Dell Force10 S4810P Bedienungsanleitung

Dell Configuration Guide for the S4810 System9.5(0.0)

Configuring Lossless Queues... 277Configuring the PF

3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to th

13. Verify that the VLT LAG is running in both VLT peer units.EXEC mode or EXEC Privilege modeshow interfaces interfaceExample of Configuring VLTIn th

Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit. In the following example, port Te 0/40 in VLT peer 1 is connected t

no ip address switchport no shutdowns60-1#s60-1#show interfaces port-channel 100 briefCodes: L - LACP Port-channel LAG Mode Status Uptime

Figure 132. eVLT Configuration ExampleeVLT Configuration Step ExamplesIn Domain 1, configure the VLT domain and VLTi on Peer 1.Domain_1_Peer1#configur

Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0aDomain_1_Pee

Configure eVLT on Peer 4.Domain_2_Peer4(conf)#interface port-channel 100Domain_2_Peer4(conf-if-po-100)# switchportDomain_2_Peer4(conf-if-po-100)# vlt-

Verifying a VLT ConfigurationTo monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the prima

Examples of the show vlt and show spanning-tree rstp CommandsThe following example shows the show vlt backup-link command.Dell_VLTpeer1# show vlt back

The following example shows the show vlt detail command.Dell_VLTpeer1# show vlt detailLocal LAG Id Peer LAG Id Local Status Peer Status Active VLANs--

Dell_VLTpeer2# show vlt statisticsVLT Statistics----------------HeartBeat Messages Sent: 994HeartBeat Messages Received: 978ICL Hello's Sent:

EAP over RADIUS802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.EAP messages

Configuring Virtual Link Trunking (VLT Peer 1)Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi).Dell_VLTpeer1(conf)#

Configure the backup link.Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.35/Dell_VLTpeer2(conf

Troubleshooting VLTTo help troubleshoot different VLT issues that may occur, use the following information.NOTE: For information on VLT Failure mode t

Description Behavior at Peer Up Behavior During Run TimeAction to Takethat the MAC address is the same on both units.Unit ID mismatchThe VLT peer does

Specifying VLT Nodes in a PVLANYou can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanni

not validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed f

PVLAN Operations When a VLT Peer is RestartedWhen the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer n

VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN MembershipMac SynchronizationPeer1 Peer2 Peer1 Peer2PromiscuousTrunk Primary Primary Yes NoTrunk Access P

VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN MembershipMac SynchronizationPeer1 Peer2 Peer1 Peer2Access Access Secondary (Community)Secondary (Communi

4. Ensure that the port channel is active.INTERFACE PORT-CHANNEL modeno shutdown5. To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer

Important Points to Remember• Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.• A

5. Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.CONFIGURATION modeinterface vlan vlan-id6. Enable the VLAN

proxy ARP. For example, consider a sample topology in which VLAN 100 is configured on two VLT nodes, node 1 and node 2. ICL link is not configured bet

VLT Nodes as Rendezvous Points for Multicast ResiliencyYou can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protoc

without the implementation of Spanning Tree Protocol (STP), thereby providing a loop-free network with optimal bandwidth utilization.Peer routing for

When VLT has been configured and enabled on both VLT node1 and node2, any dynamically learned ND entry in VLT node1 should be synchronized instantaneo

Sample Configuration of IPv6 Peer Routing in a VLT DomainConsider a sample scenario as shown in the following figure in which two VLT nodes, Unit1 and

Neighbor Solicitation from VLT HostsConsider a case in which NS for VLT node1 IP reaches VLT node1 on VLT interface and NS for VLT node1 IP reaches VL

Consider a sample scenario in which NS for VLT node1 IP reaches VLT node1 on non-VLT interface and NS for VLT node1 IP reaches VLT node2 on non-VLT in

When VLT node receives traffic intended to non-VLT host, it routes the traffic over non-VLT interface. If the traffic intended to non-VLT host reaches

61Virtual Routing and Forwarding (VRF)Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers

Enabling 802.1XEnable 802.1X globally.Figure 10. 802.1X Enabled1. Enable 802.1X globally.CONFIGURATION modedot1x authentication2. Enter INTERFACE mode

Figure 133. VRF Network ExampleVRF Configuration NotesAlthough there is no restriction on the number of VLANs that can be assigned to a VRF instance,

A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by an

Feature/Capability Support Status for Default VRF Support Status for Non-default VRFFRRP (if applicable) for VLANs Yes NoMulticast protocols (PIM-SM,

Feature/Capability Support Status for Default VRF Support Status for Non-default VRFBGP Yes NoACL Yes YesMulticast Yes NoNDP Yes NoRAD Yes NoIngress/E

Task Command Syntax Command ModeCreate a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode.ip vrf vrf-

Configuring VRRP on a VRF InstanceYou can configure the VRRP feature on interfaces that belong to a VRF instance.In a virtualized network that consist

Figure 134. Setup OSPF and Static Routes1036Virtual Routing and Forwarding (VRF)

Figure 135. Setup VRF InterfacesThe following example relates to the configuration shown in Figure1 and Figure 2.Virtual Routing and Forwarding (VRF)1

Router 1ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/0 no ip address switchport no shutdown ! interfa

Router 2ip vrf blue 1!ip vrf orange 2!ip vrf green 3!interface TenGigabitEthernet 3/0 no ip address switchport no shutdown!interface GigabitE

Examples of Verifying that 802.1X is Enabled Globally and on an InterfaceVerify that 802.1X is enabled globally and at the interface level using the s

The following shows the output of the show commands on Router 1.Router 1Dell#show ip vrfVRF-Name VRF-ID Interfaces default-vrf

O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,

9/0-17,21-47, Gi 11/0-47,

L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary routeGateway of last res

ip vrf forwarding VRF2 ip address 140.0.0.1/24ip route vrf VRF1 20.0.0.0/16 140.0.0.2 vrf VRF2ip route vrf VRF2 40.0.0.0/16 120.0.0.2 vrf VRF11044V

62Virtual Router Redundancy Protocol (VRRP)Virtual router redundancy protocol (VRRP) is supported on the S4810 platform.VRRP OverviewVRRP is designed

Figure 136. Basic VRRP ConfigurationVRRP BenefitsWith VRRP configured on a network, end-station connectivity to the network is not subject to a single

decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly.CAUTION: Increasing the advertisement

• Create a virtual router for that interface with a VRID.INTERFACE modevrrp-group vridThe VRID range is from 1 to 255.NOTE: The interface must already

You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to both, the switch sends only

To configure re-transmissions, use the following commands.• Configure the amount of time that the authenticator waits before re-transmitting an EAP Re

belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though Dell Networking OS allows the same).• If the virtual I

The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets.Dellshow vrrp------------------Gigab

Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 secAdv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 2343, Gratuitous ARP sent: 5Virtual MAC address: 00:00:5e:00:0

Disabling PreemptThe preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher

If you are configured for VRRP version 2, the timer values must be in multiples of whole seconds. For example, timer value of 3 seconds or 300 centise

default value of 10 (also known as cost). If the tracked interface’s state goes up, the VRRP group’s priority increases by 10.The lowered priority of

show track• (Optional) Display the configuration and the UP or DOWN state of tracked interfaces and objects in VRRP groups, including the time since t

GigabitEthernet 7/30, IPv6 VRID: 1, Version: 3, Net: fe80::201:e8ff:fe01:95ccVRF: 0 default-vrfState: Master, Priority: 100, Master: fe80::201:e8ff:fe

This time is the gap between an interface coming up and being operational, and VRRP enabling.The seconds range is from 0 to 900.The default is 0.• Set

Figure 137. VRRP for IPv4 TopologyExamples of Configuring VRRP for IPv4 and IPv6The following example shows configuring VRRP for IPv4 Router 2.R2(conf

The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions.FTOS(conf-if-range-Te-0/0)#dot1x tx-period 90FTOS

priority 200 virtual-address 10.1.1.3 no shutdownR2(conf-if-gi-2/31)#endR2#show vrrp------------------GigabitEthernet 2/31, VRID: 99, Net: 10.

