Dell MXL 10, MXL40GbE User Manual

Download

Page 1

Dell Networking Configuration Guide for the MXL 10/40GbE Switch I/O Module

9.8(0.0)

Page 2

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your computer.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

intellectual property laws. Dell™ and the Dell logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

2015 - 05

Rev. A00

Page 3

Contents

1 About this Guide................................................................................................. 33

Audience..............................................................................................................................................33

Conventions........................................................................................................................................ 33

Information Symbols...........................................................................................................................34

Related Documents............................................................................................................................ 34

2 Configuration Fundamentals........................................................................... 35

Accessing the Command Line............................................................................................................35

CLI Modes............................................................................................................................................35

Navigating CLI Modes................................................................................................................... 37

The do Command...............................................................................................................................40

Undoing Commands.......................................................................................................................... 40

Obtaining Help.................................................................................................................................... 41

Entering and Editing Commands....................................................................................................... 42

Command History...............................................................................................................................43

Filtering show Command Outputs.....................................................................................................43

Multiple Users in Configuration Mode............................................................................................... 44

3 Getting Started....................................................................................................46

Console Access................................................................................................................................... 47

Serial Console................................................................................................................................47

External Serial Port with a USB Connector.................................................................................. 49

Accessing the CLI Interface and Running Scripts Using SSH............................................................49

Entering CLI commands Using an SSH Connection................................................................... 49

Executing Local CLI Scripts Using an SSH Connection...............................................................49

Boot Process....................................................................................................................................... 50

Default Configuration......................................................................................................................... 52

Configuring a Host Name...................................................................................................................52

Accessing the System Remotely.........................................................................................................53

Accessing the MXL Switch Remotely............................................................................................53

Configure the Management Port IP Address............................................................................... 53

Configure a Management Route.................................................................................................. 53

Configuring a Username and Password.......................................................................................54

Configuring the Enable Password......................................................................................................54

Configuration File Management.........................................................................................................55

Copy Files to and from the System.............................................................................................. 55

Save the Running-Configuration..................................................................................................56

Page 4

Viewing Files.................................................................................................................................. 57

Managing the File System...................................................................................................................58

View the Command History............................................................................................................... 59

Using HTTP for File Transfers.............................................................................................................60

Upgrading and Downgrading the Dell Networking OS.....................................................................60

Using Hashes to Validate Software Images....................................................................................... 60

4 Management....................................................................................................... 62

Configuring Privilege Levels............................................................................................................... 62

Creating a Custom Privilege Level................................................................................................62

Customizing a Privilege Level.......................................................................................................63

Applying a Privilege Level to a Username.................................................................................... 64

Applying a Privilege Level to a Terminal Line...............................................................................65

Configuring Logging...........................................................................................................................65

Audit and Security Logs.................................................................................................................65

Configuring Logging Format .......................................................................................................67

Setting Up a Secure Connection to a Syslog Server....................................................................68

Display the Logging Buffer and the Logging Configuration............................................................. 69

Log Messages in the Internal Buffer...................................................................................................70

Configuration Task List for System Log Management.................................................................70

Disabling System Logging...................................................................................................................70

Sending System Messages to a Syslog Server....................................................................................70

Configuring a UNIX System as a Syslog Server.............................................................................71

Changing System Logging Settings.................................................................................................... 71

Display the Logging Buffer and the Logging Configuration..............................................................72

Configuring a UNIX Logging Facility Level.........................................................................................73

Synchronizing Log Messages..............................................................................................................74

Enabling Timestamp on Syslog Messages..........................................................................................74

File Transfer Services...........................................................................................................................75

Configuration Task List for File Transfer Services........................................................................ 75

Enabling the FTP Server.................................................................................................................75

Configuring FTP Server Parameters..............................................................................................76

Configuring FTP Client Parameters.............................................................................................. 76

Terminal Lines......................................................................................................................................77

Denying and Permitting Access to a Terminal Line..................................................................... 77

Configuring Login Authentication for Terminal Lines................................................................. 78

Setting Time Out of EXEC Privilege Mode......................................................................................... 79

Using Telnet to get to Another Network Device............................................................................... 79

Lock CONFIGURATION Mode........................................................................................................... 80

Viewing the Configuration Lock Status........................................................................................80

Limit Concurrent Login Sessions........................................................................................................81

Restrictions for Limiting the Number of Concurrent Sessions....................................................81

Page 5

Configuring Concurrent Session Limit......................................................................................... 81

Enabling the System to Clear Existing Sessions...........................................................................82

Track Login Activity.............................................................................................................................83

Restrictions for Tracking Login Activity........................................................................................83

Configuring Login Activity Tracking............................................................................................. 83

Display Login Statistics..................................................................................................................84

Recovering from a Forgotten Password............................................................................................ 85

Recovering from a Forgotten Enable Password................................................................................86

Recovering from a Failed Start........................................................................................................... 86

5 802.1X...................................................................................................................88

The Port-Authentication Process.......................................................................................................90

EAP over RADIUS...........................................................................................................................92

Configuring 802.1X............................................................................................................................. 92

Related Configuration Tasks.........................................................................................................92

Important Points to Remember..........................................................................................................93

Enabling 802.1X...................................................................................................................................93

Configuring Request Identity Re-Transmissions......................................................................... 95

Configuring a Quiet Period after a Failed Authentication........................................................... 95

Forcibly Authorizing or Unauthorizing a Port....................................................................................96

Re-Authenticating a Port.................................................................................................................... 97

Configuring Timeouts.........................................................................................................................98

Configuring Dynamic VLAN Assignment with Port Authentication..................................................99

Guest and Authentication-Fail VLANs........................................................................................100

Configuring a Guest VLAN.......................................................................................................... 101

Configuring an Authentication-Fail VLAN.................................................................................. 101

6 Access Control List (ACL) VLAN Groups and Content Addressable

Memory (CAM)......................................................................................................103

Optimizing CAM Utilization During the Attachment of ACLs to VLANs......................................... 103

Guidelines for Configuring ACL VLAN groups.................................................................................104

Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters........................105

Configuring ACL VLAN Groups...................................................................................................105

Configuring FP Blocks for VLAN Parameters............................................................................. 106

Viewing CAM Usage..........................................................................................................................107

Allocating FP Blocks for VLAN Processes........................................................................................ 108

7 Access Control Lists (ACLs).............................................................................110

IP Access Control Lists (ACLs)...........................................................................................................110

Implementing ACL on the Dell Networking OS................................................................................111

ACLs and VLANs.................................................................................................................................111

ACL Optimization...............................................................................................................................111

Page 6

Determine the Order in which ACLs are Used to Classify Traffic.................................................... 111

Example of the order Keyword to Determine ACL Sequence................................................... 112

IP Fragment Handling........................................................................................................................112

IP Fragments ACL Examples..............................................................................................................113

Layer 4 ACL Rules Examples............................................................................................................. 113

Configure a Standard IP ACL.............................................................................................................114

Configuring a Standard IP ACL Filter.................................................................................................115

Configure an Extended IP ACL..........................................................................................................116

Configuring Filters with a Sequence Number.................................................................................. 116

Configuring Filters Without a Sequence Number............................................................................ 117

Established Flag................................................................................................................................. 118

Configure Layer 2 and Layer 3 ACLs.................................................................................................118

Assign an IP ACL to an Interface.......................................................................................................119

Applying an IP ACL............................................................................................................................ 119

Counting ACL Hits.............................................................................................................................120

Configure Ingress ACLs.................................................................................................................... 120

Configure Egress ACLs...................................................................................................................... 121

Applying Egress Layer 3 ACLs (Control-Plane).................................................................................121

IP Prefix Lists......................................................................................................................................122

Implementation Information.......................................................................................................123

Configuration Task List for Prefix Lists............................................................................................. 123

Creating a Prefix List..........................................................................................................................123

Creating a Prefix List Without a Sequence Number........................................................................ 124

Viewing Prefix Lists............................................................................................................................125

Applying a Prefix List for Route Redistribution.................................................................................125

Applying a Filter to a Prefix List (OSPF).............................................................................................126

ACL Resequencing............................................................................................................................ 127

Resequencing an ACL or Prefix List..................................................................................................127

Route Maps........................................................................................................................................129

Implementation Information...................................................................................................... 129

Important Points to Remember........................................................................................................129

Configuration Task List for Route Maps...........................................................................................130

Creating a Route Map....................................................................................................................... 130

Configure Route Map Filters............................................................................................................. 131

Configuring Match Routes................................................................................................................132

Configuring Set Conditions.............................................................................................................. 133

Configure a Route Map for Route Redistribution............................................................................ 134

Configure a Route Map for Route Tagging......................................................................................135

Continue Clause................................................................................................................................135

Logging of ACL Processes................................................................................................................ 136

Guidelines for Configuring ACL Logging..........................................................................................137

Configuring ACL Logging..................................................................................................................137

Page 7

Flow-Based Monitoring Support for ACLs....................................................................................... 138

Behavior of Flow-Based Monitoring...........................................................................................138

Enabling Flow-Based Monitoring.....................................................................................................140

8 Bidirectional Forwarding Detection (BFD).................................................. 142

How BFD Works................................................................................................................................ 142

BFD Packet Format......................................................................................................................143

BFD Sessions................................................................................................................................145

BFD Three-Way Handshake........................................................................................................145

Session State Changes................................................................................................................146

Important Points to Remember........................................................................................................147

Configure BFD...................................................................................................................................148

Configure BFD for Physical Ports............................................................................................... 148

Enabling BFD Globally.................................................................................................................148

Establishing a Session on Physical Ports.................................................................................... 149

Changing Physical Port Session Parameters..............................................................................150

Disabling and Re-Enabling BFD.................................................................................................. 151

Configure BFD for Static Routes.......................................................................................................152

Related Configuration Tasks....................................................................................................... 152

Establishing Sessions for Static Routes.......................................................................................152

Changing Static Route Session Parameters............................................................................... 153

Disabling BFD for Static Routes.................................................................................................. 153

Configure BFD for OSPF................................................................................................................... 154

Related Configuration Tasks.......................................................................................................154

Establishing Sessions with OSPF Neighbors...............................................................................155

Changing OSPF Session Parameters.......................................................................................... 156

Disabling BFD for OSPF............................................................................................................... 157

Configure BFD for OSPFv3................................................................................................................157

Related Configuration Tasks....................................................................................................... 157

Establishing Sessions with OSPFv3 Neighbors........................................................................... 157

Changing OSPFv3 Session Parameters...................................................................................... 158

Disabling BFD for OSPFv3...........................................................................................................158

Configure BFD for BGP.....................................................................................................................159

Prerequisites................................................................................................................................ 159

Establishing Sessions with BGP Neighbors................................................................................ 159

Disabling BFD for BGP.................................................................................................................161

Use BFD in a BGP Peer Group.................................................................................................... 162

Displaying BFD for BGP Information.......................................................................................... 162

Configure BFD for VRRP................................................................................................................... 166

Related Configuration Tasks....................................................................................................... 167

Establishing Sessions with All VRRP Neighbors..........................................................................167

Establishing VRRP Sessions on VRRP Neighbors....................................................................... 167

Page 8

Changing VRRP Session Parameters.......................................................................................... 168

Disabling BFD for VRRP...............................................................................................................169

Configure BFD for VLANs................................................................................................................. 169

Related Configuration Task.........................................................................................................170

Establish Sessions with VLAN Neighbors....................................................................................170

Changing VLAN Session Parameters...........................................................................................171

Disabling BFD for VLANs..............................................................................................................171

Configure BFD for Port-Channels.....................................................................................................171

Related Configuration Tasks....................................................................................................... 172

Establish Sessions on Port-Channels..........................................................................................172

Changing Physical Port Session Parameters.............................................................................. 173

Disabling BFD for Port-Channels................................................................................................173

Configuring Protocol Liveness..........................................................................................................173

Troubleshooting BFD........................................................................................................................ 174

9 Border Gateway Protocol IPv4 (BGPv4).......................................................175

Autonomous Systems (AS)................................................................................................................ 175

Sessions and Peers............................................................................................................................ 177

Establish a Session.......................................................................................................................178

Route Reflectors................................................................................................................................179

Communities............................................................................................................................... 179

BGP Attributes...................................................................................................................................180

Best Path Selection Criteria........................................................................................................ 180

Weight..........................................................................................................................................182

Local Preference......................................................................................................................... 182

Multi-Exit Discriminators (MEDs)................................................................................................ 183

Origin........................................................................................................................................... 184

AS Path.........................................................................................................................................185

Next Hop......................................................................................................................................185

Multiprotocol BGP............................................................................................................................ 186

Implement BGP with the Dell Networking OS.................................................................................186

Additional Path (Add-Path) Support........................................................................................... 186

Advertise IGP Cost as MED for Redistributed Routes................................................................ 186

Ignore Router-ID for Some Best-Path Calculations..................................................................187

Four-Byte AS Numbers................................................................................................................187

AS4 Number Representation...................................................................................................... 188

AS Number Migration..................................................................................................................190

BGP4 Management Information Base (MIB)...............................................................................191

Important Points to Remember.................................................................................................. 191

Configuration Information................................................................................................................192

BGP Configuration............................................................................................................................ 193

Enabling BGP...............................................................................................................................194

Page 9

Enabling MBGP Configurations.................................................................................................. 227

BGP Regular Expression Optimization.............................................................................................228

Debugging BGP................................................................................................................................ 228

Storing Last and Bad PDUs......................................................................................................... 229

PDU Counters............................................................................................................................. 230

Sample Configurations.....................................................................................................................230

10 Content Addressable Memory (CAM).........................................................240

CAM Allocation.................................................................................................................................240

Test CAM Usage................................................................................................................................ 241

View CAM-ACL Settings................................................................................................................... 242

CAM Optimization............................................................................................................................ 242

11 Control Plane Policing (CoPP)..................................................................... 243

Configure Control Plane Policing....................................................................................................244

Configuring CoPP for Protocols................................................................................................ 245

Configuring CoPP for CPU Queues........................................................................................... 247

Show Commands....................................................................................................................... 248

12 Data Center Bridging (DCB)......................................................................... 250

Ethernet Enhancements in Data Center Bridging........................................................................... 250

Priority-Based Flow Control........................................................................................................251

Enhanced Transmission Selection..............................................................................................252

Data Center Bridging Exchange Protocol (DCBx)..................................................................... 254

Data Center Bridging in a Traffic Flow.......................................................................................254

Enabling Data Center Bridging.........................................................................................................255

Configuring DCB Maps and its Attributes.................................................................................. 256

Data Center Bridging: Default Configuration.................................................................................. 259

Interworking of DCB Map With DCB Buffer Threshold Settings.................................................... 260

Configuring Priority-Based Flow Control........................................................................................ 261

Configuring Lossless Queues.....................................................................................................262

Configuring the PFC Buffer in a Switch Stack........................................................................... 263

Priority-Based Flow Control Using Dynamic Buffer Method....................................................264

Configure Enhanced Transmission Selection..................................................................................265

ETS Prerequisites and Restrictions............................................................................................. 266

Creating an ETS Priority Group.................................................................................................. 266

ETS Operation with DCBx...........................................................................................................267

Configuring Bandwidth Allocation for DCBx CIN..................................................................... 268

Hierarchical Scheduling in ETS Output Policies........................................................................ 269

Applying DCB Policies with an ETS Configuration..........................................................................269

PFC and ETS Configuration Examples............................................................................................. 270

Using PFC and ETS to Manage Data Center Traffic...................................................................270

Page 10

Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack........................ 272

Applying DCB Policies in a Switch Stack..........................................................................................273

Configure a DCBx Operation............................................................................................................273

DCBx Operation.......................................................................................................................... 273

DCBx Port Roles..........................................................................................................................274

DCB Configuration Exchange.................................................................................................... 276

Configuration Source Election................................................................................................... 276

Propagation of DCB Information............................................................................................... 276

Auto-Detection and Manual Configuration of the DCBx Version.............................................277

DCBx Example............................................................................................................................. 277

DCBx Prerequisites and Restrictions.......................................................................................... 278

Configuring DCBx....................................................................................................................... 279

Verifying the DCB Configuration..................................................................................................... 283

QoS dot1p Traffic Classification and Queue Assignment...............................................................293

Configuring the Dynamic Buffer Method........................................................................................294

13 Debugging and Diagnostics.........................................................................296

Offline Diagnostics........................................................................................................................... 296

Important Points to Remember................................................................................................. 296

Running Offline Diagnostics.......................................................................................................296

Trace Logs.........................................................................................................................................299

Auto Save on Crash or Rollover................................................................................................. 299

Using the Show Hardware Commands...........................................................................................300

Enabling Environmental Monitoring.................................................................................................301

Recognize an Over-Temperature Condition.............................................................................303

Troubleshoot an Over-Temperature Condition........................................................................303

Recognize an Under-Voltage Condition................................................................................... 304

Troubleshoot an Under-Voltage Condition.............................................................................. 304

Troubleshooting Packet Loss...........................................................................................................305

Displaying Drop Counters.......................................................................................................... 305

Dataplane Statistics.....................................................................................................................306

Display Stack Port Statistics........................................................................................................ 307

Displaying Stack Member Counters...........................................................................................307

Enabling Application Core Dumps...................................................................................................308

Mini Core Dumps..............................................................................................................................308

Enabling TCP Dumps........................................................................................................................309

Enabling Buffer Statistics Tracking .................................................................................................. 310

14 Dynamic Host Configuration Protocol (DHCP)........................................ 311

DHCP Packet Format and Options................................................................................................... 311

Assign an IP Address using DHCP...............................................................................................313

Implementation Information............................................................................................................ 314

Page 11

Configure the System to be a DHCP Server.................................................................................... 315

Configuring the Server for Automatic Address Allocation.........................................................315

Configuration Tasks.................................................................................................................... 316

Specifying a Default Gateway..................................................................................................... 317

