Dell S6000-ON User Manual

Dell Configuration Guide for the S6000–ON
System

9.8(0.0)

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your computer.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you
how to avoid the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and

intellectual property laws. Dell™ and the Dell logo are trademarks of Dell Inc. in the United States and/or other
jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

2015 - 05

Rev. A00

Contents

1 About this Guide................................................................................................. 34

Audience..............................................................................................................................................34

Conventions........................................................................................................................................ 34

Related Documents............................................................................................................................ 34

2 Configuration Fundamentals........................................................................... 36

Accessing the Command Line............................................................................................................36

CLI Modes............................................................................................................................................36

Navigating CLI Modes................................................................................................................... 38

The do Command............................................................................................................................... 41

Undoing Commands...........................................................................................................................42

Obtaining Help.................................................................................................................................... 43

Entering and Editing Commands....................................................................................................... 43

Command History...............................................................................................................................44

Filtering show Command Outputs.....................................................................................................44

Multiple Users in Configuration Mode............................................................................................... 46

3 Getting Started....................................................................................................47

Console Access................................................................................................................................... 47

Serial Console................................................................................................................................47

Default Configuration......................................................................................................................... 49

Configuring a Host Name...................................................................................................................49

Accessing the System Remotely........................................................................................................ 49

Accessing the System Remotely...................................................................................................49

Configure the Management Port IP Address............................................................................... 49

Configure a Management Route..................................................................................................50

Configuring a Username and Password.......................................................................................50

Configuring the Enable Password.......................................................................................................51

Configuration File Management......................................................................................................... 51

Copy Files to and from the System...............................................................................................51

Mounting an NFS File System....................................................................................................... 52

Save the Running-Configuration..................................................................................................54

Configure the Overload Bit for a Startup Scenario...................................................................... 55

Viewing Files.................................................................................................................................. 55

Managing the File System...................................................................................................................56

View Command History......................................................................................................................57

Upgrading Dell Networking OS.......................................................................................................... 57

Using HTTP for File Transfers..............................................................................................................57

3

Using Hashes to Validate Software Images........................................................................................58

4 Management....................................................................................................... 60

Configuring Privilege Levels............................................................................................................... 60

Creating a Custom Privilege Level............................................................................................... 60

Removing a Command from EXEC Mode................................................................................... 60

Moving a Command from EXEC Privilege Mode to EXEC Mode................................................ 61

Allowing Access to CONFIGURATION Mode Commands...........................................................61

Allowing Access to the Following Modes.....................................................................................61

Applying a Privilege Level to a Username.................................................................................... 63

Applying a Privilege Level to a Terminal Line...............................................................................63

Configuring Logging...........................................................................................................................63

Audit and Security Logs................................................................................................................ 64

Configuring Logging Format ...................................................................................................... 66

Setting Up a Secure Connection to a Syslog Server....................................................................67

Log Messages in the Internal Buffer...................................................................................................68

Configuration Task List for System Log Management................................................................ 68

Disabling System Logging.................................................................................................................. 68

Sending System Messages to a Syslog Server................................................................................... 69

Configuring a UNIX System as a Syslog Server............................................................................69

Track Login Activity.............................................................................................................................69

Restrictions for Tracking Login Activity........................................................................................69

Configuring Login Activity Tracking............................................................................................. 70

Display Login Statistics..................................................................................................................70

Limit Concurrent Login Sessions........................................................................................................ 71

Restrictions for Limiting the Number of Concurrent Sessions.................................................... 71

Configuring Concurrent Session Limit..........................................................................................71

Enabling the System to Clear Existing Sessions........................................................................... 72

Changing System Logging Settings....................................................................................................73

Display the Logging Buffer and the Logging Configuration..............................................................74

Configuring a UNIX Logging Facility Level.........................................................................................74

Synchronizing Log Messages..............................................................................................................76

Enabling Timestamp on Syslog Messages..........................................................................................76

File Transfer Services........................................................................................................................... 77

Configuration Task List for File Transfer Services........................................................................ 77

Enabling the FTP Server.................................................................................................................77

Configuring FTP Server Parameters..............................................................................................78

Configuring FTP Client Parameters.............................................................................................. 78

Terminal Lines..................................................................................................................................... 79

Denying and Permitting Access to a Terminal Line..................................................................... 79

Configuring Login Authentication for Terminal Lines.................................................................80

Setting Time Out of EXEC Privilege Mode..........................................................................................81

4

Using Telnet to get to Another Network Device............................................................................... 82

Lock CONFIGURATION Mode............................................................................................................83

Viewing the Configuration Lock Status........................................................................................83

Restoring the Factory Default Settings.............................................................................................. 84

Important Points to Remember....................................................................................................84

Restoring Factory Default Environment Variables.......................................................................84

5 802.1X................................................................................................................... 87

The Port-Authentication Process.......................................................................................................88

EAP over RADIUS...........................................................................................................................90

Configuring 802.1X.............................................................................................................................90

Related Configuration Tasks.........................................................................................................90

Important Points to Remember..........................................................................................................91

Enabling 802.1X...................................................................................................................................92

Configuring Request Identity Re-Transmissions............................................................................... 93

Configuring a Quiet Period after a Failed Authentication........................................................... 94

Forcibly Authorizing or Unauthorizing a Port.................................................................................... 95

Re-Authenticating a Port....................................................................................................................96

Configuring Timeouts......................................................................................................................... 97

Configuring Dynamic VLAN Assignment with Port Authentication..................................................98

Guest and Authentication-Fail VLANs................................................................................................99

Configuring a Guest VLAN..........................................................................................................100

Configuring an Authentication-Fail VLAN..................................................................................100

6 Access Control Lists (ACLs)............................................................................ 102

IP Access Control Lists (ACLs).......................................................................................................... 102

CAM Usage.................................................................................................................................. 103

Implementing ACLs on Dell Networking OS............................................................................. 104

Important Points to Remember........................................................................................................105

Configuration Task List for Route Maps.....................................................................................105

Configuring Match Routes..........................................................................................................108

Configuring Set Conditions........................................................................................................ 109

Configure a Route Map for Route Redistribution....................................................................... 111

Configure a Route Map for Route Tagging.................................................................................111

Continue Clause.......................................................................................................................... 112

IP Fragment Handling........................................................................................................................112

IP Fragments ACL Examples........................................................................................................113

Layer 4 ACL Rules Examples........................................................................................................113

Configure a Standard IP ACL.............................................................................................................114

Configuring a Standard IP ACL Filter...........................................................................................115

Configure an Extended IP ACL..........................................................................................................116

Configuring Filters with a Sequence Number............................................................................ 116

5

Configuring Filters Without a Sequence Number...................................................................... 118

Configure Layer 2 and Layer 3 ACLs.................................................................................................119

Assign an IP ACL to an Interface.......................................................................................................119

Applying an IP ACL............................................................................................................................120

Counting ACL Hits....................................................................................................................... 121

Configure Ingress ACLs..................................................................................................................... 121

Configure Egress ACLs......................................................................................................................122

Applying Egress Layer 3 ACLs (Control-Plane).......................................................................... 122

IP Prefix Lists......................................................................................................................................123

Implementation Information.......................................................................................................123

Configuration Task List for Prefix Lists....................................................................................... 123

ACL Resequencing............................................................................................................................ 127

Resequencing an ACL or Prefix List............................................................................................128

Route Maps........................................................................................................................................129

Implementation Information...................................................................................................... 130

Flow-Based Monitoring Support for ACLs.......................................................................................130

Behavior of Flow-Based Monitoring...........................................................................................130

Enabling Flow-Based Monitoring............................................................................................... 132

7 Bidirectional Forwarding Detection (BFD)...................................................134

How BFD Works................................................................................................................................ 134

BFD Packet Format......................................................................................................................135

BFD Sessions................................................................................................................................137

BFD Three-Way Handshake........................................................................................................ 137

Session State Changes................................................................................................................ 138

Important Points to Remember........................................................................................................139

Configure BFD...................................................................................................................................139

Configure BFD for Physical Ports............................................................................................... 140

Configure BFD for Static Routes.................................................................................................143

Configure BFD for OSPF............................................................................................................. 145

Configure BFD for OSPFv3......................................................................................................... 148

Configure BFD for IS-IS...............................................................................................................149

Configure BFD for BGP................................................................................................................151

Configure BFD for VRRP............................................................................................................. 158

Configuring Protocol Liveness....................................................................................................161

Troubleshooting BFD.................................................................................................................. 162

8 Border Gateway Protocol IPv4 (BGPv4)...................................................... 164

Autonomous Systems (AS)................................................................................................................164

Sessions and Peers............................................................................................................................166

Establish a Session.......................................................................................................................167

Route Reflectors................................................................................................................................168

6

BGP Attributes................................................................................................................................... 169

Best Path Selection Criteria........................................................................................................ 169

Weight...........................................................................................................................................171

Local Preference..........................................................................................................................172

Multi-Exit Discriminators (MEDs)................................................................................................ 172

Origin............................................................................................................................................173

AS Path......................................................................................................................................... 174

Next Hop......................................................................................................................................174

Multiprotocol BGP.............................................................................................................................175

Implement BGP with Dell Networking OS....................................................................................... 175

Additional Path (Add-Path) Support............................................................................................175

Advertise IGP Cost as MED for Redistributed Routes................................................................ 176

Ignore Router-ID for Some Best-Path Calculations.................................................................. 177

Four-Byte AS Numbers................................................................................................................177

AS4 Number Representation.......................................................................................................177

AS Number Migration.................................................................................................................. 179

BGP4 Management Information Base (MIB)...............................................................................181

Important Points to Remember.................................................................................................. 181

Configuration Information................................................................................................................182

BGP Configuration............................................................................................................................ 182

Enabling BGP...............................................................................................................................183

Configuring AS4 Number Representations................................................................................ 187

Configuring Peer Groups............................................................................................................189

Configuring BGP Fast Fall-Over..................................................................................................191

Configuring Passive Peering....................................................................................................... 193

Maintaining Existing AS Numbers During an AS Migration........................................................194

Allowing an AS Number to Appear in its Own AS Path..............................................................195

Enabling Graceful Restart........................................................................................................... 196

Enabling Neighbor Graceful Restart........................................................................................... 197

Filtering on an AS-Path Attribute................................................................................................198

Regular Expressions as Filters..................................................................................................... 199

Redistributing Routes..................................................................................................................201

Enabling Additional Paths........................................................................................................... 201

Configuring IP Community Lists................................................................................................ 202

Configuring an IP Extended Community List............................................................................ 203

Filtering Routes with Community Lists......................................................................................204

Manipulating the COMMUNITY Attribute.................................................................................. 205

Changing MED Attributes........................................................................................................... 207

Changing the LOCAL_PREFERENCE Attribute.......................................................................... 207

Changing the NEXT_HOP Attribute...........................................................................................208

Changing the WEIGHT Attribute................................................................................................208

Enabling Multipath......................................................................................................................209

7

Filtering BGP Routes...................................................................................................................209

Filtering BGP Routes Using Route Maps.....................................................................................211

Filtering BGP Routes Using AS-PATH Information.....................................................................211

Configuring BGP Route Reflectors.............................................................................................212

Aggregating Routes.....................................................................................................................213

Configuring BGP Confederations...............................................................................................213

Enabling Route Flap Dampening................................................................................................ 214

Changing BGP Timers................................................................................................................. 217

Enabling BGP Neighbor Soft-Reconfiguration...........................................................................217

Route Map Continue...................................................................................................................218

Enabling MBGP Configurations........................................................................................................ 219

BGP Regular Expression Optimization.............................................................................................220

Debugging BGP................................................................................................................................ 220

Storing Last and Bad PDUs..........................................................................................................221

Capturing PDUs...........................................................................................................................222

PDU Counters............................................................................................................................. 223

Sample Configurations..................................................................................................................... 224

9 Content Addressable Memory (CAM)...........................................................230

CAM Allocation................................................................................................................................. 230

Test CAM Usage................................................................................................................................232

View CAM Profiles.............................................................................................................................232

View CAM-ACL Settings................................................................................................................... 233

View CAM Usage...............................................................................................................................235

CAM Optimization............................................................................................................................ 236

Troubleshoot CAM Profiling.............................................................................................................236

CAM Profile Mismatches.............................................................................................................236

QoS CAM Region Limitation.......................................................................................................236

Syslog Error When the Table is Full............................................................................................ 237

Syslog Warning Upon 90 Percent Utilization of CAM............................................................... 237

Syslog Warning for Discrepancies Between Configured Extended Prefixes............................ 237

Unified Forwarding Table (UFT) Modes............................................................................................237

Configuring UFT Modes..............................................................................................................238

10 Control Plane Policing (CoPP).....................................................................239

Configure Control Plane Policing....................................................................................................240

Configuring CoPP for Protocols.................................................................................................241

Configuring CoPP for CPU Queues...........................................................................................243

Show Commands....................................................................................................................... 244

11 Data Center Bridging (DCB)..........................................................................246

Ethernet Enhancements in Data Center Bridging........................................................................... 246

8

Priority-Based Flow Control....................................................................................................... 247

Enhanced Transmission Selection............................................................................................. 249

Data Center Bridging Exchange Protocol (DCBx)..................................................................... 250

Data Center Bridging in a Traffic Flow.......................................................................................250

Enabling Data Center Bridging......................................................................................................... 251

DCB Maps and its Attributes........................................................................................................251

Data Center Bridging: Default Configuration.................................................................................. 252

Configuring Priority-Based Flow Control........................................................................................ 253

Configuring Lossless Queues.....................................................................................................254

Configuring PFC in a DCB Map........................................................................................................ 255

PFC Configuration Notes............................................................................................................255

PFC Prerequisites and Restrictions.............................................................................................257

Applying a DCB Map on a Port......................................................................................................... 257

Configuring PFC without a DCB Map.............................................................................................. 257

Configuring Lossless QueuesExample:......................................................................................258

Priority-Based Flow Control Using Dynamic Buffer Method......................................................... 260

Pause and Resume of Traffic......................................................................................................260

Buffer Sizes for Lossless or PFC Packets................................................................................... 260

Behavior of Tagged Packets............................................................................................................. 261

Configuration Example for DSCP and PFC Priorities...................................................................... 262

SNMP Support for PFC and Buffer Statistics Tracking.....................................................................262

Performing PFC Using DSCP Bits Instead of 802.1p Bits................................................................ 263

PFC and ETS Configuration Examples.............................................................................................264

Using PFC to Manage Converged Ethernet Traffic......................................................................... 264

Operations on Untagged Packets....................................................................................................264

Generation of PFC for a Priority for Untagged Packets.................................................................. 265

Configure Enhanced Transmission Selection..................................................................................265

ETS Prerequisites and Restrictions............................................................................................. 265

Creating an ETS Priority Group.................................................................................................. 266

ETS Operation with DCBx...........................................................................................................267

Configuring Bandwidth Allocation for DCBx CIN..................................................................... 268

Configuring ETS in a DCB Map.................................................................................................. 269

Hierarchical Scheduling in ETS Output Policies.............................................................................. 270

Using ETS to Manage Converged Ethernet Traffic.......................................................................... 271

Applying DCB Policies in a Switch Stack.......................................................................................... 271

Configure a DCBx Operation............................................................................................................271

DCBx Operation.......................................................................................................................... 272

DCBx Port Roles..........................................................................................................................272

DCB Configuration Exchange.................................................................................................... 274

Configuration Source Election................................................................................................... 274

Propagation of DCB Information................................................................................................275

Auto-Detection and Manual Configuration of the DCBx Version............................................ 275

9

DCBx Example.............................................................................................................................276

DCBx Prerequisites and Restrictions.......................................................................................... 276

Configuring DCBx....................................................................................................................... 277

Verifying the DCB Configuration......................................................................................................281

QoS dot1p Traffic Classification and Queue Assignment...............................................................292

Configuring the Dynamic Buffer Method........................................................................................ 293

Sample DCB Configuration..............................................................................................................294

PFC and ETS Configuration Command Examples.....................................................................295

12 Dynamic Host Configuration Protocol (DHCP)........................................296

DHCP Packet Format and Options.................................................................................................. 296

Assign an IP Address using DHCP....................................................................................................298

Implementation Information............................................................................................................299

Configure the System to be a DHCP Server....................................................................................300

Configuring the Server for Automatic Address Allocation........................................................300

Specifying a Default Gateway.....................................................................................................302

Configure a Method of Hostname Resolution.......................................................................... 302

Using DNS for Address Resolution.............................................................................................302

Using NetBIOS WINS for Address Resolution............................................................................302

Creating Manual Binding Entries................................................................................................303

Debugging the DHCP Server......................................................................................................303

Using DHCP Clear Commands.................................................................................................. 303

Configure the System to be a DHCP Client.................................................................................... 304

Configuring the DHCP Client System........................................................................................304

DHCP Client on a Management Interface.................................................................................306

DHCP Client Operation with Other Features.............................................................................307

Configure the System for User Port Stacking (Option 230)........................................................... 308

Configure Secure DHCP.................................................................................................................. 308

Option 82....................................................................................................................................308

DHCP Snooping..........................................................................................................................309

Drop DHCP Packets on Snooped VLANs Only.......................................................................... 313

Dynamic ARP Inspection.............................................................................................................313

Configuring Dynamic ARP Inspection........................................................................................314

Source Address Validation................................................................................................................ 315

Enabling IP Source Address Validation.......................................................................................316

DHCP MAC Source Address Validation...................................................................................... 316

Enabling IP+MAC Source Address Validation.............................................................................317

Viewing the Number of SAV Dropped Packets.......................................................................... 317

Clearing the Number of SAV Dropped Packets......................................................................... 318

13 Equal Cost Multi-Path (ECMP)......................................................................319

ECMP for Flow-Based Affinity...........................................................................................................319

10

Configuring the Hash Algorithm.................................................................................................319

Enabling Deterministic ECMP Next Hop.................................................................................... 319

Configuring the Hash Algorithm Seed.......................................................................................320

Link Bundle Monitoring.................................................................................................................... 320

Managing ECMP Group Paths.....................................................................................................321

Creating an ECMP Group Bundle...............................................................................................322

Modifying the ECMP Group Threshold...................................................................................... 322

Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table.................323

Support for ECMP in host table..................................................................................................323

Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes ..................................................324

14 FCoE Transit.................................................................................................... 325

Fibre Channel over Ethernet.............................................................................................................325

Ensure Robustness in a Converged Ethernet Network................................................................... 325

FIP Snooping on Ethernet Bridges................................................................................................... 327

FIP Snooping in a Switch Stack........................................................................................................ 329

Using FIP Snooping...........................................................................................................................329

FIP Snooping Prerequisites.........................................................................................................329

Important Points to Remember................................................................................................. 330

Enabling the FCoE Transit Feature..............................................................................................331

Enable FIP Snooping on VLANs.................................................................................................. 331

Configure the FC-MAP Value......................................................................................................331

Configure a Port for a Bridge-to-Bridge Link............................................................................ 332

Configure a Port for a Bridge-to-FCF Link................................................................................ 332

Impact on Other Software Features...........................................................................................332

FIP Snooping Restrictions...........................................................................................................333

Configuring FIP Snooping...........................................................................................................333

Displaying FIP Snooping Information.............................................................................................. 334

FCoE Transit Configuration Example...............................................................................................340

15 Flex Hash and Optimized Boot-Up............................................................. 342

Flex Hash Capability Overview......................................................................................................... 342

Configuring the Flex Hash Mechanism............................................................................................342

Configuring Fast Boot and LACP Fast Switchover.......................................................................... 343

Optimizing the Boot Time................................................................................................................343

Booting Process When Optimized Boot Time Mechanism is Enabled.....................................344

Guidelines for Configuring Optimized Booting Mechanism.................................................... 344

Interoperation of Applications with Fast Boot and System States..................................................345