Figure 138. VRRP for an IPv6 ConfigurationNOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already ha

Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the GigE 0/0 interface has a higher IPv6 ad

VRRP in a VRF ConfigurationThe following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios.• Multipl

Figure 139. VRRP in a VRF: Non-VLAN ExampleExample of Configuring VRRP in a VRF on Switch-1 (Non-VLAN)Switch-1S1(conf)#ip vrf default-vrf 0!S1(conf)#i

!S1(conf)#interface GigabitEthernet 12/3S1(conf-if-gi-12/3)#ip vrf forwarding VRF-3S1(conf-if-gi-12/3)#ip address 20.1.1.5/24S1(conf-if-gi-12/3)#vrrp-

VRRP in VRF: Switch-1 VLAN ConfigurationVRRP in VRF: Switch-2 VLAN ConfigurationSwitch-1S1(conf)#ip vrf VRF-1 1!S1(conf)#ip vrf VRF-2 2!S1(conf)#ip vr

S2(conf-if-vl-100-vrid-101)#priority 255S2(conf-if-vl-100-vrid-101)#virtual-address 10.10.1.2S2(conf-if-vl-100)#no shutdown!S2(conf-if-gi-12/4)#interf

63S-Series Debugging and DiagnosticsThis chapter describes debugging and diagnostics for the S4810 platform.Offline DiagnosticsThe offline diagnostics

Running Offline DiagnosticsTo run offline diagnostics, use the following commands.For more information, refer to the examples following the steps.1. P

-----------------------------Dot1x Status: EnablePort Control: FORCE_AUTHORIZEDPort Auth Status: UNAUTHORIZEDRe-Authentication:

Please make sure that stacking/fanout not configured for Diagnostics execution.Also reboot/online command is necessary for normal operation after the

The following example shows the diag command (stack member).[output from master unit]Dell#diag stack-unit 2Warning - the stack unit will be pulled out

PRESENTTest 1.001 - Psu Power Good Test ... PASSTest 1 - Psu Power Good Test ...

Table 76. Line Card Restart Causes and ReasonsCauses Displayed ReasonsRemote power cycle of the chassis push button resetreload soft resetreboot after

show hardware stack-unit {0-11} buffer unit {0-1} port {1-64 | all} buffer-info• View the forwarding plane statistics containing the packet buffer sta

show hardware stack-unit {0-11} unit {0-1} table-dump {table name}Enabling Environmental MonitoringThe S4810 components use environmental monitoring h

2. Check air flow through the system. Ensure that the air ducts are clean and that all fans are working correctly.3. After the software has determined

OID String OID Name Description.1.3.6.1.4.1.6027.3.16.1.1.4 fpPacketBufferTable View the modular packet buffers details per stack unit and the mode of

• Dynamic buffer — this pool is shared memory that is allocated as needed, up to a configured limit. Using dynamic buffers provides the benefit of sta

• Reduce the dedicated buffer on all queues/interfaces.• Increase the dynamic buffer on all interfaces.• Increase the cell pointers on a queue that yo

Port Control: FORCE_AUTHORIZEDPort Auth Status: UNAUTHORIZEDRe-Authentication: EnableUntagged VLAN id: NoneTx Period:

%S50N:0 %DIFFSERV-2-DSA_DEVICE_BUFFER_UNAVAILABLE: Unable to allocate dedicated buffers for stack-unit 0, port pipe 0, egress port 25 due to unavailab

6 3.00 2567 3.00 256The following example shows viewing the default buffer profile on a linecard.Dell#sho buffer-p

Sample Buffer Profile ConfigurationThe two general types of network environments are sustained data transfers and voice/data.Dell Networking recommend

Displaying Drop CountersTo display drop counters, use the following commands.• Identify which stack unit, port pipe, and port is experiencing internal

--- Egress FORWARD PROCESSOR Drops ---IPv4 L3UC Aged & Drops : 0TTL Threshold Drops : 0INVALID VLAN CNTR Drops : 0L2MC Drops

Example of Viewing Party Bus StatisticsDell#sh hardware stack-unit 2 cpu party-bus statisticsInput Statistics: 27550 packets, 2559298 bytes 0 droppe

GTPKT.ge0 : 973 +972GTBCA.ge0 : 1 +1GTBYT.ge0 : 71,531 +71,467RUC.cpu0 : 972 +971TDBGC6.cpu0 : 1,584 +1,

flash: 3104256 bytes total (2959872 bytes free)Dell#Example of a Mini Core Text FileVALID MAGIC-----------------PANIC STRING -----------------panic st

64Standards ComplianceThis chapter describes standards compliance for Dell Networking products.NOTE: Unless noted, when a standard cited here is liste

MTU 9,252 bytesRFC and I-D ComplianceDell Networking OS supports the following standards. The standards are grouped by related protocol. The columns s

Guest VLAN: DisableGuest VLAN id: NONEAuth-Fail VLAN: DisableAuth-Fail VLAN id: NONEAuth-Fail Max-Attempts: NON

General IPv4 ProtocolsThe following table lists the Dell Networking OS support per platform for general IPv4 protocols.Table 80. General IPv4 Protocol

General IPv6 ProtocolsThe following table lists the Dell Networking OS support per platform for general IPv6 protocols.Table 81. General IPv6 Protocol

RFC# Full Name S-Series/Z-Series2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing2796 BGP Route Reflection: An Alternative to F

Intermediate System to Intermediate System (IS-IS)The following table lists the Dell Networking OS support per platform for IS-IS protocol.Table 84. I

MulticastThe following table lists the Dell Networking OS support per platform for Multicast protocol.Table 86. MulticastRFC# Full Name S-Series1112 H

RFC# Full Name S4810 S4820T Z-SeriesManagement of TCP/IP-based internets1157 A Simple Network Management Protocol (SNMP)7.6.11212 Concise MIB Definiti

RFC# Full Name S4810 S4820T Z-SeriesDigital Hierarchy (SONET/SDH) Interface Type2570 Introduction and Applicability Statements for Internet Standard M

RFC# Full Name S4810 S4820T Z-SeriesradiusAuthClientMalformedAccessResponsesradiusAuthClientUnknownTypesradiusAuthClientPacketsDropped2698 A Two Rate

RFC# Full Name S4810 S4820T Z-SeriesNetwork Management Protocol (SNMP)3418 Management Information Base (MIB) for the Simple Network Management Protoco

RFC# Full Name S4810 S4820T Z-Seriesdraft-ietf-isis-wgmib- 16Management Information Base for Intermediate System to Intermediate System (IS-IS):isisSy

Implementation Information...322Configure the

Figure 11. Dynamic VLAN Assignment1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to t

RFC# Full Name S4810 S4820T Z-SeriessFlow.org sFlow Version 5 7.7.1sFlow.org sFlow Version 5 MIB 7.7.1FORCE10-BGP4-V2-MIBForce10 BGP MIB (draft-ietf-i

RFC# Full Name S4810 S4820T Z-SeriesFORCE10-SMI Force10 Structure of Management Information7.6.1FORCE10-SYSTEM-COMPONENT-MIBForce10 System Component M

If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External

!interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200no shutdownDell(conf-if-Te-2/1)#Dell(conf-if-Te-2/1)#dot1x au

7Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)This chapter describes the access control list (ACL) VLAN group and content

for the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL manager application verifies the following parameter

• The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the S4180 switch if two slices are allocated.

4. Add VLAN member(s) to an ACL VLAN group.CONFIGURATION (conf-acl-vl-grp) modemember vlan {VLAN-range}5. Display all the ACL VLAN groups or display a

4. View the number of flow processor (FP) blocks that is allocated for the different VLAN services.EXEC Privilege modeDell#show cam-usage switch Linec

The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured:Dell#show cam-usage aclLinecard|Portpipe|

You can configure only two of these features at a time.• To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlano

Using FIP Snooping...350FIP Sn

8Access Control Lists (ACLs)This chapter describes access control lists (ACLs), prefix lists, and route-maps.• Access control lists (ACLs), Ingress IP

• Port/VLAN based IMPLICIT DENY Rules• VRF based PERMIT/DENY Rules• VRF based IMPLICIT DENY RulesNOTE: In order for the VRF ACLs to take effect, ACLs

• CAM OptimizationUser Configurable CAM AllocationUser configurable CAM allocations are supported on the S4810 platform.Allocate space for IPV6 ACLs b

Implementing ACLs on Dell Networking OSYou can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface

closer to 0) before rules with higher-order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 255.Exampl

To create a route map, use the following command.• Create a route map and assign it a unique name. The optional permit and deny keywords are the actio

The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map inst

Example of the match Command to Permit and Deny RoutesDell(conf)#route-map force permit 10Dell(config-route-map)#match tag 1000Dell(conf)#route-map fo

• Match next-hop routes specified in a prefix list (IPv6).CONFIG-ROUTE-MAP modematch ipv6 next-hop {access-list-name | prefix-list prefix-list-name}•

CONFIG-ROUTE-MAP modeset local-preference value• Specify a value for redistributed routes.CONFIG-ROUTE-MAP modeset metric {+ | - | metric-value}• Spec

Important Points to Remember... 378Configure GVRP.