Enabling the DHCP Server...........................................................................................................317

Configure a Method of Hostname Resolution...........................................................................318

Creating Manual Binding Entries.................................................................................................319

Debugging the DHCP Server...................................................................................................... 319

Using DHCP Clear Commands...................................................................................................319

Configure the System to be a Relay Agent......................................................................................320

Configure the System to be a DHCP Client.....................................................................................322

Configuring the DHCP Client System........................................................................................ 322

DHCP Client on a Management Interface................................................................................. 326

DHCP Client Operation with Other Features.............................................................................327

Configure Secure DHCP...................................................................................................................328

Option 82.................................................................................................................................... 328

DHCP Snooping..........................................................................................................................329

Drop DHCP Packets on Snooped VLANs Only..........................................................................332

Dynamic ARP Inspection............................................................................................................ 333

Configuring Dynamic ARP Inspection........................................................................................334

Source Address Validation.......................................................................................................... 335

15 Equal Cost Multi-Path (ECMP)......................................................................337

ECMP for Flow-Based Affinity.......................................................................................................... 337

Enabling Deterministic ECMP Next Hop.................................................................................... 337

Link Bundle Monitoring.................................................................................................................... 338

Managing ECMP Group Paths..........................................................................................................338

16 FC FLEXIO FPORT...........................................................................................340

FC FLEXIO FPORT.............................................................................................................................340

Configuring Switch Mode to FCF Port Mode..................................................................................340

Name Server...................................................................................................................................... 341

FCoE Maps........................................................................................................................................ 342

Creating an FCoE Map......................................................................................................................342

Zoning............................................................................................................................................... 344

Creating Zone and Adding Members...............................................................................................344

Creating Zone Alias and Adding Members...................................................................................... 345

Creating Zonesets.............................................................................................................................345

Activating a Zoneset......................................................................................................................... 346

Displaying the Fabric Parameters.....................................................................................................346

17 FCoE Transit.................................................................................................... 349

Page 12

Fibre Channel over Ethernet............................................................................................................ 349

Ensure Robustness in a Converged Ethernet Network...................................................................349

FIP Snooping on Ethernet Bridges....................................................................................................351

FIP Snooping in a Switch Stack........................................................................................................ 354

Using FIP Snooping...........................................................................................................................354

Important Points to Remember................................................................................................. 354

Enabling the FCoE Transit Feature............................................................................................. 355

Enable FIP Snooping on VLANs.................................................................................................. 355

Configure the FC-MAP Value..................................................................................................... 355

Configure a Port for a Bridge-to-Bridge Link............................................................................ 355

Configure a Port for a Bridge-to-FCF Link................................................................................ 356

Impact on Other Software Features...........................................................................................356

FIP Snooping Prerequisites.........................................................................................................356

FIP Snooping Restrictions........................................................................................................... 357

Configuring FIP Snooping...........................................................................................................357

Displaying FIP Snooping Information.............................................................................................. 358

FCoE Transit Configuration Example...............................................................................................364

18 FIPS Cryptography......................................................................................... 366

Preparing the System........................................................................................................................366

Enabling FIPS Mode..........................................................................................................................366

Generating Host-Keys...................................................................................................................... 367

Monitoring FIPS Mode Status........................................................................................................... 367

Disabling FIPS Mode......................................................................................................................... 368

19 Force10 Resilient Ring Protocol (FRRP).....................................................370

Protocol Overview............................................................................................................................370

Ring Status................................................................................................................................... 371

Multiple FRRP Rings.....................................................................................................................372

Important FRRP Points................................................................................................................ 373

Important FRRP Concepts.......................................................................................................... 374

Implementing FRRP.......................................................................................................................... 375

FRRP Configuration...........................................................................................................................375

Creating the FRRP Group............................................................................................................376

Configuring the Control VLAN................................................................................................... 376

Configuring and Adding the Member VLANs.............................................................................377

Setting the FRRP Timers..............................................................................................................379

Clearing the FRRP Counters....................................................................................................... 379

Viewing the FRRP Configuration................................................................................................ 379

Viewing the FRRP Information................................................................................................... 380

Troubleshooting FRRP......................................................................................................................380

Configuration Checks.................................................................................................................380

Page 13

Sample Configuration and Topology...............................................................................................381

20 GARP VLAN Registration Protocol (GVRP)................................................383

Important Points to Remember....................................................................................................... 383

Configure GVRP................................................................................................................................384

Related Configuration Tasks.......................................................................................................385

Enabling GVRP Globally....................................................................................................................385

Enabling GVRP on a Layer 2 Interface............................................................................................. 385

Configure GVRP Registration...........................................................................................................386

Configure a GARP Timer.................................................................................................................. 386

21 Internet Group Management Protocol (IGMP).........................................388

IGMP Protocol Overview..................................................................................................................388

IGMP Version 2........................................................................................................................... 388

IGMP Version 3........................................................................................................................... 390

IGMP Snooping.................................................................................................................................393

IGMP Snooping Implementation Information........................................................................... 393

Configuring IGMP Snooping...................................................................................................... 394

Enabling IGMP Immediate-Leave...............................................................................................394

Disabling Multicast Flooding...................................................................................................... 395

Specifying a Port as Connected to a Multicast Router..............................................................395

Configuring the Switch as Querier.............................................................................................395

Fast Convergence after MSTP Topology Changes......................................................................... 396

Designating a Multicast Router Interface........................................................................................ 396

22 Interfaces......................................................................................................... 397

Basic Interface Configuration...........................................................................................................397

Advanced Interface Configuration...................................................................................................397

Interface Types................................................................................................................................. 398

View Basic Interface Information.....................................................................................................398

Enabling a Physical Interface........................................................................................................... 400

Physical Interfaces............................................................................................................................ 401

Configuration Task List for Physical Interfaces..........................................................................401

Overview of Layer Modes........................................................................................................... 401

Configuring Layer 2 (Data Link) Mode....................................................................................... 402

Configuring Layer 2 (Interface) Mode........................................................................................402

Configuring Layer 3 (Network) Mode........................................................................................ 403

Configuring Layer 3 (Interface) Mode........................................................................................403

Management Interfaces................................................................................................................... 404

Configuring Management Interfaces on the MXL Switch.........................................................405

VLAN Interfaces................................................................................................................................ 406

Loopback Interfaces......................................................................................................................... 407

Page 14

Null Interfaces...................................................................................................................................408

Port Channel Interfaces................................................................................................................... 408

Port Channel Definition and Standards..................................................................................... 408

Port Channel Benefits.................................................................................................................408

Port Channel Implementation................................................................................................... 409

100/1000/10000 Mbps Interfaces in Port Channels.................................................................409

Configuration Tasks for Port Channel Interfaces...................................................................... 410

Creating a Port Channel............................................................................................................. 410

Adding a Physical Interface to a Port Channel.......................................................................... 410

Reassigning an Interface to a New Port Channel...................................................................... 412

Configuring the Minimum Oper Up Links in a Port Channel.................................................... 413

Adding or Removing a Port Channel from a VLAN....................................................................413

Assigning an IP Address to a Port Channel................................................................................ 414

Deleting or Disabling a Port Channel.........................................................................................414

Load Balancing through Port Channels........................................................................................... 415

Load-Balancing Method................................................................................................................... 415

Hash Algorithm................................................................................................................................. 416

Server Ports....................................................................................................................................... 416

Default Configuration without Start-up Config......................................................................... 417

Bulk Configuration............................................................................................................................ 417

Interface Range........................................................................................................................... 417

Bulk Configuration Examples..................................................................................................... 418

Defining Interface Range Macros.....................................................................................................419

Define the Interface Range........................................................................................................ 420

Choosing an Interface-Range Macro........................................................................................ 420

Monitoring and Maintaining Interfaces............................................................................................420

Maintenance Using TDR..............................................................................................................421

Splitting QSFP Ports to SFP+ Ports.................................................................................................. 422

Merging SFP+ Ports to QSFP 40G Ports.................................................................................... 423

Configure the MTU Size on an Interface................................................................................... 423

Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port............................................................424

Important Points to Remember................................................................................................. 425

Example Scenarios......................................................................................................................425

Layer 2 Flow Control Using Ethernet Pause Frames.......................................................................425

Enabling Pause Frames...............................................................................................................426

Configure MTU Size on an Interface................................................................................................427

Port-Pipes......................................................................................................................................... 428

Auto-Negotiation on Ethernet Interfaces........................................................................................428

Setting the Speed and Duplex Mode of Ethernet Interfaces.....................................................428

View Advanced Interface Information.............................................................................................430

Configuring the Interface Sampling Size....................................................................................431

Dynamic Counters......................................................................................................................432

Page 15

Enhanced Validation of Interface Ranges........................................................................................434

Enhanced Control of Remote Fault Indication Processing............................................................ 434

23 Internet Protocol Security (IPSec).............................................................. 435

Configuring IPSec ............................................................................................................................436

24 IPv4 Routing................................................................................................... 437

IP Addresses...................................................................................................................................... 437

Implementation Information...................................................................................................... 437

Configuration Tasks for IP Addresses........................................................................................ 438

IPv4 Path MTU Discovery Overview.................................................................................................441

Using the Configured Source IP Address in ICMP Messages..........................................................441

Configuring the ICMP Source Interface.....................................................................................442

Configuring the Duration to Establish a TCP Connection..............................................................442

Enabling Directed Broadcast............................................................................................................443

Resolution of Host Names............................................................................................................... 443

Enabling Dynamic Resolution of Host Names.......................................................................... 443

Specifying the Local System Domain and a List of Domains....................................................444

Configuring DNS with Traceroute............................................................................................. 444

ARP.................................................................................................................................................... 445

Configuration Tasks for ARP...................................................................................................... 446

ARP Learning via Gratuitous ARP..................................................................................................... 447

ARP Learning via ARP Request.........................................................................................................448

Configuring ARP Retries...................................................................................................................449

ICMP..................................................................................................................................................449

Configuration Tasks for ICMP.................................................................................................... 449

UDP Helper....................................................................................................................................... 450

Configure UDP Helper................................................................................................................450

Important Points to Remember................................................................................................. 450

Enabling UDP Helper..................................................................................................................450

Configurations Using UDP Helper....................................................................................................451

UDP Helper with Broadcast-All Addresses.................................................................................451

UDP Helper with Subnet Broadcast Addresses..........................................................................452

UDP Helper with Configured Broadcast Addresses.................................................................. 453

UDP Helper with No Configured Broadcast Addresses............................................................ 453

Troubleshooting UDP Helper...........................................................................................................453

25 IPv6 Addressing.............................................................................................. 455

Protocol Overview............................................................................................................................455

Extended Address Space.............................................................................................................455

Stateless Autoconfiguration....................................................................................................... 455

IPv6 Header Fields.............................................................................................................................457

Page 16

Version (4 bits).............................................................................................................................457

Traffic Class (8 bits)..................................................................................................................... 457

Flow Label (20 bits)..................................................................................................................... 457

Payload Length (16 bits)..............................................................................................................458

Next Header (8 bits).................................................................................................................... 458

Hop Limit (8 bits).........................................................................................................................458

Source Address (128 bits)........................................................................................................... 459

Destination Address (128 bits).................................................................................................... 459

Extension Header Fields................................................................................................................... 459

Hop-by-Hop Options Header....................................................................................................459

Addressing........................................................................................................................................ 460

Link-local Addresses................................................................................................................... 461

Static and Dynamic Addressing.................................................................................................. 461

Implementing IPv6 with the Dell Networking OS............................................................................461

ICMPv6..............................................................................................................................................464

Path MTU Discovery......................................................................................................................... 464

IPv6 Neighbor Discovery..................................................................................................................465

IPv6 Neighbor Discovery of MTU Packets.................................................................................466

Configuring the IPv6 Recursive DNS Server..............................................................................466

Debugging IPv6 RDNSS Information Sent to the Host .............................................................467

Displaying IPv6 RDNSS Information...........................................................................................467

IPv6 Multicast....................................................................................................................................467

Secure Shell (SSH) Over an IPv6 Transport..................................................................................... 468

Configuration Task List for IPv6.......................................................................................................468

Adjusting Your CAM-Profile....................................................................................................... 468

Assigning an IPv6 Address to an Interface.................................................................................469

Assigning a Static IPv6 Route..................................................................................................... 470

Configuring Telnet with IPv6......................................................................................................470

SNMP over IPv6........................................................................................................................... 471

Showing IPv6 Information...........................................................................................................471

Showing an IPv6 Interface.......................................................................................................... 471

Showing IPv6 Routes.................................................................................................................. 472

Showing the Running-Configuration for an Interface.............................................................. 473

Clearing IPv6 Routes...................................................................................................................474

26 iSCSI Optimization.........................................................................................475

iSCSI Optimization Overview............................................................................................................475

Monitoring iSCSI Traffic Flows....................................................................................................477

Information Monitored in iSCSI Traffic Flows............................................................................ 477

Detection and Auto-Configuration for Dell EqualLogic Arrays.................................................477

Configuring Detection and Ports for Dell Compellent Arrays.................................................. 478

iSCSI Optimization: Operation................................................................................................... 478

Page 17

Default iSCSI Optimization Values............................................................................................. 479

Displaying iSCSI Optimization Information..................................................................................... 479

27 Intermediate System to Intermediate System.......................................... 481

IS-IS Protocol Overview....................................................................................................................481

IS-IS Addressing................................................................................................................................ 481

Multi-Topology IS-IS........................................................................................................................ 482

Transition Mode..........................................................................................................................483

Interface Support........................................................................................................................ 483

Adjacencies................................................................................................................................. 483

Graceful Restart................................................................................................................................ 483

Timers..........................................................................................................................................484

Implementation Information............................................................................................................484

Configuration Information............................................................................................................... 485

Configuration Tasks for IS-IS......................................................................................................485

IS-IS Metric Styles............................................................................................................................. 502

Configure Metric Values...................................................................................................................502

Maximum Values in the Routing Table...................................................................................... 502

Change the IS-IS Metric Style in One Level Only...................................................................... 502

Leaks from One Level to Another.............................................................................................. 504

Sample Configurations.....................................................................................................................505

28 Link Aggregation Control Protocol (LACP)...............................................510

Introduction to Dynamic LAGs and LACP........................................................................................510

Important Points to Remember..................................................................................................510

LACP Modes.................................................................................................................................511

Configuring LACP Commands....................................................................................................511

LACP Configuration Tasks................................................................................................................ 512

Creating a LAG.............................................................................................................................512

Configuring the LAG Interfaces as Dynamic.............................................................................. 513

Setting the LACP Long Timeout................................................................................................. 513

Shared LAG State Tracking............................................................................................................... 514

Configuring Shared LAG State Tracking...........................................................................................515

Important Points about Shared LAG State Tracking...................................................................517

LACP Basic Configuration Example..................................................................................................517

Configure a LAG on ALPHA.........................................................................................................517

29 Layer 2..............................................................................................................526

Manage the MAC Address Table...................................................................................................... 526

Clearing the MAC Address Table................................................................................................526

Setting the Aging Time for Dynamic Entries..............................................................................526

Configuring a Static MAC Address..............................................................................................527

Page 18

Displaying the MAC Address Table.............................................................................................527

MAC Learning Limit...........................................................................................................................527

Setting the MAC Learning Limit..................................................................................................528

mac learning-limit Dynamic.......................................................................................................528

mac learning-limit station-move............................................................................................... 529

Learning Limit Violation Actions.................................................................................................529

Setting Station Move Violation Actions......................................................................................529

Recovering from Learning Limit and Station Move Violations..................................................530

NIC Teaming.....................................................................................................................................530

MAC Move Optimization.............................................................................................................532

30 Link Layer Discovery Protocol (LLDP)........................................................ 533

802.1AB (LLDP) Overview................................................................................................................. 533

Protocol Data Units.....................................................................................................................533

Optional TLVs....................................................................................................................................534

Management TLVs.......................................................................................................................535

TIA-1057 (LLDP-MED) Overview...................................................................................................... 537

TIA Organizationally Specific TLVs............................................................................................. 537

Extended Power via MDI TLV......................................................................................................541

Configure LLDP.................................................................................................................................542

Related Configuration Tasks.......................................................................................................542

Important Points to Remember................................................................................................. 542

LLDP Compatibility..................................................................................................................... 542

CONFIGURATION versus INTERFACE Configurations....................................................................542

Enabling LLDP................................................................................................................................... 543

Disabling and Undoing LLDP......................................................................................................543

Advertising TLVs................................................................................................................................544

Viewing the LLDP Configuration......................................................................................................545

Viewing Information Advertised by Adjacent LLDP Agents............................................................ 546

Configuring LLDPDU Intervals..........................................................................................................547

Configuring Transmit and Receive Mode........................................................................................548

Configuring a Time to Live...............................................................................................................549

Debugging LLDP...............................................................................................................................549

Relevant Management Objects........................................................................................................550

31 Microsoft Network Load Balancing............................................................ 557

NLB Unicast Mode Scenario............................................................................................................. 557

NLB Multicast Mode Scenario.......................................................................................................... 558

Limitations With Enabling NLB on Switches....................................................................................558

Benefits and Working of Microsoft Clustering................................................................................ 558

Enable and Disable VLAN Flooding .................................................................................................559

Configuring a Switch for NLB ..........................................................................................................559

Page 19

..................................................................................................................................................... 559

32 Multicast Source Discovery Protocol (MSDP)...........................................560

Protocol Overview............................................................................................................................560

Anycast RP.........................................................................................................................................562

Implementation Information............................................................................................................562

Configure the Multicast Source Discovery Protocol.......................................................................563

Related Configuration Tasks.......................................................................................................563

Enabling MSDP..................................................................................................................................567

Manage the Source-Active Cache...................................................................................................568

Viewing the Source-Active Cache............................................................................................. 568

Limiting the Source-Active Cache............................................................................................. 569