LACP and IPv4 Routing...............................................................................................................345

LACP and IPv6 Routing...............................................................................................................346

BGP Graceful Restart.................................................................................................................. 346

Cold Boot Caused by Power Cycling the System..................................................................... 346

11

Unexpected Reload of the System.............................................................................................347

Software Upgrade....................................................................................................................... 347

LACP Fast Switchover................................................................................................................. 347

Changes to BGP Multipath......................................................................................................... 347

Delayed Installation of ECMP Routes Into BGP.........................................................................347

RDMA Over Converged Ethernet (RoCE) Overview........................................................................348

Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces.............................................................349

16 Force10 Resilient Ring Protocol (FRRP).....................................................350

Protocol Overview............................................................................................................................350

Ring Status................................................................................................................................... 351

Multiple FRRP Rings.................................................................................................................... 352

Important FRRP Points................................................................................................................352

Important FRRP Concepts.......................................................................................................... 353

Implementing FRRP.......................................................................................................................... 354

FRRP Configuration.......................................................................................................................... 354

Creating the FRRP Group............................................................................................................355

Configuring the Control VLAN................................................................................................... 355

Configuring and Adding the Member VLANs.............................................................................356

Setting the FRRP Timers............................................................................................................. 358

Clearing the FRRP Counters.......................................................................................................358

Viewing the FRRP Configuration................................................................................................358

Viewing the FRRP Information................................................................................................... 358

Troubleshooting FRRP......................................................................................................................359

Configuration Checks.................................................................................................................359

Sample Configuration and Topology...............................................................................................359

17 GARP VLAN Registration Protocol (GVRP).................................................361

Important Points to Remember........................................................................................................361

Configure GVRP................................................................................................................................362

Related Configuration Tasks.......................................................................................................363

Enabling GVRP Globally....................................................................................................................363

Enabling GVRP on a Layer 2 Interface............................................................................................. 363

Configure GVRP Registration...........................................................................................................364

Configure a GARP Timer.................................................................................................................. 364

18 Internet Group Management Protocol (IGMP).........................................366

IGMP Implementation Information..................................................................................................366

IGMP Protocol Overview..................................................................................................................366

IGMP Version 2............................................................................................................................366

IGMP Version 3............................................................................................................................368

Configure IGMP.................................................................................................................................371

12

Related Configuration Tasks....................................................................................................... 371

Viewing IGMP Enabled Interfaces.................................................................................................... 372

Selecting an IGMP Version................................................................................................................372

Viewing IGMP Groups.......................................................................................................................373

Adjusting Timers................................................................................................................................373

Adjusting Query and Response Timers...................................................................................... 373

Enabling IGMP Immediate-Leave.....................................................................................................374

IGMP Snooping................................................................................................................................. 374

IGMP Snooping Implementation Information........................................................................... 375

Configuring IGMP Snooping.......................................................................................................375

Removing a Group-Port Association..........................................................................................375

Disabling Multicast Flooding.......................................................................................................376

Specifying a Port as Connected to a Multicast Router..............................................................376

Configuring the Switch as Querier.............................................................................................376

Fast Convergence after MSTP Topology Changes..........................................................................377

Egress Interface Selection (EIS) for HTTP and IGMP Applications.................................................. 377

Protocol Separation.................................................................................................................... 378

Enabling and Disabling Management Egress Interface Selection.............................................379

Handling of Management Route Configuration........................................................................380

Handling of Switch-Initiated Traffic........................................................................................... 381

Handling of Switch-Destined Traffic..........................................................................................382

Handling of Transit Traffic (Traffic Separation)..........................................................................382

Mapping of Management Applications and Traffic Type.......................................................... 383

Behavior of Various Applications for Switch-Initiated Traffic .................................................. 384

Behavior of Various Applications for Switch-Destined Traffic .................................................385

Interworking of EIS With Various Applications.......................................................................... 386

Designating a Multicast Router Interface........................................................................................ 386

19 Interfaces......................................................................................................... 387

Basic Interface Configuration...........................................................................................................387

Advanced Interface Configuration...................................................................................................387

Interface Types................................................................................................................................. 388

View Basic Interface Information.....................................................................................................388

Enabling a Physical Interface........................................................................................................... 390

Physical Interfaces.............................................................................................................................391

Configuration Task List for Physical Interfaces.......................................................................... 391

40G to 1G Breakout Cable Adaptor............................................................................................391

Overview of Layer Modes........................................................................................................... 392

Configuring Layer 2 (Data Link) Mode....................................................................................... 392

Configuring Layer 2 (Interface) Mode........................................................................................ 393

Configuring Layer 3 (Network) Mode.........................................................................................393

Configuring Layer 3 (Interface) Mode........................................................................................394

13

Egress Interface Selection (EIS)........................................................................................................394

Important Points to Remember................................................................................................. 395

Configuring EIS........................................................................................................................... 395

Management Interfaces....................................................................................................................395

Configuring Management Interfaces......................................................................................... 395

Configuring Management Interfaces on the S-Series...............................................................396

VLAN Interfaces.................................................................................................................................397

Loopback Interfaces.........................................................................................................................398

Null Interfaces...................................................................................................................................398

Port Channel Interfaces....................................................................................................................398

Port Channel Definition and Standards..................................................................................... 399

Port Channel Benefits.................................................................................................................399

Port Channel Implementation....................................................................................................399

10/100/1000 Mbps Interfaces in Port Channels....................................................................... 400

Configuration Tasks for Port Channel Interfaces......................................................................400

Creating a Port Channel............................................................................................................. 401

Adding a Physical Interface to a Port Channel.......................................................................... 401

Reassigning an Interface to a New Port Channel......................................................................403

Configuring the Minimum Oper Up Links in a Port Channel....................................................404

.....................................................................................................................................................404

Assigning an IP Address to a Port Channel................................................................................405

Deleting or Disabling a Port Channel........................................................................................ 405

Load Balancing Through Port Channels....................................................................................405

Load-Balancing Method.............................................................................................................406

Changing the Hash Algorithm....................................................................................................406

Bulk Configuration........................................................................................................................... 408

Interface Range...........................................................................................................................408

Bulk Configuration Examples.....................................................................................................408

Defining Interface Range Macros.....................................................................................................410

Define the Interface Range.........................................................................................................410

Choosing an Interface-Range Macro.........................................................................................410

Monitoring and Maintaining Interfaces.............................................................................................411

Maintenance Using TDR..............................................................................................................412

Fanning out 40G Ports Dynamically.................................................................................................413

Splitting QSFP Ports to SFP+ Ports...................................................................................................413

Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port............................................................ 413

Important Points to Remember..................................................................................................414

Example Scenarios...................................................................................................................... 414

Link Dampening................................................................................................................................ 416

Important Points to Remember..................................................................................................416

Enabling Link Dampening...........................................................................................................416

Link Bundle Monitoring.....................................................................................................................418

14

Using Ethernet Pause Frames for Flow Control.............................................................................. 418

Enabling Pause Frames............................................................................................................... 419

Configure the MTU Size on an Interface.........................................................................................420

Port-Pipes..........................................................................................................................................421

Auto-Negotiation on Ethernet Interfaces........................................................................................ 421

Setting the Speed and Duplex Mode of Ethernet Interfaces..................................................... 421

Set Auto-Negotiation Options................................................................................................... 423

View Advanced Interface Information............................................................................................. 424

Configuring the Interface Sampling Size................................................................................... 425

Dynamic Counters............................................................................................................................426

Clearing Interface Counters.......................................................................................................426

Enhanced Validation of Interface Ranges........................................................................................427

Compressing Configuration Files.....................................................................................................427

20 IPv4 Routing....................................................................................................431

IP Addresses.......................................................................................................................................431

Implementation Information...................................................................................................... 431

Configuration Tasks for IP Addresses.............................................................................................. 432

Assigning IP Addresses to an Interface............................................................................................ 432

Configuring Static Routes.................................................................................................................433

Configure Static Routes for the Management Interface.................................................................435

Using the Configured Source IP Address in ICMP Messages..........................................................435

Configuring the ICMP Source Interface.....................................................................................435

Configuring the Duration to Establish a TCP Connection..............................................................436

Enabling Directed Broadcast............................................................................................................436

Resolution of Host Names................................................................................................................437

Enabling Dynamic Resolution of Host Names.................................................................................437

Specifying the Local System Domain and a List of Domains..........................................................438

Configuring DNS with Traceroute................................................................................................... 438

ARP.................................................................................................................................................... 439

Configuration Tasks for ARP............................................................................................................ 439

Configuring Static ARP Entries.........................................................................................................440

Enabling Proxy ARP.......................................................................................................................... 440

Clearing ARP Cache..........................................................................................................................441

ARP Learning via Gratuitous ARP......................................................................................................441

Enabling ARP Learning via Gratuitous ARP......................................................................................442

ARP Learning via ARP Request......................................................................................................... 442

Configuring ARP Retries................................................................................................................... 443

ICMP..................................................................................................................................................444

Configuration Tasks for ICMP..........................................................................................................444

Enabling ICMP Unreachable Messages........................................................................................... 444

UDP Helper....................................................................................................................................... 444

15

Configure UDP Helper................................................................................................................444

Important Points to Remember................................................................................................. 445

Enabling UDP Helper........................................................................................................................445

Configuring a Broadcast Address.....................................................................................................445

Configurations Using UDP Helper................................................................................................... 446

UDP Helper with Broadcast-All Addresses......................................................................................446

UDP Helper with Subnet Broadcast Addresses............................................................................... 447

UDP Helper with Configured Broadcast Addresses........................................................................448

UDP Helper with No Configured Broadcast Addresses..................................................................448

Troubleshooting UDP Helper...........................................................................................................449

21 IPv6 Routing....................................................................................................450

Protocol Overview............................................................................................................................450

Extended Address Space............................................................................................................ 450

Stateless Autoconfiguration....................................................................................................... 450

IPv6 Headers................................................................................................................................451

Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support.............................................. 452

IPv6 Header Fields.......................................................................................................................453

Extension Header Fields..............................................................................................................455

Addressing...................................................................................................................................456

Implementing IPv6 with Dell Networking OS..................................................................................457

ICMPv6..............................................................................................................................................459

Path MTU Discovery.........................................................................................................................460

IPv6 Neighbor Discovery..................................................................................................................460

IPv6 Neighbor Discovery of MTU Packets................................................................................. 461

Configuring the IPv6 Recursive DNS Server.............................................................................. 461

Debugging IPv6 RDNSS Information Sent to the Host ............................................................ 462

Displaying IPv6 RDNSS Information...........................................................................................463

Secure Shell (SSH) Over an IPv6 Transport..................................................................................... 464

Configuration Tasks for IPv6............................................................................................................464

Adjusting Your CAM-Profile....................................................................................................... 464

Assigning an IPv6 Address to an Interface.................................................................................465

Assigning a Static IPv6 Route..................................................................................................... 465

Configuring Telnet with IPv6..................................................................................................... 466

SNMP over IPv6.......................................................................................................................... 466

Showing IPv6 Information.......................................................................................................... 467

Showing an IPv6 Interface..........................................................................................................467

Showing IPv6 Routes..................................................................................................................468

Showing the Running-Configuration for an Interface..............................................................469

Clearing IPv6 Routes...................................................................................................................470

Configuring IPv6 RA Guard.............................................................................................................. 470

Configuring IPv6 RA Guard on an Interface...............................................................................472

16

Monitoring IPv6 RA Guard.......................................................................................................... 473

22 iSCSI Optimization.........................................................................................474

iSCSI Optimization Overview........................................................................................................... 474

Monitoring iSCSI Traffic Flows................................................................................................... 476

Application of Quality of Service to iSCSI Traffic Flows............................................................ 477

Information Monitored in iSCSI Traffic Flows............................................................................ 477

Detection and Auto-Configuration for Dell EqualLogic Arrays................................................ 478

Configuring Detection and Ports for Dell Compellent Arrays.................................................. 478

Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer........................................479

Enable and Disable iSCSI Optimization......................................................................................479

Default iSCSI Optimization Values...................................................................................................480

iSCSI Optimization Prerequisites......................................................................................................481

Configuring iSCSI Optimization....................................................................................................... 481

Displaying iSCSI Optimization Information..................................................................................... 483

23 Intermediate System to Intermediate System..........................................485

IS-IS Protocol Overview................................................................................................................... 485

IS-IS Addressing................................................................................................................................485

Multi-Topology IS-IS........................................................................................................................ 486

Transition Mode.......................................................................................................................... 487

Interface Support........................................................................................................................ 487

Adjacencies................................................................................................................................. 487

Graceful Restart................................................................................................................................ 487

Timers..........................................................................................................................................488

Implementation Information............................................................................................................488

Configuration Information............................................................................................................... 489

Configuration Tasks for IS-IS..................................................................................................... 489

Configuring the Distance of a Route......................................................................................... 498

Changing the IS-Type.................................................................................................................498

Redistributing IPv4 Routes..........................................................................................................501

Redistributing IPv6 Routes..........................................................................................................502

Configuring Authentication Passwords..................................................................................... 503

Setting the Overload Bit............................................................................................................. 504

Debugging IS-IS..........................................................................................................................504

IS-IS Metric Styles............................................................................................................................. 506

Configure Metric Values...................................................................................................................506

Maximum Values in the Routing Table...................................................................................... 506

Change the IS-IS Metric Style in One Level Only......................................................................506

Leaks from One Level to Another.............................................................................................. 508

Sample Configurations.....................................................................................................................509

17

24 Link Aggregation Control Protocol (LACP)............................................... 512

Introduction to Dynamic LAGs and LACP........................................................................................512

Important Points to Remember..................................................................................................512

LACP Modes.................................................................................................................................513

Configuring LACP Commands....................................................................................................513

LACP Configuration Tasks................................................................................................................ 514

Creating a LAG.............................................................................................................................514

Configuring the LAG Interfaces as Dynamic.............................................................................. 515

Setting the LACP Long Timeout................................................................................................. 515

Monitoring and Debugging LACP...............................................................................................516

Shared LAG State Tracking............................................................................................................... 516

Configuring Shared LAG State Tracking..................................................................................... 517

Important Points about Shared LAG State Tracking.................................................................. 518

LACP Basic Configuration Example..................................................................................................519

Configure a LAG on ALPHA........................................................................................................ 519

25 Layer 2.............................................................................................................. 527

Manage the MAC Address Table.......................................................................................................527

Clearing the MAC Address Table................................................................................................ 527

Setting the Aging Time for Dynamic Entries.............................................................................. 527

Configuring a Static MAC Address............................................................................................. 528

Displaying the MAC Address Table.............................................................................................528

MAC Learning Limit.......................................................................................................................... 528

Setting the MAC Learning Limit..................................................................................................529

mac learning-limit Dynamic.......................................................................................................529

mac learning-limit mac-address-sticky.....................................................................................530

mac learning-limit station-move............................................................................................... 530

mac learning-limit no-station-move.........................................................................................530

Learning Limit Violation Actions................................................................................................. 531

Setting Station Move Violation Actions.......................................................................................531

Recovering from Learning Limit and Station Move Violations..................................................532

NIC Teaming..................................................................................................................................... 532

Configure Redundant Pairs.............................................................................................................. 534

Important Points about Configuring Redundant Pairs.............................................................. 535

Far-End Failure Detection.................................................................................................................537

FEFD State Changes....................................................................................................................538

Configuring FEFD........................................................................................................................539

Enabling FEFD on an Interface...................................................................................................540

Debugging FEFD..........................................................................................................................541

26 Link Layer Discovery Protocol (LLDP)........................................................543

18

802.1AB (LLDP) Overview.................................................................................................................543

Protocol Data Units.....................................................................................................................543

Optional TLVs....................................................................................................................................544

Management TLVs...................................................................................................................... 545

TIA-1057 (LLDP-MED) Overview...................................................................................................... 547

TIA Organizationally Specific TLVs............................................................................................. 547

Configure LLDP.................................................................................................................................552

Related Configuration Tasks.......................................................................................................552

Important Points to Remember..................................................................................................552

LLDP Compatibility......................................................................................................................552

CONFIGURATION versus INTERFACE Configurations....................................................................552

Enabling LLDP................................................................................................................................... 553

Disabling and Undoing LLDP......................................................................................................553

Enabling LLDP on Management Ports............................................................................................. 553

Disabling and Undoing LLDP on Management Ports................................................................554

Advertising TLVs................................................................................................................................554

Viewing the LLDP Configuration......................................................................................................555

Viewing Information Advertised by Adjacent LLDP Agents.............................................................556

Configuring LLDPDU Intervals..........................................................................................................557

Configuring Transmit and Receive Mode........................................................................................ 558

Configuring a Time to Live............................................................................................................... 559

Debugging LLDP...............................................................................................................................559

Relevant Management Objects........................................................................................................560

27 Microsoft Network Load Balancing............................................................ 567

NLB Unicast Mode Scenario.............................................................................................................567

NLB Multicast Mode Scenario.......................................................................................................... 568

Limitations of the NLB Feature.........................................................................................................568

Microsoft Clustering......................................................................................................................... 568

Enable and Disable VLAN Flooding .................................................................................................569

Configuring a Switch for NLB ..........................................................................................................569

..................................................................................................................................................... 569

28 Multicast Source Discovery Protocol (MSDP)........................................... 571

Protocol Overview.............................................................................................................................571

Anycast RP.........................................................................................................................................573

Implementation Information............................................................................................................ 573

Configure Multicast Source Discovery Protocol............................................................................. 573

Related Configuration Tasks.......................................................................................................574

Enable MSDP.....................................................................................................................................578

Manage the Source-Active Cache................................................................................................... 579

Viewing the Source-Active Cache..............................................................................................579

19

Limiting the Source-Active Cache.............................................................................................580

Clearing the Source-Active Cache............................................................................................ 580

Enabling the Rejected Source-Active Cache............................................................................ 580

Accept Source-Active Messages that Fail the RFP Check.............................................................. 580

Specifying Source-Active Messages................................................................................................ 584

Limiting the Source-Active Messages from a Peer......................................................................... 585

Preventing MSDP from Caching a Local Source.............................................................................585

Preventing MSDP from Caching a Remote Source.........................................................................586

Preventing MSDP from Advertising a Local Source.........................................................................587

Logging Changes in Peership States................................................................................................588

Terminating a Peership.....................................................................................................................588

Clearing Peer Statistics..................................................................................................................... 589

Debugging MSDP..............................................................................................................................589

MSDP with Anycast RP..................................................................................................................... 590

Configuring Anycast RP.................................................................................................................... 591

Reducing Source-Active Message Flooding..............................................................................592

Specifying the RP Address Used in SA Messages.......................................................................592

MSDP Sample Configurations.......................................................................................................... 595

29 Multiple Spanning Tree Protocol (MSTP).................................................. 598

Protocol Overview............................................................................................................................598

Spanning Tree Variations..................................................................................................................599

Implementation Information......................................................................................................599

Configure Multiple Spanning Tree Protocol....................................................................................599

Related Configuration Tasks...................................................................................................... 599

Enable Multiple Spanning Tree Globally..........................................................................................600

Adding and Removing Interfaces.....................................................................................................600

Creating Multiple Spanning Tree Instances..................................................................................... 601

Influencing MSTP Root Selection.................................................................................................... 602

Interoperate with Non-Dell Networking OS Bridges......................................................................603

Changing the Region Name or Revision......................................................................................... 603

Modifying Global Parameters...........................................................................................................604

Modifying the Interface Parameters................................................................................................ 605

Configuring an EdgePort................................................................................................................. 606

Flush MAC Addresses after a Topology Change............................................................................. 607

MSTP Sample Configurations...........................................................................................................607

Router 1 Running-ConfigurationRouter 2 Running-ConfigurationRouter 3 Running-

ConfigurationSFTOS Example Running-Configuration............................................................608

Debugging and Verifying MSTP Configurations...............................................................................611