In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF. According to

Example of Using the continue Clause in a Route Map!route-map test permit 10match commu comm-list1set community 1:1 1:2 1:3set as-path prepend 1 2 3 4

Layer 4 ACL Rules ExamplesThe following examples show the ACL commands for Layer 4 packet filtering.Permit an ACL line with L3 information only, and t

Configure a Standard IP ACLTo configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode.For a complete list of all the commands related

If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which t

To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the

Configure Filters, TCP PacketsTo create a filter for UDP packets with a specified sequence number, use the following commands.1. Create an extended IP

CONFIG-EXT-NACL mode{deny | permit} udp {source mask | any | host ip-address}} [count [byte]] [order] [fragments]When you use the log keyword, the CP

L2 ACL Behavior L3 ACL Behavior Decision on Targeted TrafficPermit Deny L3 ACL denies.Permit Permit L3 ACL permits.NOTE: If you configure an interface

4. Apply rules to the new ACL.INTERFACE modeip access-list [standard | extended] nameTo view which IP ACL is applied to an interface, use the show con

IGMP Snooping...398IGMP

Dell#configure terminalDell(conf)#ip access-list extended abcdDell(config-ext-nacl)#permit tcp any anyDell(config-ext-nacl)#deny icmp any anyDell(conf

Dell#configure terminalDell(conf)#interface te 0/0Dell(conf-if-te-0/0)#ip vrf forwarding blueDell(conf-if-te-0/0)#show config!interface TenGigabitEthe

A route prefix is an IP address pattern that matches on bits within the IP address. The format of a route prefix is A.B.C.D/X where A.B.C.D is a dotte

Creating a Prefix ListTo create a prefix list, use the following commands.1. Create a prefix list and assign it a unique name.You are in PREFIX LIST m

Creating a Prefix List Without a Sequence NumberTo create a filter without a specified sequence number, use the following commands.1. Create a prefix

ip prefix-list filter_in:count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (h

Applying a Filter to a Prefix List (OSPF)To apply a filter to routes in open shortest path first (OSPF), use the following commands.• Enter OSPF mode.

Table 7. ACL ResequencingRules ResquencingRules Before Resequencing: seq 5 permit any host 1.1.1.1seq 6 permit any host 1.1.1.2seq 7 permit any host 1

!ip access-list extended testremark 2 XYZremark 4 this remark corresponds to permit any host 1.1.1.1seq 4 permit ip any host 1.1.1.1remark 6 this rema

Logging of ACL ProcessesThis functionality is supported on the S4810 platform.To assist in the administration and management of traffic that traverses

Null Interfaces... 421

packets in the ACL entry, and if the logging is deactivated in a specific interval because the threshold has exceeded, the count of packets that excee

NOTE: This example describes the configuration of ACL logging for standard IP access lists. You can enable the logging capability for standard and ext

are traversing through the ingress interfaces are examined, and appropriate ACLs can be applied in the ingress direction. By default, flow-based monit

monitor session 11 flow-based enable source GigabitEthernet 13/0 destination GigabitEthernet 13/1 direction bothThe

Dell(conf)#interface gig 1/1Dell(conf-if-gi-1/1)#ip access-group testflow inDell(conf-if-gi-1/1)#show config!interface GigabitEthernet 1/1 ip address

9Bidirectional Forwarding Detection (BFD)Bidirectional forwarding detection (BFD) is supported only on the S4810 platform.BFD is a protocol that is us

NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client.BFD Packet Form

Field Descriptionsystem clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Deman

BFD SessionsBFD must be enabled on both sides of a link in order to establish a session.The two participating systems can assume either of two roles:A

handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated.4. The passive system receives the control

Enhanced Validation of Interface Ranges... 44823 Internet Protocol

receives a Down status notification from the remote system, the session state on the local system changes to Init.Figure 14. Session State ChangesImpo

• Configure BFD for OSPFv3• Configure BFD for IS-IS• Configure BFD for BGP• Configure BFD for VRRP• Configuring Protocol Liveness• Troubleshooting BFD

Establishing a Session on Physical PortsTo establish a session, enable BFD at the interface level on both ends of the link, as shown in the following

Remote Addr: 2.2.2.2Remote MAC Addr: 00:01:e8:06:95:a2Int: GigabitEthernet 4/24State: UpConfigured parameters: TX: 100ms, RX: 100ms, Multiplier: 3Nei

Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7Disabling and Re-Enabling BFDBFD is

Establishing Sessions for Static RoutesSessions are established for all neighbors that are the next hop of a static route.Figure 16. Establishing Sess

• Change parameters for all static route sessions.CONFIGURATION modeip route bfd interval milliseconds min_rx milliseconds multiplier value role [acti

Establishing Sessions with OSPF NeighborsBFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neigh

INTERFACE modeip ospf bfd all-neighborsExample of Verifying Sessions with OSPF NeighborsTo view the established sessions, use the show bfd neighbors c

To disable BFD sessions, use the following commands.• Disable BFD sessions with all OSPFv3 neighbors.ROUTER-OSPFv3 modeno bfd all-neighbors• Disable B

UDP Helper with No Configured Broadcast Addresses...468Troubleshooting UDP Helper...

To change parameters for all OSPF sessions or for OSPF sessions on a single interface, use the following commands.• Change parameters for OSPF session

Establishing Sessions with IS-IS NeighborsBFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neigh

The bold line shows that IS-IS BFD sessions are enabled.R2(conf-router_isis)#bfd all-neighborsR2(conf-router_isis)#do show bfd neighbors* - Active

INTERFACE moseisis bfd all-neighbors disableConfigure BFD for BGPBidirectional forwarding detection (BFD) for BGP is supported on the S4810 platform.I

Figure 19. Establishing Sessions with BGP NeighborsThe sample configuration shows alternative ways to establish a BFD session with a BGP neighbor:• By

typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message

ROUTER BGP modeneighbor {ip-address | peer-group-name} bfd disable• Remove the disabled state of a BFD for BGP session with a specified neighbor.ROUTE

Examples of the BFD show CommandsThe following example shows verifying a BGP configuration.R2# show running-config bgp!router bgp 2 neighbor 1.1.1.2

Number of messages from IFA about port state change: 0Number of messages communicated b/w Manager and Agent: 5Session Discriminator: 10Neighbor Discri

Down : 0Admin Down : 2The following example shows viewing BFD summary information.The bold line shows the message displayed when you e

Default iSCSI Optimization Values...495iSCSI Optimizat

Connections established 1; dropped 0 Last reset neverLocal host: 2.2.2.3, Local port: 63805Foreign host: 2.2.2.2, Foreign port: 179E1200i_ExaScale#

Establishing Sessions with All VRRP NeighborsBFD sessions can be established for all VRRP neighbors at once, or a session can be established with a pa

The bold line shows that VRRP BFD sessions are enabled.Dell(conf-if-gi-4/25)#vrrp bfd all-neighborsDell(conf-if-gi-4/25)#do show bfd neighbor* - A

Disabling BFD for VRRPIf you disable any or all VRRP sessions, the sessions are torn down.A final Admin Down control packet is sent to all neighbors a

Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump:

10Border Gateway Protocol IPv4 (BGPv4)Border gateway protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on the S4810 platform.This chapter provides

Figure 21. Internal BGPBGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol —

Figure 22. BGP Routers in Full MeshThe number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes

Establish a SessionInformation exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.In order to

Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection

Configuring Shared LAG State Tracking...532Important Points about Sh

• Next HopNOTE: There are no hard coded limits on the number of attributes that are supported in the BGP. Taking into account other constraints such a

Figure 24. BGP Best Path SelectionBest Path Selection Details1. Prefer the path with the largest WEIGHT attribute.2. Prefer the path with the largest

c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295.7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP

and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B.Figure 25. BGP Local Preferenc

Figure 26. Multi-Exit DiscriminatorsNOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound E

*> 7.0.0.0/30 10.114.8.33 0 0 18508 ?*> 9.2.0.0/16 10.114.8.33 10 0 18508 701 iAS PathThe AS path is the list of

Multiprotocol BGPMultiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distribute

internal configured, BGP advertises the metric configured in the redistribute command as MED.• If BGP peer outbound route-map has metric configured, a

Configure 4-byte AS numbers with the four-octet-support command.AS4 Number RepresentationDell Networking OS supports multiple representations of 4-byt