Clearing the Source-Active Cache.............................................................................................569

Enabling the Rejected Source-Active Cache.............................................................................569

Accept Source-Active Messages that Fail the RFP Check.............................................................. 569

Specifying Source-Active Messages.................................................................................................573

Limiting the Source-Active Messages from a Peer..........................................................................574

Preventing MSDP from Caching a Local Source............................................................................. 574

Preventing MSDP from Caching a Remote Source......................................................................... 575

Preventing MSDP from Advertising a Local Source.........................................................................576

Logging Changes in Peership States................................................................................................ 577

Terminating a Peership..................................................................................................................... 577

Clearing Peer Statistics..................................................................................................................... 578

Debugging MSDP..............................................................................................................................578

MSDP with Anycast RP......................................................................................................................579

Configuring Anycast RP....................................................................................................................580

Reducing Source-Active Message Flooding.............................................................................. 581

Specifying the RP Address Used in SA Messages.......................................................................581

MSDP Sample Configurations..........................................................................................................584

33 Multiple Spanning Tree Protocol (MSTP)...................................................587

Protocol Overview............................................................................................................................ 587

Spanning Tree Variations..................................................................................................................588

Implementation Information............................................................................................................588

Configure Multiple Spanning Tree Protocol....................................................................................588

Related Configuration Tasks...................................................................................................... 588

Enable Multiple Spanning Tree Globally..........................................................................................589

Creating Multiple Spanning Tree Instances.....................................................................................589

Influencing MSTP Root Selection.................................................................................................... 590

Interoperate with Non-Dell Networking OS Bridges.......................................................................591

Changing the Region Name or Revision..........................................................................................591

Modifying Global Parameters...........................................................................................................592

Page 20

Enable BPDU Filtering Globally........................................................................................................ 593

Modifying the Interface Parameters.................................................................................................594

Configuring an EdgePort..................................................................................................................595

Flush MAC Addresses after a Topology Change............................................................................. 596

MSTP Sample Configurations...........................................................................................................596

Router 1 Running-ConfigurationRouter 2 Running-ConfigurationRouter 3 Running-

ConfigurationSFTOS Example Running-Configuration.............................................................597

Debugging and Verifying MSTP Configurations............................................................................. 600

34 Multicast Features......................................................................................... 603

Enabling IP Multicast........................................................................................................................ 603

Implementation Information............................................................................................................603

First Packet Forwarding for Lossless Multicast................................................................................604

Multicast Policies..............................................................................................................................604

IPv4 Multicast Policies......................................................................................................................604

Limiting the Number of Multicast Routes..................................................................................605

Preventing a Host from Joining a Group...................................................................................605

Rate Limiting IGMP Join Requests.............................................................................................609

Preventing a PIM Router from Forming an Adjacency..............................................................609

Preventing a Source from Registering with the RP...................................................................609

Preventing a PIM Router from Processing a Join...................................................................... 612

35 Open Shortest Path First (OSPFv2 and OSPFv3).......................................613

Protocol Overview............................................................................................................................ 613

Autonomous System (AS) Areas..................................................................................................613

Area Types................................................................................................................................... 614

Networks and Neighbors............................................................................................................ 615

Router Types................................................................................................................................615

Link-State Advertisements (LSAs)................................................................................................617

Router Priority and Cost..............................................................................................................619

OSPF with the Dell Networking OS..................................................................................................619

Graceful Restart.......................................................................................................................... 620

Fast Convergence (OSPFv2, IPv4 Only)......................................................................................621

Multi-Process OSPFv2 (IPv4 only).............................................................................................. 621

RFC-2328 Compliant OSPF Flooding........................................................................................ 622

OSPF ACK Packing...................................................................................................................... 623

Setting OSPF Adjacency with Cisco Routers............................................................................. 623

Configuration Information............................................................................................................... 624

Configuration Task List for OSPFv2 (OSPF for IPv4)..................................................................624

Troubleshooting OSPFv2............................................................................................................638

Configuration Task List for OSPFv3 (OSPF for IPv6)....................................................................... 642

Enabling IPv6 Unicast Routing................................................................................................... 643

Page 21

Assigning IPv6 Addresses on an Interface................................................................................. 643

Assigning Area ID on an Interface..............................................................................................643

Assigning OSPFv3 Process ID and Router ID Globally.............................................................. 644

Configuring Stub Areas...............................................................................................................644

Configuring Passive-Interface....................................................................................................644

Redistributing Routes..................................................................................................................645

Configuring a Default Route...................................................................................................... 645

Enabling OSPFv3 Graceful Restart............................................................................................. 646

Displaying Graceful Restart........................................................................................................ 647

OSPFv3 Authentication Using IPsec...........................................................................................648

36 Policy-based Routing (PBR).........................................................................658

Overview........................................................................................................................................... 658

Implementing Policy-based Routing with Dell Networking OS.....................................................660

Configuration Task List for Policy-based Routing.......................................................................... 660

PBR Exceptions (Permit)............................................................................................................. 663

Sample Configuration...................................................................................................................... 666

Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View

Redirect-List GOLD.................................................................................................................... 666

37 PIM Sparse-Mode (PIM-SM)..........................................................................671

Implementation Information............................................................................................................ 671

Protocol Overview.............................................................................................................................671

Requesting Multicast Traffic........................................................................................................671

Refuse Multicast Traffic...............................................................................................................672

Send Multicast Traffic..................................................................................................................672

Configuring PIM-SM......................................................................................................................... 673

Related Configuration Tasks.......................................................................................................673

Enable PIM-SM..................................................................................................................................673

Configuring S,G Expiry Timers..........................................................................................................675

Configuring a Static Rendezvous Point........................................................................................... 676

Overriding Bootstrap Router Updates........................................................................................676

Configuring a Designated Router.....................................................................................................677

Creating Multicast Boundaries and Domains...................................................................................677

Enabling PIM-SM Graceful Restart...................................................................................................678

38 PIM Source-Specific Mode (PIM-SSM).......................................................679

Configure PIM-SMM......................................................................................................................... 679

Related Configuration Tasks.......................................................................................................679

Implementation Information........................................................................................................... 680

Important Points to Remember.................................................................................................680

Enabling PIM-SSM............................................................................................................................ 680

Page 22

Use PIM-SSM with IGMP Version 2 Hosts........................................................................................681

Configuring PIM-SSM with IGMPv2............................................................................................681

39 Port Monitoring..............................................................................................683

Important Points to Remember....................................................................................................... 683

Configuring Port Monitoring............................................................................................................684

Enabling Flow-Based Monitoring.................................................................................................... 686

Remote Port Mirroring......................................................................................................................687

Remote Port Mirroring Example.................................................................................................687

Configuring Remote Port Mirroring...........................................................................................688

Displaying Remote-Port Mirroring Configurations...................................................................690

Configuring the Sample Remote Port Mirroring....................................................................... 690

Configuring the Encapsulated Remote Port Mirroring................................................................... 693

Configuration steps for ERPM ................................................................................................... 693

ERPM Behavior on a typical Dell Networking OS ...........................................................................695

Decapsulation of ERPM packets at the Destination IP/ Analyzer............................................. 695

40 Private VLANs (PVLAN)..................................................................................697

Private VLAN Concepts.....................................................................................................................697

Using the Private VLAN Commands.......................................................................................... 698

Configuration Task List...............................................................................................................699

Private VLAN Configuration Example.........................................................................................703

41 Per-VLAN Spanning Tree Plus (PVST+).......................................................707

Protocol Overview............................................................................................................................ 707

Implementation Information......................................................................................................708

Configure Per-VLAN Spanning Tree Plus........................................................................................ 708

Related Configuration Tasks...................................................................................................... 708

Enabling PVST+.................................................................................................................................708

Disabling PVST+................................................................................................................................709

Influencing PVST+ Root Selection.............................................................................................709

Modifying Global PVST+ Parameters................................................................................................711

Modifying Interface PVST+ Parameters............................................................................................712

Configuring an EdgePort...................................................................................................................713

PVST+ in Multi-Vendor Networks.....................................................................................................714

Enabling PVST+ Extend System ID................................................................................................... 714

PVST+ Sample Configurations..........................................................................................................715

Enable BPDU Filtering globally..........................................................................................................717

42 Quality of Service (QoS)................................................................................ 719

Implementation Information.............................................................................................................721

Port-Based QoS Configurations....................................................................................................... 721

Page 23

Setting dot1p Priorities for Incoming Traffic.............................................................................. 721

Honoring dot1p Priorities on Ingress Traffic..............................................................................722

Configuring Port-Based Rate Policing....................................................................................... 723

Configuring Port-Based Rate Shaping....................................................................................... 723

Guidelines for Configuring ECN for Classifying and Color-Marking Packets................................ 724

Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class..........724

Classifying Incoming Packets Using ECN and Color-Marking..................................................725

Sample configuration to mark non-ecn packets as “yellow” with single traffic class..............727

Policy-Based QoS Configurations....................................................................................................729

DSCP Color Maps........................................................................................................................729

Classify Traffic..............................................................................................................................731

Create a QoS Policy.................................................................................................................... 736

Create Policy Maps......................................................................................................................739

Enabling QoS Rate Adjustment........................................................................................................ 744

Enabling Strict-Priority Queueing.................................................................................................... 745

Weighted Random Early Detection..................................................................................................745

Creating WRED Profiles.............................................................................................................. 746

Applying a WRED Profile to Traffic............................................................................................. 747

Displaying Default and Configured WRED Profiles....................................................................747

Displaying WRED Drop Statistics................................................................................................ 747

Displaying egress-queue Statistics.............................................................................................748

Classifying Layer 2 Traffic on Layer 3 Interfaces ...................................................................... 748

Classifying Packets Based on a Combination of DSCP Code Points and VLAN IDs................ 749

43 Routing Information Protocol (RIP)............................................................751

Protocol Overview.............................................................................................................................751

RIPv1.............................................................................................................................................751

RIPv2............................................................................................................................................ 752

Implementation Information............................................................................................................ 752

Configuration Information................................................................................................................752

Configuration Task List............................................................................................................... 752

RIP Configuration Example.........................................................................................................759

44 Remote Monitoring (RMON)........................................................................765

Implementation Information............................................................................................................ 765

Fault Recovery...................................................................................................................................766

Setting the rmon Alarm...............................................................................................................766

Configuring an RMON Event...................................................................................................... 767

Configuring RMON Collection Statistics....................................................................................768

Configuring the RMON Collection History................................................................................768

Enabling an RMON MIB Collection History Group....................................................................769

Page 24

45 Rapid Spanning Tree Protocol (RSTP)........................................................770

Protocol Overview............................................................................................................................ 770

Configuring Rapid Spanning Tree.................................................................................................... 770

Related Configuration Tasks.......................................................................................................770

Important Points to Remember.................................................................................................. 771

Configuring Interfaces for Layer 2 Mode..........................................................................................771

Enabling Rapid Spanning Tree Protocol Globally............................................................................ 771

Adding and Removing Interfaces..................................................................................................... 774

Modifying Global Parameters........................................................................................................... 775

Enable BPDU Filtering Globally.........................................................................................................776

Modifying Interface Parameters........................................................................................................777

Configuring an EdgePort.................................................................................................................. 778

Influencing RSTP Root Selection......................................................................................................779

SNMP Traps for Root Elections and Topology Changes.................................................................779

Configuring Fast Hellos for Link State Detection............................................................................ 779

46 Security............................................................................................................ 781

AAA Accounting.................................................................................................................................781

Configuration Task List for AAA Accounting.............................................................................. 781

AAA Authentication...........................................................................................................................783

Configuration Task List for AAA Authentication........................................................................ 784

AAA Authorization.............................................................................................................................786

Privilege Levels Overview........................................................................................................... 786

Configuration Task List for Privilege Levels................................................................................787

RADIUS...............................................................................................................................................791

RADIUS Authentication and Authorization.................................................................................792

Configuration Task List for RADIUS............................................................................................793

TACACS+...........................................................................................................................................796

Configuration Task List for TACACS+........................................................................................ 796

Choosing TACACS+ as the Authentication Method..................................................................796

Monitoring TACACS+..................................................................................................................798

TACACS+ Remote Authentication and Authorization...............................................................798

Specifying a TACACS+ Server Host............................................................................................799

Command Authorization............................................................................................................799

Protection from TCP Tiny and Overlapping Fragment Attacks......................................................800

Enabling SCP and SSH......................................................................................................................800

Using SCP with SSH to Copy a Software Image........................................................................ 801

Removing the RSA Host Keys and Zeroizing Storage .............................................................. 802

Configuring When to Re-generate an SSH Key ........................................................................802

Configuring the SSH Server Key Exchange Algorithm.............................................................. 803

Configuring the HMAC Algorithm for the SSH Server...............................................................803

Page 25

Configuring the SSH Server Cipher List.....................................................................................804

Secure Shell Authentication....................................................................................................... 805

Troubleshooting SSH..................................................................................................................807

Telnet................................................................................................................................................ 808

VTY Line and Access-Class Configuration......................................................................................808

VTY Line Local Authentication and Authorization.................................................................... 808

VTY Line Remote Authentication and Authorization................................................................ 809

VTY MAC-SA Filter Support.........................................................................................................810

Role-Based Access Control..............................................................................................................810

Overview of RBAC....................................................................................................................... 811

User Roles....................................................................................................................................814

AAA Authentication and Authorization for Roles....................................................................... 817

Role Accounting......................................................................................................................... 820

Display Information About User Roles.......................................................................................822

47 Service Provider Bridging.............................................................................824

VLAN Stacking...................................................................................................................................824

Important Points to Remember................................................................................................. 825

Configure VLAN Stacking........................................................................................................... 826

Creating Access and Trunk Ports...............................................................................................826

Enable VLAN-Stacking for a VLAN............................................................................................. 827

Configuring the Protocol Type Value for the Outer VLAN Tag................................................ 827

Configuring Options for Trunk Ports......................................................................................... 828

Debugging VLAN Stacking..........................................................................................................829

VLAN Stacking in Multi-Vendor Networks.................................................................................829

VLAN Stacking Packet Drop Precedence.........................................................................................833

Enabling Drop Eligibility..............................................................................................................833

Honoring the Incoming DEI Value.............................................................................................834

Marking Egress Packets with a DEI Value.................................................................................. 834

Dynamic Mode CoS for VLAN Stacking...........................................................................................835

Mapping C-Tag to S-Tag dot1p Values..................................................................................... 836

Layer 2 Protocol Tunneling.............................................................................................................. 837

Implementation Information......................................................................................................839

Enabling Layer 2 Protocol Tunneling........................................................................................ 840

Specifying a Destination MAC Address for BPDUs....................................................................840

Setting Rate-Limit BPDUs.......................................................................................................... 840

Debugging Layer 2 Protocol Tunneling..................................................................................... 841

Provider Backbone Bridging.............................................................................................................841

48 sFlow................................................................................................................ 842

Overview........................................................................................................................................... 842

Implementation Information............................................................................................................842

Page 26

Important Points to Remember................................................................................................. 843

Enabling and Disabling sFlow...........................................................................................................843

Enabling and Disabling sFlow on an Interface...........................................................................843

Enabling sFlow Max-Header Size Extended....................................................................................844

sFlow Show Commands...................................................................................................................845

Displaying Show sFlow Global................................................................................................... 845

Displaying Show sFlow on an Interface.....................................................................................846

Displaying Show sFlow on a Stack Unit.....................................................................................846

Configuring Specify Collectors........................................................................................................846

Changing the Polling Intervals......................................................................................................... 847

Changing the Sampling Rate............................................................................................................847

Sub-Sampling............................................................................................................................. 848

Back-Off Mechanism....................................................................................................................... 848

sFlow on LAG ports.......................................................................................................................... 849

Enabling Extended sFlow................................................................................................................. 849

49 Simple Network Management Protocol (SNMP)......................................851

Implementation Information............................................................................................................ 851

Configuration Task List for SNMP...............................................................................................851

Important Points to Remember................................................................................................. 852

SNMPv3 Compliance With FIPS....................................................................................................... 852

Set up SNMP......................................................................................................................................853

Creating a Community............................................................................................................... 854

Setting Up User-Based Security (SNMPv3)...................................................................................... 854

Reading Managed Object Values.....................................................................................................856

Writing Managed Object Values.......................................................................................................857

Configuring Contact and Location Information using SNMP.........................................................857

Subscribing to Managed Object Value Updates using SNMP.........................................................858

Enabling a Subset of SNMP Traps.................................................................................................... 859

Enabling an SNMP Agent to Notify Syslog Server Failure................................................................861

Copy Configuration Files Using SNMP............................................................................................ 862

Copying a Configuration File........................................................................................................... 864

Copying Configuration Files via SNMP............................................................................................ 865

Copying the Startup-Config Files to the Running-Config..............................................................866

Copying the Startup-Config Files to the Server via FTP................................................................. 866

Copying the Startup-Config Files to the Server via TFTP................................................................867

Copying a Binary File to the Startup-Configuration........................................................................867

Additional MIB Objects to View Copy Statistics.............................................................................. 868

MIB Support to Display the Available Memory Size on Flash..........................................................869

Viewing the Available Flash Memory Size..................................................................................869

MIB Support to Display the Software Core Files Generated by the System.................................. 869

Viewing the Software Core Files Generated by the System......................................................870

Page 27

Obtaining a Value for MIB Objects...................................................................................................870

Manage VLANs using SNMP..............................................................................................................871

Creating a VLAN...........................................................................................................................871

Assigning a VLAN Alias.................................................................................................................871

Displaying the Ports in a VLAN................................................................................................... 872

Add Tagged and Untagged Ports to a VLAN..............................................................................873

Enabling and Disabling a Port using SNMP......................................................................................874

Fetch Dynamic MAC Entries using SNMP........................................................................................ 875

Deriving Interface Indices................................................................................................................. 877