30 Multicast Features..........................................................................................614

Enabling IP Multicast.........................................................................................................................614

20

Implementation Information............................................................................................................ 614

Multicast Policies...............................................................................................................................615

IPv4 Multicast Policies.................................................................................................................615

31 Object Tracking.............................................................................................. 623

Object Tracking Overview................................................................................................................623

Track Layer 2 Interfaces..............................................................................................................624

Track Layer 3 Interfaces..............................................................................................................624

Track IPv4 and IPv6 Routes........................................................................................................ 625

Set Tracking Delays.....................................................................................................................626

VRRP Object Tracking.................................................................................................................626

Object Tracking Configuration........................................................................................................ 626

Tracking a Layer 2 Interface....................................................................................................... 627

Tracking a Layer 3 Interface....................................................................................................... 628

Track an IPv4/IPv6 Route........................................................................................................... 629

Displaying Tracked Objects..............................................................................................................633

32 Open Shortest Path First (OSPFv2 and OSPFv3)...................................... 636

Protocol Overview............................................................................................................................636

Autonomous System (AS) Areas................................................................................................. 636

Area Types................................................................................................................................... 637

Networks and Neighbors............................................................................................................638

Router Types............................................................................................................................... 638

Designated and Backup Designated Routers............................................................................ 640

Link-State Advertisements (LSAs)...............................................................................................640

Router Priority and Cost............................................................................................................. 642

OSPF with Dell Networking OS........................................................................................................643

Graceful Restart.......................................................................................................................... 643

Fast Convergence (OSPFv2, IPv4 Only)..................................................................................... 644

Multi-Process OSPFv2 with VRF.................................................................................................645

RFC-2328 Compliant OSPF Flooding........................................................................................ 645

OSPF ACK Packing......................................................................................................................646

Setting OSPF Adjacency with Cisco Routers.............................................................................646

Configuration Information............................................................................................................... 647

Configuration Task List for OSPFv2 (OSPF for IPv4)..................................................................647

Configuration Task List for OSPFv3 (OSPF for IPv6)....................................................................... 663

Enabling IPv6 Unicast Routing................................................................................................... 664

Assigning IPv6 Addresses on an Interface................................................................................. 664

Assigning Area ID on an Interface..............................................................................................665

Assigning OSPFv3 Process ID and Router ID Globally.............................................................. 665

Assigning OSPFv3 Process ID and Router ID to a VRF..............................................................666

Configuring Stub Areas...............................................................................................................666

21

Configuring Passive-Interface....................................................................................................666

Redistributing Routes..................................................................................................................667

Configuring a Default Route.......................................................................................................667

Enabling OSPFv3 Graceful Restart............................................................................................. 668

OSPFv3 Authentication Using IPsec...........................................................................................670

Troubleshooting OSPFv3............................................................................................................ 677

33 Policy-based Routing (PBR)......................................................................... 679

Overview........................................................................................................................................... 679

Implementing Policy-based Routing with Dell Networking OS.....................................................680

Configuration Task List for Policy-based Routing...........................................................................681

PBR Exceptions (Permit)..............................................................................................................681

Create a Redirect List..................................................................................................................682

Create a Rule for a Redirect-list.................................................................................................682

Apply a Redirect-list to an Interface using a Redirect-group...................................................684

Sample Configuration...................................................................................................................... 686

34 PIM Sparse-Mode (PIM-SM).........................................................................688

Implementation Information............................................................................................................688

Protocol Overview............................................................................................................................688

Requesting Multicast Traffic.......................................................................................................688

Refuse Multicast Traffic.............................................................................................................. 689

Send Multicast Traffic................................................................................................................. 689

Configuring PIM-SM.........................................................................................................................690

Related Configuration Tasks...................................................................................................... 690

Enable PIM-SM................................................................................................................................. 690

Configuring S,G Expiry Timers..........................................................................................................691

Configuring a Static Rendezvous Point........................................................................................... 692

Overriding Bootstrap Router Updates....................................................................................... 693

Configuring a Designated Router.................................................................................................... 693

Creating Multicast Boundaries and Domains..................................................................................694

35 PIM Source-Specific Mode (PIM-SSM)....................................................... 695

Implementation Information............................................................................................................695

Important Points to Remember................................................................................................. 695

Configure PIM-SMM.........................................................................................................................696

Related Configuration Tasks...................................................................................................... 696

Enabling PIM-SSM............................................................................................................................ 696

Use PIM-SSM with IGMP Version 2 Hosts....................................................................................... 696

Configuring PIM-SSM with IGMPv2........................................................................................... 697

36 Port Monitoring..............................................................................................699

22

Important Points to Remember.......................................................................................................699

Port Monitoring.................................................................................................................................700

Configuring Port Monitoring............................................................................................................ 701

Configuring Monitor Multicast Queue.............................................................................................703

Enabling Flow-Based Monitoring.....................................................................................................704

Remote Port Mirroring......................................................................................................................705

Remote Port Mirroring Example.................................................................................................705

Configuring Remote Port Mirroring...........................................................................................706

Displaying Remote-Port Mirroring Configurations................................................................... 708

Configuring the Sample Remote Port Mirroring....................................................................... 708

Configuring the Encapsulated Remote Port Mirroring....................................................................712

Changes to Default BehaviorConfiguration steps for ERPM .................................................... 712

ERPM Behavior on a typical Dell Networking OS ........................................................................... 714

Decapsulation of ERPM packets at the Destination IP/ Analyzer..............................................714

37 Per-VLAN Spanning Tree Plus (PVST+).......................................................716

Protocol Overview.............................................................................................................................716

Implementation Information.............................................................................................................717

Configure Per-VLAN Spanning Tree Plus......................................................................................... 717

Related Configuration Tasks....................................................................................................... 717

Enabling PVST+..................................................................................................................................717

Disabling PVST+................................................................................................................................ 718

Influencing PVST+ Root Selection................................................................................................... 718

Modifying Global PVST+ Parameters...............................................................................................720

Modifying Interface PVST+ Parameters............................................................................................721

Configuring an EdgePort.................................................................................................................. 722

PVST+ in Multi-Vendor Networks.................................................................................................... 723

Enabling PVST+ Extend System ID...................................................................................................723

PVST+ Sample Configurations......................................................................................................... 724

38 Quality of Service (QoS)................................................................................726

Implementation Information............................................................................................................728

Port-Based QoS Configurations.......................................................................................................729

Setting dot1p Priorities for Incoming Traffic..............................................................................729

Honoring dot1p Priorities on Ingress Traffic..............................................................................729

Configuring Port-Based Rate Policing....................................................................................... 730

Configuring Port-Based Rate Shaping........................................................................................731

Policy-Based QoS Configurations....................................................................................................732

Classify Traffic............................................................................................................................. 732

Dot1p to Queue Mapping Requirement.....................................................................................736

Create a QoS Policy.................................................................................................................... 737

DSCP Color Maps........................................................................................................................739

23

Create Policy Maps......................................................................................................................741

Enabling QoS Rate Adjustment........................................................................................................ 746

Enabling Strict-Priority Queueing.................................................................................................... 746

Queue Classification Requirements for PFC Functionality............................................................. 747

Support for marking dot1p value in L3 Input Qos Policy................................................................ 747

Weighted Random Early Detection..................................................................................................748

Creating WRED Profiles.............................................................................................................. 749

Applying a WRED Profile to Traffic.............................................................................................749

Displaying Default and Configured WRED Profiles....................................................................750

Displaying WRED Drop Statistics................................................................................................750

Displaying egress-queue Statistics.............................................................................................750

Pre-Calculating Available QoS CAM Space......................................................................................751

Specifying Policy-Based Rate Shaping in Packets Per Second....................................................... 752

Configuring Policy-Based Rate Shaping.......................................................................................... 753

Configuring Weights and ECN for WRED ....................................................................................... 753

Global Service Pools With WRED and ECN Settings..................................................................754

Configuring WRED and ECN Attributes........................................................................................... 756

Guidelines for Configuring ECN for Classifying and Color-Marking Packets................................ 757

Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class.......... 757

Classifying Incoming Packets Using ECN and Color-Marking..................................................758

Sample configuration to mark non-ecn packets as “yellow” with single traffic class............. 760

Applying Layer 2 Match Criteria on a Layer 3 Interface...................................................................761

Managing Hardware Buffer Statistics......................................................................................... 762

Enabling Buffer Statistics Tracking .................................................................................................. 762

39 Routing Information Protocol (RIP)........................................................... 766

Protocol Overview............................................................................................................................766

RIPv1............................................................................................................................................ 766

RIPv2............................................................................................................................................ 767

Implementation Information............................................................................................................ 767

Configuration Information................................................................................................................767

Configuration Task List............................................................................................................... 767

RIP Configuration Example.........................................................................................................775

40 Remote Monitoring (RMON)........................................................................781

Implementation Information............................................................................................................ 781

Fault Recovery................................................................................................................................... 781

Setting the rmon Alarm...............................................................................................................782

Configuring an RMON Event...................................................................................................... 783

Configuring RMON Collection Statistics....................................................................................784

Configuring the RMON Collection History................................................................................784

24

41 Rapid Spanning Tree Protocol (RSTP)........................................................786

Protocol Overview............................................................................................................................786

Configuring Rapid Spanning Tree....................................................................................................786

Related Configuration Tasks.......................................................................................................786

Important Points to Remember........................................................................................................787

RSTP and VLT.............................................................................................................................. 787

Configuring Interfaces for Layer 2 Mode.........................................................................................787

Enabling Rapid Spanning Tree Protocol Globally............................................................................788

Adding and Removing Interfaces.....................................................................................................790

Modifying Global Parameters........................................................................................................... 791

Enabling SNMP Traps for Root Elections and Topology Changes........................................... 792

Modifying Interface Parameters....................................................................................................... 792

Enabling SNMP Traps for Root Elections and Topology Changes................................................. 793

Influencing RSTP Root Selection......................................................................................................793

Configuring an EdgePort.................................................................................................................. 793

Configuring Fast Hellos for Link State Detection............................................................................ 794

42 Software-Defined Networking (SDN).........................................................796

43 Security............................................................................................................ 797

AAA Accounting................................................................................................................................ 797

Configuration Task List for AAA Accounting..............................................................................797

AAA Authentication...........................................................................................................................799

Configuration Task List for AAA Authentication........................................................................800

Obscuring Passwords and Keys....................................................................................................... 802

AAA Authorization.............................................................................................................................803

Privilege Levels Overview........................................................................................................... 803

Configuration Task List for Privilege Levels...............................................................................804

RADIUS..............................................................................................................................................808

RADIUS Authentication...............................................................................................................808

Configuration Task List for RADIUS........................................................................................... 809

TACACS+...........................................................................................................................................812

Configuration Task List for TACACS+........................................................................................ 812

TACACS+ Remote Authentication............................................................................................. 814

Command Authorization............................................................................................................ 815

Protection from TCP Tiny and Overlapping Fragment Attacks...................................................... 816

Enabling SCP and SSH...................................................................................................................... 816

Using SCP with SSH to Copy a Software Image.........................................................................817

Removing the RSA Host Keys and Zeroizing Storage ............................................................... 817

Configuring When to Re-generate an SSH Key ........................................................................ 817

Configuring the SSH Server Key Exchange Algorithm...............................................................818

25

Configuring the HMAC Algorithm for the SSH Server............................................................... 819

Configuring the SSH Server Cipher List......................................................................................819

Secure Shell Authentication....................................................................................................... 820

Troubleshooting SSH..................................................................................................................823

Telnet.................................................................................................................................................823

VTY Line and Access-Class Configuration...................................................................................... 823

VTY Line Local Authentication and Authorization.....................................................................824

VTY Line Remote Authentication and Authorization.................................................................825

VTY MAC-SA Filter Support........................................................................................................ 825

Role-Based Access Control............................................................................................................. 826

Overview of RBAC.......................................................................................................................826

User Roles................................................................................................................................... 829

AAA Authentication and Authorization for Roles.......................................................................833

Role Accounting......................................................................................................................... 836

Display Information About User Roles....................................................................................... 837

44 Service Provider Bridging.............................................................................839

VLAN Stacking...................................................................................................................................839

Important Points to Remember.................................................................................................840

Configure VLAN Stacking............................................................................................................841

Creating Access and Trunk Ports............................................................................................... 841

Enable VLAN-Stacking for a VLAN............................................................................................. 842

Configuring the Protocol Type Value for the Outer VLAN Tag................................................ 842

Configuring Dell Networking OS Options for Trunk Ports....................................................... 843

Debugging VLAN Stacking......................................................................................................... 844

VLAN Stacking in Multi-Vendor Networks.................................................................................844

VLAN Stacking Packet Drop Precedence........................................................................................ 848

Enabling Drop Eligibility..............................................................................................................848

Honoring the Incoming DEI Value.............................................................................................849

Marking Egress Packets with a DEI Value.................................................................................. 850

Dynamic Mode CoS for VLAN Stacking...........................................................................................850

Mapping C-Tag to S-Tag dot1p Values......................................................................................852

Layer 2 Protocol Tunneling..............................................................................................................852

Implementation Information......................................................................................................854

Enabling Layer 2 Protocol Tunneling.........................................................................................855

Specifying a Destination MAC Address for BPDUs.................................................................... 855

Setting Rate-Limit BPDUs...........................................................................................................855

Debugging Layer 2 Protocol Tunneling.....................................................................................856

Provider Backbone Bridging.............................................................................................................856

45 sFlow.................................................................................................................857

Overview............................................................................................................................................857

26

Implementation Information............................................................................................................857

Important Points to Remember................................................................................................. 858

Enabling Extended sFlow................................................................................................................. 858

Enabling and Disabling sFlow on an Interface................................................................................ 859

Enabling sFlow Max-Header Size Extended.................................................................................... 859

sFlow Show Commands.................................................................................................................. 860

Displaying Show sFlow Global....................................................................................................861

Displaying Show sFlow on an Interface..................................................................................... 861

Displaying Show sFlow on a Stack-unit.....................................................................................862

Configuring Specify Collectors........................................................................................................862

Changing the Polling Intervals......................................................................................................... 863

Back-Off Mechanism........................................................................................................................863

sFlow on LAG ports.......................................................................................................................... 863

Enabling Extended sFlow................................................................................................................. 863

Important Points to Remember................................................................................................. 864

46 Simple Network Management Protocol (SNMP)..................................... 866

Protocol Overview............................................................................................................................866

Implementation Information............................................................................................................866

SNMPv3 Compliance With FIPS....................................................................................................... 866

Configuration Task List for SNMP....................................................................................................868

Related Configuration Tasks...................................................................................................... 868

Important Points to Remember.......................................................................................................868

Set up SNMP..................................................................................................................................... 868

Creating a Community...............................................................................................................869

Setting Up User-Based Security (SNMPv3)................................................................................ 869

Reading Managed Object Values......................................................................................................871

Writing Managed Object Values....................................................................................................... 871

Configuring Contact and Location Information using SNMP.........................................................872

Subscribing to Managed Object Value Updates using SNMP......................................................... 873

Enabling a Subset of SNMP Traps.................................................................................................... 874

Enabling an SNMP Agent to Notify Syslog Server Failure............................................................... 876

Copy Configuration Files Using SNMP.............................................................................................877

Copying a Configuration File......................................................................................................879

Copying Configuration Files via SNMP......................................................................................880

Copying the Startup-Config Files to the Running-Config........................................................880

Copying the Startup-Config Files to the Server via FTP............................................................881

Copying the Startup-Config Files to the Server via TFTP..........................................................881

Copy a Binary File to the Startup-Configuration.......................................................................882

Additional MIB Objects to View Copy Statistics........................................................................ 882

Obtaining a Value for MIB Objects.............................................................................................883

MIB Support to Display the Available Memory Size on Flash......................................................... 884

27

Viewing the Available Flash Memory Size..................................................................................884

MIB Support to Display the Software Core Files Generated by the System.................................. 884

Viewing the Software Core Files Generated by the System......................................................885

Manage VLANs using SNMP............................................................................................................. 885

Creating a VLAN..........................................................................................................................886

Assigning a VLAN Alias................................................................................................................886

Displaying the Ports in a VLAN...................................................................................................886

Add Tagged and Untagged Ports to a VLAN............................................................................. 886

Managing Overload on Startup........................................................................................................ 887

Enabling and Disabling a Port using SNMP..................................................................................... 888

Fetch Dynamic MAC Entries using SNMP........................................................................................889

Deriving Interface Indices................................................................................................................ 890

Monitor Port-Channels.....................................................................................................................891

Troubleshooting SNMP Operation.................................................................................................. 892

47 Storm Control.................................................................................................894

Configure Storm Control................................................................................................................. 894

Configuring Storm Control from INTERFACE Mode.................................................................894

Configuring Storm Control from CONFIGURATION Mode......................................................894

48 Spanning Tree Protocol (STP)..................................................................... 895

Protocol Overview............................................................................................................................895

Configure Spanning Tree................................................................................................................. 895

Related Configuration Tasks...................................................................................................... 895

Important Points to Remember.......................................................................................................896

Configuring Interfaces for Layer 2 Mode.........................................................................................897

Enabling Spanning Tree Protocol Globally......................................................................................898

Adding an Interface to the Spanning Tree Group...........................................................................900

Modifying Global Parameters........................................................................................................... 901

Modifying Interface STP Parameters................................................................................................902

Enabling PortFast..............................................................................................................................903

Prevent Network Disruptions with BPDU Guard.......................................................................903

Selecting STP Root........................................................................................................................... 906

STP Root Guard................................................................................................................................ 906

Root Guard Scenario.................................................................................................................. 907

Configuring Root Guard.............................................................................................................908

Enabling SNMP Traps for Root Elections and Topology Changes.................................................908

Configuring Spanning Trees as Hitless............................................................................................909

STP Loop Guard................................................................................................................................909

Configuring Loop Guard.............................................................................................................910

Displaying STP Guard Configuration................................................................................................ 911

28

49 System Time and Date...................................................................................913

Network Time Protocol.................................................................................................................... 913

Protocol Overview...................................................................................................................... 914

Configure the Network Time Protocol.......................................................................................915

Enabling NTP............................................................................................................................... 915

Configuring NTP Broadcasts.......................................................................................................915

Disabling NTP on an Interface....................................................................................................916

Configuring a Source IP Address for NTP Packets.................................................................... 916

Configuring NTP Authentication.................................................................................................917

Dell Networking OS Time and Date.................................................................................................920

Configuration Task List ..............................................................................................................920

Setting the Time and Date for the Switch Software Clock....................................................... 920

Setting the Timezone................................................................................................................. 920

Set Daylight Saving Time.............................................................................................................921

Setting Daylight Saving Time Once............................................................................................ 921

Setting Recurring Daylight Saving Time.....................................................................................922

50 Tunneling........................................................................................................ 924

Configuring a Tunnel........................................................................................................................924

Configuring Tunnel Keepalive Settings............................................................................................925

Configuring a Tunnel Interface........................................................................................................926

Configuring Tunnel Allow-Remote Decapsulation.........................................................................926

Configuring Tunnel source anylocal Decapsulation.......................................................................927

Guidelines for Configuring Multipoint Receive-Only Tunnels........................................................927

Multipoint Receive-Only Type and IP Unnumbered Interfaces for Tunnels..................................928

51 Upgrade Procedures......................................................................................929

Get Help with Upgrades................................................................................................................... 929

52 Virtual LANs (VLANs)......................................................................................930

Default VLAN.....................................................................................................................................930

Port-Based VLANs.............................................................................................................................931

VLANs and Port Tagging...................................................................................................................932

Configuration Task List.....................................................................................................................932

Creating a Port-Based VLAN...................................................................................................... 932

Assigning Interfaces to a VLAN...................................................................................................933

Moving Untagged Interfaces...................................................................................................... 935