!router bgp 100bgp asnotation asdot+bgp four-octet-as-supportneighbor 172.30.1.250 local-as 65057<output truncated>Dell(conf-router_bgp)#do show

Notes, Cautions, and WarningsNOTE: A NOTE indicates important information that helps you make better use of your computer.CAUTION: A CAUTION indicates

Disabling and Undoing LLDP...567Enabling LLDP on Ma

appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned.Figure 27. Before and After AS Num

3. Prepend "65001 65002" to as-path.Local-AS is prepended before the route-map to give an impression that update passed through a router in

• The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route-reflector clients are not in a full mesh if you enable BG

By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enable

NOTE: Sample Configurations for enabling BGP routers are found at the end of this chapter.1. Assign an AS number and enter ROUTER BGP mode.CONFIGURATI

3. Enable the BGP neighbor.CONFIG-ROUTER-BGP modeneighbor {ip-address | peer-group-name} no shutdownExamples of the show ip bgp CommandsNOTE: When you

For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are vir

Connections established 0; dropped 0 Last reset never No active TCP connectionDell#The following example shows verifying the BGP configuration usi

bgp asnotation asplainNOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display.• Enable ASDOT AS N

Configuring Peer GroupsTo configure multiple BGP neighbors at one time, create and populate a BGP peer group.An advantage of peer groups is that membe

Debugging MSDP... 600MSDP wi

6. Add a neighbor as a remote AS.CONFIG-ROUTERBGP modeneighbor {ip-address | peer-group name} remote-as as-numberFormats: IP Address A.B.C.D• Peer-Gro

neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdownDell(conf-router_bgp)#To enable a peer group, use the neighbor peer-group-name n

10.68.183.1 10.68.184.1 10.68.185.1Dell>Configuring BGP Fast Fall-OverBy default, a BGP session is governed by the hold time.BGP routers typica

fall-over enabledUpdate source set to Loopback 0Peer active in peer-group outbound optimizationFor address family: IPv4 UnicastBGP table version 52, n

You can constrain the number of passive sessions accepted by the neighbor. The limit keyword allows you to set the total number of sessions the neighb

Example of the Verifying that Local AS Numbering is DisabledThe first line in bold shows the actual AS number. The second two lines in bold show the l

R2(conf-router_bgp)#show conf!router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 netw

• Defer best path selection for a certain amount of time. This helps optimize path selection and results in fewer updates being sent out.To enable gra

neighbor {ip-address | peer-group-name} graceful-restart [role receiver-only]• Set the maximum time to retain the restarting neighbor’s or peer-group’

Example of the show ip bgp paths CommandTo view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode.

Designated and Backup Designated Routers...637Link-State Advertisements (LSA

Regular Expression Definition[ ] (brackets) Matches any enclosed character and specifies a range of single characters.- (hyphen) Used within brackets

Redistributing RoutesIn addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redist

To allow multiple paths sent to peers, use the following commands.1. Allow the advertisement of multiple paths for the same address prefix without the

To configure an IP community list, use these commands.1. Create a community list and enter COMMUNITY-LIST mode.CONFIGURATION modeip community-list com

Configuring an IP Extended Community ListTo configure an IP extended community list, use these commands.1. Create a extended community list and enter

Filtering Routes with Community ListsTo use an IP community list or IP extended community list to filter routes, you must apply a match community filt

To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.If you want to remove or add a specific COMMUNITY number f

Dell>show ip bgp communityBGP table version is 3762622, local router ID is 10.114.8.48Status codes: s suppressed, d damped, h history, * valid, >

CONFIG-ROUTER-BGP modebgp default local-preference value– value: the range is from 0 to 4294967295.The default is 100.To view the BGP configuration, u

set next-hop ip-addressChanging the WEIGHT AttributeTo change how the WEIGHT attribute is used, enter the first command. You can also use route maps t

Enable PIM-SM...687Conf

For inbound and outbound updates the order of preference is:• prefix lists (using the neighbor distribute-list command)• AS-PATH ACLs (using the neigh

• If the prefix list contains no filters, all routes are permitted.• If none of the routes match any of the filters in the prefix list, the route is d

Filtering BGP Routes Using AS-PATH InformationTo filter routes based on AS-PATH information, use these commands.1. Create a AS-PATH ACL and assign it

• Assign an ID to a router reflector cluster.CONFIG-ROUTER-BGP modebgp cluster-id cluster-idYou can have multiple clusters in an AS.• Configure the lo

Configuring BGP ConfederationsAnother way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations.As wi

• history entry — an entry that stores information on a downed route• dampened path — a path that is no longer advertised• penalized path — a path tha

show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression]– ip-address [mask]: enter the IP address and ma

Dampening enabled. 0 history paths, 0 dampened paths, 0 penalized pathsNeighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.114.8

To reset a BGP connection using BGP soft reconfiguration, use the clear ip bgp command in EXEC Privilege mode at the system prompt.When you enable sof

Route Map ContinueThe BGP route map continue feature, continue [sequence-number], (in ROUTE-MAP mode) allows movement from one route-map entry to a sp

41 Per-VLAN Spanning Tree Plus (PVST+)... 722Protocol Overview...

• When exchanging updates with the peer, BGP sends and receives IPv4 multicast routes if the peer is marked as supporting that AFI/SAFI.• Exchange of

EXEC Privilege modedebug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out]• View information about BGP updates and filter by p

Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128)For address family: IPv4 UnicastB

00000000 00000000 00000000 00000000 0181a1e4 0181a25c 41af92c0 00000000 00000000 00000000 00000000 00000001 0181a1e4 0181a25c 41af9400 00000000

Sample ConfigurationsThe following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive dir

no shutdownR1(conf-if-lo-0)#int te 1/21R1(conf-if-te-1/21)#ip address 10.0.1.21/24R1(conf-if-te-1/21)#no shutdownR1(conf-if-te-1/21)#show config!inter

R2(conf-router_bgp)#network 192.168.128.0/24R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99R2(conf-router_bgp)#neighbor 192.168.128.1 no shutR2(c

R1(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBBR1(conf-router_bgp)#R1(conf-router_bgp)#show config!router bgp 99network 192.168.128.0/24nei

Minimum time between advertisement runs is 30 secondsMinimum time before advertisements start is 0 secondsExample of Enabling Peer Groups (Router 2)R2

BGP-RIB over all using 207 bytes of memory2 BGP path attribute entrie(s) using 128 bytes of memory2 BGP AS-PATH entrie(s) using 90 bytes of memory2 ne

Guidelines for Configuring ECN for Classifying and Color-Marking Packets... 758Sample configuration to mark non-ecn packe

11Content Addressable Memory (CAM)Content addressable memory (CAM) is supported on the S4810 platform.CAM is a type of memory that stores information

CAM Allocation SettingOpenflow 0fedgovacl 0The following additional CAM allocation settings are supported on the S6000, S4810 or S4820T platforms only

Dell(conf)#1. Select a cam-acl action.CONFIGURATION modecam-acl [default | l2acl]NOTE: Selecting default resets the CAM entries to the default setting

Example of Viewing CAM-ACL SettingsDell(conf)#do show cam-acl-- Chassis Cam ACL --Current Settings(in block sizes) Next Boot(in block sizes)

L2PT : 0IpMacAcl : 0VmanQos : 0VmanDualQos : 0EcfmAcl : 0FcoeAcl : 0iscsiO

Example of the show cam-usage CommandDell#show cam-usageStackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM========|=======

QoS CAM Region LimitationTo store QoS service policies, the default CAM profile allocates a partition within the IPv4Flow region.If the QoS CAM space

12Control Plane Policing (CoPP)Control plane policing (CoPP) is supported on the S4810 platform.Control plane policing (CoPP) uses access control list

Figure 30. CoPP Implemented Versus CoPP Not ImplementedConfigure Control Plane PolicingThe S4810 can process a maximum of 4200 packets per second (PPS

CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL-PLANE mode to each port-pipe.CoPP policies are configur

Configuring an EdgePort...794Configurin

8. Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules

The following example shows matching the QoS class map to the QoS policy.Dell(conf)#policy-map-input egressFP_rate_policy cpu-qosDell(conf-policy-map-

The following example shows assigning the QoS policy to the queues.Dell(conf)#policy-map-input cpuq_rate_policy cpu-qosDell(conf-qos-policy-in)#servic

ports while traversing across units and finally on the master CMIC, they are queued on the same queues 0 – 7. In this case, the queue (4 – 7) taken by

FP is installed for all Front panel ports.NDP PacketsNeighbor discovery protocol has 4 types of packets NS, NA, RA, RS. These packets need to be taken