Monitor Port-Channels.....................................................................................................................878

BMP Functionality Using SNMP SET.................................................................................................879

Entity MIBS........................................................................................................................................880

Physical Entity.............................................................................................................................880

Containment Tree...................................................................................................................... 880

Troubleshooting SNMP Operation...................................................................................................881

50 Stacking........................................................................................................... 882

Stacking MXL 10/40GbE Switches................................................................................................... 882

Stack Management Roles........................................................................................................... 883

Stack Master Election................................................................................................................. 884

Failover Roles.............................................................................................................................. 885

MAC Addressing..........................................................................................................................885

Stacking LAG............................................................................................................................... 885

Supported Stacking Topologies................................................................................................. 885

Stack Group/Port Numbers..............................................................................................................887

Configuring a Switch Stack..............................................................................................................888

Stacking Prerequisites.................................................................................................................888

Master Selection Criteria............................................................................................................ 889

Configuring Priority and stack-group........................................................................................889

Cabling Stacked Switches.......................................................................................................... 890

Accessing the CLI........................................................................................................................891

Configuring and Bringing Up a Stack......................................................................................... 891

Removing a Switch from a Stack............................................................................................... 894

Adding a Stack Unit.....................................................................................................................895

Merging Two Stacks................................................................................................................... 896

Splitting a Stack...........................................................................................................................896

Managing Redundant Stack Management.................................................................................896

Resetting a Unit on a Stack.........................................................................................................897

Verify a Stack Configuration.............................................................................................................897

Using Show Commands.............................................................................................................898

Troubleshooting a Switch Stack...................................................................................................... 900

Failure Scenarios...............................................................................................................................902

Page 28

Stack Member FailsUnplugged Stacking CableMaster Switch FailsStack-Link Flapping ErrorMaster Switch Recovers from FailureStack Unit in Card-Problem State Due to Incorrect Dell Networking OS VersionStack Unit in Card-Problem State Due to

Configuration Mismatch.............................................................................................................902

Upgrading a Switch Stack.................................................................................................................905

Upgrading a Single Stack Unit..........................................................................................................906

51 Storm Control.................................................................................................908

Configure Storm Control................................................................................................................. 908

Configuring Storm Control from INTERFACE Mode.................................................................908

Configuring Storm Control from CONFIGURATION Mode......................................................908

52 Spanning Tree Protocol (STP)..................................................................... 909

Protocol Overview............................................................................................................................909

Configure Spanning Tree................................................................................................................. 909

Related Configuration Tasks...................................................................................................... 909

Important Points to Remember..................................................................................................910

Configuring Interfaces for Layer 2 Mode......................................................................................... 911

Enabling Spanning Tree Protocol Globally...................................................................................... 912

Adding an Interface to the Spanning Tree Group............................................................................915

Removing an Interface from the Spanning Tree Group..................................................................915

Modifying Global Parameters........................................................................................................... 915

Modifying Interface STP Parameters................................................................................................916

Enabling PortFast...............................................................................................................................917

Prevent Network Disruptions with BPDU Guard........................................................................918

Global BPDU Filtering.......................................................................................................................920

Interface BPDU Filtering............................................................................................................. 920

Selecting STP Root............................................................................................................................921

STP Root Guard................................................................................................................................ 922

Root Guard Scenario.................................................................................................................. 922

Configuring Root Guard............................................................................................................. 923

SNMP Traps for Root Elections and Topology Changes................................................................ 924

Displaying STP Guard Configuration............................................................................................... 924

53 System Time and Date...................................................................................925

Network Time Protocol....................................................................................................................925

Protocol Overview......................................................................................................................926

Configure the Network Time Protocol...................................................................................... 927

Enabling NTP...............................................................................................................................927

Configuring NTP Broadcasts......................................................................................................928

Disabling NTP on an Interface....................................................................................................928

Configuring a Source IP Address for NTP Packets....................................................................928

Page 29

Configuring NTP Authentication................................................................................................929

Dell Networking OS Time and Date................................................................................................. 931

Configuration Task List ...............................................................................................................931

Set Daylight Saving Time............................................................................................................ 933

54 Tunneling ....................................................................................................... 936

Configuring a Tunnel........................................................................................................................936

Configuring Tunnel keepalive.......................................................................................................... 937

Configuring the ip and ipv6 unnumbered....................................................................................... 938

Configuring the Tunnel allow-remote............................................................................................ 938

Configuring the Tunnel Source Anylocal........................................................................................ 939

55 Uplink Failure Detection (UFD)................................................................... 940

Feature Description.......................................................................................................................... 940

How Uplink Failure Detection Works............................................................................................... 941

UFD and NIC Teaming......................................................................................................................942

Important Points to Remember....................................................................................................... 943

Configuring Uplink Failure Detection.............................................................................................. 943

Clearing a UFD-Disabled Interface.................................................................................................. 945

Displaying Uplink Failure Detection.................................................................................................946

Sample Configuration: Uplink Failure Detection............................................................................ 948

56 Upgrade Procedures..................................................................................... 950

Get Help with Upgrades...................................................................................................................950

57 Virtual LANs (VLANs)...................................................................................... 951

Default VLAN..................................................................................................................................... 951

Port-Based VLANs.......................................................................................................................952

VLANs and Port Tagging.............................................................................................................953

Configuration Task List............................................................................................................... 953

Configuring Native VLANs.......................................................................................................... 957

Enabling Null VLAN as the Default VLAN.........................................................................................958

58 Virtual Link Trunking (VLT).......................................................................... 959

Overview........................................................................................................................................... 959

Multi-domain VLT.......................................................................................................................960

VLT Terminology...............................................................................................................................961

Configure Virtual Link Trunking........................................................................................................961

Important Points to Remember................................................................................................. 962

Configuration Notes................................................................................................................... 962

RSTP and VLT..............................................................................................................................966

VLT Bandwidth Monitoring.........................................................................................................967

Page 30

VLT and IGMP Snooping.............................................................................................................967

VLT Port Delayed Restoration.................................................................................................... 967

PIM-Sparse Mode Support on VLT.............................................................................................968

VLT Multicast...............................................................................................................................969

VLT Unicast Routing................................................................................................................... 970

Non-VLT ARP Sync......................................................................................................................971

RSTP Configuration...........................................................................................................................972

Preventing Forwarding Loops in a VLT Domain........................................................................ 972

Sample RSTP Configuration........................................................................................................972

Configuring VLT.......................................................................................................................... 973

Configuring a VLT Interconnect.................................................................................................973

Configuring a VLT Backup Link.................................................................................................. 974

Configuring a VLT Port Delay Period......................................................................................... 975

Reconfiguring the Default VLT Settings (Optional) ...................................................................975

Connecting a VLT Domain to an Attached Access Device (Switch or Server).........................976

Configuring a VLT VLAN Peer-Down (Optional)........................................................................977

Configure Multi-domain VLT (mVLT) (Optional)........................................................................977

Verifying a VLT Configuration.................................................................................................... 980

Connecting a VLT Domain......................................................................................................... 983

PVST+ Configuration........................................................................................................................988

Sample PVST+ Configuration.....................................................................................................988

mVLT Configuration Example..........................................................................................................989

In Domain 1, configure the VLT domain and VLTi on Peer 1Configure mVLT on Peer 1Add links to the mVLT port-channel on Peer 1Next, configure the VLT domain and VLTi on Peer 2Configure mVLT on Peer 2Add links to the mVLT port-channel on Peer 2In Domain 2, configure the VLT domain and VLTi on Peer 3Configure mVLT on Peer 3Add links to the mVLT port-channel on Peer 3Configure the VLT domain and VLTi on Peer

4Configure mVLT on Peer 4Add links to the mVLT port-channel on Peer 4..........................990

PIM-Sparse Mode Configuration Example.......................................................................................991

Additional VLT Sample Configurations............................................................................................ 992

Configuring Virtual Link Trunking (VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer

2)Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access

Switch).........................................................................................................................................992

Troubleshooting VLT........................................................................................................................994

Specifying VLT Nodes in a PVLAN................................................................................................... 996

Association of VLTi as a Member of a PVLAN............................................................................997

MAC Synchronization for VLT Nodes in a PVLAN..................................................................... 998

PVLAN Operations When One VLT Peer is Down..................................................................... 998

PVLAN Operations When a VLT Peer is Restarted.....................................................................998

Interoperation of VLT Nodes in a PVLAN with ARP Requests...................................................998

Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN....... 999

Configuring a VLT VLAN or LAG in a PVLAN.................................................................................1000

Page 31

Creating a VLT LAG or a VLT VLAN.......................................................................................... 1001

Associating the VLT LAG or VLT VLAN in a PVLAN................................................................. 1002

Proxy ARP Capability on VLT Peer Nodes..................................................................................... 1003

Working of Proxy ARP for VLT Peer Nodes............................................................................. 1003

Configuring VLAN-Stack over VLT................................................................................................ 1004

59 Virtual Router Redundancy Protocol (VRRP)......................................... 1008

VRRP Overview...............................................................................................................................1008

VRRP Benefits................................................................................................................................. 1009

VRRP Implementation.................................................................................................................... 1009

VRRP Configuration........................................................................................................................ 1010

Configuration Task List............................................................................................................. 1010

Setting VRRP Initialization Delay...............................................................................................1019

Sample Configurations...................................................................................................................1020

VRRP for an IPv4 Configuration...............................................................................................1020

60 Standards Compliance................................................................................1023

IEEE Compliance.............................................................................................................................1023

RFC and I-D Compliance............................................................................................................... 1024

General Internet Protocols.............................................................................................................1024

General IPv4 Protocols...................................................................................................................1025

Border Gateway Protocol (BGP).................................................................................................... 1026

Open Shortest Path First (OSPF).................................................................................................... 1026

Routing Information Protocol (RIP)................................................................................................1027

Network Management....................................................................................................................1027

MIB Location...................................................................................................................................1030

61 FC Flex IO Modules...................................................................................... 1031

FC Flex IO Modules......................................................................................................................... 1031

Understanding and Working of the FC Flex IO Modules...............................................................1031

FC Flex IO Modules Overview...................................................................................................1031

FC Flex IO Module Capabilities and Operations......................................................................1033

Guidelines for Working with FC Flex IO Modules....................................................................1033

Processing of Data Traffic........................................................................................................ 1036

Installing and Configuring the Switch...................................................................................... 1037

Interconnectivity of FC Flex IO Modules with Cisco MDS Switches...................................... 1040

Data Center Bridging (DCB)............................................................................................................1041

Ethernet Enhancements in Data Center Bridging................................................................... 1042

Enabling Data Center Bridging.................................................................................................1049

QoS dot1p Traffic Classification and Queue Assignment.......................................................1050

Configure Enhanced Transmission Selection.......................................................................... 1051

Configure a DCBx Operation................................................................................................... 1053

Page 32

Verifying the DCB Configuration..............................................................................................1063

PFC and ETS Configuration Examples......................................................................................1073

Using PFC and ETS to Manage Data Center Traffic.................................................................1073

Fibre Channel over Ethernet for FC Flex IO Modules....................................................................1077

NPIV Proxy Gateway for FC Flex IO Modules................................................................................ 1077

NPIV Proxy Gateway Configuration on FC Flex IO Modules ..................................................1077

NPIV Proxy Gateway Operations and Capabilities...................................................................1078

Configuring an NPIV Proxy Gateway....................................................................................... 1082

Displaying NPIV Proxy Gateway Information.......................................................................... 1088

Page 33

About this Guide

This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Networking MXL 10/40GbE Switch IO Module.

The MXL 10/40GbE Switch IO Module is installed in a Dell PowerEdge M1000e Enclosure. For information about how to install and perform the initial switch configuration, refer to the Getting Started Guides on the Dell Support website at http://support.dell.com/manuals.

Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Networking systems. For complete information about protocols, refer to related documentation, including IETF requests for comments (RFCs). The instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files (MIBs).

Audience

This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 and Layer 3 networking technologies.

Conventions

This guide uses the following conventions to describe command syntax.

Keyword

parameter Parameters are in italics and require a number or word to be entered in the CLI.

{X} Keywords and parameters within braces must be entered in the CLI.

[X] Keywords and parameters within brackets are optional.

x|y Keywords and parameters separated by a bar require you to choose one option.

x||y Keywords and parameters separated by a double bar allows you to choose any or

About this Guide

Keywords are in Courier (a monospaced font) and must be entered in the CLI as listed.

all of the options.

Page 34

Information Symbols

This book uses the following information symbols.

NOTE: The Note icon signals important operational information.

CAUTION: The Caution icon signals information about situations that could result in equipment damage or loss of data.

WARNING: The Warning icon signals information about hardware handling that could result in injury.

* (Exception). This symbol is a note associated with additional text on the page that is marked with an asterisk.

Configuration Fundamentals

The Dell Networking operating system command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols.

The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.

In the Dell Networking OS, after you enable a command, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location. For more information, refer to

Save the Running-Configuration.

NOTE: You can use the chassis management controller (CMC) out-of-band management interface to access and manage an MXL Switch using the CLI. For information about how to access the CMC to configure an MXL Switch, refer to the Dell Chassis Management Controller (CMC) User's Guide on the Dell Support website.

Accessing the Command Line

Access the CLI through a serial console port or a Telnet session. When the system successfully boots, enter the command line in EXEC mode.

telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: username Password: Dell>

CLI Modes

Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (except for EXEC mode

commands with a preceding do command (refer to The do Command section).

You can set user access rights to commands and command modes using privilege levels; for more information about privilege levels and security options, refer to the Privilege Levels Overview section in the Security chapter.

Configuration Fundamentals

Page 36

The CLI is divided into three major mode levels:

• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a

limited selection of commands is available, notably the show commands, which allow you to view

system information.

• EXEC Privilege mode has commands to view configurations, clear counters, manage configuration

files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is

unrestricted. You can configure a password for this mode; refer to the Configure the Enable Password

section in the Getting Started chapter.

• CONFIGURATION mode allows you to configure security features, time settings, set logging and

SNMP functions, configure static ARP and MAC addresses, and set line cards on the system.

Beneath CONFIGURATION mode are submodes that apply to interfaces, protocols, and features. The following example shows the submode command structure. Two sub-CONFIGURATION modes are important when configuring the chassis for the first time:

• INTERFACE sub-mode is the mode in which you configure Layer 2 and Layer 3 protocols and IP

services specific to an interface. An interface can be physical (Management interface, 10 Gigabit

Ethernet, 40 Gigabit Ethernet, or synchronous optical network technologies [SONET]) or logical

(Loopback, Null, port channel, or virtual local area network [VLAN]).

• LINE sub-mode is the mode in which you to configure the console and virtual terminal lines.

NOTE: At any time, entering a question mark (?) displays the available command options. For example, when you are in CONFIGURATION mode, entering the question mark first lists all available commands, including the possible submodes.

The CLI modes are:

EXEC EXEC Privilege CONFIGURATION INTERFACE TEN GIGABIT ETHERNET FORTY GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET MONITOR SESSION NULL PORT-CHANNEL VLAN IP IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST MONITOR SESSION MULTIPLE SPANNING TREE PROTOCOL GVRP PROTOCOL LLDP PER-VLAN SPANNING TREE RAPID SPANNING TREE ROUTE-MAP ROUTER OSPF

Configuration Fundamentals

Page 37

ROUTER RIP SPANNING TREE

Navigating CLI Modes

The Dell Networking OS prompt changes to indicate the CLI mode.

The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the

NOTE: Sub-CONFIGURATION modes all have the letters “conf” in the prompt with more modifiers to identify the mode and slot/port information.

Table 1. Dell Networking OS Command Modes

CLI Command Mode Prompt Access Command

EXEC

exit command which moves you up one command mode level.

Dell>

Access the router through the console or Telnet.

EXEC Privilege

CONFIGURATION

NOTE: Access all of the following modes from CONFIGURATION mode.

AS-PATH ACL

Gigabit Ethernet Interface

10 Gigabit Ethernet Interface

Interface Range

Loopback Interface

Management Ethernet Interface

Null Interface

Dell#

Dell(conf)#

Dell(config-as-path)# ip as-path access-list

Dell(conf-if-gi-0/0)#

Dell(conf-if-te-0/0)#

Dell(conf-if-range)#

Dell(conf-if-lo-0)#

Dell(conf-if-ma-0/0)#

Dell(conf-if-nu-0)#

• From EXEC mode, enter the enable command.

• From any other mode, use the end command.

• From EXEC privilege mode, enter the configure command.