Assigning an IP Address to a VLAN.............................................................................................936

Configuring Native VLANs................................................................................................................936

Enabling Null VLAN as the Default VLAN......................................................................................... 937

29

53 VLT Proxy Gateway........................................................................................938

Proxy Gateway in VLT Domains.......................................................................................................938

Guidelines for Enabling the VLT Proxy Gateway....................................................................... 939

Enabling the VLT Proxy Gateway...............................................................................................940

LLDP Organizational TLV for Proxy Gateway............................................................................940

Sample Configuration for a VLT Proxy Gateway....................................................................... 942

Configuring a Static VLT Proxy Gateway.........................................................................................943

Configuring an LLDP VLT Proxy Gateway....................................................................................... 943

54 Virtual Link Trunking (VLT).......................................................................... 945

Overview........................................................................................................................................... 945

VLT on Core Switches................................................................................................................ 946

Enhanced VLT.............................................................................................................................946

VLT Terminology...............................................................................................................................947

Configure Virtual Link Trunking....................................................................................................... 948

Important Points to Remember................................................................................................. 948

Configuration Notes...................................................................................................................949

Primary and Secondary VLT Peers............................................................................................. 953

RSTP and VLT.............................................................................................................................. 953

VLT Bandwidth Monitoring.........................................................................................................953

VLT and IGMP Snooping.............................................................................................................954

VLT IPv6.......................................................................................................................................954

VLT Port Delayed Restoration.................................................................................................... 954

PIM-Sparse Mode Support on VLT.............................................................................................955

VLT Routing ................................................................................................................................956

Non-VLT ARP Sync..................................................................................................................... 959

RSTP Configuration.......................................................................................................................... 959

Preventing Forwarding Loops in a VLT Domain........................................................................959

Sample RSTP Configuration.......................................................................................................960

Configuring VLT..........................................................................................................................960

PVST+ Configuration........................................................................................................................ 972

Sample PVST+ Configuration.....................................................................................................972

eVLT Configuration Example............................................................................................................973

eVLT Configuration Step Examples............................................................................................973

PIM-Sparse Mode Configuration Example.......................................................................................975

Verifying a VLT Configuration.......................................................................................................... 976

Additional VLT Sample Configurations............................................................................................980

Configuring Virtual Link Trunking (VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer

2)Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access

Switch).........................................................................................................................................980

Troubleshooting VLT........................................................................................................................982

30

Reconfiguring Stacked Switches as VLT..........................................................................................984

Specifying VLT Nodes in a PVLAN................................................................................................... 984

Association of VLTi as a Member of a PVLAN............................................................................985

MAC Synchronization for VLT Nodes in a PVLAN..................................................................... 985

PVLAN Operations When One VLT Peer is Down..................................................................... 986

PVLAN Operations When a VLT Peer is Restarted.....................................................................986

Interoperation of VLT Nodes in a PVLAN with ARP Requests...................................................986

Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN........987

Configuring a VLT VLAN or LAG in a PVLAN................................................................................... 988

Creating a VLT LAG or a VLT VLAN............................................................................................988

Associating the VLT LAG or VLT VLAN in a PVLAN................................................................... 989

Proxy ARP Capability on VLT Peer Nodes....................................................................................... 990

Working of Proxy ARP for VLT Peer Nodes................................................................................991

VLT Nodes as Rendezvous Points for Multicast Resiliency.............................................................992

Configuring VLAN-Stack over VLT...................................................................................................993

55 Virtual Extensible LAN (VXLAN)................................................................... 997

Overview........................................................................................................................................... 997

Components of VXLAN network......................................................................................................998

Components of VXLAN network................................................................................................998

Functional Overview of VXLAN Gateway........................................................................................ 999

VXLAN Frame Format....................................................................................................................... 999

Components of VXLAN Frame Format....................................................................................1000

Configuring and Controlling VXLAN from the NVP Controller GUI............................................. 1001

Configuring VxLAN Gateway..........................................................................................................1003

Connecting to an NVP Controller............................................................................................1003

Advertising VXLAN Access Ports to Controller........................................................................1004

Displaying VXLAN Configurations..................................................................................................1005

56 Virtual Routing and Forwarding (VRF).....................................................1008

VRF Overview..................................................................................................................................1008

VRF Configuration Notes............................................................................................................... 1009

DHCP......................................................................................................................................... 1012

VRF Configuration...........................................................................................................................1012

Load VRF CAM...........................................................................................................................1012

Creating a Non-Default VRF Instance......................................................................................1012

Assigning an Interface to a VRF................................................................................................ 1012

Assigning a Front-end Port to a Management VRF................................................................. 1013

View VRF Instance Information................................................................................................ 1013

Assigning an OSPF Process to a VRF Instance.........................................................................1014

Configuring VRRP on a VRF Instance.......................................................................................1014

Configuring Management VRF................................................................................................. 1015

31

Configuring a Static Route........................................................................................................1016

Sample VRF Configuration..............................................................................................................1016

Route Leaking VRFs........................................................................................................................ 1024

Dynamic Route Leaking................................................................................................................. 1024

Configuring Route Leaking without Filtering Criteria..............................................................1024

Configuring Route Leaking with Filtering.................................................................................1027

57 Virtual Router Redundancy Protocol (VRRP)......................................... 1030

VRRP Overview............................................................................................................................... 1030

VRRP Benefits.................................................................................................................................. 1031

VRRP Implementation.....................................................................................................................1031

VRRP Configuration........................................................................................................................1032

Configuration Task List............................................................................................................. 1032

Setting VRRP Initialization Delay.............................................................................................. 1042

Sample Configurations...................................................................................................................1043

VRRP for an IPv4 Configuration............................................................................................... 1043

VRRP in a VRF Configuration....................................................................................................1048

VRRP for IPv6 Configuration.................................................................................................... 1053

58 S-Series Debugging and Diagnostics.......................................................1058

Offline Diagnostics......................................................................................................................... 1058

Important Points to Remember............................................................................................... 1058

Running Offline Diagnostics.....................................................................................................1058

Trace Logs.......................................................................................................................................1063

Auto Save on Crash or Rollover..................................................................................................... 1063

Hardware Watchdog Timer............................................................................................................1063

Enabling Environmental Monitoring.............................................................................................. 1063

Recognize an Overtemperature Condition............................................................................. 1064

Troubleshoot an Over-temperature Condition...................................................................... 1064

Recognize an Under-Voltage Condition................................................................................. 1065

Troubleshoot an Under-Voltage Condition............................................................................ 1065

Buffer Tuning.................................................................................................................................. 1066

Deciding to Tune Buffers..........................................................................................................1067

Using a Pre-Defined Buffer Profile...........................................................................................1070

Sample Buffer Profile Configuration........................................................................................ 1070

Troubleshooting Packet Loss..........................................................................................................1071

Displaying Drop Counters.........................................................................................................1072

Dataplane Statistics................................................................................................................... 1077

Display Stack Port Statistics......................................................................................................1078

Display Stack Member Counters.............................................................................................. 1078

Enabling Application Core Dumps.................................................................................................1085

Mini Core Dumps............................................................................................................................1085

32

Enabling TCP Dumps......................................................................................................................1086

59 Standards Compliance................................................................................1087

IEEE Compliance.............................................................................................................................1087

RFC and I-D Compliance...............................................................................................................1088

General Internet Protocols.......................................................................................................1088

General IPv4 Protocols.............................................................................................................1089

General IPv6 Protocols.............................................................................................................1090

Border Gateway Protocol (BGP).............................................................................................. 1090

Open Shortest Path First (OSPF)...............................................................................................1091

Intermediate System to Intermediate System (IS-IS)...............................................................1092

Routing Information Protocol (RIP)......................................................................................... 1092

Multicast.................................................................................................................................... 1093

Network Management..............................................................................................................1093

MIB Location................................................................................................................................... 1100

33

1

About this Guide

This guide describes the protocols and features the Dell Networking Operating System (OS) supports and
provides configuration instructions and examples for implementing them.

The S6000–ON platform is available with Dell Networking OS version 9.7 (0.0) and beyond.

Though this guide contains information on protocols, it is not intended to be a complete reference. This
guide is a reference for configuring protocols on Dell Networking systems. For complete information
about protocols, refer to related documentation, including IETF requests for comments (RFCs). The
instructions in this guide cite relevant RFCs. The Standards Compliance chapter contains a complete list
of the supported RFCs and management information base files (MIBs).

Audience

This document is intended for system administrators who are responsible for configuring and maintaining
networks and assumes knowledge in Layer 2 and Layer 3 networking technologies.

Conventions

This guide uses the following conventions to describe command syntax.

Keyword

parameter Parameters are in italics and require a number or word to be entered in the CLI.

{X} Keywords and parameters within braces must be entered in the CLI.

[X] Keywords and parameters within brackets are optional.

x|y Keywords and parameters separated by a bar require you to choose one option.

x||y Keywords and parameters separated by a double bar allows you to choose any or

Keywords are in Courier (a monospaced font) and must be entered in the CLI as
listed.

all of the options.

Related Documents

For more information about the Dell Networking switches, refer to the following documents:

• Dell Networking OS Command Reference

• Installing the System

34

About this Guide

• Dell Quick Start Guide

• Dell Networking OS Release Notes

About this Guide

35

2

Configuration Fundamentals

The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you
can use to configure interfaces and protocols.

The CLI is largely the same for each platform except for some commands and command outputs. The
CLI is structured in modes for security and management purposes. Different sets of commands are
available in each mode, and you can limit user access to modes using privilege levels.

In Dell Networking OS, after you enable a command, it is entered into the running configuration file. You
can view the current configuration for the whole system or for a particular CLI mode. To save the current
configuration, copy the running configuration to another location.

NOTE: Due to differences in hardware architecture and continued system development, features
may occasionally differ between the platforms. Differences are noted in each CLI description and
related documentation.

Accessing the Command Line

Access the CLI through a serial console port or a Telnet session.
When the system successfully boots, enter the command line in EXEC mode.

NOTE: You must have a password configured on a virtual terminal line before you can Telnet into
the system. Therefore, you must use a console connection when connecting to the system for the
first time.

telnet 172.31.1.53
Trying 172.31.1.53...
Connected to 172.31.1.53.
Escape character is '^]'.
Login: username
Password:
Dell>

CLI Modes

Different sets of commands are available in each mode.
A command found in one mode cannot be executed from another mode (except for EXEC mode

commands with a preceding do command (refer to the do Command section).

You can set user access rights to commands and command modes using privilege levels.

36

Configuration Fundamentals

The Dell Networking OS CLI is divided into three major mode levels:

• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a

limited selection of commands is available, notably the show commands, which allow you to view

system information.

• EXEC Privilege mode has commands to view configurations, clear counters, manage configuration

files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is

unrestricted. You can configure a password for this mode; refer to the Configure the Enable Password

section in the Getting Started chapter.

• CONFIGURATION mode allows you to configure security features, time settings, set logging and

SNMP functions, configure static ARP and MAC addresses, and set line cards on the system.

Beneath CONFIGURATION mode are submodes that apply to interfaces, protocols, and features. The
following example shows the submode command structure. Two sub-CONFIGURATION modes are
important when configuring the chassis for the first time:

• INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP

services specific to an interface. An interface can be physical (Management interface, 1 Gigabit

Ethernet, or 10 Gigabit Ethernet, or synchronous optical network technologies [SONET]) or logical

(Loopback, Null, port channel, or virtual local area network [VLAN]).

• LINE submode is the mode in which you to configure the console and virtual terminal lines.

NOTE: At any time, entering a question mark (?) displays the available command options. For
example, when you are in CONFIGURATION mode, entering the question mark first lists all available
commands, including the possible submodes.

The CLI modes are:

EXEC
EXEC Privilege
CONFIGURATION
AS-PATH ACL
CONTROL-PLANE
CLASS-MAP
DCB POLICY
DHCP
DHCP POOL
ECMP-GROUP
EXTENDED COMMUNITY
FRRP
INTERFACE
GROUP
GIGABIT ETHERNET
10 GIGABIT ETHERNET
40 GIGABIT ETHERNET
INTERFACE RANGE
LOOPBACK
MANAGEMENT ETHERNET
NULL
PORT-CHANNEL
TUNNEL
VLAN
VRRP
IP
IPv6
IP COMMUNITY-LIST
IP ACCESS-LIST
STANDARD ACCESS-LIST
EXTENDED ACCESS-LIST

Configuration Fundamentals

37

MAC ACCESS-LIST
LINE
AUXILLIARY
CONSOLE
VIRTUAL TERMINAL
LLDP
LLDP MANAGEMENT INTERFACE
MONITOR SESSION
MULTIPLE SPANNING TREE
OPENFLOW INSTANCE
PVST
PORT-CHANNEL FAILOVER-GROUP
PREFIX-LIST
PRIORITY-GROUP
PROTOCOL GVRP
QOS POLICY
RSTP
ROUTE-MAP
ROUTER BGP
BGP ADDRESS-FAMILY
ROUTER ISIS
ISIS ADDRESS-FAMILY
ROUTER OSPF
ROUTER OSPFV3
ROUTER RIP
SPANNING TREE
TRACE-LIST
VLT DOMAIN
VRRP
UPLINK STATE GROUP
uBoot

Navigating CLI Modes

The Dell Networking OS prompt changes to indicate the CLI mode.

The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI
mode. Move linearly through the command modes, except for the end command which takes you
directly to EXEC Privilege mode and the exit command which moves you up one command mode level.

NOTE: Sub-CONFIGURATION modes all have the letters “conf” in the prompt with more modifiers
to identify the mode and slot/port/subport information.

Table 1. Dell Networking OS Command Modes

CLI Command Mode Prompt Access Command

EXEC

EXEC Privilege

CONFIGURATION

Dell>

Dell#

Dell(conf)#

Access the router through the
console or terminal line.

• From EXEC mode, enter the
enable command.

• From any other mode, use
the end command.

• From EXEC privilege mode,
enter the configure
command.

38

Configuration Fundamentals

CLI Command Mode Prompt Access Command

• From every mode except
EXEC and EXEC Privilege,
enter the exit command.

NOTE: Access all of the
following modes from
CONFIGURATION mode.

AS-PATH ACL

Gigabit Ethernet Interface

10 Gigabit Ethernet Interface

40 Gigabit Ethernet Interface

Interface Group

Interface Range

Loopback Interface

Management Ethernet Interface

Null Interface

Port-channel Interface

Tunnel Interface

VLAN Interface

STANDARD ACCESS-LIST

EXTENDED ACCESS-LIST

Dell(config-as-path)# ip as-path access-list

Dell(conf-if-gi-1/1)#

Dell(conf-if-te-1/1/1)#

Dell(conf-if-fo-1/52)#

interface (INTERFACE modes)

interface (INTERFACE modes)

interface (INTERFACE modes)

Dell(conf-if-group)# interface(INTERFACE

modes)

Dell(conf-if-range)#

Dell(conf-if-lo-0)#

Dell(conf-if-ma-1/1)#

Dell(conf-if-nu-0)#

Dell(conf-if-po-1)#

Dell(conf-if-tu-1)#

Dell(conf-if-vl-1)#

Dell(config-std-nacl)#

interface (INTERFACE modes)

interface (INTERFACE modes)

interface (INTERFACE modes)

interface (INTERFACE modes)

interface (INTERFACE modes)

interface (INTERFACE modes)

interface (INTERFACE modes)

ip access-list standard (IP

ACCESS-LIST Modes)

Dell(config-ext-nacl)#

ip access-list extended (IP

ACCESS-LIST Modes)

IP COMMUNITY-LIST

AUXILIARY

CONSOLE

VIRTUAL TERMINAL

STANDARD ACCESS-LIST

EXTENDED ACCESS-LIST

MULTIPLE SPANNING TREE

Configuration Fundamentals

Dell(config-community-

ip community-list

list)#

Dell(config-line-aux)#

Dell(config-line-

line (LINE Modes)

line (LINE Modes)

console)#

Dell(config-line-vty)#

line (LINE Modes)

Dell(config-std-macl)# mac access-list standard

(MAC ACCESS-LIST Modes)

Dell(config-ext-macl)# mac access-list extended

(MAC ACCESS-LIST Modes)

Dell(config-mstp)# protocol spanning-tree

mstp

39

CLI Command Mode Prompt Access Command

Per-VLAN SPANNING TREE Plus

Dell(config-pvst)# protocol spanning-tree

pvst

PREFIX-LIST

RAPID SPANNING TREE

REDIRECT

ROUTE-MAP

ROUTER BGP

BGP ADDRESS-FAMILY

ROUTER ISIS

ISIS ADDRESS-FAMILY

ROUTER OSPF

ROUTER OSPFV3

ROUTER RIP

SPANNING TREE

Dell(conf-nprefixl)# ip prefix-list

Dell(config-rstp)# protocol spanning-tree

rstp

Dell(conf-redirect-list)# ip redirect-list

Dell(config-route-map)# route-map

Dell(conf-router_bgp)# router bgp

Dell(conf-router_bgp_af)#

(for IPv4)

Dell(conf-

address-family {ipv4
multicast | ipv6 unicast}

(ROUTER BGP Mode)

routerZ_bgpv6_af)# (for IPv6)

Dell(conf-router_isis)# router isis

Dell(conf-router_isis­af_ipv6)#

address-family ipv6
unicast (ROUTER ISIS Mode)

Dell(conf-router_ospf)# router ospf

Dell(conf-

ipv6 router ospf

ipv6router_ospf)#

Dell(conf-router_rip)# router rip

Dell(config-span)# protocol spanning-tree 0

TRACE-LIST

CLASS-MAP

CONTROL-PLANE

Dell(conf-trace-acl)# ip trace-list

Dell(config-class-map)# class-map

Dell(conf-control­cpuqos)#

DHCP

DHCP POOL

Dell(config-dhcp)# ip dhcp server

Dell(config-dhcp-pool-
name)#

ECMP

Dell(conf-ecmp-group­ecmp-group-id)#

EIS

FRRP

Dell(conf-mgmt-eis)# management egress-

Dell(conf-frrp-ring-id)# protocol frrp

LLDP Dell(conf-lldp)# or

Dell(conf-if—interface­lldp)#

control-plane-cpuqos

pool (DHCP Mode)

ecmp-group

interface-selection

protocol lldp

(CONFIGURATION or INTERFACE
Modes)

40

Configuration Fundamentals

CLI Command Mode Prompt Access Command

LLDP MANAGEMENT INTERFACE

Dell(conf-lldp-mgmtIf)#

management-interface (LLDP

Mode)

LINE

MONITOR SESSION

OPENFLOW INSTANCE

PORT-CHANNEL FAILOVER­GROUP

PRIORITY GROUP

PROTOCOL GVRP

QOS POLICY

VLT DOMAIN

VRRP

UPLINK STATE GROUP

The following example shows how to change the command mode from CONFIGURATION mode to
PROTOCOL SPANNING TREE.

Dell(config-line-console)
or Dell(config-line-vty)

Dell(conf-mon-sess­sessionID)#

Dell(conf-of-instance-of-
id)#

Dell(conf-po-failover­grp)#

Dell(conf-pg)# priority-group

Dell(config-gvrp)# protocol gvrp

Dell(conf-qos-policy-out­ets)#

Dell(conf-vlt-domain)# vlt domain

Dell(conf-if-interface-

type-slot/port-vrid-vrrp­group-id)#

Dell(conf-uplink-state­group-groupID)#

line console orline vty

monitor session

openflow of-instance

port-channel failover­group

qos-policy-output

vrrp-group

uplink-state-group

Example of Changing Command Modes

Dell(conf)#protocol spanning-tree 0
Dell(config-span)#

The do Command

You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION,
INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC
mode command with the

The following example shows the output of the do command.