CPU QueueWeights Rate (pps) Protocol4 127 2000 IPC/IRC, VLT Control frames5 16 300 ARP Request, NS, RS, iSCSI OPT Snooping6 16 400 ICMP, ARP Reply, NT

To configure control-plane policing, perform the following:1. Create an IPv6 ACL for control-plane traffic policing for ospfv3.CONFIGURATION modeDell(

Q7 1100Dell#Example of Viewing Queue MappingTo view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping

13Data Center Bridging (DCB)Data center bridging (DCB) is supported on the S4810 platform.NOTE: Ethernet Enhancements in Data Center BridgingThe follo

network that may drop packets in case of network congestion. IP networks rely on transport protocols (for example, TCP) for reliable data transmission

48 Service Provider Bridging...839VLAN Stacking...

The system supports loading two DCB_Config files:• FCoE converged traffic with priority 3.• iSCSI storage traffic with priority 4.In the Dell Networki

low-latency storage or server cluster traffic in a traffic class to receive more bandwidth and restrict best-effort LAN traffic assigned to a differen

– No bandwidth limit or no ETS processing• Bandwidth allocated by the ETS algorithm is made available after strict-priority groups are serviced. Bandw

Data Center Bridging in a Traffic FlowThe following figure shows how DCB handles a traffic flow on an interface.Figure 32. DCB PFC and ETS Traffic Han

To enable DCB with PFC buffers on a switch, enter the following commands, save the configuration, and reboot the system to allow the changes to take e

dot1p Value in the Incoming FrameEgress Queue Assignment5 56 67 7Configuring Priority-Based Flow ControlPFC provides a flow control mechanism based on

3. Configure the CoS traffic to be stopped for the specified delay.DCB INPUT POLICY modepfc priority priority-rangeEnter the 802.1p values of the fram

To remove a DCB input policy, including the PFC configuration it contains, use the no dcb-input policy-name command in INTERFACE Configuration mode. T

Lossless traffic egresses out the no-drop queues. Ingress dot1p traffic from PFC-enabled interfaces is automatically mapped to the no-drop egress queu

Valid stack-unit IDs are 0 to 5.The only valid port-set ID (port-pipe number) is 0.Dell Networking OS Behavior: If you configure PFC on a 40GbE port,

50 Simple Network Management Protocol (SNMP)... 865Protocol Overview...

• You can only use a QoS DCB output policy in association with a priority group in a DCB output policy and cannot be applied to an interface as a norm

ETS-assigned bandwidth allocation and scheduling apply only to data queues, not to control queues.Dell Networking OS supports hierarchical scheduling

Creating an ETS Priority GroupAn ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is a

The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.

Dell Networking OS Behavior: Create a DCB output policy to associate a priority group with an ETS output policy with scheduling and bandwidth configur

Configuring Bandwidth Allocation for DCBx CINAfter you apply an ETS output policy to an interface, if the DCBx version used in your data center networ

dcb-policy input stack-unit {all | stack-unit-id} stack-ports all dcb-input-policy-nameEntering this command removes all DCB input policies applied to

DCBx OperationDCBx performs the following operations:• Discovers DCB configuration (such as PFC and ETS) in a peer device.• Detects DCB mis-configurat

• If the received peer configuration is not compatible with the currently configured port configuration, the link with the DCBx peer port is disabled

NOTE: On a DCBx port, application priority TLV advertisements are handled as follows:• The application priority TLV is transmitted only if the priorit

Failover Roles... 893MAC Ad

A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto

DCBx ExampleThe following figure shows how to use DCBx.The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for upli

1. Configure ToR- and FCF-facing interfaces as auto-upstream ports.2. Configure server-facing interfaces as auto-downstream ports.3. Configure a port

5. On manual ports only: Configure the PFC and ETS TLVs advertised to DCBx peers.PROTOCOL LLDP mode[no] advertise DCBx-tlv {ets-conf | ets-reco | pfc}

3. Configure the DCBx version used on all interfaces not already configured to exchange DCB information.PROTOCL LLDP mode[no] DCBx version {auto | cee

6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs.PROTOCOL LLDP mode[no] fcoe priority-bits priority-bitmap

– fail: enables traces for DCBx failures.– mgmt: enables traces for DCBx management frames.– resource: enables traces for DCBx system resource frames.

Command Outputshow stack-unit {0-11 | all} stack ports all ets detailsDisplays the ETS configuration applied to ingress traffic on stack-links, includ

FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FC

Fields DescriptionPort state for current operational PFC configuration:• Init: Local PFC configuration parameters were exchanged with peer.• Recommend

Contents1 About this Guide...35Audience...

Enabling PortFast... 923Pre

Fields DescriptionPFC TLV Statistics: Pause Rx pkts Number of PFC pause frames receivedThe following example shows the show interface pfc statistics c

Oper status is initETS DCBx Oper status is DownState Machine Type is AsymmetricConf TLV Tx Status is enabledReco TLV Tx Status is enabled0 Input Conf

Traffic ClassPktsThe following example shows the show interface ets detail command.Dell(conf)# show interfaces tengigabitethernet 0/0 ets detailInterf

Traffic Class TLVPktsThe following table describes the show interface ets detail command fields.Table 15. show interface ets detail Command Descriptio

Field DescriptionConf TLV Tx Status Status of ETS Configuration TLV advertisements: enabled or disabled.ETS TLV Statistic: Input Conf TLV pkts Number

0 0,1,2,3,4,5,6,7 100% ETS1 - -2 - -3

Local DCBx Status----------------- DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Prot

Field DescriptionLocal DCBx Status: Sequence Number Sequence number transmitted in Control TLVs.Local DCBx Status: Acknowledgment Number Acknowledgeme

Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority TrafficQoS Traffic Classification: The service-class dynamic dot1p command has been used

dot1p Value in the Incoming FramePriority Group Assignment3 SAN4 IPC5 LAN6 LAN7 LANThe following describes the priority group-bandwidth assignment.Pri

Important Points to Remember... 950Configuring Upl

Dell(conf-qos-policy-out)# exitDell(conf)# qos-policy-output ipc etsDell(conf-qos-policy-out)# bandwidth-percentage 5Dell(conf-qos-policy-out)# exitEx

In this example, the configured ETS bandwidth allocation and scheduler behavior is as follows:Unused bandwidth usage:Normally, if there is no traffic

Step Task Command Command Modepriority groups is made available and allocated according to the specified percentages. If a priority group does not use

Step Task Command Command Mode1Enter interface configuration mode on an Ethernet port.interface {tengigabitEthernet slot/port | fortygigabitEthernet s

Configuring Lossless QueuesDCB also supports the manual configuration of lossless queues on an interface after you disable PFC mode in a DCB map and a

Priority-Based Flow Control Using Dynamic Buffer MethodPriority-based flow control using dynamic buffer spaces is supported on the S4810 platform.In a

The default behavior causes up to a maximum of 6.6 MB to be used for PFC-related traffic. The remaining approximate space of 1 MB can be used by lossy

The show dcb command has been enhanced to display the following additional buffer-related information: S4810-YU-MR-Dell (conf)#do show dcb dcb Status

6. Assign the DCB policy to the DCB buffer threshold profile on stack ports.CONFIGURATION modeS4810-YU-MR-Dell(conf)# dcb-policy buffer-threshold stac

14Dynamic Host Configuration Protocol (DHCP)Dynamic host configuration protocol (DHCP) is available on the S4810 platform.DHCP is an application layer

VLT Port Delayed Restoration... 984PIM-Sparse Mode Su

Option Number and DescriptionSubnet Mask Option 1Specifies the client’s subnet mask.Router Option 3Specifies the router IP addresses that may serve as

Option Number and DescriptionIdentifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server.L2 DHCP Sno

Figure 36. Client and Server MessagingImplementation InformationThe following describes DHCP implementation.• Dell Networking implements DHCP based on

Configure the System to be a DHCP ServerConfiguring the system to be a DHCP server is supported only on the S4810 platform.A DHCP server is a network

3. Specify the range of IP addresses from which the DHCP server may assign addresses.DHCP <POOL> modenetwork network/prefix-length• network: the

lease {days [hours] [minutes] | infinite}The default is 24 hours.Specifying a Default GatewayThe IP address of the default router should be on the sam

Creating Manual Binding EntriesAn address binding is a mapping between the IP address and the media access control (MAC) address of a client.The DHCP

Configure the System to be a Relay AgentThis feature is available on the S4810 platform.DHCP clients and servers request and offer configuration infor