• From every mode except EXEC and EXEC Privilege, enter the exit command.

interface (INTERFACE modes)

Port-channel Interface

Tunnel Interface

VLAN Interface

Configuration Fundamentals

Dell(conf-if-po-0)#

Dell(conf-if-tu-0)#

Dell(conf-if-vl-0)#

interface (INTERFACE modes)

Page 38

CLI Command Mode Prompt Access Command

STANDARD ACCESS-LIST

Dell(config-std-nacl)#

ip access-list standard (IP

ACCESS-LIST Modes)

EXTENDED ACCESS-LIST

IP COMMUNITY-LIST

AUXILIARY

CONSOLE

VIRTUAL TERMINAL

STANDARD ACCESS-LIST

EXTENDED ACCESS-LIST

MULTIPLE SPANNING TREE

Per-VLAN SPANNING TREE Plus

PREFIX-LIST

RAPID SPANNING TREE

Dell(config-ext-nacl)#

ip access-list extended (IP

ACCESS-LIST Modes)

Dell(config-community-

ip community-list

list)#

Dell(config-line-aux)#

Dell(config-line-

line (LINE Modes)

console)#

Dell(config-line-vty)#

line (LINE Modes)

Dell(config-std-macl)# mac access-list standard

(MAC ACCESS-LIST Modes)

Dell(config-ext-macl)# mac access-list extended

(MAC ACCESS-LIST Modes)

Dell(config-mstp)# protocol spanning-tree

mstp

Dell(config-pvst)# protocol spanning-tree

pvst

Dell(conf-nprefixl)# ip prefix-list

Dell(config-rstp)# protocol spanning-tree

rstp

REDIRECT

ROUTE-MAP

ROUTER BGP

BGP ADDRESS-FAMILY

ROUTER ISIS

ISIS ADDRESS-FAMILY

ROUTER OSPF

ROUTER OSPFV3

ROUTER RIP

SPANNING TREE

Dell(conf-redirect-list)# ip redirect-list

Dell(config-route-map)# route-map

Dell(conf-router_bgp)# router bgp

Dell(conf-router_bgp_af)#

(for IPv4)

Dell(conf-

address-family {ipv4 multicast | ipv6 unicast}

(ROUTER BGP Mode)

routerZ_bgpv6_af)# (for IPv6)

Dell(conf-router_isis)# router isis

Dell(conf-router_isisaf_ipv6)#

address-family ipv6 unicast (ROUTER ISIS Mode)

Dell(conf-router_ospf)# router ospf

Dell(conf-

ipv6 router ospf

ipv6router_ospf)#

Dell(conf-router_rip)# router rip

Dell(config-span)# protocol spanning-tree 0

Configuration Fundamentals

Page 39

CLI Command Mode Prompt Access Command

TRACE-LIST

Dell(conf-trace-acl)# ip trace-list

CLASS-MAP

CONTROL-PLANE

Dell(config-class-map)# class-map

Dell(conf-controlcpuqos)#

DCB POLICY Dell(conf-dcb-in)# (for input

policy) Dell(conf-dcb-out)# (for

output policy)

DHCP

DHCP POOL

Dell(config-dhcp)# ip dhcp server

Dell(config-dhcp-pool- name)#

ECMP

Dell(conf-ecmp-groupecmp-group-id)#

EIS

FRRP

Dell(conf-mgmt-eis)# management egress-

Dell(conf-frrp-ring-id)# protocol frrp

LLDP Dell(conf-lldp)# or

Dell(conf-if—interfacelldp)#

LLDP MANAGEMENT INTERFACE

Dell(conf-lldp-mgmtIf)#

control-plane-cpuqos

dcb-input for input policy dcb-output for output policy

pool (DHCP Mode)

ecmp-group

interface-selection

protocol lldp

(CONFIGURATION or INTERFACE Modes)

management-interface (LLDP Mode)

LINE

MONITOR SESSION

OPENFLOW INSTANCE

PORT-CHANNEL FAILOVERGROUP

PRIORITY GROUP

PROTOCOL GVRP

QOS POLICY

VLT DOMAIN

VRRP

Dell(config-line-console)

line console orline vty

or Dell(config-line-vty)

Dell(conf-mon-sess-

monitor session

sessionID)#

Dell(conf-of-instance-of-

openflow of-instance

id)#

Dell(conf-po-failovergrp)#

port-channel failovergroup

Dell(conf-pg)# priority-group

Dell(config-gvrp)# protocol gvrp

Dell(conf-qos-policy-out-

qos-policy-output

ets)#

Dell(conf-vlt-domain)# vlt domain

Dell(conf-if-interface-

vrrp-group

type-slot/port-vrid-vrrpgroup-id)#

Configuration Fundamentals

Page 40

CLI Command Mode Prompt Access Command

u-Boot

Dell(=>)#

Press any key when the following line appears on the console during a system boot: Hit any

key to stop autoboot:

UPLINK STATE GROUP

The following example shows how to change the command mode from CONFIGURATION mode to PROTOCOL SPANNING TREE.

Example of Changing Command Modes

Dell(conf)#protocol spanning-tree 0 Dell(config-span)#

Dell(conf-uplink-stategroup-groupID)#

uplink-state-group

The do Command

You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the

The following example shows the output of the do command: enable, disable, exit, and configure.

Dell(conf)#do show system brief

Stack MAC : 00:1e:c9:f1:04:22

Reload Type : normal-reload [Next boot : normal-reload]

do command.

-- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports

--------------------------------------------------------------------0 Management online MXL-10/40GbE MXL-10/40GbE 8-3-16-47 56 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present

Undoing Commands

When you enter a command, the command line is added to the running configuration file (runningconfig).

To disable a command and remove it from the running-config, enter the no command, then the original command. For example, to delete an IP address configured on an interface, use the no ip address ip-address command.

NOTE: Use the help or ? command as described in Obtaining Help.

Configuration Fundamentals

Page 41

The first bold line shows the assigned IP address, the second bold line shows the no form of the IP address command, and the last bold line shows the IP address removed.

Example of Viewing Disabled Commands

Dell(conf)#interface gigabitethernet 4/17 Dell(conf-if-gi-4/17)#ip address 192.168.10.1/24 Dell(conf-if-gi-4/17)#show config ! interface GigabitEthernet 4/17

ip address 192.168.10.1/24

no shutdown Dell(conf-if-gi-4/17)#no ip address Dell(conf-if-gi-4/17)#show config ! interface GigabitEthernet 4/17

no ip address

no shutdown

Layer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter

no disable to enable Spanning Tree.

Obtaining Help

Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command:

• To list the keywords available in the current mode, enter ? at the prompt or after a keyword.

• Enter ? after a prompt lists all of the available keywords. The output of this command is the same for the help command.

Dell#? start Start Shell capture Capture Packet cd Change current directory clear Reset functions clock Manage the system clock configure Configuring from terminal copy Copy from one file to another

--More--

• Enter ? after a partial keyword lists all of the keywords that begin with the specified letters.

Dell(conf)#cl? class-map clock Dell(conf)#cl

• Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword.

Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock

Configuration Fundamentals

Page 42

Entering and Editing Commands

Notes for entering commands.

• The CLI is not case-sensitive.

• You can enter partial CLI keywords.

– Enter the minimum number of letters to uniquely identify a command. For example, you cannot

enter cl as a partial keyword because both the clock and class-map commands begin with the letters “cl.” You can enter clo, however, as a partial keyword because only one command begins with those three letters.

• The TAB key auto-completes keywords in commands. Enter the minimum number of letters to uniquely identify a command.

• The UP and DOWN arrow keys display previously entered commands (refer to Command History).

• The BACKSPACE and DELETE keys erase the previous letter.

• Key combinations are available to move quickly across the command line. The following list describes these short-cut key combinations.

Short-Cut Key Combination

CNTL-A Moves the cursor to the beginning of the command line.

CNTL-B Moves the cursor back one character.

CNTL-D Deletes character at cursor.

CNTL-E Moves the cursor to the end of the line.

CNTL-F Moves the cursor forward one character.

CNTL-I Completes a keyword.

CNTL-K Deletes all characters from the cursor to the end of the command line.

CNTL-L Re-enters the previous command.

CNTL-N Return to more recent commands in the history buffer after recalling commands

CNTL-P Recalls commands, beginning with the last command.

CNTL-R Re-enters the previous command.

CNTL-U Deletes the line.

CNTL-W Deletes the previous word.

CNTL-X Deletes the line.

Action

with CTRL-P or the UP arrow key.

CNTL-Z Ends continuous scrolling of command outputs.

Esc B Moves the cursor back one word.

Esc F Moves the cursor forward one word.

Esc D Deletes all characters from the cursor to the end of the word.

Configuration Fundamentals

Page 43

Command History

The Dell Networking OS maintains a history of previously-entered commands for each mode. For example:

• When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.

• When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode commands.

Filtering show Command Outputs

The variable specified_text is the text for which you are filtering and it IS case sensitive unless you use the

Starting with the Dell Networking OS version 7.8.1.0, the grep command accepts an ignore-case suboption that forces the search to case-insensitive. For example, the commands:

• show run | grep Ethernet returns a search result with instances containing a capitalized

• show run | grep ethernet does not return that search result because it only searches for

• show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and

ignore-case sub-option.

“Ethernet,” such as

instances containing a non-capitalized “ethernet.”

“ethernet.”

interface GigabitEthernet 0/0.

The grep command displays only the lines containing specified text. The following shows this command used in combination with the do show stack-unit all stack-ports pfc details | grep 0 command.

Dell(conf)#do show stack-unit all stack-ports all pfc details | grep 0 stack unit 0 stack-port all 0 Pause Tx pkts, 0 Pause Rx pkts 0 Pause Tx pkts, 0 Pause Rx pkts 0 Pause Tx pkts, 0 Pause Rx pkts 0 Pause Tx pkts, 0 Pause Rx pkts 0 Pause Tx pkts, 0 Pause Rx pkts 0 Pause Tx pkts, 0 Pause Rx pkts

NOTE: The Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks.

The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the details | except 0 command.

Configuration Fundamentals

do show stack-unit all stack-ports all pfc

Page 44

Example of the except Keyword

Example of the find Keyword

Dell(conf)#do show stack-unit all stack-ports all pfc details | except 0

Admin mode is On Admin is enabled Local is enabled Link Delay 45556 pause quantum

stack unit 1 stack-port all

Admin mode is On Admin is enabled

The find keyword displays the output of the show command beginning from the first occurrence of specified text.

Dell(conf)#do show stack-unit all stack-ports all pfc details | find 0 stack unit 0 stack-port all Admin mode is On Admin is enabled Local is enabled Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pkts

stack unit 1 stack-port all

The no-more command displays the output all at once rather than one screen at a time. This is similar to the terminal length command except that the no-more option affects the output of the specified command only.

The save command copies the output to a file for future reference.

NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example:

regular-expression | grep other-regular-expression | find regular-expression | save.

Dell# command | grep regular-expression | except

Multiple Users in Configuration Mode

Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode.

A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established. For example:

• On the system that telnets into the switch, this message appears:

% Warning: The following users are currently configuring the system: User "<username>" on line console0

• On the system that is connected over the console, this message appears:

% Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode

Configuration Fundamentals

Page 45

If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.

Configuration Fundamentals

Page 46

Getting Started

This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the route

processor module (RPM), switch fabric module (SFM), and line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking operating system. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.

When the boot process completes, the RPM and line card status LEDs remain online (green) and the console monitor displays the EXEC mode prompt.

For details about using the command line interface (CLI), refer to the Accessing the Command Line section in the Configuration Fundamentals chapter.

Getting Started

Page 47

Console Access

The MXL 10/40GbE Switch IO Module has two management ports available for system access: a serial console port and an out-of-bounds (OOB) port.

Serial Console

A universal serial bus (USB) (A-Type) connector is located at the front panel. The USB can be defined as an External Serial Console (RS-232) port, and is labeled on the MXL 10/40GbE Switch IO Module chassis. The USB is present on the lower side, as you face the I/O side of the chassis, as shown.

Getting Started

Page 48

Serial Console

Getting Started

Page 49

External Serial Port with a USB Connector

The following table listes the pin assignments.

Table 2. Pin Assignments

USB Pin Number Signal Name

Pin 1 RTS

Pin 2 RX

Pin 3 TX

Pin 4 CTS

Pin 5, 6 GND

RxD Chassis GND

Accessing the CLI Interface and Running Scripts Using SSH

In addition to the capability to access a device using a console connection or a Telnet session, you can also use SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with MXL switch and provides a reliable, safe communication mechanism.

Entering CLI commands Using an SSH Connection

You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH:

ssh username@hostname <CLI Command>

echo <CLI Command> | ssh admin@hostname

The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non-interactively.

Executing Local CLI Scripts Using an SSH Connection

You can execute CLI commands by entering a CLI script in one of the following ways:

ssh username@hostname <CLIscript.file>

cat < CLIscript.file > | ssh admin@hostname

The script is run and the actions contained in the script are performed.

Getting Started

Page 50

Following are the points to remember, when you are trying to establish an SSH session to the device to run commands or script files:

• There is an upper limit of 10 concurrent sessions in SSH. Therefore, you might expect a failure in executing SSH-related scripts.

• To avoid denial of service (DoS) attacks, a rate-limit of 10 concurrent sessions per minute in SSH is devised. Therefore, you might experience a failure in executing SSH-related scripts when multiple short SSH commands are executed.

• If you issue an interactive command in the SSH session, the behavior may not really be interactive.

• In some cases, when you use an SSH session, when certain show commands such as show tech- support produce large volumes of output, sometimes few characters from the output display are truncated and not displayed. This may cause one of the commands to fail for syntax error. In such cases, if you add few newline characters before the failed command, the output displays completely.

Execution of commands on CLI over SSH does not notice the errors that have occurred while executing the command. As a result, you cannot identify, whether a command has failed to be processed. The console output though is redirected back over SSH.

Boot Process

After you follow the Installation Procedure in the Getting Started Guide, the MXL switch boots up.

The MXL switch with the Dell Networking OS version 8.3.16.1 requires boot flash version 4.0.1.0 and boot selector version 4.0.0.0. The following example shows the completed boot process.

syncing disks... done unmounting file systems... unmounting /f10/flash (/dev/ld0e)... unmounting /usr (mfs:31)... unmounting /lib (mfs:23)... unmounting /f10 (mfs:20)... unmounting /tmp (mfs:15)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting...

NetLogic XLP Stage 1 Loader Built by build at tools-sjc-01 on Thu May 31 23:53:38 2012 IOM Boot Selector Label 4.0.0.0

Nodes online: 1 GPIO 22 init'ed as an output GPIO 23 init'ed as an output I2C0 speed = 30 KHz, prescaler = 0x0377. Initialized I2C0 Controller. I2C1 speed = 100 KHz, prescaler = 0x0109. Initialized I2C1 Controller. DDR SPD: Node 0 Channel 0 Mem size = 2048 MB DDR SPD: Node 0 DRAM frequency 666 MHz DDR SPD: Node 0 CPU frequency 1200 MHz RTT Norm:44 NBU0 DRAM BAR0 base: 00000000 limit: 0013f000 xlate: 00000001 node: 00000000 ( 0 MB -> 320 MB , size: 320 MB) NBU0 DRAM BAR1 base: 001d0000 limit: 0088f000 xlate: 00090001 node: 00000000

Getting Started

Page 51

( 464 MB -> 2192 MB , size: 1728 MB) Modifying Default Flash Address map..Done Initialized eMMC Host Controller Detected SD Card BLC is 1 (preset 10) Hit any key to stop autoboot: 0 Boot Image selection Reading the Boot Block Info...Passed !! Images are OK A:0x0 B:0x0 Boot Selector set to Bootflash Partition A image... Verifying Copyright Information..success for Image - 0 Boot Selector: Booting Bootflash Partition A image... Copying stage-2 loader from 0xb6120000 to 0x8c100000(size = 0x100000) Boot Image selection DONE. ## Starting application at 0x8C100000 ...

U-Boot 2010.03-rc1(Dell Force10) Built by build at tools-sjc-01 on Thu May 31 23:53:38 2012 IOM Boot Label 4.0.1.0

DRAM: 2 GB Initialized CPLD on CS3 Detected [XLP308 (Lite+) Rev A0] Initializing I2C0: speed = 30 KHz, prescaler = 0x0377 -- done. Initializing I2C1: speed = 100 KHz, prescaler = 0x0109 -- done. Initialized eMMC Host Controller Detected SD Card Now running in RAM - U-Boot [N64 ABI, Big-Endian] at: ffffffff8c100000 Flash: 256 MB PCIE (B0:D01:F0) : Link up. PCIE (B0:D01:F1) : No Link. In: serial Out: serial Err: serial Net: nae-0: PHY is Broadcom BCM54616S

--More--

SOFTWARE IMAGE HEADER DATA :

----------------------------

--More--

Starting Dell Networking application

Welcome to Dell Easy Setup Wizard

The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration. Note: You can exit the setup wizard at any point by entering [ctrl+c].

Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N]: N 00:00:40: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Vl 1 00:00:42: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_ENABLE: iSCSI has been enabled causing flow control to be enabled on all interfaces.

Getting Started

Page 52

EQL detection and enabling iscsi profile-compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port-fast on the port of detection 00:00:42: %STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user on line console Dell>en Password:

Default Configuration

A version of the Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is must configure the system using the CLI.

Dell). You

Configuring a Host Name

The host name appears in the prompt. The default host name is Dell.

• Host names must start with a letter and end with a letter or digit.

• Characters within the string can be letters, digits, and hyphens.

To create a host name, use the following command.

• Create a host name. CONFIGURATION mode

hostname name

Example of the hostname Command

Dell(conf)#hostname R1 R1(conf)#

Configuring a Host Name

The host name appears in the prompt. The default host name is Dell.

• Host names must start with a letter and end with a letter or digit.

• Characters within the string can be letters, digits, and hyphens.

To create a host name, use the following command.

• Create a host name. CONFIGURATION mode

hostname name

Example of the hostname Command

Dell(conf)#hostname R1 R1(conf)#

Getting Started

Page 53

Accessing the System Remotely

You can configure the system to access it remotely by Telnet or SSH. The MXL 10/40GbE switch IO module has a dedicated management port and a management routing

table that is separate from the IP routing table.

Accessing the MXL Switch Remotely

Configuring the system for Telnet is a three-step process, as described in the following topics:

1. Configure an IP address for the management port. Configure the Management Port IP Address

2. Configure a management route with a default gateway. Configure a Management Route

3. Configure a username and password. Configure a Username and Password

Configure the Management Port IP Address

To access the system remotely, assign IP addresses to the management ports.

1. Enter INTERFACE mode for the Management port.

CONFIGURATION mode

interface ManagementEthernet slot/port

• slot: the range is 0.

• port: the range is 0.

2. Assign an IP address to the interface.

INTERFACE mode

ip address ip-address/mask

• ip-address: an address in dotted-decimal format (A.B.C.D).

• mask: a subnet mask in /prefix-length format (/ xx).

3. Enable the interface.

INTERFACE mode

no shutdown

Configure a Management Route

Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route, use the following command.