Dell(conf)#do show system brief

Stack MAC : 34:17:eb:f2:c2:c4
Reload-Type : normal-reload [Next boot : normal-reload]

-- Stack Info -­Unit UnitType Status ReqTyp CurTyp Version
Ports

Configuration Fundamentals

do command.

41

--------------------------------------------------------------------------------

---­ 1 Management online S6000-ON S6000-ON 1-0(0-3932)
128
2 Member not present
3 Member not present
4 Member not present
5 Member not present
6 Member not present

-- Power Supplies -­Unit Bay Status Type FanStatus FanSpeed(rpm)

--------------------------------------------------------------------------­ 1 1 up AC absent 0
1 2 absent absent 0

-- Fan Status -­Unit Bay TrayStatus Fan0 Speed Fan1 Speed

--------------------------------------------------------------------------------

---­ 1 1 up up 0 up 0
1 2 up up 0 up 0
1 3 up up 0 up 0

Speed in RPM

Undoing Commands

When you enter a command, the command line is added to the running configuration file (running­config).

To disable a command and remove it from the running-config, enter the no command, then the original
command. For example, to delete an IP address configured on an interface, use the no ip address
ip-address command.

NOTE: Use the help or ? command as described in Obtaining Help.

Example of Viewing Disabled Commands

Dell(conf)#interface tengigabitethernet 4/17/1
Dell(conf-if-te-4/17/1)#ip address 192.168.10.1/24
Dell(conf-if-te-4/17/1)#show config
!
interface tenGigabitEthernet 4/17/1
ip address 192.168.10.1/24
no shutdown
Dell(conf-if-te-4/17/1)#no ip address
Dell(conf-if-te-4/17/1)#show config
!
interface TenGigabitEthernet 4/17/1
no ip address
no shutdown

Layer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command.
For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree.

42

Configuration Fundamentals

Obtaining Help

Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using
the ? or help command:

• To list the keywords available in the current mode, enter ? at the prompt or after a keyword.

• Enter ? after a prompt lists all of the available keywords. The output of this command is the same for
the help command.

Dell#?
cd Change current directory
clear Reset functions
clock Manage the system clock
configure Configuring from terminal
copy Copy from one file to another
debug Debug functions

--More--

• Enter ? after a partial keyword lists all of the keywords that begin with the specified letters.

Dell(conf)#cl?
class-map
clock
Dell(conf)#cl

• Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword.

Dell(conf)#clock ?
summer-time Configure summer (daylight savings) time
timezone Configure time zone
Dell(conf)#clock

Entering and Editing Commands

Notes for entering commands.

• The CLI is not case-sensitive.

• You can enter partial CLI keywords.

– Enter the minimum number of letters to uniquely identify a command. For example, you cannot

enter cl as a partial keyword because both the clock and class-map commands begin with the
letters “cl.” You can enter
with those three letters.

• The TAB key auto-completes keywords in commands. Enter the minimum number of letters to
uniquely identify a command.

• The UP and DOWN arrow keys display previously entered commands (refer to Command History).

• The BACKSPACE and DELETE keys erase the previous letter.

• Key combinations are available to move quickly across the command line. The following table
describes these short-cut key combinations.

Short-Cut Key
Combination

CNTL-A Moves the cursor to the beginning of the command line.

Configuration Fundamentals

Action

clo, however, as a partial keyword because only one command begins

43

Short-Cut Key
Combination

CNTL-B Moves the cursor back one character.

CNTL-D Deletes character at cursor.

CNTL-E Moves the cursor to the end of the line.

CNTL-F Moves the cursor forward one character.

CNTL-I Completes a keyword.

CNTL-K Deletes all characters from the cursor to the end of the command line.

CNTL-L Re-enters the previous command.

CNTL-N Return to more recent commands in the history buffer after recalling commands

CNTL-P Recalls commands, beginning with the last command.

CNTL-R Re-enters the previous command.

CNTL-U Deletes the line.

CNTL-W Deletes the previous word.

CNTL-X Deletes the line.

CNTL-Z Ends continuous scrolling of command outputs.

Action

with CTRL-P or the UP arrow key.

Esc B Moves the cursor back one word.

Esc F Moves the cursor forward one word.

Esc D Deletes all characters from the cursor to the end of the word.

Command History

Dell Networking OS maintains a history of previously-entered commands for each mode. For example:

• When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC
mode commands.

• When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered
CONFIGURATION mode commands.

Filtering show Command Outputs

Filter the output of a show command to display specific information by adding | [except | find |
grep | no-more | save] specified_text after the command.

The variable specified_text is the text for which you are filtering and it IS case sensitive unless you
use the ignore-case sub-option.

44

Configuration Fundamentals

Starting with Dell Networking OS version 7.8.1.0, the grep command accepts an ignore-case sub­option that forces the search to case-insensitive. For example, the commands:

• show run | grep Ethernet returns a search result with instances containing a capitalized
“Ethernet,” such as

interface TenGigabitEthernet 1/1/1.

• show run | grep ethernet does not return that search result because it only searches for
instances containing a non-capitalized “ethernet.”

• show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and
“ethernet.”

The grep command displays only the lines containing specified text. The following example shows this
command used in combination with the

show linecard all command.

Dell(conf)#do show system brief | grep 0
0 not present

NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase
with spaces, underscores, or ranges, enclose the phrase with double quotation marks.

The except keyword displays text that does not match the specified text. The following example shows
this command used in combination with the show linecard all command.

Example of the except Keyword

Dell#show system brief | except 0

Slot Status NxtBoot ReqTyp CurTyp Version Ports

-----------------------------------------------------

2 not present
3 not present
4 not present
5 not present
6 not present

The find keyword displays the output of the show command beginning from the first occurrence of
specified text. The following example shows this command used in combination with the show

linecard all

command.

Example of the find Keyword

Dell#show system brief | find 0
Stack MAC : 00:11:12:13:18:20
Reload-Type : normal-reload [Next boot : normal-reload]

-- Stack Info --

Unit UnitType Status ReqTyp CurTyp Version
Ports

--------------------------------------------------------------------------------

----

1 Management online S3048-ON S3048-ON 9-8(0-28) 52
2 Member not present
3 Member not present
4 Member not present
5 Member not present
6 Member not present

-- Power Supplies --

Unit Bay Status Type FanStatus FanSpeed(rpm)

---------------------------------------------------------------------------

1 1 down AC up 8128

Configuration Fundamentals

45

1 2 absent absent 0

-- Fan Status --

Unit Bay TrayStatus Fan0 Speed

--------------------------------------------------------------------------------

----

1 1 up up 9900
1 2 up up 9900
1 3 up up 9900

Speed in RPM

The display command displays additional configuration information.

The no-more command displays the output all at once rather than one screen at a time. This is similar to

terminal length command except that the no-more option affects the output of the specified

the
command only.

The save command copies the output to a file for future reference.

NOTE: You can filter a single command output multiple times. The save option must be the last
option entered. For example: Dell# command | grep regular-expression | except

regular-expression | grep other-regular-expression | find regular-expression
| save.

Multiple Users in Configuration Mode

Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode.

A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY
connection, the IP address of the terminal on which the connection was established. For example:

• On the system that telnets into the switch, this message appears:

% Warning: The following users are currently configuring the system:
User "<username>" on line console0

• On the system that is connected over the console, this message appears:

% Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration
mode

If either of these messages appears, Dell Networking recommends coordinating with the users listed in
the message so that you do not unintentionally overwrite each other’s configuration changes.

46

Configuration Fundamentals

3

Getting Started

This chapter describes how you start configuring your system.
When you power up the chassis, the system performs a power-on self test (POST) during which the line

card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating
System (OS). Boot messages scroll up the terminal window during this process. No user interaction is
required if the boot process proceeds without interruption.

When the boot process completes, the RPM and line card status LEDs remain online (green) and the
console monitor displays the EXEC mode prompt.

For details about using the command line interface (CLI), refer to the Accessing the Command Line
section in the Configuration Fundamentals chapter.

Console Access

Serial Console

The RJ-45/RS-232 console port is labeled on the chassis. It is in the upper right-hand side, as you face
the I/O side of the chassis.

Figure 1. RJ-45 Console Port

1. RJ-45 Console Port

Getting Started

47

Accessing the Console Port

To access the console port, follow these steps:
For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter.

1. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the

S4810 console port to a terminal server.

2. Connect the other end of the cable to the DTE terminal server.

3. Terminal settings on the console port cannot be changed in the software and are set as follows:

• No parity

• 8 data bits

• 1 stop bit

• No flow control

Pin Assignments

You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE
adapter to a terminal server (for example, a PC).

The pin assignments between the console and a DTE terminal server are as follows:

Table 2. Pin Assignments Between the Console and a DTE Terminal Server

Console Port RJ-45 to RJ-45

Rollover Cable

Signal RJ-45 Pinout RJ-45 Pinout DB-9 Pin Signal

RTS 1 8 8 CTS

NC 2 7 6 DSR

TxD 3 6 2 RxD

GND 4 5 5 GND

GND 5 4 5 GND

RxD 6 3 3 TxD

NC 7 2 4 DTR

CTS 8 1 7 RTS

RJ-45 to RJ-45
Rollover Cable

RJ-45 to DB-9
Adapter

Terminal Server
Device

48

Getting Started

Default Configuration

A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured
when you power up for the first time (except for the default hostname, which is Dell). You must
configure the system using the CLI.

Configuring a Host Name

The host name appears in the prompt. The default host name is Dell.

• Host names must start with a letter and end with a letter or digit.

• Characters within the string can be letters, digits, and hyphens.

To create a host name, use the following command.

• Create a host name.
CONFIGURATION mode

hostname name

Example of the hostname Command

Dell(conf)#hostname R1
R1(conf)#

Accessing the System Remotely

You can configure the system to access it remotely by Telnet or SSH.

• The platform has a dedicated management port and a management routing table that is separate
from the IP routing table.

• You can manage all Dell Networking products in-band via the front-end data ports through interfaces
assigned an IP address as well.

Accessing the System Remotely

Configuring the system for remote access is a three-step process, as described in the following topics:

1. Configure an IP address for the management port. Configure the Management Port IP Address

2. Configure a management route with a default gateway. Configure a Management Route

3. Configure a username and password. Configure a Username and Password

Configure the Management Port IP Address

To access the system remotely, assign IP addresses to the management ports.

1. Enter INTERFACE mode for the Management port.

Getting Started

49

CONFIGURATION mode

interface ManagementEthernet slot/port

2. Assign an IP address to the interface.

INTERFACE mode

ip address ip-address/mask

• ip-address: an address in dotted-decimal format (A.B.C.D).

• mask: a subnet mask in /prefix-length format (/ xx).

3. Enable the interface.

INTERFACE mode

no shutdown

Configure a Management Route

Define a path from the system to the network from which you are accessing the system remotely.
Management routes are separate from IP routes and are only used to manage the system through the
management port.
To configure a management route, use the following command.

• Configure a management route to the network from which you are accessing the system.
CONFIGURATION mode

management route ip-address/mask gateway

– ip-address: the network address in dotted-decimal format (A.B.C.D).
– mask: a subnet mask in /prefix-length format (/ xx).
– gateway: the next hop for network traffic originating from the management port.

Configuring a Username and Password

To access the system remotely, configure a system username and password.
To configure a system username and password, use the following command.

• Configure a username and password to access the system remotely.
CONFIGURATION mode

username username password [encryption-type] password

– encryption-type: specifies how you are inputting the password, is 0 by default, and is not

required.

* 0 is for inputting the password in clear text.
* 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the

encrypted password from the configuration of another Dell Networking system.

50

Getting Started

Configuring the Enable Password

Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default.
Configure a password as a basic security measure.

There are two types of enable passwords:

• enable password stores the password in the running/startup configuration using a DES encryption
method.

• enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption
method.

Dell Networking recommends using the enable secret password.

To configure an enable password, use the following command.

• Create a password to access EXEC Privilege mode.
CONFIGURATION mode

enable [password | secret] [level level] [encryption-type] password

– level: is the privilege level, is 15 by default, and is not required

– encryption-type: specifies how you are inputting the password, is 0 by default, and is not

required.

* 0 is for inputting the password in clear text.
* 7 is for inputting a password that is already encrypted using a DES hash. Obtain the encrypted

password from the configuration file of another Dell Networking system.

* 5 is for inputting a password that is already encrypted using an MD5 hash. Obtain the

encrypted password from the configuration file of another Dell Networking system.

Configuration File Management

Files can be stored on and accessed from various storage media. Rename, delete, and copy files on the
system from EXEC Privilege mode.

Copy Files to and from the System

The command syntax for copying files is similar to UNIX. The copy command uses the format copy
source-file-url destination-file-url.

NOTE: For a detailed description of the copy command, refer to the Dell Networking OS Command
Reference.

• To copy a local file to a remote system, combine the file-origin syntax for a local file location with the
file-destination syntax for a remote file location.

• To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file
location with the file-destination syntax for a local file location.

Getting Started

51

Table 3. Forming a copy Command

Location source-file-url Syntax destination-file-url Syntax

For a remote file location:
FTP server

copy ftp://
username:password@{hostip
| hostname}/filepath/
filename

ftp://
username:password@{hostip
| hostname}/ filepath/
filename

For a remote file location:
TFTP server

For a remote file location:
SCP server

copy tftp://{hostip |
hostname}/filepath/
filename

copy scp://{hostip |
hostname}/filepath/
filename

tftp://{hostip |
hostname}/filepath/
filename

scp://{hostip |
hostname}/filepath/
filename

Important Points to Remember

• You may not copy a file from one remote system to another.

• You may not copy a file from one location to the same location.

• When copying to a server, you can only use a hostname if a domain name server (DNS) server is
configured.

• The usbflash command is supported on the device. Refer to your system’s Release Notes for a list of
approved USB vendors.

Example of Copying a File to an FTP Server

Dell#copy flash://Dell-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10/
/Dell/Dell-EF-8.2.1.0
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
27952672 bytes successfully copied

Example of Importing a File to the Local System

core1#$//copy ftp://myusername:mypassword@10.10.10.10//Dell/
Dell-EF-8.2.1.0.bin flash://
Destination file name [Dell-EF-8.2.1.0.bin.bin]:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
26292881 bytes successfully copied

Mounting an NFS File System

This feature enables you to quickly access data on an NFS mounted file system. You can perform file
operations on an NFS mounted file system using supported file commands.

This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on
the device and you can execute all file commands that are available on conventional file systems such as
a Flash file system.

Before executing any CLI command to perform file operations, you must first mount the NFS file system
to a mount-point on the device. Since multiple mount-points exist on a device, it is mandatory to specify
the mount-point to which you want to load the system. The /f10/mnt/nfsdirectory is the root of all
mount-points.

52

Getting Started

To mount an NFS file system, perform the following steps:

Table 4. Mounting an NFS File System

File Operation Syntax

To mount an NFS file system:

mount nfs rhost:path
mount-point username

password

The foreign file system remains mounted as long as the device is up and does not reboot. You can run
the file system commands without having to mount or un-mount the file system each time you run a
command. When you save the configuration using the write command, the mount command is saved
to the startup configuration. As a result, each time the device re-boots, the NFS file system is mounted
during start up.

Table 5. Forming a copy Command

Location source-file-url Syntax destination-file-url Syntax

For a remote file location:
NFS File System

copy nfsmount://{<mount­point>}/filepath/
filename}

tftp://{hostip |

hostname}/filepath/
filename

username:password

Important Points to Remember

• You cannot copy a file from one remote system to another.

• You cannot copy a file from one location to the same location.

• When copying to a server, you can only use a hostname if a domain name server (DNS) server is
configured.

• The usbflash command is supported on the device. Refer to your system’s Release Notes for a list of
approved USB vendors.

Example of Copying a File to current File System

Dell#copy tftp://10.16.127.35/mashutosh/dv-maa-s4810-test nfsmount://
Destination file name [dv-maa-s4810-test]:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!.!
44250499 bytes successfully copied
Dell#
Dell#copy ftp://10.16.127.35 nfsmount:
Source file name []: test.c
User name to login remote host: mashutosh

Example of Logging in to Copy from NFS Mount

Dell#copy nfsmount:///test flash:
Destination file name [test]: test2
!
5592 bytes successfully copied
Dell#
Dell#copy nfsmount:///test.txt ftp://10.16.127.35
Destination file name [test.txt]:
User name to login remote host: mashutosh
Password to login remote host:
!

Getting Started

53

Example of Copying to NFS Mount

Dell#copy flash://test.txt nfsmount:///
Destination file name [test.txt]:
!
15 bytes successfully copied
Dell#copy flash://ashu/capture.txt.pcap nfsmount:///
Destination file name [test.txt]:
!
15 bytes successfully copied
Dell#copy flash://ashu/capture.txt.pcap nfsmount:///ashutosh/snoop.pcap
!
24 bytes successfully copied
Dell#
Dell#copy tftp://10.16.127.35/mashutosh/dv-maa-s4810-test ?
flash: Copy to local file system ([flash://]filepath)
nfsmount: Copy to nfs mount file system (nfsmount:///filepath)
running-config remote host:
Destination file name [test.c]:
!
225 bytes successfully copied
Dell#

Save the Running-Configuration

The running-configuration contains the current system configuration. Dell Networking recommends
coping your running-configuration to the startup-configuration.
The commands in this section follow the same format as those commands in the Copy Files to and from

the System section but use the filenames startup-configuration and running-configuration. These

commands assume that current directory is the internal flash, which is the system default.

• Save the running-configuration to the startup-configuration on the internal flash of the primary RPM.
EXEC Privilege mode

copy running-config startup-config

• Save the running-configuration to an FTP server.
EXEC Privilege mode

copy running-config ftp:// username:password@{hostip | hostname}/filepath/
filename

• Save the running-configuration to a TFTP server.
EXEC Privilege mode

copy running-config tftp://{hostip | hostname}/ filepath/filename

• Save the running-configuration to an SCP server.
EXEC Privilege mode

copy running-config scp://{hostip | hostname}/ filepath/filename

NOTE: When copying to a server, a host name can only be used if a DNS server is configured.

54

Getting Started

Configure the Overload Bit for a Startup Scenario

For information about setting the router overload bit for a specific period of time after a switch reload is
implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell

Networking OS Command Line Reference Guide

.

Viewing Files

You can only view file information and content on local file systems.
To view a list of files or the contents of a file, use the following commands.

• View a list of files on the internal flash.
EXEC Privilege mode

dir flash:

• View the running-configuration.
EXEC Privilege mode

show running-config

• View the startup-configuration.
EXEC Privilege mode

show startup-config

Example of the dir Command

The output of the dir command also shows the read/write privileges, size (in bytes), and date of
modification for each file.

Dell#dir
Directory of flash:

1 drw- 32768 Jan 01 1980 00:00:00 .
2 drwx 512 Jul 23 2007 00:38:44 ..
3 drw- 8192 Mar 30 1919 10:31:04 TRACE_LOG_DIR
4 drw- 8192 Mar 30 1919 10:31:04 CRASH_LOG_DIR
5 drw- 8192 Mar 30 1919 10:31:04 NVTRACE_LOG_DIR
6 drw- 8192 Mar 30 1919 10:31:04 CORE_DUMP_DIR
7 d--- 8192 Mar 30 1919 10:31:04 ADMIN_DIR
8 -rw- 33059550 Jul 11 2007 17:49:46 FTOS-EF-7.4.2.0.bin
9 -rw- 27674906 Jul 06 2007 00:20:24 FTOS-EF-4.7.4.302.bin
10 -rw- 27674906 Jul 06 2007 19:54:52 boot-image-FILE
11 drw- 8192 Jan 01 1980 00:18:28 diag
12 -rw- 7276 Jul 20 2007 01:52:40 startup-config.bak
13 -rw- 7341 Jul 20 2007 15:34:46 startup-config
14 -rw- 27674906 Jul 06 2007 19:52:22 boot-image
15 -rw- 27674906 Jul 06 2007 02:23:22 boot-flash

--More--

Getting Started

55

View Configuration Files

Configuration files have three commented lines at the beginning of the file, as shown in the following
example, to help you track the last time any user made a change to the file, which user made the
changes, and when the file was last saved to the startup-configuration.