Figure 37. Configuring a Relay AgentTo view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privileg

ICMP redirects are not sentICMP unreachables are not sentConfigure the System to be a DHCP ClientA DHCP client is a network device that requests an IP

VRF Configuration...1033Load V

• Release the IP address dynamically acquired from a DHCP server from the interface.• Disable the DHCP client on the interface so it cannot acquire a

• To display statistics about DHCP client interfaces, use the show ip dhcp client statistics interface type slot/port command.• To clear DHCP client s

Virtual Link Trunking (VLT)A DHCP client is not supported on VLT interfaces.VLAN and Port ChannelsDHCP client configuration and behavior are the same

The received stacking configuration is always applied on the master stack unit.option #230 "unit-number:3#priority:2#stack-group:14"Configur

ip dhcp relay information-option remote-idDHCP SnoopingDHCP snooping protects networks from spoofing. In the context of DHCP snooping, ports are eithe

3. Enable DHCP snooping on a VLAN.CONFIGURATION modeip dhcp snooping vlan nameAdding a Static Entry in the Binding TableTo add a static entry in the b

Drop DHCP Packets on Snooped VLANs OnlyBinding table entries are deleted when a lease expires or the relay agent encounters a DHCPRELEASE.Line cards m

MAC flooding An attacker can send fraudulent ARP messages to the gateway until the ARP cache is exhausted, after which, traffic from the gateway is br

To see how many valid and invalid ARP packets have been processed, use the show arp inspection statistics command.Dell#show arp inspection statisticsD

The DHCP binding table associates addresses the DHCP servers assign, with the port on which the requesting client is attached. When you enable IP sour

Display Stack Port Statistics...1085Display Stack M

4. Enable IP+MAC SAV.INTERFACE modeip dhcp source-address-validation ipmacDell Networking OS creates an ACL entry for each IP+MAC address pair in the

15Equal Cost Multi-Path (ECMP)Equal cost multi-path (ECMP) is supported on the S4810 platform.ECMP for Flow-Based AffinityECMP for flow-based affinity

CONFIGURATION mode.ipv6 ecmp-deterministicConfiguring the Hash Algorithm SeedDeterministic ECMP sorts ECMPs in order even though RTM provides them in

NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when the user configures multipath routes to the same network. The sys

Creating an ECMP Group BundleWithin each ECMP group, you can specify an interface.If you enable monitoring for the ECMP group, the utilization calcula

Dell(conf-ecmp-group-5)#show config!ecmp-group 5 interface tengigabitethernet 0/2 interface tengigabitethernet 0/3 link-bundle-monitor enableDell(c

16FCoE TransitThe Fibre Channel over Ethernet (FCoE) Transit feature is supported on the S4810 switch on Ethernet interfaces. When you enable the swit

FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received

Figure 38. FIP Discovery and Login Between an ENode and an FCFFIP Snooping on Ethernet BridgesIn a converged Ethernet network, intermediate Ethernet b

FCoE-generated ACLsThese take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames.The following

1About this GuideThis guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instruc

The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform t

For VLAN membership, you must:• create the VLANs on the switch which handles FCoE traffic (use the interface vlan command).• configure each FIP snoopi

Enable FIP Snooping on VLANsYou can enable FIP snooping globally on a switch on all VLANs or on a specified VLAN.When you enable FIP snooping on VLANs

Table 20. Impact of Enabling FIP SnoopingImpact DescriptionMAC address learning MAC address learning is not performed on FIP and FCoE frames, which ar

3. Reload the switch to enable the configuration.EXEC Privilege mode.reloadAfter the switch is reloaded, DCB/DCBx is enabled.4. Enable the FCoE transi

Command Outputshow fip-snooping statistics [interface vlan vlan-id| interface port-type port/slot | interface port-channel port-channel-number]Display

Field DescriptionPort WWPN Worldwide port name of the CNA port.Port WWNN Worldwide node name of the CNA port.The following example shows the show fip-

Field DescriptionFC-MAP FC-Map value advertised by the FCF.ENode Interface Slot/number of the interface connected to the ENode.FKA_ADV_PERIOD Period o

Number of VN Port Session Timeouts :0Number of Session failures due to Hardware Config :0The following example shows the show fip-snoop

Field DescriptionNumber of Multicast Discovery Advertisements Number of FIP-snooped multicast discovery advertisements received on the interface.Numbe

2Configuration FundamentalsThe Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure i

FCoE Transit Configuration ExampleThe following illustration shows an S4810 switch used as a FIP snooping bridge for FCoE traffic between an ENode (se

Example of Enabling an FC-MAP Value on a VLANDell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01NOTE: Configuring an FC-MAP value is only required if yo

17Enabling FIPS CryptographyFederal information processing standard (FIPS) cryptography is supported on the S4810 platform.This chapter describes how

Enabling FIPS ModeTo enable or disable FIPS mode, use the console port.Secure the host attached to the console port against unauthorized access. Any a

Monitoring FIPS Mode StatusTo view the status of the current FIPS mode (enabled/disabled), use the following commands.• Use either command to view the

• New 1024–bit RSA and RSA1 host key-pairs are created.To disable FIPS mode, use the following command.• To disable FIPS mode from a console port.CONF

18Force10 Resilient Ring Protocol (FRRP)Force10 resilient ring protocol (FRRP) is supported on the S4810 platform.FRRP provides fast network convergen

The Member VLAN is the VLAN used to transmit data as described earlier.The Control VLAN is used to perform the health checks on the ring. The Control

Multiple FRRP RingsUp to 255 rings are allowed per system and multiple rings can be run on one system.More than the recommended number of rings may ca

Concept ExplanationControl VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used onl

• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available,

Concept ExplanationThere is no periodic transmission of TCRHFs. The TCRHFs are sent on triggered events of ring failure or ring restoration only.Imple

Configuring the Control VLANControl and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP

3. Assign the Primary and Secondary ports and the control VLAN for the ports on the ring.CONFIG-FRRP mode.interface primary int slot/port secondary in

To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring.1. Create a VLAN with this ID n

5. Identify the Member VLANs for this FRRP group.CONFIG-FRRP mode.member-vlan vlan-id {range}VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs.6. E

• Show the information for the identified FRRP group.EXEC or EXEC PRIVELEGED mode.show frrp ring-idRing ID: the range is from 1 to 255.• Show the stat

protocol frrp 101 interface primary GigabitEthernet 1/24secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disableExam

mode transit no disableForce10 Resilient Ring Protocol (FRRP)377

19GARP VLAN Registration Protocol (GVRP)GARP VLAN registration protocol (GVRP) is supported on the S4810 platform.Typical virtual local area network (

Configure GVRPTo begin, enable GVRP.To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface

CLI Command Mode Prompt Access CommandNOTE: Access all of the following modes from CONFIGURATION mode.AS-PATH ACLDell(config-as-path)# ip as-path acce

• Configure a GARP TimerEnabling GVRP GloballyTo configure GVRP globally, use the following command.• Enable GVRP for the entire switch.CONFIGURATION

not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED.• Forbidden Mode — Disables the port to

LeaveAll Timer 5000Dell(conf)#Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp time

20High Availability (HA)High availability (HA) is supported on the S4810 platform.HA is a collection of features that preserves system continuity by m

RPM Slot ID: 0 RPM Redundancy Role: Primary RPM State: Active RPM SW Version: 7.6.1.0 Link to Peer: Up-- PEER RPM Status -----------------------

Specifying an Auto-Failover LimitWhen a non-recoverable fatal error is detected, an automatic failover occurs.However, Dell Networking OS is configure

Unit Type : Member UnitStatus : not presentDell#conDell(conf)#stack-unit 1 provision S4810Dell(conf)#endDell#show

Graceful RestartGraceful restart is supported on the S4810 platform.Graceful restart (also known as non-stop forwarding) is a protocol-based mechanism

• Crash Log — contains trace messages related to IPC and IRC timeouts and task crashes on line cards and is stored under the directory CRASH_LOG_DIR.F

21Internet Group Management Protocol (IGMP)Internet group management protocol (IGMP) is supported on the S4810 platform.Multicast is premised on ident

CLI Command Mode Prompt Access CommandRAPID SPANNING TREEDell(config-rstp)# protocol spanning-tree rstpREDIRECTDell(conf-redirect-list)# ip redirect-l

Figure 42. IGMP Messages in IP PacketsJoin a Multicast GroupThere are two ways that a host may join a multicast group: it may respond to a general que

response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet.IGMP V

Figure 44. IGMP Version 3–Capable Multicast Routers Address StructureJoining and Filtering Groups and SourcesThe following illustration shows how mult