• Configure a management route to the network from which you are accessing the system. CONFIGURATION mode

Getting Started

Page 54

management route ip-address/mask gateway

– ip-address: the network address in dotted-decimal format (A.B.C.D). – mask: a subnet mask in /prefix-length format (/ xx). – gateway: the next hop for network traffic originating from the management port.

Configuring a Username and Password

To access the system remotely, configure a system username and password. To configure a system username and password, use the following command.

• Configure a username and password to access the system remotely. CONFIGURATION mode

username username password [encryption-type] password

– encryption-type: specifies how you are inputting the password, is 0 by default, and is not

required.

* 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the

encrypted password from the configuration of another Dell Networking system.

Configuring the Enable Password

Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure.

There are two types of enable passwords:

• enable password stores the password in the running/startup configuration using a DES encryption method.

• enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.

Dell Networking recommends using the enable secret password.

To configure an enable password, use the following command.

• Create a password to access EXEC Privilege mode. CONFIGURATION mode

enable [password | secret] [level level] [encryption-type] password

– level: is the privilege level, is 15 by default, and is not required

– encryption-type: specifies how you are inputting the password, is 0 by default, and is not

required.

* 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a DES hash. Obtain the encrypted

password from the configuration file of another Dell Networking system. You can only use this for the enable password.

Getting Started

Page 55

* 5 is for inputting a password that is already encrypted using an MD5 hash. Obtain the

encrypted password from the configuration file of another Dell Networking system. You can only use this for the enable secret password.

Configuration File Management

Files can be stored on and accessed from various storage media. Rename, delete, and copy files on the system from EXEC Privilege mode.

NOTE: Using flash memory cards in the system that have not been approved by Dell Networking can cause unexpected system behavior, including a reboot.

Copy Files to and from the System

The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url.

NOTE: For a detailed description of the copy command, refer to the Dell Networking OS Command Line Reference Guide.

• To copy a local file to a remote system, combine the file-origin syntax for a local file location with the

• To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the

file-destination syntax for a remote file location.

file-destination syntax for a local file location.

Table 3. Forming a copy Command

Location source-file-url Syntax destination-file-url Syntax

Internal flash: flash

USB flash: usbflash

For a remote file location: FTP server

For a remote file location: TFTP server

For a remote file location: SCP server

copy flash://filename flash://filename

usbflash://filename usbflash://filename

copy ftp://

username:password@{hostip | hostname}/filepath/ filename

copy tftp://{hostip | hostname}/filepath/ filename

copy scp://{hostip | hostname}/filepath/ filename

ftp:// username:password@{hostip | hostname}/ filepath/ filename

tftp://{hostip | hostname}/filepath/ filename

scp://{hostip | hostname}/filepath/ filename

Important Points to Remember

• You may not copy a file from one remote system to another.

• You may not copy a file from one location to the same location.

• When copying to a server, you can only use a hostname if you configured a domain name server (DNS) server.

Getting Started

Page 56

NOTE: If all of the following conditions are true, the Portmode Hybrid configuration is not applied, because of the configuration process for server ports as switch ports by default:

• The running configuration is saved in flash.

• The startup configuration is deleted.

• The switch is reloaded.

• The saved configuration is copied to the running configuration.

To avoid this scenario, delete the switch port configuration from the running configuration before copying the saved configuration to the running configuration.

Example of Copying a File to an FTP Server

Example of Importing a File to the Local System

The bold flash shows the local location and the bold ftp shows the remote location.

Dell#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10/ /FTOS/FTOS-EF-8.2.1.0 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 27952672 bytes successfully copied

core1#$//copy ftp://myusername:mypassword@10.10.10.10//FTOS/ FTOS-EF-8.2.1.0.bin flash:// Destination file name [FTOS-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied

Save the Running-Configuration

The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startupconfiguration is stored in the internal flash on the IOM by default, but you can save it to a USB flash device or a remote server. The commands in this section follow the same format as those commands in theCopy Files to and from

the System section but use the filenames startup-config and running-config. These commands assume

that current directory is the internal flash, which is the system default.

• Save the running-config to the startup-configuration on the internal flash. EXEC Privilege mode

copy running-config startup-config

• Save the running-configuration on the IOM. EXEC Privilege mode

copy running-config usbflash://filename

• Save the running-configuration to an FTP server. EXEC Privilege mode

copy running-config ftp:// username:password@{hostip | hostname}/filepath/ filename

• Save the running-configuration to a TFTP server.

Getting Started

Page 57

EXEC Privilege mode

copy running-config tftp://{hostip | hostname}/ filepath/filename

• Save the running-configuration to an SCP server. EXEC Privilege mode

copy running-config scp://{hostip | hostname}/ filepath/filename

NOTE: When copying to a server, you can only use a host name if you have configured a DNS server.

• Save the running-configuration to the startup-configuration on the internal flash of the primary RPM. Then copy the new startup-config file to the external flash of the primary RPM.

EXEC Privilege mode

copy running-config startup-config duplicate

Dell Networking OS Behavior: If you create a startup-configuration on an RPM and then move the RPM to another chassis, the startup-configuration is stored as a backup file (with the extension .bak), and a new, empty startup-configuration file is created. To restore your original startup-configuration in this situation, overwrite the new startup-configuration with the original one using the copy startup-

config.bak startup-config

command.

Viewing Files

You can only view file information and content on local file systems. To view a list of files or the contents of a file, use the following commands.

• View a list of files on the internal flash. EXEC Privilege mode

dir flash:

• View a list of files on the usbflash. EXEC Privilege mode

dir usbflash:

• View the contents of a file in the internal flash. EXEC Privilege mode

show file flash://filename

• View the contents of a file in the usb flash. EXEC Privilege mode

show file usbflash://filename

• View the running-configuration. EXEC Privilege mode

show running-config

• View the startup-configuration. EXEC Privilege mode

show startup-config

Getting Started

Page 58

Example of the dir Command

The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file.

Dell#dir Directory of flash:

1 drwx 4096 Jan 01 1980 00:00:00 +00:00 . 2 drwx 2048 May 10 2011 14:45:15 +00:00 .. 3 drwx 4096 Feb 17 2011 00:28:00 +00:00 TRACE_LOG_DIR 4 drwx 4096 Feb 17 2011 00:28:02 +00:00 CORE_DUMP_DIR 5 d--- 4096 Feb 17 2011 00:28:02 +00:00 ADMIN_DIR 6 -rwx 1272 Apr 29 2011 16:15:14 +00:00 startup-config 7 -rwx 10093 Feb 17 2011 20:48:02 +00:00 abhi-jan26.cfg 8 -rwx 217155 Feb 22 2011 23:14:34 +00:00 show-tech-cfg.txt 9 -rwx 5162 Mar 02 2011 04:02:58 +00:00 runn-feb6 10 -rwx 10507 Mar 03 2011 01:17:16 +00:00 abhi-feb7.cfg 11 -rwx 4 May 06 2011 22:05:06 +00:00 dhcpBindConflict 12 -rwx 6900 Feb 17 2011 04:43:12 +00:00 startup-config.bak 13 -rwx 1244038 Feb 13 2011 04:27:16 +00:00 f10cp_sysd_110213042625.acore.gz

flash: 2143281152 bytes total (2123755520 bytes free)

--More--

View Configuration Files

Configuration files have three commented lines at the beginning of the file, as shown in the following example, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.

In the running-configuration file, if there is a difference between the timestamp on the “Last configuration change,” and “Startup-config last updated,” you have made changes that have not been saved and will not be preserved after a system reboot.

Example of the show running-config Command

Dell#show running-config Current Configuration ... Current Configuration ... ! Version E8-3-16-0 ! Last configuration change at Tue Mar 6 11:51:50 2012 by default ! Startup-config last updated at Tue Mar 6 07:41:23 2012 by default ! boot system stack-unit 5 primary tftp://10.11.200.241/dt-m1000e-3-a2 boot system stack-unit 5 secondary system: B: boot system stack-unit 5 default tftp://10.11.200.241/dt-m1000e-3-b2 boot system gateway 10.11.209.254

--More--

Managing the File System

The Dell Networking system can use the internal Flash, USB Flash, or remote devices to store files. The system stores files on the internal Flash by default but you can configure the system to store files

elsewhere.

Getting Started

Page 59

To view file system information, use the following command.

• View information about each file system. EXEC Privilege mode

show file-systems

The output of the show file-systems command in the following example shows the total capacity, amount of free memory, file structure, media type, read/write privileges for each storage device in use.

Dell#show file-systems Size(b) Free(b) Feature Type Flags Prefixes 2143281152 2000785408 FAT32 USERFLASH rw flash: 15848660992 831594496 FAT32 USBFLASH rw usbflash:

- - - network rw ftp:

- - - network rw tftp:

- - - network rw scp:

You can change the default file system so that file management commands apply to a particular device or memory.

To change the default directory, use the following command.

• Change the default directory. EXEC Privilege mode

cd directory

You can change the default storage location to the USB Flash, as shown. File management commands then apply to the USB Flash rather than the internal Flash. The bold lines show that no file system is specified and that the file is saved to an USB Flash.

Dell#cd usbflash: Dell#copy running-config test ! 3998 bytes successfully copied

DellS#dir Directory of usbflash:

1 drwx 4096 Jan 01 1980 00:00:00 +00:00 . 2 drwx 2048 May 02 2012 07:05:06 +00:00 .. 3 -rwx 1272 Apr 29 2011 16:15:14 +00:00 startup-config 4 -rwx 3998

May 11 2011 23:36:12 +00:00 test

View the Command History

The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer.

The system generates a trace message for each executed command. No password information is saved to the file.

To view the command-history trace, use the show command-history command.

Getting Started

Page 60

Example of the show command-history Command

Dell#show command-history [5/18 21:58:32]: CMD-(TEL0):[enable]by admin from vty0 (10.11.68.5) [5/18 21:58:48]: CMD-(TEL0):[configure]by admin from vty0 (10.11.68.5)

- Repeated 1 time.

[5/18 21:58:57]: CMD-(TEL0):[interface port-channel 1]by admin from vty0 (10.11.68.5) [5/18 21:59:9]: CMD-(TEL0):[show config]by admin from vty0 (10.11.68.5) [5/18 22:4:32]: CMD-(TEL0):[exit]by admin from vty0 (10.11.68.5) [5/18 22:4:41]: CMD-(TEL0):[show interfaces port-channel brief]by admin from vty0 (10.11.68.5)

Using HTTP for File Transfers

Stating with Release 9.3(0.1), you can use HTTP to copy files or configuration details to a remote server. Use the copy source-file-url http://host[:port]/file-path command to transfer files to an external server. Enter the following source-file-url keywords and information:

• To copy a file from the internal FLASH, enter flash:// followed by the filename.

• To copy the running configuration, enter the keyword running-config.

• To copy the startup configuration, enter the keyword startup-config.

• To copy a file on the external FLASH, enter usbflash:// followed by the filename.

Upgrading and Downgrading the Dell Networking OS

NOTE: To upgrade the Dell Networking OS, refer to the Release Notes for the version you want to load on the system.

Using Hashes to Validate Software Images

You can use the MD5 message-digest algorithm or SHA256 Secure Hash Algorithm to validate the software image on the flash drive, after the image has been transferred to the system, but before the image has been installed. The validation calculates a hash value of the downloaded image file on system’s flash drive, and, optionally, compares it to a Dell Networking published hash for that file.

The MD5 or SHA256 hash provides a method of validating that you have downloaded the original software. Calculating the hash on the local image file, and comparing the result to the hash published for that file on iSupport, provides a high level of confidence that the local copy is exactly the same as the published software image. This validation procedure, and the verify {md5 | sha256} command to support it, can prevent the installation of corrupted or modified images.

The verify {md5 | sha256} command calculates and displays the hash of any file on the specified local flash drive. You can compare the displayed hash against the appropriate hash published on i-Support. Optionally, the published hash can be included in the verify {md5 | sha256} command, which will display whether it matches the calculated hash of the indicated file.

Getting Started

Page 61

To validate a software image:

1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP)

server. The published hash for that file is displayed next to the software image file on the iSupport page.

2. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy

command.

3. Run the verify {md5 | sha256} [ flash://]img-file [hash-value] command. For example, verify sha256

flash://FTOS-SE-9.5.0.0.bin

4. Compare the generated hash value to the expected hash value published on the iSupport page.

To validate the software image on the flash drive after the image has been transferred to the system, but before the image has been installed, use the verify {md5 | sha256} [ flash://]img-file [hash-value] command in EXEC mode.

• md5: MD5 message-digest algorithm

• sha256: SHA256 Secure Hash Algorithm

• flash: (Optional) Specifies the flash drive. The default is to use the flash drive. You can just enter the image file name.

• hash-value: (Optional). Specify the relevant hash published on i-Support.

• img-file: Enter the name of the Dell Networking software image file to validate

Examples: Without Entering the Hash Value for Verification

MD5

Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459

SHA256

Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin SHA256 hash for FTOS-SE-9.5.0.0.bin: e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933

Examples: Entering the Hash Value for Verification

MD5

Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin

SHA256

Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin

Getting Started

Page 62

Management

Management is supported on the Dell Networking MXL 10/40GbE Switch IO Module. This chapter describes the different protocols or services used to manage the Dell Networking system.

Configuring Privilege Levels

Privilege levels restrict access to commands based on user or terminal line.

There are 15 privilege levels, of which two are pre-defined. The default privilege level is 1.

• Level 1 — Access to the system begins at EXEC mode, and EXEC mode commands are limited to basic commands, some of which are enable, disable, and exit.

• Level 15 — To access all commands, enter EXEC Privilege mode. Normally, enter a password to enter this mode.

Creating a Custom Privilege Level

Custom privilege levels start with the default EXEC mode command set.

You can then customize privilege levels 2-14 by:

• removing commands from the EXEC mode commands

• moving commands from EXEC Privilege mode to EXEC mode

• allowing access to CONFIGURATION mode commands

• allowing access to INTERFACE, LINE, ROUTE-MAP, and ROUTER mode commands

You can access all commands at your privilege level and below.

Moving a Command from EXEC Privilege Mode to EXEC Mode

Remove a command from the list of available commands in EXEC mode for a specific privilege level using the privilege exec command from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, then the first keyword of each restricted command.

Moving a Command from EXEC Privilege Mode to EXEC Mode

Move a command from EXEC Privilege to EXEC mode for a privilege level using the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line, and specify all keywords in the command to which you want to allow access.

Allowing Access to CONFIGURATION Mode Commands

Allow access to CONFIGURATION mode using the privilege exec level level command configure from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his

Management

Page 63

privilege level, and has access to only two commands, end and exit. Individually specify each CONFIGURATION mode command to which you want to allow access using the privilege configure level level command. In the command, specify the privilege level of the user or terminal line, and specify

all keywords in the command to which you want to allow access.

Allowing Access to INTERFACE, LINE, ROUTE-MAP, and ROUTER Mode

1. Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-

MAP, and ROUTER modes, first allow access to the command that enters you into the mode. For example, allow a user to enter INTERFACE mode using the privilege configure level level interface gigabitethernet command.

2. Then, individually identify the INTERFACE, LINE, ROUTE-MAP or ROUTER commands to which you

want to allow access using the privilege {interface | line | route-map | router}

level

specify all keywords in the command to which you want to allow access.

level command. In the command, specify the privilege level of the user or terminal line and

Customizing a Privilege Level

to customize a privilege level, use the following commands.

1. Remove a command from the list of available commands in EXEC mode.

CONFIGURATION mode

privilege exec level level {command ||...|| command}

2. Move a command from EXEC Privilege to EXEC mode.

CONFIGURATION mode

privilege exec level level {command ||...|| command}

3. Allow access to CONFIGURATION mode.

CONFIGURATION mode

privilege exec configure level level

4. Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the

command. CONFIGURATION mode

privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword}

5. Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode

command. CONFIGURATION mode

privilege {configure |interface | line | route-map | router} level level {command ||...|| command}

Create a Custom Privilege Level Apply a Privilege Level to a Username

The following configuration privilege level 3. This level:

• removes the resequence command from EXEC mode by requiring a minimum of privilege level 4

• moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3, which is the configured level for VTY 0

Management

Page 64

• allows access to CONFIGURATION mode with the banner command

• allows access to INTERFACE and LINE modes with the no command

Dell(conf)#do show run privilege ! Dell(conf)#privilege exec level 3 capture Dell(conf)#privilege exec level 3 configure Dell(conf)#privilege exec level 4 resequence Dell(conf)#privilege exec level 3 clear arp-cache Dell(conf)#privilege exec level 3 clear arp-cache max-buffer-size Dell(conf)#privilege configure level 3 line Dell(conf)#privilege configure level 3 interface Dell(conf)#do telnet 10.11.80.201 [telnet output omitted] Dell#show priv Current privilege level is 3. Dell#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from destination to source ping Send echo messages quit Exit from the EXEC show Show running system information [output omitted] Dell#config [output omitted] Dell(conf)#do show priv Current privilege level is 3. Dell(conf)#? end Exit from configuration mode exit Exit from configuration mode interface Select an interface to configure Dell(conf)#interface ? loopback Loopback interface managementethernet Management Ethernet interface null Null interface port-channel Port-channel interface range Configure interface range tengigabitethernet TenGigabit Ethernet interface vlan VLAN interface Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#? end Exit from configuration mode exit Exit from interface configuration mode Dell(conf-if-te-1/1)#exit Dell(conf)#line ? console Primary terminal line vty Virtual terminal Dell(conf)#line vty 0 Dell(conf-line-vty)#? exit Exit from line configuration mode Dell(conf-line-vty)#

Applying a Privilege Level to a Username

To set the user privilege level, use the following command.

Management

Page 65

• Configure a privilege level for a user. CONFIGURATION mode

username username privilege level

Applying a Privilege Level to a Terminal Line

To set a privilege level for a terminal line, use the following command.