In the running-configuration file, if there is a difference between the timestamp on the “Last
configuration change” and “Startup-config last updated,” you have made changes that have not been
saved and are preserved after a system reboot.

Example of the show running-config Command

Dell#show running-config
Current Configuration ...
! Version 9.4(0.0)
! Last configuration change at Tue Mar 11 21:33:56 2014 by admin
! Startup-config last updated at Tue Mar 11 12:11:00 2014 by default
!
boot system stack-unit 1 primary system: B:
boot system stack-unit 1 secondary tftp://10.16.127.35/dt-maa-s4810-2
boot system stack-unit 1 default tftp://10.16.127.35/dt-maa-s4810-2
boot system gateway 10.16.130.254
!

Page 57 - Under Managing the File System, the word external Flash must be
removed

Page 57 - The output of show file-systems must be modified as follows.

Dell#show file-systems

Size(b) Free(b) Feature Type Flags Prefixes
2056916992 2056540160 FAT32 USERFLASH rw flash:

- - - network rw ftp:

- - - network rw tftp:

- - - network rw scp:

Dell#

Managing the File System

The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files.
The system stores files on the internal Flash by default but can be configured to store files elsewhere.

To view file system information, use the following command.

• View information about each file system.
EXEC Privilege mode

show file-systems

The output of the show file-systems command in the following example shows the total capacity,
amount of free memory, file structure, media type, read/write privileges for each storage device in use.

Dell#show file-systems
Size(b) Free(b) Feature Type Flags Prefixes
520962048 213778432 dosFs2.0 USERFLASH rw flash:
127772672 21936128 dosFs2.0 USERFLASH rw slot0:

56

Getting Started

- - - network rw ftp:

- - - network rw tftp:

- - - network rw scp:

You can change the default file system so that file management commands apply to a particular device
or memory.

To change the default directory, use the following command.

• Change the default directory.
EXEC Privilege mode

cd directory

View Command History

The command-history trace feature captures all commands entered by all users of the system with a time
stamp and writes these messages to a dedicated trace log buffer.

The system generates a trace message for each executed command. No password information is saved
to the file.

To view the command-history trace, use the show command-history command.

Example of the show command-history Command

Dell#show command-history
[12/5 10:57:8]: CMD-(CLI):service password-encryption
[12/5 10:57:12]: CMD-(CLI):hostname Force10
[12/5 10:57:12]: CMD-(CLI):ip telnet server enable
[12/5 10:57:12]: CMD-(CLI):line console 0
[12/5 10:57:12]: CMD-(CLI):line vty 0 9
[12/5 10:57:13]: CMD-(CLI):boot system rpm0 primary flash://FTOS­CB-1.1.1.2E2.bin

Upgrading Dell Networking OS

NOTE: To upgrade Dell Networking Operating System (OS), refer to the Release Notes for the
version you want to load on the system.

Using HTTP for File Transfers

Stating with Release 9.3(0.1), you can use HTTP to copy files or configuration details to a remote server.
Use the copy source-file-url http://host[:port]/file-path command to transfer files to an external server.
Enter the following source-file-url keywords and information:

• To copy a file from the internal FLASH, enter flash:// followed by the filename.

• To copy the running configuration, enter the keyword running-config.

• To copy the startup configuration, enter the keyword startup-config.

Getting Started

57

• To copy a file on the external FLASH, enter usbflash:// followed by the filename.

In the Dell Networking OS release 9.8(0.0), HTTP services are enhanced to support the VRF-aware
functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure
that HTTP server to use a specific routing table. You can use the ip http vrf command to inform the
HTTP server to use a specific routing table. After you configure this setting, the VRF table is used to look
up the destination address.

NOTE: To enable HTTP to be VRF-aware, as a prerequisite you must first define the VRF.

You can specify either the management VRF or a nondefault VRF to configure the VRF awareness setting.

When you specify the management VRF, the copy operation that is used to transfer files to and from an
HTTP server utilizes the VRF table corresponding to the Management VRF to look up the destination.
When you specify a nondefault VRF, the VRF table corresponding to that nondefault VRF is used to look
up the HTTP server.

However, these changes are backward-compatible and do not affect existing behavior; meaning, you can
still use the ip http source- interface command to communicate with a particular interface even
if no VRF is configured on that interface

NOTE: If the HTTP service is not VRF-aware, then it uses the global routing table to perform the
look-up.

To enable an HTTP client to look up the VRF table corresponding to either management VRF or any
nondefault VRF, use the ip http vrf command in CONFIGURATION mode.

• Configure an HTTP client with a VRF that is used to connect to the HTTP server.
CONFIGURATION MODE

Dell(conf)#ip http vrf {management | <vrf-name>}

Using Hashes to Validate Software Images

You can use the MD5 message-digest algorithm or SHA256 Secure Hash Algorithm to validate the
software image on the flash drive, after the image has been transferred to the system, but before the
image has been installed. The validation calculates a hash value of the downloaded image file on system’s
flash drive, and, optionally, compares it to a Dell Networking published hash for that file.

The MD5 or SHA256 hash provides a method of validating that you have downloaded the original
software. Calculating the hash on the local image file, and comparing the result to the hash published for
that file on iSupport, provides a high level of confidence that the local copy is exactly the same as the
published software image. This validation procedure, and the verify {md5 | sha256} command to support
it, can prevent the installation of corrupted or modified images.

The verify {md5 | sha256} command calculates and displays the hash of any file on the specified local
flash drive. You can compare the displayed hash against the appropriate hash published on i-Support.
Optionally, the published hash can be included in the verify {md5 | sha256} command, which will display
whether it matches the calculated hash of the indicated file.

To validate a software image:

58

Getting Started

1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP)

server. The published hash for that file is displayed next to the software image file on the iSupport
page.

2. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy

command.

3. Run the verify {md5 | sha256} [ flash://]img-file [hash-value] command. For example, verify sha256

flash://FTOS-SE-9.5.0.0.bin

4. Compare the generated hash value to the expected hash value published on the iSupport page.

To validate the software image on the flash drive after the image has been transferred to the system, but
before the image has been installed, use the verify {md5 | sha256} [ flash://]img-file [hash-value]
command in EXEC mode.

• md5: MD5 message-digest algorithm

• sha256: SHA256 Secure Hash Algorithm

• flash: (Optional) Specifies the flash drive. The default is to use the flash drive. You can just enter the
image file name.

• hash-value: (Optional). Specify the relevant hash published on i-Support.

• img-file: Enter the name of the Dell Networking software image file to validate

Examples: Without Entering the Hash Value for Verification

MD5

Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin
MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459

SHA256

Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin
SHA256 hash for FTOS-SE-9.5.0.0.bin:
e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933

Examples: Entering the Hash Value for Verification

MD5

Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459
MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin

SHA256

Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin
e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933
SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin

Getting Started

59

4

Management

This chapter describes the different protocols or services used to manage the Dell Networking system.

Configuring Privilege Levels

Privilege levels restrict access to commands based on user or terminal line.

There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.

Level Description

Level 0 Access to the system begins at EXEC mode, and EXEC mode commands are

limited to enable, disable, and exit.

Level 1 Access to the system begins at EXEC mode, and all commands are available.

Level 15 Access to the system begins at EXEC Privilege mode, and all commands are

available.

For information about how access and authorization is controlled based on a user’s role, see Role-Based

Access Control.

Creating a Custom Privilege Level

Custom privilege levels start with the default EXEC mode command set. You can then customize privilege
levels 2-14 by:

• restricting access to an EXEC mode command

• moving commands from EXEC Privilege to EXEC mode

• restricting access

A user can access all commands at his privilege level and below.

Removing a Command from EXEC Mode

To remove a command from the list of available commands in EXEC mode for a specific privilege level,
use the privilege exec command from CONFIGURATION mode.

In the command, specify a level greater than the level given to a user or terminal line, then the first
keyword of each command you wish to restrict.

60

Management

Moving a Command from EXEC Privilege Mode to EXEC Mode

To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec
command from CONFIGURATION mode.

In the command, specify the privilege level of the user or terminal line and specify all keywords in the
command to which you want to allow access.

Allowing Access to CONFIGURATION Mode Commands

To allow access to CONFIGURATION mode, use the privilege exec level level configure
command from CONFIGURATION mode.

A user that enters CONFIGURATION mode remains at his privilege level and has access to only two
commands, end and exit. You must individually specify each CONFIGURATION mode command you
want to allow access to using the
specify the privilege level of the user or terminal line and specify all the keywords in the command to
which you want to allow access.

privilege configure level level command. In the command,

Allowing Access to the Following Modes

This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER modes.
Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP,
and ROUTER modes, you must first allow access to the command that enters you into the mode. For
example, to allow a user to enter INTERFACE mode, use the
interface gigabitethernet command.

Next, individually identify the INTERFACE, LINE, ROUTE-MAP or ROUTER commands to which you want
to allow access using the privilege {interface | line | route-map | router} level
level command. In the command, specify the privilege level of the user or terminal line and specify all
the keywords in the command to which you want to allow access.

privilege configure level level

To remove, move or allow access, use the following commands.

The configuration in the following example creates privilege level 3. This level:

• removes the resequence command from EXEC mode by requiring a minimum of privilege level 4

• moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by
requiring a minimum privilege level 3, which is the configured level for VTY 0

• allows access to CONFIGURATION mode with the banner command

• allows access to INTERFACE and LINE modes are allowed with no commands

• Remove a command from the list of available commands in EXEC mode.
CONFIGURATION mode

privilege exec level level {command ||...|| command}

• Move a command from EXEC Privilege to EXEC mode.
CONFIGURATION mode

privilege exec level level {command ||...|| command}

Management

61

• Allow access to CONFIGURATION mode.
CONFIGURATION mode

privilege exec level level configure

• Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all the keywords in
the command.

CONFIGURATION mode

privilege configure level level {interface | line | route-map | router}
{command-keyword ||...|| command-keyword}

• Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode
command.

CONFIGURATION mode

privilege {configure |interface | line | route-map | router} level level
{command ||...|| command}

Example of EXEC Privilege Commands

Dell(conf)#do show run priv
!
privilege exec level 3 capture
privilege exec level 3 configure
privilege exec level 4 resequence
privilege exec level 3 capture bgp-pdu
privilege exec level 3 capture bgp-pdu max-buffer-size
privilege configure level 3 line
privilege configure level 3 interface
Dell(conf)#do telnet 10.11.80.201
[telnet output omitted]
Dell#show priv
Current privilege level is 3.
Dell#?
capture Capture packet
configure Configuring from terminal
disable Turn off privileged commands
enable Turn on privileged commands
exit Exit from the EXEC
ip Global IP subcommands
monitor Monitoring feature
mtrace Trace reverse multicast path from destination to source
ping Send echo messages
quit Exit from the EXEC
show Show running system information
[output omitted]
Dell#config
[output omitted]
Dell(conf)#do show priv
Current privilege level is 3.
Dell(conf)#?
end Exit from configuration mode
exit Exit from configuration mode
interface Select an interface to configure
line Configure a terminal line
linecard Set line card type
Dell(conf)#interface ?
fastethernet Fast Ethernet interface
gigabitethernet Gigabit Ethernet interface
loopback Loopback interface
managementethernet Management Ethernet interface

62

Management

null Null interface
port-channel Port-channel interface
range Configure interface range
sonet SONET interface
tengigabitethernet TenGigabit Ethernet interface
vlan VLAN interface
Dell(conf)#interface tengigabitethernet 1/1/1
Dell(conf-if-te-1/1/1)#?
end Exit from configuration mode
exit Exit from interface configuration mode
Dell(conf-if-te-1/1/1)#exit
Dell(conf)#line ?
aux Auxiliary line
console Primary terminal line
vty Virtual terminal
Dell(conf)#line vty 0
Dell(config-line-vty)#?
exit Exit from line configuration mode
Dell(config-line-vty)#
Dell(conf)#interface group ?
fortyGigE FortyGigabit Ethernet interface
gigabitethernet GigabitEthernet interface IEEE 802.3z
tengigabitethernet TenGigabit Ethernet interface
vlan VLAN keyword
Dell(conf)# interface group vlan 1 - 2 , tengigabitethernet 1/1/1
Dell(conf-if-group-vl-1-2,te-1/1/1)# no shutdown
Dell(conf-if-group-vl-1-2,te-1/1/1)# end

Applying a Privilege Level to a Username

To set the user privilege level, use the following command.

• Configure a privilege level for a user.
CONFIGURATION mode

username username privilege level

Applying a Privilege Level to a Terminal Line

To set a privilege level for a terminal line, use the following command.

• Configure a privilege level for a user.
CONFIGURATION mode

username username privilege level

NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC
mode, but the prompt is hostname#, rather than hostname>.

Configuring Logging

The Dell Networking OS tracks changes in the system using event and error messages.
By default, Dell Networking OS logs these messages on:

Management

63

• the internal buffer

• console and terminal lines

• any configured syslog servers

To disable logging, use the following commands.

• Disable all logging except on the console.
CONFIGURATION mode

no logging on

• Disable logging to the logging buffer.
CONFIGURATION mode

no logging buffer

• Disable logging to terminal lines.
CONFIGURATION mode

no logging monitor

• Disable console logging.
CONFIGURATION mode

no logging console

Audit and Security Logs

This section describes how to configure, display, and clear audit and security logs.
The following is the configuration task list for audit and security logs:

• Enabling Audit and Security Logs

• Displaying Audit and Security Logs

• Clearing Audit Logs

Enabling Audit and Security Logs

You enable audit and security logs to monitor configuration changes or determine if these changes affect
the operation of the system in the network. You log audit and security events to a system log server,
using the logging extended command in CONFIGURATION mode.

Audit Logs

The audit log contains configuration events and information. The types of information in this log consist
of the following:

• User logins to the switch.

• System events for network issues or system issues.

• Users making configuration changes. The switch logs who made the configuration changes and the
date and time of the change. However, each specific change on the configuration is not logged. Only
that the configuration was modified is logged with the user ID, date, and time of the change.

• Uncontrolled shutdown.

64

Management

Security Logs

The security log contains security events and information. RBAC restricts access to audit and security logs
based on the CLI sessions’ user roles. The types of information in this log consist of the following:

• Establishment of secure traffic flows, such as SSH.

• Violations on secure flows or certificate issues.

• Adding and deleting of users.

• User access and configuration changes to the security and crypto parameters (not the key
information but the crypto configuration)

Important Points to Remember

When you enabled RBAC and extended logging:

• Only the system administrator user role can execute this command.

• The system administrator and system security administrator user roles can view security events and
system events.

• The system administrator user roles can view audit, security, and system events.

• Only the system administrator and security administrator user roles can view security logs.

• The network administrator and network operator user roles can view system events.

NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user
role.

Example of Enabling Audit and Security Logs

Dell(conf)#logging extended

Displaying Audit and Security Logs

To display audit logs, use the show logging auditlog command in Exec mode. To view these logs,
you must first enable the logging extended command. Only the RBAC system administrator user role can
view the audit logs. Only the RBAC security administrator and system administrator user role can view the
security logs. If extended logging is disabled, you can only view system events, regardless of RBAC user
role. To view security logs, use the

Example of the show logging auditlog Command

For information about the logging extended command, see Enabling Audit and Security Logs

Dell#show logging auditlog
May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98)
May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0
(10.14.1.98)
May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from
vty0 (10.14.1.98)

Example of the show logging Command for Security

For information about the logging extended command, see Enabling Audit and Security Logs

Dell#show logging
Jun 10 04:23:40: %STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user

show logging command.

Management

65

admin on line vty0 ( 10.14.1.91 )

Clearing Audit Logs

To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is
enabled, only the system administrator user role can issue this command.

Example of the clear logging auditlog Command

Dell# clear logging auditlog

Configuring Logging Format

To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1}
command in CONFIGURATION mode. By default, the system log version is set to 0.

The following describes the two log messages formats:

• 0 – Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol

• 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol

Example of Configuring the Logging Message Format

Dell(conf)#logging version ?
<0-1> Select syslog version (default = 0)
Dell(conf)#logging version 1

66

Management

Setting Up a Secure Connection to a Syslog Server

You can use reverse tunneling with the port forwarding to securely connect to a syslog server.

Pre-requisites

To configure a secure connection from the switch to the syslog server:

1. On the switch, enable the SSH server

Dell(conf)#ip ssh server enable

2. On the syslog server, create a reverse SSH tunnel from the syslog server to FTOS switch, using

following syntax:

ssh -R <remote port>:<syslog server>:<syslog server listen port>
user@remote_host -nNf

Management

67

In the following example the syslog server IP address is 10.156.166.48 and the listening port is

5141. The switch IP address is 10.16.131.141 and the listening port is 5140

ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf

3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”.

If you do not, the system displays an error when you attempt to enable role-based only AAA
authorization.

Dell(conf)# logging localhost tcp port
Dell(conf)#logging 127.0.0.1 tcp 5140

Log Messages in the Internal Buffer

All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled

Configuration Task List for System Log Management

There are two configuration tasks for system log management:

• Disable System Logging

• Send System Messages to a Syslog Server

Disabling System Logging

By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, the
console, and the syslog servers.
To disable system logging, use the following commands.

• Disable all logging except on the console.
CONFIGURATION mode

no logging on

• Disable logging to the logging buffer.
CONFIGURATION mode

no logging buffer

• Disable logging to terminal lines.
CONFIGURATION mode

no logging monitor

• Disable console logging.
CONFIGURATION mode

no logging console

68

Management

Sending System Messages to a Syslog Server

To send system messages to a specified syslog server, use the following command. The following syslog
standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009,
obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP.

• Specify the server to which you want to send system messages. You can configure up to eight syslog
servers.

CONFIGURATION mode

logging {ip-address | ipv6-address | hostname} {{udp {port}} | {tcp {port}}}

You can export system logs to an external server that is connected through a different VRF.

Configuring a UNIX System as a Syslog Server

To configure a UNIX System as a syslog server, use the following command.

• Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the
UNIX system and assigning write permissions to the file.

– Add line on a 4.1 BSD UNIX system. local7.debugging /var/log/ftos.log

– Add line on a 5.7 SunOS UNIX system. local7.debugging /var/adm/ftos.log

In the previous lines, local7 is the logging facility level and debugging is the severity level.

Track Login Activity

Dell Networking OS enables you to track the login activity of users and view the successful and
unsuccessful login events.

When you log in using the console or VTY line, the system displays the last successful login details of the
current user and the number of unsuccessful login attempts since your last successful login to the
system. The system stores the number of unsuccessful login attempts that have occurred in the last 30
days by default. You can change the default value to any number of days from 1 to 30. By default, login
activity tracking is disabled. You can enable it using the login statistics enable command from
the configuration mode.

Restrictions for Tracking Login Activity

These restrictions apply for tracking login activity:

• Only the system and security administrators can configure login activity tracking and view the login
activity details of other users.

• Login statistics is not applicable for login sessions that do not use user names for authentication. For
example, the system does not report login activity for a telnet session that prompts only a password.

Management

69

Configuring Login Activity Tracking

To enable and configure login activity tracking, follow these steps:

1. Enable login activity tracking.

CONFIGURATION mode

login statistics enable

After enabling login statistics, the system stores the login activity details for the last 30 days.

2. (Optional) Configure the number of days for which the system stores the user login statistics. The

range is from 1 to 30.
CONFIGURATION mode

login statistics time-period days

Example of Configuring Login Activity Tracking

The following example enables login activity tracking. The system stores the login activity details for the
last 30 days.

Dell(config)#login statistics enable

The following example enables login activity tracking and configures the system to store the login activity
details for 12 days.

