000, I/O Aggregator and MXL platforms.

Keep the following points in mind when you configure ACL VLAN groups:

• The interfaces to which the ACL VLAN group are applied function as restricted interfaces. The ACL VLAN group name is used to identify the group of VLANs that is used to perform hierarchical filtering.

• You can add only one ACL to an interface at a point in time.

• When you attempt to attach an ACL VLAN group to the same interface, a validation is performed to determine whether an ACL is applied directly to an interface. If you previously applied an ACL separately to the interface, an error occurs when you attempt to attach an ACL VLAN group to the same interface.

The limitation on the maximum number of members that can be part of the ACL VLAN group is

• determined by the type of switch and its hardware capabilities. This scaling limit depends on the number of slices that are allocated for ACL CAM optimization. If one slice is allocated, the maximum number of VLAN members is 256 for all ACL VLAN groups. If two slices are allocated, the maximum number of VLAN members is 512 for all ACL VLAN groups.

• The maximum number of VLAN groups that you can configure also depends on the hardware specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The maximum number of ACL VLAN groups supported is 31. Only a maximum two components (iSCSI

ACL VLAN Groups and Content Addressable Memory (CAM)

counters, Open Flow, ACL optimization) can be allocated virtual flow processing slices at a point in time.

• The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the S4180, Z9000, and MXL switches if two slices are allocated. If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for the S4810, Z9000, and MXL switches.

• Port ACL optimization is applicable only for ACLs that are applied without the VLAN range.

• You cannot view the statistical details of ACL rules per VLAN and per interface if you enable the ACL VLAN group capability because this type of statistical information is available only for ACLs that are separately applied to VLANs. You can view the counters per ACL only.

• To display information using a particular ACL name, although you cannot display this detail using a specified interface name, you can use the show ip accounting access list command.

• Within a port, you can apply Layer 2 ACLs on a VLAN or a set of VLANs. In this case, CAM optimization is not applied.

• To enable optimization of CAM space for Layer 2 or Layer 3 ACLs that are applied to ports, the port number is removed as a qualifier for ACL application on ports, and port bits are used. When you apply the same ACL to a set of ports, the port bitmap is set when the ACL flow processor entry is added. When you remove the ACL from a port, the port bitmap is removed.

• If you do not attach an ACL to any of the ports, the flow processor entries are deleted. In this manner, when the same ACL is applied on set of ports, only one set of entries is installed in the flow processor (FP), thereby effectively saving CAM space. The optimization is enabled only if you specify the optimized option with the ip access-group command. This option is not valid for VLAN and LAG interfaces.

Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters

. This section contains the following topics that describe how to configure ACL VLAN groups that you can attach to VLAN interfaces to optimize the utilization of CAM blocks and also how to configure flow processor (FP) blocks for different VLAN operations.

Configuring ACL VLAN Groups

1. Create an ACL VLAN group

CONFIGURATION mode

acl-vlan-group {group name}

You can have up to eight different ACL VLAN groups at any given time.

2. Add a description to the ACL VLAN group.

CONFIGURATION (conf-acl-vl-grp) mode

description description

ACL VLAN Groups and Content Addressable Memory (CAM)

3. Apply an egress IP ACL to the ACL VLAN group.

CONFIGURATION (conf-acl-vl-grp) mode

ip access-group {group name} out implicit-permit

4. Add VLAN member(s) to an ACL VLAN group.

CONFIGURATION (conf-acl-vl-grp) mode

member vlan {VLAN-range}

5. Display all the ACL VLAN Groups or display a specific ACL VLAN Group, identified by name.

CONFIGURATION (conf-acl-vl-grp) mode

show acl-vlan-group {group name | detail}

Dell#show acl-vlan-group detail

Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed Vlan Members : 100,200,300

Group Name : CustomerNumberIdentificationEleven Egress IP Acl : AnyEmployeeCustomerElevenGrantedAccess Vlan Members : 2-10,99

Group Name : HostGroup Egress IP Acl : Group5 Vlan Members : 1,1000 Dell#

Configuring FP Blocks for VLAN Parameters

You can use the cam-acl-vlan command to allocate the number of FP blocks for the various VLAN processes on the system. You can use the no version of this command to reset the number of FP blocks to default. By default, 0 groups are allocated for the ACL in VCAP. ACL VLAN groups or CAM optimization is not enabled by default, and you need to allocate the slices for CAM optimization.

1. Allocate the number of FP blocks for VLAN Open Flow operations.

CONFIGURATION mode

cam-acl-vlan vlanopenflow <0-2>

2. Allocate the number of FP blocks for VLAN iSCSI counters.

CONFIGURATION mode

cam-acl-vlan vlaniscsi <0-2>

3. Allocate the number of FP blocks for ACL VLAN optimization feature.

CONFIGURATION mode

cam-acl-vlan vlanaclopt <0-2>

ACL VLAN Groups and Content Addressable Memory (CAM)

+ 571 hidden pages