• Configure a privilege level for a terminal line. Line mode

privilege levellevel

NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>.

Configuring Logging

The Dell Networking operating system tracks changes in the system using event and error messages. By default, the system logs these messages on:

• the internal buffer

• console and terminal lines

• any configured syslog servers

To disable logging, use the following commands.

• Disable all logging except on the console. CONFIGURATION mode

no logging on

• Disable logging to the logging buffer. CONFIGURATION mode

no logging buffer

• Disable logging to terminal lines. CONFIGURATION mode

no logging monitor

• Disable console logging. CONFIGURATION mode

no logging console

Audit and Security Logs

This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs:

Management

Page 66

• Enabling Audit and Security Logs

• Displaying Audit and Security Logs

• Clearing Audit Logs

Enabling Audit and Security Logs

You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network. You log audit and security events to a system log server, using the logging extended command in CONFIGURATION mode.

Audit Logs

The audit log contains configuration events and information. The types of information in this log consist of the following:

• User logins to the switch.

• System events for network issues or system issues.

• Users making configuration changes. The switch logs who made the configuration changes and the date and time of the change. However, each specific change on the configuration is not logged. Only that the configuration was modified is logged with the user ID, date, and time of the change.

• Uncontrolled shutdown.

Security Logs

The security log contains security events and information. RBAC restricts access to audit and security logs based on the CLI sessions’ user roles. The types of information in this log consist of the following:

• Establishment of secure traffic flows, such as SSH.

• Violations on secure flows or certificate issues.

• Adding and deleting of users.

• User access and configuration changes to the security and crypto parameters (not the key information but the crypto configuration)

Important Points to Remember

When you enabled RBAC and extended logging:

• Only the system administrator user role can execute this command.

• The system administrator and system security administrator user roles can view security events and system events.

• The system administrator user roles can view audit, security, and system events.

• Only the system administrator and security administrator user roles can view security logs.

• The network administrator and network operator user roles can view system events.

NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user role.

Management

Page 67

Example of Enabling Audit and Security Logs

Dell(conf)#logging extended

Displaying Audit and Security Logs

To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must first enable the logging extended command. Only the RBAC system administrator user role can view the audit logs. Only the RBAC security administrator and system administrator user role can view the security logs. If extended logging is disabled, you can only view system events, regardless of RBAC user role. To view security logs, use the

Example of the show logging auditlog Command

For information about the logging extended command, see Enabling Audit and Security Logs

Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98)

Example of the show logging Command for Security

For information about the logging extended command, see Enabling Audit and Security Logs

Dell#show logging Jun 10 04:23:40: %STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on line vty0 ( 10.14.1.91 )

show logging command.

Clearing Audit Logs

To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is enabled, only the system administrator user role can issue this command.

Example of the clear logging auditlog Command

Dell# clear logging auditlog

Configuring Logging Format

To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode. By default, the system log version is set to 0.

The following describes the two log messages formats:

• 0 – Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol

• 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol

Example of Configuring the Logging Message Format

Dell(conf)#logging version ? <0-1> Select syslog version (default = 0) Dell(conf)#logging version 1

Management

Page 68

Setting Up a Secure Connection to a Syslog Server

You can use reverse tunneling with the port forwarding to securely connect to a syslog server.

Pre-requisites

To configure a secure connection from the switch to the syslog server:

1. On the switch, enable the SSH server

Dell(conf)#ip ssh server enable

2. On the syslog server, create a reverse SSH tunnel from the syslog server to FTOS switch, using

following syntax:

ssh -R <remote port>:<syslog server>:<syslog server listen port> user@remote_host -nNf

Management

Page 69

In the following example the syslog server IP address is 10.156.166.48 and the listening port is

5141. The switch IP address is 10.16.131.141 and the listening port is 5140

ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf

3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”.

If you do not, the system displays an error when you attempt to enable role-based only AAA authorization.

Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140

Display the Logging Buffer and the Logging Configuration

To display the current contents of the logging buffer and the logging settings for the system, use the show logging command in EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs.

Example of the show logging Command

Dell#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2-MMC_STATE: External flash disk missing in 'slot0:' %CHMGR-5-CARDDETECTED: Line card 0 present %CHMGR-5-CARDDETECTED: Line card 2 present %CHMGR-5-CARDDETECTED: Line card 4 present %CHMGR-5-CARDDETECTED: Line card 5 present %CHMGR-5-CARDDETECTED: Line card 8 present %CHMGR-5-CARDDETECTED: Line card 10 present %CHMGR-5-CARDDETECTED: Line card 12 present %TSM-6-SFM_DISCOVERY: Found SFM 0 %TSM-6-SFM_DISCOVERY: Found SFM 1 %TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 5 is up %CHMGR-5-CHECKIN: Checkin from line card 12 (type S12YC12, 12 ports) %TSM-6-PORT_CONFIG: Port link status for LC 12 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 12 is up %IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8

Management

Page 70

To view any changes made, use the show running-config logging command in EXEC privilege mode.

Log Messages in the Internal Buffer

All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled

Configuration Task List for System Log Management

There are two configuration tasks for system log management:

• Disabling System Logging

• Sending System Messages to a Syslog Server

Disabling System Logging

By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, the console, and the syslog servers. To disable system logging, use the following commands.

• Disable all logging except on the console. CONFIGURATION mode

no logging on

• Disable logging to the logging buffer. CONFIGURATION mode

no logging buffer

• Disable logging to terminal lines. CONFIGURATION mode

no logging monitor

• Disable console logging. CONFIGURATION mode

no logging console

Sending System Messages to a Syslog Server

To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R. Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog messages over UDP.

• Specify the server to which you want to send system messages. You can configure up to eight syslog servers.

Management

Page 71

CONFIGURATION mode

logging {ip-address | ipv6–address |hostname} {{udp {port}} | {tcp {port}}}

Configuring a UNIX System as a Syslog Server

To configure a UNIX System as a syslog server, use the following command.

• Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigning write permissions to the file.

– Add line on a 4.1 BSD UNIX system. local7.debugging /var/log/log7.log

– Add line on a 5.7 SunOS UNIX system. local7.debugging /var/adm/ftos.log

In the previous lines, local7 is the logging facility level and debugging is the severity level.

Changing System Logging Settings

You can change the default settings of the system logging by changing the severity level and the storage location.

The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control the number of system messages logged.

To specify the system logging settings, use the following commands.

• Specify the minimum severity level for logging to the logging buffer. CONFIGURATION mode

logging buffered level

• Specify the minimum severity level for logging to the console. CONFIGURATION mode

logging console level

• Specify the minimum severity level for logging to terminal lines. CONFIGURATION mode

logging monitor level

• Specify the minimum severity level for logging to a syslog server. CONFIGURATION mode

logging trap level

• Specify the minimum severity level for logging to the syslog history table. CONFIGURATION mode

logging history level

• Specify the size of the logging buffer. CONFIGURATION mode

logging buffered size

Management

Page 72

NOTE: When you decrease the buffer size, the system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer.

• Specify the number of messages that the system saves to its logging history table. CONFIGURATION mode

logging history size size

To view the logging buffer and configuration, use the show logging command in EXEC privilege mode, as shown in the example for

To view the logging configuration, use the show running-config logging command in privilege mode, as shown in the example for Configuring a UNIX Logging Facility Level.

Display the Logging Buffer and the Logging Configuration.

Display the Logging Buffer and the Logging Configuration

Example of the show logging Command

Management

Page 73

To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configuring a UNIX Logging Facility Level.

Configuring a UNIX Logging Facility Level

You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command.

• Specify one of the following parameters. CONFIGURATION mode

logging facility [facility-type]

– auth (for authorization messages) – cron (for system scheduler messages) – daemon (for system daemons) – kern (for kernel messages) – local0 (for local use) – local1 (for local use) – local2 (for local use) – local3 (for local use) – local4 (for local use) – local5 (for local use) – local6 (for local use) – local7 (for local use) – lpr (for line printer system messages) – mail (for mail system messages) – news (for USENET news messages) – sys9 (system use) – sys10 (system use) – sys11 (system use) – sys12 (system use) – sys13 (system use) – sys14 (system use) – syslog (for syslog messages) – user (for user programs) – uucp (UNIX to UNIX copy protocol)

Example of the show running-config logging Command

To view nondefault settings, use the show running-config logging command in EXEC mode.

Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec

Management

Page 74

service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10.4 Dell#

Synchronizing Log Messages

You can configure the system to filter and consolidate the system messages for a specific line by synchronizing the message output.

Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.

1. Enter LINE mode.

CONFIGURATION mode

line {console 0 | vty number [end-number]}

Configure the following parameters for the virtual terminal lines:

• number: the range is from zero (0) to 9.

• end-number: the range is from 1 to 8.

You can configure multiple virtual terminals at one time by entering a number and an end-number.

2. Configure a level and set the maximum number of messages to print.

LINE mode

logging synchronous [level severity-level | all] [limit]

Configure the following optional parameters:

• level severity-level: the range is from 0 to 7. The default is 2. Use the all keyword to

include all messages.

• limit: the range is from 20 to 300. The default is 20.

To view the logging synchronous configuration, use the show config command in LINE mode.

Enabling Timestamp on Syslog Messages

By default, syslog messages do not include a time/date stamp stating when the error or message was created. To enable timestamp, use the following command.

• Add timestamp to syslog messages. CONFIGURATION mode

service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime]

Management

Page 75

Specify the following optional parameters: – datetime: You can add the keyword localtime to include the localtime, msec, and show-

timezone. If you do not add the keyword localtime, the time is UTC.

– uptime: To view time since last boot.

If you do not specify a parameter, the system configures uptime.

To view the configuration, use the show running-config logging command in EXEC privilege mode.

To disable time stamping on syslog messages, use the no service timestamps [log | debug] command.

File Transfer Services

With the Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP).

One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.

For more information about FTP, refer to RFC 959, File Transfer Protocol.

Configuration Task List for File Transfer Services

The configuration tasks for file transfer services are:

• Enabling the FTP Server (mandatory)

• Configuring FTP Server Parameters (optional)

• Configuring FTP Client Parameters (optional)

Enabling the FTP Server

To enable the system as an FTP server, use the following command. To view FTP configuration, use the show running-config ftp command in EXEC privilege mode.

• Enable FTP on the system. CONFIGURATION mode

ftp-server enable

Example of Viewing FTP Configuration

Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell#

Management

Page 76

Configuring FTP Server Parameters

After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands.

• Specify the directory for users using FTP to reach the system. CONFIGURATION mode

ftp-server topdir dir

The default is the internal flash directory.

• Specify a user name for all FTP users and configure either a plain text or encrypted password. CONFIGURATION mode

ftp-server username username password [encryption-type] password

Configure the following optional and required parameters:

– username: enter a text string.

– encryption-type: enter 0 for plain text or 7 for encrypted text.

– password: enter a text string.

NOTE: You cannot use the change directory (cd) command until you have configured ftp- server topdir.

To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode.

Configuring FTP Client Parameters

To configure FTP client parameters, use the following commands.

• Enter the following keywords and slot/port or number information: – For a Loopback interface, enter the keyword loopback then a number between 0 and 16383.

– For a port channel interface, enter the keywords port-channel then a number from 1 to 128.

– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port

information.

– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.

– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information.

CONFIGURATION mode

ip ftp source-interface interface

• Configure a password. CONFIGURATION mode

ip ftp password password

• Enter a username to use on the FTP client. CONFIGURATION mode

Management

Page 77

ip ftp username name

To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enabling the FTP Server.

Terminal Lines

You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system. The virtual terminal lines

(VTYs) connect you through Telnet to the system.

Denying and Permitting Access to a Terminal Line

Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines.

• Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.

• You cannot use the show ip accounting access-list command to display the contents of an ACL that is applied only to a VTY line.

• When you use the access-class access-list-name command without specifying the ipv4 or ipv6 attribute, both IPv4 as well as IPv6 rules that are defined in that ACL are applied to the terminal. This is a generic way of configuring access restrictions.

• To be able to filter access exclusively using either IPv4 or IPv6 rules, you must use either the ipv4 or ipv6 attribute along with the access-class access-list-name command. Depending on the attribute that you specify (ipv4 or ipv6), the ACL processes either IPv4 or IPv6 rules, but not both. Using this configuration, you can set up two different types of access classes with each class processing either IPv4 or IPv6 rules separately.

To apply an IP ACL to a line, Use the following command.

• Apply an ACL to a VTY line. LINE mode

ip access-class access-list [ipv4 | ipv6]

NOTE: If you already have configured generic IP ACL on a terminal line, then you cannot further apply IPv4 or IPv6 specific filtering on top of this configuration. Similarly, if you have configured either IPv4 or IPv6 specific filtering on a terminal line, you cannot apply generic IP ACL on top of this configuration. Before applying any of these configurations, you must first undo the existing configuration using the no access-class access-list-name [ipv4 | ipv6] command.

Example of an ACL that Permits Terminal Access

To view the configuration, use the show config command in LINE mode.

Dell(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config

Management

Page 78

line vty 0 access-class myvtyacl

Dell OS Behavior: Prior to Dell OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password. Beginning in Dell OS version 7.4.2.0, only an ACL is required, and users are denied access before they are prompted for a username and password.

Configuring Login Authentication for Terminal Lines

You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, the system prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are:

enable

line

local

none

radius

tacacs+

1. Configure an authentication method list. You may use a mnemonic name or use the default

keyword. The default authentication method for terminal lines is local and the default method list is empty.

CONFIGURATION mode

aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6]

2. Apply the method list from Step 1 to a terminal line.

CONFIGURATION mode

3. If you used the line authentication method in the method list you applied to the terminal line,

configure a password for the terminal line. LINE mode

Prompt for the enable password.

Prompt for the password you assigned to the terminal line. Configure a password for the terminal line to which you assign a method list that contains the line authentication method. Configure a password using the password command from LINE mode.

Prompt for the system username and password.

Do not authenticate the user.

Prompt for a username and password and use a RADIUS server to authenticate.

Prompt for a username and password and use a TACACS+ server to authenticate.

password

Example of Terminal Line Authentication

In the following example, VTY lines 0-2 use a single authentication method, line.

Dell(conf)#aaa authentication login myvtymethodlist line Dell(conf)#line vty 0 2 Dell(config-line-vty)#login authentication myvtymethodlist Dell(config-line-vty)#password myvtypassword

Management

Page 79

Dell(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Dell(config-line-vty)#

Setting Time Out of EXEC Privilege Mode

EXEC time-out is a basic security feature that returns the Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands.

• Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes on VTY. Disable EXEC time out by setting the time-out period to 0.

LINE mode

exec-timeout minutes [seconds]

• Return to the default time-out values. LINE mode

no exec-timeout

Example of Setting the Time Out Period for EXEC Privilege Mode

The following example shows how to set the time-out period and how to view the configuration using the show config command from LINE mode.

Dell(conf)#line con 0 Dell(config-line-console)#exec-timeout 0 Dell(config-line-console)#show config line console 0 exec-timeout 0 0 Dell(config-line-console)#

Using Telnet to get to Another Network Device

To telnet to another device, use the following commands.

• Telnet to the stack-unit. You do not need to configure the management port on the stack-unit to be able to telnet to it.

EXEC Privilege mode

telnet-peer-stack-unit

• Telnet to a device with an IPv4 address. EXEC Privilege

Management

Page 80

telnet [ip-address]

If you do not enter an IP address, the system enters a Telnet dialog that prompts you for one.

Enter an IPv4 address in dotted decimal format (A.B.C.D).

Example of the telnet Command for Device Access

Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1) login: admin Dell#

Lock CONFIGURATION Mode

The systems allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message

2).

You can set two types of locks: auto and manual.

• Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set auto-lock, every time a user is in CONFIGURATION mode, all other users are denied access. This means that you can exit to EXEC Privilege mode, and re-enter CONFIGURATION mode without having to set the lock again.

• Set manual lock using the configure terminal lock command from CONFIGURATION mode. When you configure a manual lock, which is the default, you must enter this command each time you want to enter CONFIGURATION mode and deny access to others.

Viewing the Configuration Lock Status

If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which user has control of CONFIGURATION mode using the show configuration lock command from EXEC Privilege mode.

You can then send any user a message using the send command from EXEC Privilege mode. Alternatively, you can clear any line using the clear command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode.

Example of Locking CONFIGURATION Mode for Single-User Access

Dell(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console

Management

Page 81

Dell#config ! Locks configuration mode exclusively. Dell(conf)#

If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode.

If any user is already in CONFIGURATION mode when while a lock is in place, the following appears on their terminal (message 2): % Error: Can't lock configuration mode exclusively since

the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ).

NOTE: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION mode, when you attempt to re-enter CONFIGURATION mode, you are denied access even though you are the one that configured the lock.

NOTE: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is unconfigured.

Limit Concurrent Login Sessions

Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, Aux, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.

By default, you can use all 10 VTY lines, one console line, and one Aux line. You can limit the number of available sessions using the login concurrent-session limit command and so restrict users to that specific number of sessions. You can optionally configure the system to provide an option to the users to clear any of their existing sessions.

Restrictions for Limiting the Number of Concurrent Sessions

These restrictions apply for limiting the number of concurrent sessions:

• Only the system and security administrators can limit the number of concurrent sessions and enable the clear-line option.

• Users can clear their existing sessions only if the system is configured with the login concurrent- session clear-line enable command.

Configuring Concurrent Session Limit

To configure concurrent session limit, follow this procedure:

• Limit the number of concurrent sessions for all users. CONFIGURATION mode

Management

Page 82

Example of Configuring Concurrent Session Limit

The following example limits the permitted number of concurrent login sessions to 4.

Dell(config)#login concurrent-session limit 4

Enabling the System to Clear Existing Sessions

To enable the system to clear existing login sessions, follow this procedure:

• Use the following command. CONFIGURATION mode

Example of Enabling the System to Clear Existing Sessions

The following example enables you to clear your existing login sessions.