Dell(config)#login statistics enable
Dell(config)#login statistics time-period 12

Display Login Statistics

To view the login statistics, use the show login statistics command.

Example of the show login statistics Command

The show login statistics command displays the successful and failed login details of the current
user in the last 30 days or the custom defined time period.

Dell#show login statistics

------------------------------------------------------------------

User: admin
Last login time: Mon Feb 16 04:40:00 2015
Last login location: Line vty0 ( 10.14.1.97 )
Unsuccessful login attempt(s) since the last successful login: 0
Unsuccessful login attempt(s) in last 30 day(s): 3

------------------------------------------------------------------

Example of the show login statistics all command

The show login statistics all command displays the successful and failed login details of all users
in the last 30 days or the custom defined time period.

Dell#show login statistics all

------------------------------------------------------------------

User: admin

70

Management

Last login time: Mon Feb 16 04:40:00 2015
Last login location: Line vty0 ( 10.14.1.97 )
Unsuccessful login attempt(s) since the last successful login: 0
Unsuccessful login attempt(s) in last 7 day(s): 3

------------------------------------------------------------------

------------------------------------------------------------------

User: secadm
Last login time: Mon Feb 16 04:45:29 2015
Last login location: Line vty0 ( 10.14.1.97 )
Unsuccessful login attempt(s) since the last successful login: 0
Unsuccessful login attempt(s) in last 7 day(s): 0

------------------------------------------------------------------

Example of the show login statistics user user-id command

The show login statistics user user-id command displays the successful and failed login
details of a specific user in the last 30 days or the custom defined time period.

Dell#show login statistics user admin

------------------------------------------------------------------

User: admin
Last login time: Mon Feb 16 04:40:00 2015
Last login location: Line vty0 ( 10.14.1.97 )
Unsuccessful login attempt(s) since the last successful login: 0
Unsuccessful login attempt(s) in last 11 day(s): 3

------------------------------------------------------------------

Limit Concurrent Login Sessions

Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY,
auxiliary, and console lines. You can also clear any of your existing sessions when you reach the
maximum permitted number of concurrent sessions.

By default, you can use all 10 VTY lines, one console line, and one auxiliary line. You can limit the number
of available sessions using the login concurrent-session limit command and so restrict users to
that specific number of sessions. You can optionally configure the system to provide an option to the
users to clear any of their existing sessions.

Restrictions for Limiting the Number of Concurrent Sessions

These restrictions apply for limiting the number of concurrent sessions:

• Only the system and security administrators can limit the number of concurrent sessions and enable
the clear-line option.

• Users can clear their existing sessions only if the system is configured with the login concurrent-

session clear-line enable

Configuring Concurrent Session Limit

To configure concurrent session limit, follow this procedure:

command.

• Limit the number of concurrent sessions for all users.

Management

71

CONFIGURATION mode

login concurrent-session limit number-of-sessions

Example of Configuring Concurrent Session Limit

The following example limits the permitted number of concurrent login sessions to 4.

Dell(config)#login concurrent-session limit 4

Enabling the System to Clear Existing Sessions

To enable the system to clear existing login sessions, follow this procedure:

• Use the following command.
CONFIGURATION mode

login concurrent-session clear-line enable

Example of Enabling the System to Clear Existing Sessions

The following example enables you to clear your existing login sessions.

Dell(config)#login concurrent-session clear-line enable

Example of Clearing Existing Sessions

When you try to log in, the following message appears with all your existing concurrent sessions,
providing an option to close any one of the existing sessions:

$ telnet 10.11.178.14
Trying 10.11.178.14...
Connected to 10.11.178.14.
Escape character is '^]'.
Login: admin
Password:
Current sessions for user admin:
Line Location
2 vty 0 10.14.1.97
3 vty 1 10.14.1.97
Clear existing session? [line number/Enter to cancel]:

When you try to create more than the permitted number of sessions, the following message appears,
prompting you to close one of the existing sessions. If you close any of the existing sessions, you are
allowed to login.

$ telnet 10.11.178.17
Trying 10.11.178.17...
Connected to 10.11.178.17.
Escape character is '^]'.
Login: admin
Password:

Maximum concurrent sessions for the user reached.
Current sessions for user admin:
Line Location
2 vty 0 10.14.1.97
3 vty 1 10.14.1.97
4 vty 2 10.14.1.97

72

Management

5 vty 3 10.14.1.97
Kill existing session? [line number/Enter to cancel]:

Changing System Logging Settings

You can change the default settings of the system logging by changing the severity level and the storage
location.

The default is to log all messages up to debug level, that is, all system messages. By changing the severity
level in the logging commands, you control the number of system messages logged.

To specify the system logging settings, use the following commands.

• Specify the minimum severity level for logging to the logging buffer.
CONFIGURATION mode

logging buffered level

• Specify the minimum severity level for logging to the console.
CONFIGURATION mode

logging console level

• Specify the minimum severity level for logging to terminal lines.
CONFIGURATION mode

logging monitor level

• Specify the minimum severity level for logging to a syslog server.
CONFIGURATION mode

logging trap level

• Specify the minimum severity level for logging to the syslog history table.
CONFIGURATION mode

logging history level

• Specify the size of the logging buffer.
CONFIGURATION mode

logging buffered size

NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in
the buffer. Increasing the buffer size does not affect messages in the buffer.

• Specify the number of messages that Dell Networking OS saves to its logging history table.
CONFIGURATION mode

logging history size size

To view the logging buffer and configuration, use the show logging command in EXEC privilege mode,
as shown in the example for Display the Logging Buffer and the Logging Configuration.

To view the logging configuration, use the show running-config logging command in privilege
mode, as shown in the example for

Configure a UNIX Logging Facility Level.

Management

73

Display the Logging Buffer and the Logging Configuration

To display the current contents of the logging buffer and the logging settings for the system, use the
show logging command in EXEC privilege mode. When RBAC is enabled, the security logs are filtered
based on the user roles. Only the security administrator and system administrator can view the security
logs.

Example of the show logging Command

Dell#show logging
syslog logging: enabled
Console logging: level Debugging
Monitor logging: level Debugging
Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes)
Trap logging: level Informational
%IRC-6-IRC_COMMUP: Link to peer RPM is up
%RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM.
%RPM-2-MSG:CP1 %POLLMGR-2-MMC_STATE: External flash disk missing in 'slot0:'
%CHMGR-5-CARDDETECTED: Line card 0 present
%CHMGR-5-CARDDETECTED: Line card 2 present
%CHMGR-5-CARDDETECTED: Line card 4 present
%CHMGR-5-CARDDETECTED: Line card 5 present
%CHMGR-5-CARDDETECTED: Line card 8 present
%CHMGR-5-CARDDETECTED: Line card 10 present
%CHMGR-5-CARDDETECTED: Line card 12 present
%TSM-6-SFM_DISCOVERY: Found SFM 0
%TSM-6-SFM_DISCOVERY: Found SFM 1
%TSM-6-SFM_DISCOVERY: Found SFM 2
%TSM-6-SFM_DISCOVERY: Found SFM 3
%TSM-6-SFM_DISCOVERY: Found SFM 4
%TSM-6-SFM_DISCOVERY: Found SFM 5
%TSM-6-SFM_DISCOVERY: Found SFM 6
%TSM-6-SFM_DISCOVERY: Found SFM 7
%TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP
%TSM-6-SFM_DISCOVERY: Found SFM 8
%TSM-6-SFM_DISCOVERY: Found 9 SFMs
%CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports)
%TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A
%CHMGR-5-LINECARDUP: Line card 5 is up
%CHMGR-5-CHECKIN: Checkin from line card 12 (type S12YC12, 12 ports)
%TSM-6-PORT_CONFIG: Port link status for LC 12 => portpipe 0: OK portpipe 1: N/A
%CHMGR-5-LINECARDUP: Line card 12 is up
%IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8
%IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8

To view any changes made, use the show running-config logging command in EXEC privilege
mode.

Configuring a UNIX Logging Facility Level

You can save system log messages with a UNIX system logging facility.
To configure a UNIX logging facility level, use the following command.

• Specify one of the following parameters.

74

Management

CONFIGURATION mode

logging facility [facility-type]

– auth (for authorization messages)
– cron (for system scheduler messages)
– daemon (for system daemons)
– kern (for kernel messages)
– local0 (for local use)
– local1 (for local use)
– local2 (for local use)
– local3 (for local use)
– local4 (for local use)
– local5 (for local use)
– local6 (for local use)
– local7 (for local use)
– lpr (for line printer system messages)
– mail (for mail system messages)
– news (for USENET news messages)
– sys9 (system use)
– sys10 (system use)
– sys11 (system use)
– sys12 (system use)
– sys13 (system use)
– sys14 (system use)
– syslog (for syslog messages)
– user (for user programs)
– uucp (UNIX to UNIX copy protocol)

Example of the show running-config logging Command

To view nondefault settings, use the show running-config logging command in EXEC mode.

Dell#show running-config logging
!
logging buffered 524288 debugging
service timestamps log datetime msec
service timestamps debug datetime msec
!
logging trap debugging
logging facility user
logging source-interface Loopback 0
logging 10.10.10.4
Dell#

Management

75

Synchronizing Log Messages

You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by
synchronizing the message output.

Only the messages with a severity at or below the set level appear. This feature works on the terminal and
console connections available on the system.

1. Enter LINE mode.

CONFIGURATION mode

line {console 0 | vty number [end-number] | aux 0}

Configure the following parameters for the virtual terminal lines:

• number: the range is from zero (0) to 8.

• end-number: the range is from 1 to 8.

You can configure multiple virtual terminals at one time by entering a number and an end-number.

2. Configure a level and set the maximum number of messages to print.

LINE mode

logging synchronous [level severity-level | all] [limit]

Configure the following optional parameters:

• level severity-level: the range is from 0 to 7. The default is 2. Use the all keyword to

include all messages.

• limit: the range is from 20 to 300. The default is 20.

To view the logging synchronous configuration, use the show config command in LINE mode.

Enabling Timestamp on Syslog Messages

By default, syslog messages do not include a time/date stamp stating when the error or message was
created.
To enable timestamp, use the following command.

• Add timestamp to syslog messages.
CONFIGURATION mode

service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone]
| uptime]

Specify the following optional parameters:
– You can add the keyword localtime to include the localtime, msec, and show-timezone. If

you do not add the keyword localtime, the time is UTC.

– uptime: To view time since last boot.

If you do not specify a parameter, Dell Networking OS configures uptime.

76

Management

To view the configuration, use the show running-config logging command in EXEC privilege mode.

To disable time stamping on syslog messages, use the no service timestamps [log | debug]
command.

File Transfer Services

With Dell Networking OS, you can configure the system to transfer files over the network using the file
transfer protocol (FTP).

One FTP application is copying the system image files over an interface on to the system; however, FTP is
not supported on virtual local area network (VLAN) interfaces.

If you want the FTP or TFTP server to use a VRF table that is attached to an interface, you must configure
the FTP or TFTP server to use a specific routing table. You can use the ip ftp vrf vrf-name or ip
tftp vrf vrf-name command to inform the FTP or TFTP server to use a specific routing table. After
you configure this setting, the VRF table is used to look up the destination address. However, these
changes are backward-compatible and do not affect existing behavior; meaning, you can still use the
source-interface command to communicate with a particular interface even if no VRF is configured
on that interface.

For more information about FTP, refer to RFC 959, File Transfer Protocol.

NOTE: To transmit large files, Dell Networking recommends configuring the switch as an FTP
server.

Configuration Task List for File Transfer Services

The configuration tasks for file transfer services are:

• Enable FTP Server (mandatory)

• Configure FTP Server Parameters (optional)

• Configure FTP Client Parameters (optional)

Enabling the FTP Server

To enable the system as an FTP server, use the following command.
To view FTP configuration, use the show running-config ftp command in EXEC privilege mode.

• Enable FTP on the system.
CONFIGURATION mode

ftp-server enable

Example of Viewing FTP Configuration

Dell#show running ftp
!
ftp-server enable
ftp-server username nairobi password 0 zanzibar
Dell#

Management

77

Configuring FTP Server Parameters

After you enable the FTP server on the system, you can configure different parameters.
To specify the system logging settings, use the following commands.

• Specify the directory for users using FTP to reach the system.
CONFIGURATION mode

ftp-server topdir dir

The default is the internal flash directory.

• Specify a user name for all FTP users and configure either a plain text or encrypted password.
CONFIGURATION mode

ftp-server username username password [encryption-type] password

Configure the following optional and required parameters:
– username: enter a text string.

– encryption-type: enter 0 for plain text or 7 for encrypted text.

– password: enter a text string.

NOTE: You cannot use the change directory (cd) command until you have configured ftp-
server topdir.

To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode.

Configuring FTP Client Parameters

To configure FTP client parameters, use the following commands.

• Enter the following keywords and slot/port/subport or number information:
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/

subport
– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information.
– For a Loopback interface, enter the keyword loopback then a number from 0 to 16383.
– For a port channel interface, enter the keywords port-channel then a number.
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.

CONFIGURATION mode

ip ftp source-interface interface

• Configure a password.
CONFIGURATION mode

ip ftp password password

• Enter a username to use on the FTP client.
CONFIGURATION mode

ip ftp username name

information.

78

Management

To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode,
as shown in the example for Enable FTP Server.

Terminal Lines

You can access the system remotely and restrict access to the system by creating user profiles.
Terminal lines on the system provide different means of accessing the system. The console line (console)

connects you through the console port in the route processor modules (RPMs). The virtual terminal lines
(VTYs) connect you through Telnet to the system. The auxiliary line (aux) connects secondary devices
such as modems.

Denying and Permitting Access to a Terminal Line

Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit
access to VTY lines.

• Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with
no rules does not deny traffic.

• You cannot use the show ip accounting access-list command to display the contents of an
ACL that is applied only to a VTY line.

• When you use the access-class access-list-name command without specifying the ipv4 or
ipv6 attribute, both IPv4 as well as IPv6 rules that are defined in that ACL are applied to the terminal.
This method is a generic way of configuring access restrictions.

• To be able to filter access exclusively using either IPv4 or IPv6 rules, use either the ipv4 or ipv6
attribute along with the access-class access-list-name command. Depending on the attribute
that you specify (ipv4 or ipv6), the ACL processes either IPv4 or IPv6 rules, but not both. Using this
configuration, you can set up two different types of access classes with each class processing either
IPv4 or IPv6 rules separately.

To apply an IP ACL to a line, Use the following command.

• Apply an ACL to a VTY line.
LINE mode

access-class access-list-name [ipv4 | ipv6]

NOTE: If you already have configured generic IP ACL on a terminal line, then you cannot further
apply IPv4 or IPv6 specific filtering on top of this configuration. Similarly, if you have configured
either IPv4 or IPv6 specific filtering on a terminal line, you cannot apply generic IP ACL on top of
this configuration. Before applying any of these configurations, you must first undo the existing
configuration using the no access-class access-list-name [ipv4 | ipv6] command.

Example of an ACL that Permits Terminal Access

Example Configuration

To view the configuration, use the show config command in LINE mode.

Dell(config-std-nacl)#show config
!
ip access-list standard myvtyacl
seq 5 permit host 10.11.0.1

Management

79

Dell(config-std-nacl)#line vty 0
Dell(config-line-vty)#show config
line vty 0
access-class myvtyacl

Dell(conf-ipv6-acl)#do show run acl
!
ip access-list extended testdeny
seq 10 deny ip 30.1.1.0/24 any
seq 15 permit ip any any
!
ip access-list extended testpermit
seq 15 permit ip any any
!
ipv6 access-list testv6deny
seq 10 deny ipv6 3001::/64 any
seq 15 permit ipv6 any any
!
Dell(conf)#
Dell(conf)#line vty 0 0
Dell(config-line-vty)#access-class testv6deny ipv6
Dell(config-line-vty)#access-class testvpermit ipv4
Dell(config-line-vty)#show c
line vty 0
exec-timeout 0 0
access-class testpermit ipv4
access-class testv6deny ipv6
!

Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a
VTY line, apply an ACL and accounting, authentication and authorization (AAA) to the line. Then users are
denied access only after they enter a username and password. Beginning in Dell Networking OS version

7.4.2.0, only an ACL is required, and users are denied access before they are prompted for a username

and password.

Configuring Login Authentication for Terminal Lines

You can use any combination of up to six authentication methods to authenticate a user on a terminal
line.
A combination of authentication methods is called a method list. If the user fails the first authentication
method, Dell Networking OS prompts the next method until all methods are exhausted, at which point
the connection is terminated. The available authentication methods are:

enable

line

local

none

radius

tacacs+

1. Configure an authentication method list. You may use a mnemonic name or use the keyword

default. The default authentication method for terminal lines is local and the default method list is
empty.

80

Prompt for the enable password.

Prompt for the password you assigned to the terminal line. Configure a password
for the terminal line to which you assign a method list that contains the line
authentication method. Configure a password using the
LINE mode.

Prompt for the system username and password.

Do not authenticate the user.

Prompt for a username and password and use a RADIUS server to authenticate.

Prompt for a username and password and use a TACACS+ server to authenticate.

password command from

Management

CONFIGURATION mode

aaa authentication login {method-list-name | default} [method-1] [method-2]
[method-3] [method-4] [method-5] [method-6]

2. Apply the method list from Step 1 to a terminal line.

CONFIGURATION mode

login authentication {method-list-name | default}

3. If you used the line authentication method in the method list you applied to the terminal line,

configure a password for the terminal line.
LINE mode

password

Example of Terminal Line Authentication

In the following example, VTY lines 0-2 use a single authentication method, line.

Dell(conf)#aaa authentication login myvtymethodlist line
Dell(conf)#line vty 0 2
Dell(config-line-vty)#login authentication myvtymethodlist
Dell(config-line-vty)#password myvtypassword
Dell(config-line-vty)#show config
line vty 0
password myvtypassword
login authentication myvtymethodlist
line vty 1
password myvtypassword
login authentication myvtymethodlist
line vty 2
password myvtypassword
login authentication myvtymethodlist
Dell(config-line-vty)#

Setting Time Out of EXEC Privilege Mode

EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of
inactivity on the terminal lines.
To set time out, use the following commands.

• Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes
on VTY. Disable EXEC time out by setting the time-out period to 0.

LINE mode

exec-timeout minutes [seconds]

• Return to the default time-out values.
LINE mode

no exec-timeout

Management

81

Example of Setting the Time Out Period for EXEC Privilege Mode

The following example shows how to set the time-out period and how to view the configuration using
the show config command from LINE mode.

Dell(conf)#line con 0
Dell(config-line-console)#exec-timeout 0
Dell(config-line-console)#show config
line console 0
exec-timeout 0 0
Dell(config-line-console)#

Using Telnet to get to Another Network Device

To telnet to another device, use the following commands.

NOTE: The device allows 120 Telnet sessions per minute, allowing the login and logout of 10 Telnet
sessions, 12 times in a minute. If the system reaches this non-practical limit, the Telnet service is
stopped for 10 minutes. You can use console and SSH service to access the system during
downtime.

• Telnet to the peer RPM. You do not need to configure the management port on the peer RPM to be
able to telnet to it.

EXEC Privilege mode

telnet-peer-rpm

• Telnet to a device with an IPv4 or IPv6 address.
EXEC Privilege

telnet [ip-address]

If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one.

Enter an IPv4 address in dotted decimal format (A.B.C.D).

Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros
is supported.

Example of the telnet Command for Device Access

Dell# telnet 10.11.80.203
Trying 10.11.80.203...
Connected to 10.11.80.203.
Exit character is '^]'.
Login:
Login: admin
Password:
Dell>exit
Dell#telnet 2200:2200:2200:2200:2200::2201
Trying 2200:2200:2200:2200:2200::2201...
Connected to 2200:2200:2200:2200:2200::2201.
Exit character is '^]'.
FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1)
login: admin
Dell#

82

Management

Lock CONFIGURATION Mode

Dell Networking OS allows multiple users to make configurations at the same time. You can lock
CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message

2).