Figure 45. Membership Reports: Joining and FilteringLeaving and Staying in GroupsThe following illustration shows how multicast routers track and refr

Figure 46. Membership Queries: Leaving and StayingConfigure IGMPConfiguring IGMP is a two-step process.1. Enable multicast routing using the ip multic

• Fast Convergence after MSTP Topology Changes• Designating a Multicast Router InterfaceViewing IGMP Enabled InterfacesInterfaces that are enabled wit

IGMP version is 3Dell(conf-if-gi-1/13)#Viewing IGMP GroupsTo view both learned and statically configured IGMP groups, use the following command.• Vi

INTERFACE modeip igmp query-interval• Adjust the maximum response time.INTERFACE modeip igmp query-max-resp-time• Adjust the last member query interva

Enabling IGMP Immediate-LeaveIf the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robus

• View the configuration.CONFIGURATION modeshow running-config• Disable snooping on a VLAN.INTERFACE VLAN modeno ip igmp snoopingRelated Configuration

Managing the File System... 57Enabling

CLI Command Mode Prompt Access CommandLLDP MANAGEMENT INTERFACEDell(conf-lldp-mgmtIf)#management-interface (LLDP Mode)LINEDell(config-line-console) or

• Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports.CONFIGURATION modeno ip igmp snoopi

ip igmp snooping last-member-query-intervalFast Convergence after MSTP Topology ChangesThe following describes the fast convergence feature.When a por

routes. If SSH is specified as a management application, SSH links to and from an unknown destination uses the management default route.Protocol Separ

can configure two default routes, one configured on the management port and the other on the front-end port.Two tables, namely, Egress Interface Selec

When the feature is disabled using the no management egress-interface-selection command, the following operations are performed:• All management appli

the show management application pkt-drop-cntr command. This counter is cleared using clear management application pkt-drop-cntr command.• Packets whos

traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup.Handling of Transit Traffic (Traff

This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch.• Drop

Protocol Behavior when EIS is Enabled Behavior when EIS is Disableddns EIS Behavior Default Behaviorftp EIS Behavior Default Behaviorntp EIS Behavior

Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected.Protocol Behavior when EIS is Enabled Beha

-- Stack Info --Unit UnitType Status ReqTyp CurTyp Version Ports-------------------------------------------------

Designating a Multicast Router InterfaceTo designate an interface as a multicast router interface, use the following command.Dell Networking OS also h

22InterfacesThis chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS).•

Interface TypesThe following table describes different interface types.Interface Type Modes Possible Default Mode Requires Creation Default StatePhysi

Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6aPluggable media present, XFP type is 10GBASE-LR. Medium is

interface GigabitEthernet 9/7 no ip address shutdown!interface GigabitEthernet 9/8 no ip address shutdown!interface GigabitEthernet 9/9 no ip add

Configuration Task List for Physical InterfacesBy default, all interfaces are operationally disabled and traffic does not pass through them.The follow

Example of a Basic Layer 2 Interface ConfigurationDell(conf-if)#show config!interface Port-channel 1 no ip address switchport no shutdownDell(conf-

no ip address switchport no shutdownDell(conf-if)#ip address 10.10.1.1 /24% Error: Port is in Layer 2 mode Gi 1/2.Dell(conf-if)#To determine the c

attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This featu

CONFIGURATION modeinterface managementethernet interfaceThe slot range is 0.• Configure an IP address and mask on a Management interface.INTERFACE mod

no ip address no shutdownLayer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command. For example, in PROTOC

Destination Gateway Dist/Metric Last Change ----------- ------- ----------- -----------*S 0.0.0.0/

Loopback InterfacesA Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally

Port Channel Definition and StandardsLink aggregation is defined by IEEE 802.3ad as a method of grouping multiple physical interfaces into a single lo

Dell Networking OS brings up 10/100/1000 interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel

Creating a Port ChannelYou can create up to 128 port channels with eight port members per group on the S4810 .To configure a port channel, use the fol

To add a physical interface to a port, use the following commands.1. Add the interface to a port channel.INTERFACE PORT-CHANNEL modechannel-member int

When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the

Dell(conf-if-po-4)#int port 3Dell(conf-if-po-3)#channel tengi 0/8Dell(conf-if-po-3)#sho conf!interface Port-channel 3 no ip address channel-member T

3. Verify the manually configured VLAN membership (show interfaces switchport interface command).EXEC modeDell(conf)# interface tengigabitethernet 0/1

assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.Packet based hashing is used to load bala

Short-Cut Key CombinationActionCNTL-A Moves the cursor to the beginning of the command line.CNTL-B Moves the cursor back one character.CNTL-D Deletes

• Change the default (0) to another algorithm and apply it to ECMP, LAG hashing, or a particular line card.CONFIGURATION modehash-algorithm | [ecmp{cr

Bulk ConfigurationBulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces.In

Create a Multiple-RangeThe following is an example of multiple range.Example of the interface range Command (Multiple Ranges)Dell(conf)#interface rang

Add RangesThe following example shows how to use commas to add VLAN and port-channel interfaces to the range.Example of Adding VLAN and Port-Channel I

Monitoring and Maintaining InterfacesMonitor interface statistics with the monitor interface command. This command displays an ongoing list of the int

Output throttles: 0 0 pps 0m - Change mode c - Clear screenl - Page up a - Page downT - Increase r

NOTE: When you split a 40G port (such as fo 0/4) into four 10G ports, the 40G interface configuration is available in the startup configuration when y

• improves network stability by penalizing misbehaving interfaces and redirecting traffic.• improves convergence times and stability throughout the ne

clear dampeningExample of the clear dampening CommandDell# clear dampening interface Gi 0/1Dell# show interfaces dampening GigabitEthernet0/0Interface

• Enable link bundle monitoring.ecmp-group• View all LAG link bundles being monitored.show running-config ecmp-groupUsing Ethernet Pause Frames for Fl

• show run | grep Ethernet returns a search result with instances containing a capitalized “Ethernet,” such as interface GigabitEthernet 0/0.• show ru

Threshold SettingsThreshold settings are supported on the S4810 platform.When the transmission pause is set (tx on), you can set three thresholds to d

* Number of flow-control packet pointers: the range is from 1 to 2047 (default = 75).* Flow-control buffer threshold in KB: the range is from 1 to 201

For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500.

4. Access the port.CONFIGURATION modeinterface interface slot/port5. Set the local port speed.INTERFACE modespeed {10 | 100 | 1000 | auto}6. Optionall

interface GigabitEthernet 0/1no ip addressspeed 100duplex fullno shutdownSet Auto-Negotiation OptionsThe negotiation auto command provides a mode opti

Examples of the show CommandsThe following example lists the possible show commands that have the configured keyword available:Dell#show interfaces co

Example of the rate-interval CommandThe bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval

Dynamic CountersBy default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB.For the remaining applications, Dell Networking OS automatically turns

– (OPTIONAL) To clear statistics for all VRRP groups configured, enter the keyword vrrp. Enter a number from 1 to 255 as the vrid.– (OPTIONAL) To clea

23Internet Protocol Security (IPSec)Internet protocol security (IPSec) is available on the S4810 platform.IPSec is an end-to-end security scheme for p

NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regula

Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec.1. Define the transform set.CONFIGURATION modecry

24IPv4 RoutingIPv4 routing is supported on the S4810 platform.The Dell Networking Operating System (OS) supports various IP addressing features. This

• Assigning IP Addresses to an Interface (mandatory)• Configuring Static Routes (optional)• Configure Static Routes for the Management Interface (opti

interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown!Dell(conf-if)#Dell(conf-if)#show conf!interface GigabitEthernet 0/0ip address 10.1

S 6.1.2.4/32 via 6.1.20.2, Te 5/0 1/0 00:02:30S 6.1.2.5/32 via 6.1.20.2, Te 5/0 1/0 00:02:30S 6.1.2.6/32 via 6.1.20.2, Te 5/

S 6.1.2.6/32 via 6.1.20.2, Te 5/0 1/0 00:02:30S 6.1.2.7/32 via 6.1.20.2, Te 5/0 1/0 00:02:30S 6.1.2.8/32 via 6.1.20.2, Te 5/0

Using the Configured Source IP Address in ICMP MessagesThis feature is supported on the S4810 platform.ICMP error or unreachable messages are now sent

To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP connection, perform t

CONFIGURATION modeip domain-lookup• Specify up to six name servers.CONFIGURATION modeip name-server ip-address [ip-address2 ... ip-address6]The order