Dell(config)#login concurrent-session clear-line enable

Example of Clearing Existing Sessions

When you try to login, the following message appears with all your existing concurrent sessions, providing an option to close any one of the existing sessions:

$ telnet 10.11.178.14 Trying 10.11.178.14... Connected to 10.11.178.14. Escape character is '^]'. Login: admin Password: Current sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 Clear existing session? [line number/Enter to cancel]:

When you try to create more than the permitted number of sessions, the following message appears, prompting you to close one of the existing sessions. If you close any of the existing sessions, you are allowed to login. :

$ telnet 10.11.178.17 Trying 10.11.178.17... Connected to 10.11.178.17. Escape character is '^]'. Login: admin Password:

Maximum concurrent sessions for the user reached. Current VTY sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 4 vty 2 10.14.1.97 5 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]:

Management

Page 83

Track Login Activity

Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events.

When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system. The system stores the number of unsuccessful login attempts that have occurred in the last 30 days by default. You can change the default value to any number of days from 1 to 30. By default, login activity tracking is disabled. You can enable it using the login statistics enable command from the configuration mode.

Restrictions for Tracking Login Activity

These restrictions apply for tracking login activity:

• Only the system and security administrators can configure login activity tracking and view the login activity details of other users.

• Login statistics is not applicable for login sessions that do not use user names for authentication. For example, the system does not report login activity for a telnet session that prompts only a password.

Configuring Login Activity Tracking

To enable and configure login activity tracking, follow these steps:

1. Enable login activity tracking.

CONFIGURATION mode

After enabling login statistics, the system stores the login activity details for the last 30 days.

2. (Optional) Configure the number of days for which the system stores the user login statistics. The

range is from 1 to 30. CONFIGURATION mode

Example of Configuring Login Activity Tracking

The following example enables login activity tracking. The system stores the login activity details for the last 30 days.

Dell(config)#login statistics enable

The following example enables login activity tracking and configures the system to store the login activity details for 12 days.

Dell(config)#login statistics enable Dell(config)#login statistics time-period 12

Management

Page 84

Display Login Statistics

To view the login statistics, use the show login statistics command.

Example of the show login statistics Command

The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period.

Dell#show login statistics

------------------------------------------------------------------

User: admin Last login time: Mon Feb 16 04:40:00 2015 Last login location: Line vty0 ( 10.14.1.97 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 30 day(s): 3

------------------------------------------------------------------

Example of the show login statistics all command

The show login statistics all command displays the successful and failed login details of all users in the last 30 days or the custom defined time period.

Dell#show login statistics all

------------------------------------------------------------------

User: secadm Last login time: Mon Feb 16 04:45:29 2015 Last login location: Line vty0 ( 10.14.1.97 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 7 day(s): 0

------------------------------------------------------------------

Example of the show login statistics user user-id command

The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period.

Dell#show login statistics user admin

------------------------------------------------------------------

Management

Page 85

Recovering from a Forgotten Password

If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. Use the following commands if you forget your password.

1. Log onto the system using the console.

2. Power-cycle the chassis by switching off all of the power modules and then switching them back on.

3. Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => prompt.

(during bootup)

hit any key

4. Set the system parameters to ignore the startup configuration file when the system reloads.

uBoot mode

setenv stconfigignore true

5. To save the changes, use the saveenv command.

uBoot mode

saveenv

6. Reload the system.

uBoot mode

reset

7. Copy startup-config.bak to the running config.

EXEC Privilege mode

copy flash://startup-config.bak running-config

8. Remove all authentication statements you might have for the console.

LINE mode

no authentication login no password

9. Save the running-config.

EXEC Privilege mode

copy running-config startup-config

10. Set the system parameters to use the startup configuration file when the system reloads.

uBoot mode

setenv stconfigignore false

11. Save the running-config.

EXEC Privilege mode

copy running-config startup-config

Management

Page 86

Recovering from a Forgotten Enable Password

Use the following commands if you forget the enable password.

1. Log onto the system using the console.

2. Power-cycle the chassis by switching off all of the power modules and then switching them back on.

3. Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => prompt.

(during bootup)

hit any key

4. Set the system parameters to ignore the enable password when the system reloads.

uBoot mode

setenv enablepwdignore true

5. Reload the system.

uBoot mode

reset

6. Configure a new enable password.

CONFIGURATION mode

enable {secret | password}

7. Save the running-config to the startup-config.

EXEC Privilege mode

copy running-config startup-config

Recovering from a Failed Start

A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the setenv command, as described in the following steps. For details about the setenv command, its supporting commands, and other commands that can help recover from a failed start, refer to the u-Boot chapter in the Dell Networking OS Command Line Reference Guide.

1. Power-cycle the chassis (pull the power cord and reinsert it).

2. Hit any key to abort the boot process. You enter uBoot immediately, the => prompt indicates

success. (during bootup)

press any key

3. Assign the new location to the Dell Networking OS image it uses when the system reloads.

uBoot mode

Management

Page 87

setenv [primary_image f10boot location | secondary_image f10boot location | default_image f10boot location]

4. Assign an IP address to the Management Ethernet interface.

uBoot mode

setenv ipaddre address

5. Assign an IP address as the default gateway for the system.

uBoot mode

setenv gatewayip address

6. Reload the system.

uBoot mode

reset

Management

Page 88

802.1X

802.1X is a method of port security.

A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.

802.1X employs extensible authentication protocol (EAP) to transfer a device’s credentials to an

authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-overRADIUS to communicate with the server.

NOTE: The Dell Networking operating system supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.

The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames.

802.1X

Page 89

Figure 1. EAP Frames Encapsulated in Ethernet and RADUIS

802.1X

Page 90

Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS

The authentication process involves three devices:

• The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests.

• The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator.

• The authentication-server selects the authentication method, verifies the information the supplicant provides, and grants it network access privileges.

Ports can be in one of two states:

• Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or out of the port.

• The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally.

NOTE: The Dell Networking switches place 802.1X-enabled ports in the unauthorized state by default.

The Port-Authentication Process

The authentication process begins when the authenticator senses that a link status has changed from down to up:

1. When the authenticator senses a link state change, it requests that the supplicant identify itself using

an EAP Identity Request frame.

802.1X

Page 91

2. The supplicant responds with its identity in an EAP Response Identity frame.

3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a

RADIUS Access-Request frame and forwards the frame to the authentication server.

4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame

requests that the supplicant prove that it is who it claims to be, using a specified method (an EAPMethod). The challenge is translated and forwarded to the supplicant by the authenticator.

5. The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant

provides the Requested Challenge information in an EAP response, which is translated and forwarded to the authentication server as another Access-Request frame.

6. If the identity information provided by the supplicant is valid, the authentication server sends an

Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame.

Figure 3. EAP Port-Authentication

802.1X

Page 92

EAP over RADIUS

802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as

defined in RFC 3579.

EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79.

Figure 4. EAP Over RADIUS

RADIUS Attributes for 802.1 Support

Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages:

Attribute 5 NAS-Port: the physical port number by which the authenticator is connected to

the supplicant.

Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.

Attribute 41 NAS-Port-Type: NAS-port physical port type. 5 indicates Ethernet.

Attribute 81 Tunnel-Private-Group-ID: associate a tunneled session with a particular group of

users.

Configuring 802.1X

Configuring 802.1X on a port is a two-step process.

1. Enable 802.1X globally (refer to Enabling 802.1X).

2. Enable 802.1X on an interface (refer to Enabling 802.1X).

Related Configuration Tasks

• Configuring Request Identity Re-transmissions

• Forcibly Authorizing or Unauthorizing a Port

• Re-authenticating a Port

• Configuring Timeouts

802.1X

Page 93

• Configuring a Guest VLAN

• Configuring an Authentication-fail VLAN

Important Points to Remember

• The Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.

• 802.1X is not supported on port-channels or port-channel members.

Enabling 802.1X

Enable 802.1X globally and at a interface level.

Figure 5. 802.1X Enabled

1. Enable 802.1X globally.

CONFIGURATION mode

802.1X

Page 94

dot1x authentication

2. Enter INTERFACE mode on an interface or a range of interfaces.

INTERFACE mode

interface [range]

3. Enable 802.1X on an interface or a range of interfaces.

INTERFACE mode

dot1x authentication

Example of Verifying that 802.1X is Enabled Globally

Example of Verifying 802.1X is Enabled on an Interface

Verify that 802.1X is enabled globally and at the interface level using the show running-config |

find dot1x

command from EXEC Privilege mode.

The bold lines show that 802.1X is enabled.

Dell#show running-config | find dot1x

dot1x authentication

! [output omitted] ! interface GigabitEthernet 2/1 ip address 2.2.2.2/24

dot1x authentication

no shutdown ! interface GigabitEthernet 2/2 ip address 1.0.0.1/24 dot1x authentication no shutdown

--More--

View 802.1X configuration information for an interface using the show dot1x interface command.

The bold lines show that 802.1X is enabled on all ports unauthorized by default.

Dell#show dot1x interface TenGigabitEthernet 2/1

802.1x information on Te 2/1:

-----------------------------

Dot1x Status: Enable

Port Control: AUTO

Port Auth Status: UNAUTHORIZED

Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Disable Guest VLAN id: NONE Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Mac-Auth-Bypass: Disable Mac-Auth-Bypass Only: Disable Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds

802.1X

Page 95

Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Host Mode: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize

Configuring Request Identity Re-Transmissions

If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable.

NOTE: There are several reasons why the supplicant might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem.

To configure re-transmissions, use the following commands.

• Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame.

INTERFACE mode

dot1x tx-period number

The range is from 1 to 65535 (1 year)

The default is 30.

• Configure a maximum number of times the authenticator re-transmits a Request Identity frame. INTERFACE mode

dot1x max-eap-req number

The range is from 1 to 10.

The default is 2.

The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits a maximum of 10 times.

Configuring a Quiet Period after a Failed Authentication

If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default, but you can configure this period.

NOTE: The quiet period (dot1x quiet-period) is a transmit interval for after a failed authentication; the Request Identity Re-transmit interval ( supplicant.

To configure a quiet period, use the following command.

• Configure the amount of time that the authenticator waits to re-transmit a Request Identity frame after a failed authentication.

dot1x tx-period) is for an unresponsive

802.1X

Page 96

INTERFACE mode

dot1x quiet-period seconds

The range is from 1 to 65535.

The default is 60 seconds.

Example of Configuring and Verifying Port Authentication

The following example shows configuration information for a port for which the authenticator retransmits an EAP Request Identity frame:

• after 90 seconds and a maximum of 10 times for an unresponsive supplicant

• re-transmits an EAP Request Identity frame

The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions.

Dell(conf-if-range-Te-0/0)#dot1x tx-period 90 Dell(conf-if-range-Te-0/0)#dot1x max-eap-req 10 Dell(conf-if-range-Te-0/0)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1

802.1x information on Te 2/1:

-----------------------------

Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED

Re-Authentication: Disable

Untagged VLAN id: None Tx Period: 90 seconds

Quiet Period: 120 seconds

ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds

Max-EAP-Req: 10

Auth Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize

Forcibly Authorizing or Unauthorizing a Port

IEEE 802.1X requires that a port can be manually placed into any of three states:

• ForceAuthorized — an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing the port in this state is same as disabling 802.1X on the port.

• ForceUnauthorized — an unauthorized state. A device connected to a port in this state is never subjected to the authentication process and is not allowed to communicate on the network. Placing the port in this state is the same as shutting down the port. Any attempt by the supplicant to initiate authentication is ignored.

• Auto — an unauthorized state by default. A device connected to this port in this state is subjected to the authentication process. If the process is successful, the port is authorized and the connected device can communicate on the network. All ports are placed in the Auto state by default.

To set the port state, use the following command.

802.1X

Page 97

• Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state. INTERFACE mode

dot1x port-control {force-authorized | force-unauthorized | auto}

The default state is auto.

Example of Placing a Port in Force-Authorized State and Viewing the Configuration

The example shows configuration information for a port that has been force-authorized.

The bold line shows the new port-control state.

Dell(conf-if-gi-2/1)#dot1x port-control force-authorized Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1

802.1x information on Gi 2/1:

-----------------------------

Dot1x Status: Enable

Port Control: FORCE_AUTHORIZED

Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 10 Auth Type: SINGLE_HOST

Auth PAE State: Initialize Backend State: Initialize Auth PAE State: Initialize Backend State: Initialize

Re-Authenticating a Port

You can configure the authenticator for periodic re-authentication. After the supplicant has been authenticated, and the port has been authorized, you can configure the authenticator to re-authenticate the supplicant periodically. If you enable re-authentication, the supplicant is required to re-authenticate every 3600 seconds, but you can configure this interval. You can configure a maximum number of re-authentications as well.

To configure re-authentication time settings, use the following commands.

• Configure the authenticator to periodically re-authenticate the supplicant. INTERFACE mode

dot1x reauthentication [interval] seconds

The range is from 1 to 65535.

The default is 3600.

• Configure the maximum number of times that the supplicant can be re-authenticated.

802.1X

Page 98

INTERFACE mode

dot1x reauth-max number

The range is from 1 to 10.

The default is 2.

Example of Re-Authenticating a Port and Verifying the Configuration

The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period.

Dell(conf-if-gi-2/1)#dot1x reauthentication interval 7200 Dell(conf-if-gi-2/1)#dot1x reauth-max 10 Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1

802.1x information on Gi 2/1:

-----------------------------

Dot1x Status: Enable Port Control: FORCE_AUTHORIZED

Port Auth Status:UNAUTHORIZED

Re-Authentication: Enable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds

ReAuth Max: 10

Supplicant Timeout: 30 seconds Server Timeout: 30 seconds

Re-Auth Interval:7200 seconds

Max-EAP-Req: 10 Auth Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Auth PAE State: Initialize

Configuring Timeouts

If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. You can configure the amount of time the authenticator waits for a response.

To terminate the authentication process, use the following commands.

• Terminate the authentication process due to an unresponsive supplicant. INTERFACE mode

dot1x supplicant-timeout seconds

The range is from 1 to 300.

The default is 30.

• Terminate the authentication process due to an unresponsive authentication server. INTERFACE mode

dot1x server-timeout seconds

802.1X

Page 99

The range is from 1 to 300.

The default is 30.

Example of Viewing Configured Server Timeouts

The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds.

The bold lines show the new supplicant and server timeouts.

Dell(conf-if-gi-2/1)#dot1x port-control force-authorized Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1

802.1x information on Gi 2/1:

-----------------------------

Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Disable Guest VLAN id: NONE Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10

Supplicant Timeout: 15 seconds

Server Timeout: 15 seconds Re-Auth Interval: 7200 seconds Max-EAP-Req: 10 Auth Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize

Enter the tasks the user should do after finishing this task (optional).

Configuring Dynamic VLAN Assignment with Port Authentication

The system supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x procedure:

1. The host sends a dot1x packet to the Dell Networking system

2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port

number

3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN

assignment using Tunnel-Private-Group-ID

The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.

802.1X

Page 100

Figure 6. Dynamic VLAN Assignment

1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations

(refer to the illustration in Dynamic VLAN Assignment with Port Authentication).

2. Make the interface a switchport so that it can be assigned to a VLAN.

3. Create the VLAN to which the interface will be assigned.

4. Connect the supplicant to the port configured for 802.1X.

5. Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in

Dynamic VLAN Assignment with Port Authentication).

Guest and Authentication-Fail VLANs

Typically, the authenticator (the Dell Networking system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.

NOTE: Ports cannot be dynamically assigned to the default VLAN.

100

802.1X

Dell MXL 10, MXL40GbE User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

About this Guide

Audience

Conventions

Information Symbols

Related Documents

Configuration Fundamentals

Accessing the Command Line

CLI Modes

Navigating CLI Modes

The do Command

Undoing Commands

Obtaining Help

Entering and Editing Commands

Command History

Filtering show Command Outputs

Multiple Users in Configuration Mode

Getting Started

Console Access

Serial Console

External Serial Port with a USB Connector

Accessing the CLI Interface and Running Scripts Using SSH

Entering CLI commands Using an SSH Connection

Executing Local CLI Scripts Using an SSH Connection

Boot Process

Default Configuration

Configuring a Host Name

Configuring a Host Name

Accessing the System Remotely

Accessing the MXL Switch Remotely

Configure the Management Port IP Address

Configure a Management Route

Configuring a Username and Password

Configuring the Enable Password

Configuration File Management

Copy Files to and from the System

Save the Running-Configuration

Viewing Files

Managing the File System

View the Command History

Using HTTP for File Transfers

Upgrading and Downgrading the Dell Networking OS

Using Hashes to Validate Software Images

Management

Configuring Privilege Levels

Creating a Custom Privilege Level

Customizing a Privilege Level

Applying a Privilege Level to a Username

Applying a Privilege Level to a Terminal Line

Configuring Logging

Audit and Security Logs

Configuring Logging Format

Setting Up a Secure Connection to a Syslog Server

Display the Logging Buffer and the Logging Configuration

Log Messages in the Internal Buffer

Configuration Task List for System Log Management

Disabling System Logging

Sending System Messages to a Syslog Server

Configuring a UNIX System as a Syslog Server

Changing System Logging Settings

Display the Logging Buffer and the Logging Configuration

Configuring a UNIX Logging Facility Level

Synchronizing Log Messages

Enabling Timestamp on Syslog Messages

File Transfer Services

Configuration Task List for File Transfer Services

Enabling the FTP Server

Configuring FTP Server Parameters

Configuring FTP Client Parameters

Terminal Lines

Denying and Permitting Access to a Terminal Line

Configuring Login Authentication for Terminal Lines

Setting Time Out of EXEC Privilege Mode

Using Telnet to get to Another Network Device

Lock CONFIGURATION Mode

Viewing the Configuration Lock Status

Limit Concurrent Login Sessions