You can set two types of lockst: auto and manual.

• Set auto-lock using the configuration mode exclusive auto command from
CONFIGURATION mode. When you set auto-lock, every time a user is in CONFIGURATION mode, all
other users are denied access. This means that you can exit to EXEC Privilege mode, and re-enter
CONFIGURATION mode without having to set the lock again.

• Set manual lock using the configure terminal lock command from CONFIGURATION mode.
When you configure a manual lock, which is the default, you must enter this command each time you
want to enter CONFIGURATION mode and deny access to others.

Viewing the Configuration Lock Status

If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which
user has control of CONFIGURATION mode using the show configuration lock command from
EXEC Privilege mode.

You can then send any user a message using the send command from EXEC Privilege mode.
Alternatively, you can clear any line using the
console session, the user is returned to EXEC mode.

clear command from EXEC Privilege mode. If you clear a

Example of Locking CONFIGURATION Mode for Single-User Access

Dell(conf)#configuration mode exclusive auto
BATMAN(conf)#exit
3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console

Dell#config
! Locks configuration mode exclusively.
Dell(conf)#

If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears
on their terminal (message 1): % Error: User "" on line console0 is in exclusive

configuration mode

If any user is already in CONFIGURATION mode when while a lock is in place, the following appears on
their terminal (message 2): % Error: Can't lock configuration mode exclusively since

the following users are currently configuring the system: User "admin" on line
vty1 ( 10.1.1.1 ).

NOTE: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you
configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION
mode, when you attempt to re-enter CONFIGURATION mode, you are denied access even though
you are the one that configured the lock.

NOTE: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is
unconfigured.

.

Management

83

Restoring the Factory Default Settings

Restoring the factory-default settings deletes the existing NVRAM settings, startup configuration, and all
configured settings such as, stacking or fanout.

To restore the factory default settings, use the restore factory-defaults stack-unit {1–6 |

all} {clear-all | nvram | bootvar}

CAUTION: There is no undo for this command.

Important Points to Remember

• When you restore all the units in a stack, these units are placed in standalone mode.

• When you restore a single unit in a stack, only that unit is placed in standalone mode. No other units
in the stack are affected.

• When you restore the units in standalone mode, the units remain in standalone mode after the
restoration.

• After the restore is complete, the units power cycle immediately.

The following example illustrates the restore factory-defaults command to restore the factory default
settings.

Dell#restore factory-defaults stack-unit 1 nvram

***********************************************************************
* Warning - Restoring factory defaults will delete the existing *
* persistent settings (stacking, fanout, etc.) *
* After restoration the unit(s) will be powercycled immediately. *
* Proceed with caution ! *
***********************************************************************

command in EXEC Privilege mode.

Proceed with factory settings? Confirm [yes/no]:yes

-- Restore status --

Unit Nvram Config

------------------------

0 Success

Power-cycling the unit(s).

....

Restoring Factory Default Environment Variables

The Boot line determines the location of the image that is used to boot up the chassis after restoring
factory default settings. Ideally, these locations contain valid images, using which the chassis boots up.

While restoring factory-default settings, you can either use a flash boot procedure or a network boot
procedure to boot the device.

When you use the flash boot procedure to boot the device, the boot loader checks if the primary or the
secondary partition contains a valid image. If the primary partition contains a valid image, then the
primary boot line is set to A: and the secondary and default boot lines are set to a Null String. If the

84

Management

secondary partition contains a valid image, then the primary boot line is set to B: and the secondary and
default boot lines are set to a Null String. If both the partitions contain invalid images, then primary,
secondary, and default boot line values are set to a Null string.

When you use the Network boot procedure to boot the device, the boot loader checks if the primary
partition contains a valid image. If a valid image exists on the primary partition and the secondary partition
does not contain a valid image, then the primary boot line is set to A: and the secondary and default boot
lines are set to a Null string. If the secondary partition also contains a valid image, then the primary boot
line value is set to the partition that is configured to be used to boot the device in a network failure
scenario. The secondary and default boot line values are set to a Null string.

Important Points to Remember

• The Chassis remains in boot prompt if none of the partitions contain valid images.

• To enable TFTP boot after restoring factory default settings, you must stop the boot process in BLI.

In case the system fails to reload the image from the partition, perform the following steps:

1. Power-cycle the chassis (pull the power cord and reinsert it).

2. Press esc key to abort the boot process (while the system prompts to)

You enter BLI immediately, as indicated by the BOOT_USER # prompt.

press any key

3. Assign the new location of the FTOS image to be used when the system reloads.

To boot from flash partition A:

BOOT_USER # boot change primary

boot device : flash

file name : systema

BOOT_USER #

To boot from flash partition B:

BOOT_USER # boot change primary

boot device : flash

file name : systemb

BOOT_USER #

To boot from network:

BOOT_USER # boot change primary

boot device : tftp

Management

85

file name : FTOS-SI-9-5-0-169.bin

Server IP address : 10.16.127.35

BOOT_USER #

4. Assign an IP address and netmask to the Management Ethernet interface.

BOOT_USER # interface management ethernet ip address ip_address_with_mask

For example, 10.16.150.106/16.

5. Assign an IP address as the default gateway for the system.

default-gateway gateway_ip_address

For example, 10.16.150.254.

6. The environment variables are auto saved.

7. Reload the system.

BOOT_USER # reload

86

Management

5

802.1X

802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is

disallowed from sending or receiving packets on the network until its identity can be verified (through a
username and password, for example). This feature is named for its IEEE specification.

802.1X employs extensible authentication protocol (EAP) to transfer a device’s credentials to an

authentication server (typically RADIUS) using a mandatory intermediary network access device, in this
case, a Dell Networking switch. The network access device mediates all communication between the
end-user device and the authentication server so that the network remains secure. The network access
device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over­RADIUS to communicate with the server.

NOTE: The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP­TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.

The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames.

Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS

802.1X

87

Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS

The authentication process involves three devices:

• The device attempting to access the network is the supplicant. The supplicant is not allowed to
communicate on the network until the authenticator authorizes the port. It can only communicate
with the authenticator in response to 802.1X requests.

• The device with which the supplicant communicates is the authenticator. The authenticator is the
gate keeper of the network. It translates and forwards requests and responses between the
authentication server and the supplicant. The authenticator also changes the status of the port based
on the results of the authentication process. The Dell Networking switch is the authenticator.

• The authentication-server selects the authentication method, verifies the information the supplicant
provides, and grants it network access privileges.

Ports can be in one of two states:

• Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in
or out of the port.

• The authenticator changes the port state to authorized if the server can authenticate the supplicant.
In this state, network traffic can be forwarded normally.

NOTE: The Dell Networking switches place 802.1X-enabled ports in the unauthorized state by
default.

The Port-Authentication Process

The authentication process begins when the authenticator senses that a link status has changed from
down to up:

1. When the authenticator senses a link state change, it requests that the supplicant identify itself using

an EAP Identity Request frame.

88

802.1X

2. The supplicant responds with its identity in an EAP Response Identity frame.

3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a

RADIUS Access-Request frame and forwards the frame to the authentication server.

4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame

requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP­Method). The challenge is translated and forwarded to the supplicant by the authenticator.

5. The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant

provides the Requested Challenge information in an EAP response, which is translated and
forwarded to the authentication server as another Access-Request frame.

6. If the identity information provided by the supplicant is valid, the authentication server sends an

Access-Accept frame in which network privileges are specified. The authenticator changes the port
state to authorized and forwards an EAP Success frame. If the identity information is invalid, the
server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator
forwards an EAP Failure frame.

Figure 4. EAP Port-Authentication

802.1X

89

EAP over RADIUS

802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as

defined in RFC 3579.

EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV)
format. The Type value for EAP messages is 79.

Figure 5. EAP Over RADIUS

RADIUS Attributes for 802.1 Support

Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request
messages:

Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.

Attribute 41 NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet.

Attribute 61 NAS-Port: the physical port number by which the authenticator is connected to

the supplicant.

Attribute 81 Tunnel-Private-Group-ID: associate a tunneled session with a particular group of

users.

Configuring 802.1X

Configuring 802.1X on a port is a one-step process.

For more information, refer to Enabling 802.1X.

Related Configuration Tasks

• Configuring Request Identity Re-Transmissions

• Forcibly Authorizing or Unauthorizing a Port

• Re-Authenticating a Port

• Configuring Timeouts

• Configuring a Guest VLAN

90

802.1X

• Configuring an Authentication-Fail VLAN

Important Points to Remember

• Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1,
and MS-CHAPv2 with PEAP.

• All platforms support only RADIUS as the authentication server.

• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary
RADIUS server, if configured.

• 802.1X is not supported on port-channels or port-channel members.

802.1X

91

Enabling 802.1X

Enable 802.1X globally.

Figure 6. 802.1X Enabled

1. Enable 802.1X globally.

CONFIGURATION mode

dot1x authentication

2. Enter INTERFACE mode on an interface or a range of interfaces.

INTERFACE mode

interface [range]

3. Enable 802.1X on the supplicant interface only.

INTERFACE mode

dot1x authentication

92

802.1X

Examples of Verifying that 802.1X is Enabled Globally and on an Interface

Verify that 802.1X is enabled globally and at the interface level using the show running-config |
find dot1x command from EXEC Privilege mode.

In the following example, the bold lines show that 802.1X is enabled.

Dell#show running-config | find dot1x

dot1x authentication

!
[output omitted]
!
interface TenGigabitEthernet 2/1/1
no ip address
dot1x authentication
no shutdown
!
Dell#

To view 802.1X configuration information for an interface, use the show dot1x interface command.

In the following example, the bold lines show that 802.1X is enabled on all ports unauthorized by default.

Dell#show dot1x interface TenGigabitEthernet 2/1/1

802.1x information on Te 2/1/1:

-----------------------------

Dot1x Status: Enable

Port Control: AUTO

Port Auth Status: UNAUTHORIZED

Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize

Configuring Request Identity Re-Transmissions

If the authenticator sends a Request Identity frame, but the supplicant does not respond, the
authenticator waits 30 seconds and then re-transmits the frame.
The amount of time that the authenticator waits before re-transmitting and the maximum number of
times that the authenticator re-transmits are configurable.

802.1X

93

NOTE: There are several reasons why the supplicant might fail to respond; for example, the
supplicant might have been booting when the request arrived or there might be a physical layer
problem.

To configure re-transmissions, use the following commands.

• Configure the amount of time that the authenticator waits before re-transmitting an EAP Request
Identity frame.

INTERFACE mode

dot1x tx-period number

The range is from 1 to 65535 (1 year)

The default is 30.

• Configure a maximum number of times the authenticator re-transmits a Request Identity frame.
INTERFACE mode

dot1x max-eap-req number

The range is from 1 to 10.

The default is 2.

The example in Configuring a Quiet Period after a Failed Authentication shows configuration information
for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and
re-transmits a maximum of 10 times.

Configuring a Quiet Period after a Failed Authentication

If the supplicant fails the authentication process, the authenticator sends another Request Identity frame
after 30 seconds by default, but you can configure this period.

NOTE: The quiet period (dot1x quiet-period) is a transmit interval for after a failed
authentication; the Request Identity Re-transmit interval (dot1x tx-period) is for an unresponsive
supplicant.

To configure a quiet period, use the following command.

• Configure the amount of time that the authenticator waits to re-transmit a Request Identity frame
after a failed authentication.

INTERFACE mode

dot1x quiet-period seconds

The range is from 1 to 65535.

The default is 60 seconds.

Example of Configuring and Verifying Port Authentication

The following example shows configuration information for a port for which the authenticator re­transmits an EAP Request Identity frame:

94

802.1X

• after 90 seconds and a maximum of 10 times for an unresponsive supplicant

• re-transmits an EAP Request Identity frame

The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions.

FTOS(conf-if-range-Te-2/1/1)#dot1x tx-period 90
FTOS(conf-if-range-Te-2/1/1)#dot1x max-eap-req 10
FTOS(conf-if-range-Te-2/1/1)#dot1x quiet-period 120
FTOS#show dot1x interface TenGigabitEthernet 2/1/1

802.1x information on Te 2/1/1:

-----------------------------

Dot1x Status: Enable
Port Control: AUTO
Port Auth Status: UNAUTHORIZED

Re-Authentication: Disable

Untagged VLAN id: None
Tx Period: 90 seconds

Quiet Period: 120 seconds

ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds

Max-EAP-Req: 10

Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize

Forcibly Authorizing or Unauthorizing a Port

IEEE 802.1X requires that a port can be manually placed into any of three states:

• ForceAuthorized — an authorized state. A device connected to this port in this state is never
subjected to the authentication process, but is allowed to communicate on the network. Placing the
port in this state is same as disabling 802.1X on the port.

• ForceUnauthorized — an unauthorized state. A device connected to a port in this state is never
subjected to the authentication process and is not allowed to communicate on the network. Placing
the port in this state is the same as shutting down the port. Any attempt by the supplicant to initiate
authentication is ignored.

• Auto — an unauthorized state by default. A device connected to this port in this state is subjected to
the authentication process. If the process is successful, the port is authorized and the connected
device can communicate on the network. All ports are placed in the Auto state by default.

To set the port state, use the following command.

• Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state.
INTERFACE mode

dot1x port-control {force-authorized | force-unauthorized | auto}

The default state is auto.

Example of Placing a Port in Force-Authorized State and Viewing the Configuration

The example shows configuration information for a port that has been force-authorized.

802.1X

95

The bold line shows the new port-control state.

Dell(conf-if-Te-1/1/1)#dot1x port-control force-authorized
Dell(conf-if-Te-1/1/1)#show dot1x interface TenGigabitEthernet 1/1/1

802.1x information on Te 1/1/1:

-----------------------------

Dot1x Status: Enable

Port Control: FORCE_AUTHORIZED

Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 10
Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
Auth PAE State: Initialize
Backend State: Initialize

Re-Authenticating a Port

You can configure the authenticator for periodic re-authentication.
After the supplicant has been authenticated, and the port has been authorized, you can configure the
authenticator to re-authenticate the supplicant periodically. If you enable re-authentication, the
supplicant is required to re-authenticate every 3600 seconds, but you can configure this interval. You can
configure a maximum number of re-authentications as well.

To configure re-authentication time settings, use the following commands.

• Configure the authenticator to periodically re-authenticate the supplicant.
INTERFACE mode

dot1x reauthentication [interval] seconds

The range is from 1 to 65535.

The default is 3600.

• Configure the maximum number of times that the supplicant can be re-authenticated.
INTERFACE mode

dot1x reauth-max number

The range is from 1 to 10.

The default is 2.

Example of Re-Authenticating a Port and Verifying the Configuration

96

802.1X

The bold lines show that re-authentication is enabled and the new maximum and re-authentication time
period.

Dell(conf-if-Te-1/1/1)#dot1x reauthentication interval 7200
Dell(conf-if-Te-1/1/1)#dot1x reauth-max 10
Dell(conf-if-Te-1/1/1)#do show dot1x interface TenGigabitEthernet 1/1

802.1x information on Te 1/1/1:

-----------------------------

Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED

Port Auth Status: UNAUTHORIZED

Re-Authentication: Enable
Untagged VLAN id: None
Tx Period: 90 seconds
Quiet Period: 120 seconds

ReAuth Max: 10

Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds

Re-Auth Interval: 7200 seconds

Max-EAP-Req: 10
Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
Auth PAE State: Initialize
Backend State: Initialize

Configuring Timeouts

If the supplicant or the authentication server is unresponsive, the authenticator terminates the
authentication process after 30 seconds by default. You can configure the amount of time the
authenticator waits for a response.

To terminate the authentication process, use the following commands.

• Terminate the authentication process due to an unresponsive supplicant.
INTERFACE mode

dot1x supplicant-timeout seconds

The range is from 1 to 300.

The default is 30.

• Terminate the authentication process due to an unresponsive authentication server.
INTERFACE mode

dot1x server-timeout seconds

The range is from 1 to 300.

The default is 30.

Example of Viewing Configured Server Timeouts

The example shows configuration information for a port for which the authenticator terminates the
authentication process for an unresponsive supplicant or server after 15 seconds.

802.1X

97

The bold lines show the new supplicant and server timeouts.

Dell(conf-if-Te-1/1/1)#dot1x port-control force-authorized
Dell(conf-if-Te-1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1

802.1x information on Te 1/1/1:

-----------------------------

Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10

Supplicant Timeout: 15 seconds
Server Timeout: 15 seconds

Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10

Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize

Enter the tasks the user should do after finishing this task (optional).

Configuring Dynamic VLAN Assignment with Port Authentication

Dell Networking OS supports dynamic VLAN assignment when using 802.1X.
The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN
assignment uses the standard dot1x procedure:

1. The host sends a dot1x packet to the Dell Networking system

2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port

number

3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN

assignment using Tunnel-Private-Group-ID

The illustration shows the configuration on the Dell Networking system before connecting the end user
device in black and blue text, and after connecting the device in red text. The blue text corresponds to
the preceding numbered steps on dynamic VLAN assignment with 802.1X.

98

802.1X

Figure 7. Dynamic VLAN Assignment

1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations

(refer to the illustration inDynamic VLAN Assignment with Port Authentication).

2. Make the interface a switchport so that it can be assigned to a VLAN.

3. Create the VLAN to which the interface will be assigned.

4. Connect the supplicant to the port configured for 802.1X.

5. Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in

Dynamic VLAN Assignment with Port Authentication).

Guest and Authentication-Fail VLANs

Typically, the authenticator (the Dell system) denies the supplicant access to the network until the
supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and
places it in either the VLAN for which the port is configured or the VLAN that the authentication server
indicates in the authentication data.

NOTE: Ports cannot be dynamically assigned to the default VLAN.

802.1X

99

If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases
this behavior is not appropriate. External users of an enterprise network, for example, might not be able
to be authenticated, but still need access to the network. Also, some dumb-terminals, such as network
printers, do not have 802.1X capability and therefore cannot authenticate themselves. To be able to
connect such devices, they must be allowed access the network without compromising network security.

The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices
and the Authentication-fail VLAN 802.1X extension addresses this limitation with regard to external users.

• If the supplicant fails authentication a specified number of times, the authenticator places the port in
the Authentication-fail VLAN.

• If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of
the Guest VLAN and the authentication process begins.

Configuring a Guest VLAN

If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, the
system assumes that the host does not have 802.1X capability and the port is placed in the Guest VLAN.

NOTE: For more information about configuring timeouts, refer to Configuring Timeouts.

Configure a port to be placed in the Guest VLAN after failing to respond within the timeout period using
the dot1x guest-vlan command from INTERFACE mode. View your configuration using the show
config command from INTERFACE mode or using the show dot1x interface command from EXEC
Privilege mode.

Example of Viewing Guest VLAN Configuration

Dell(conf-if-Te-2/1/1)#dot1x guest-vlan 200
Dell(conf-if-Te 2/1/1))#show config
!
interface TenGigabitEthernet 2/1/1
switchport
dot1x guest-vlan 200
no shutdown
Dell(conf-if-Te 2/1/1))#

Configuring an Authentication-Fail VLAN

If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified
amount of time.

NOTE: For more information about authenticator re-attempts, refer to Configuring a Quiet Period

after a Failed Authentication.

You can configure the maximum number of times the authenticator re-attempts authentication after a
failure (3 by default), after which the port is placed in the Authentication-fail VLAN.

Configure a port to be placed in the VLAN after failing the authentication process as specified number of
times using the dot1x auth-fail-vlan command from INTERFACE mode. Configure the maximum
number of authentication attempts by the authenticator using the keyword max-attempts with this
command.

100

802.1X