Configuring DNS with TracerouteTo configure your switch to perform DNS with traceroute, use the following commands.• Enable dynamic resolution of host

3Getting StartedThis chapter describes how you start configuring your system.When you power up the chassis, the system performs a power-on self test (

corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.For more inf

--------------------------------------------------------------------------------Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 - CPDell#E

• detect IP address conflicts• inform switches of their presence on a port so that packets can be forwarded• update the ARP table of other nodes on th

Figure 48. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP EnabledWhether you enable or disable ARP learning via gratuitous ARP, the

ICMPFor diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redire

2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. Refer to Configuring a Broadcast Address.Important Points to R

untagged GigabitEthernet 1/2no shutdownTo view the configured broadcast address for an interface, use show interfaces command.R1_E600(conf)#do show in

Figure 49. UDP Helper with Broadcast-All AddressesUDP Helper with Subnet Broadcast AddressesWhen the destination IP address of an incoming packet matc

UDP Helper with Configured Broadcast AddressesIncoming packets with a destination IP address matching the configured broadcast address of any interfac

When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command.Example Output from the debug ip dhcp CommandPacket 0.0.0

Accessing the Console PortTo access the console port, follow these steps:For the console port pinout, refer to Accessing the RJ-45 Console Port with a

25IPv6 RoutingInternet protocol version 6 (IPv6) routing is supported on the S4810 platform.NOTE: The IPv6 basic commands are supported on all platfor

NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). B

IPv6 Header FieldsThe 40 bytes of the IPv6 header are ordered, as shown in the following illustration.Figure 52. IPv6 Header FieldsVersion (4 bits)The

The following lists the Next Header field values.Value Description0 Hop-by-Hop option header4 IPv46 TCP8 Exterior Gateway Protocol (EGP)41 IPv643 Rout

However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s rou

of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one do

Implementing IPv6 with Dell Networking OSDell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system.The followi

Feature and FunctionalityDell Networking OS Release IntroductionDocumentation and Chapter LocationS4810IS-IS for IPv6 8.3.10 Intermediate System to In

Feature and FunctionalityDell Networking OS Release IntroductionDocumentation and Chapter LocationS4810(outbound SSH) Layer 3 onlySecure Shell (SSH) s

Figure 53. Path MTU Discovery ProcessIPv6 Neighbor DiscoveryIPv6 neighbor discovery protocol (NDP) is supported on the S4810 platform.NDP is a top-lev

Entering CLI commands Using an SSH ConnectionYou can run CLI commands by entering any one of the following syntax to connect to a switch using the pre

Figure 54. NDP Router RedirectIPv6 Neighbor Discovery of MTU PacketsYou can set the MTU advertised through the RA packets to incoming routers, without

The DNS server address does not allow the following:• link local addresses• loopback addresses• prefix addresses• multicast addresses• invalid host ad

Displaying IPv6 RDNSS InformationTo display IPv6 interface information, including IPv6 RDNSS information, use the show ipv6 interface command in EXEC

Secure Shell (SSH) Over an IPv6 TransportIPv6 secure shell (SSH) is supported on the S4810 platform.Dell Networking OS supports both inbound and outbo

The total space allocated must equal 13.The ipv6acl range must be a factor of 2.• Show the current CAM settings.EXEC mode or EXEC Privilege modeshow c

– prefix: IPv6 route prefix– type {slot/port}: interface type and slot/port– forwarding router: forwarding router’s address– tag: route tagEnter the k

• snmp-server community access-list-name ipv6• snmp-server group ipv6• snmp-server group access-list-name ipv6Showing IPv6 InformationAll of the follo

– For a VLAN interface, enter the keyword vlan then the VLAN ID.Example of the show ipv6 interface Command (S4810 )Dell#show ipv6 int man 1/0Managemen

– To display information about an IPv6 Prefix lists, enter list and the prefix-list name.Examples of the show ipv6 route CommandsThe following example

– For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/ port information.– For the Management interface on the RPM, enter

Default ConfigurationA version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the f

26iSCSI OptimizationiSCSI optimization is supported on the S4810 platform.This chapter describes how to configure internet small computer system inter

• If you configure flow-control, iSCSI uses the current configuration. If you do not configure flow-control, iSCSI auto-configures flow control settin

Monitoring iSCSI Traffic FlowsThe switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI pro

If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached:%STKUN

Configuring Detection and Ports for Dell Compellent ArraysTo configure a port connected to a Dell Compellent storage array, use the following command.

iSCSI optimization, which can turn on flow control again on reboot, use the no iscsi enable command and save the configuration.When you enable iSCSI o

Parameter Default ValueiSCSI session monitoring Disabled. The CAM allocation for iSCSI is set to zero (0).iSCSI Optimization PrerequisitesThe followin

5. Reload the switch.EXEC Privilege modereloadAfter the switch is reloaded, DCB/ DCBx and iSCSI monitoring are enabled.6. (Optional) Configure the iSC

8. (Optional) Set the aging time for iSCSI session monitoring.CONFIGURATION mode[no] iscsi aging time time.The range is from 5 to 43,200 minutes.The d

Maximum number of connections is 256------------------------------------------------iSCSI Targets and TCP Ports:--------------------------------------

Lock CONFIGURATION Mode... 80Viewing the Confi

Configure the Management Port IP AddressTo access the system remotely, assign IP addresses to the management ports.1. Enter INTERFACE mode for the Man

27Intermediate System to Intermediate SystemIntermediate system to intermediate system (Is-IS) is supported on the S4810 platform.• IS-IS is supported

The NET length is variable, with a maximum of 20 bytes and a minimum of 8 bytes. It is composed of the following:• area address — within your routing

Transition ModeAll routers in the area or domain must use the same type of IPv6 support, either single-topology or multi-topology. A router operating

A new TLV (the Restart TLV) is introduced in the IIH PDUs, indicating that the router supports graceful restart.TimersThree timers are used to support

• Accepts external IPv6 information and advertises this information in the PDUs.The following table lists the default IS-IS values.Table 31. IS-IS Def

Enabling IS-ISBy default, IS-IS is not enabled.The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process an

4. Enter an IPv4 Address.INTERFACE modeip address ip-address maskAssign an IP address and mask to the interface.The IP address must be on the same sub

Generate wide metrics: noneAccept wide metrics: noneDell#To view IS-IS protocol statistics, use the show isis traffic command in EXEC Privilege

3. Set the minimum interval between SPF calculations.ROUTER ISIS AF IPV6 modespf-interval [level-l | level-2 | interval] [initial_wait_interval [secon

– retry-times: number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with th

* 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell

Mode: Normal L1-State:NORMAL, L2-State: NORMAL L1: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 L2: Send/Receive:

lsp-refresh-interval seconds– seconds: the range is from 1 to 65535.The default is 900 seconds.• Set the maximum time LSPs lifetime.ROUTER ISIS modema

Metric Style Characteristics Cost Range Supported on IS-IS Interfacesnarrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide

– default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition.The range is from 0 to 16777215 if the met

• Change the IS-type for the IS-IS process.ROUTER ISIS modeis-type {level-1 | level-1-2 | level-2}Example of the show isis database Command to View Le

Distribute RoutesAnother method of controlling routing information is to filter the information through a prefix list.Prefix lists are applied to inco

Applying IPv6 RoutesTo apply prefix lists to incoming or outgoing IPv6 routes, use the following commands.NOTE: These commands apply to IPv6 IS-IS onl

NOTE: These commands apply to IPv4 IS-IS only. To apply prefix lists to IPv6 routes, use ADDRESS-FAMILY IPV6 mode, shown later.• Include BGP, directly

– map-name: enter the name of a configured route map.• Include specific OSPF routes in IS-IS.ROUTER ISIS moderedistribute ospf process-id [level-1| le

Setting the Overload BitAnother use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest p

Table 3. Forming a copy CommandLocation source-file-url Syntax destination-file-url SyntaxFor a remote file location:FTP servercopy ftp://username:pas

To view specific information, enter the following optional parameter:– interface: Enter the type of interface and slot/port information to view IS-IS

• narrow (supports only type, length, and value [TLV] up to 63)• wide (supports TLV up to 16777215)• transition (supports both narrow and wide and use

Beginning Metric Style Final Metric Style Resulting IS-IS Metric ValueNOTE: A truncated value is a value that is higher than 63, but set back to 63 be

Table 34. Metric Value when the Metric Style Changes Multiple TimesBeginning Metric StyleNext Metric Style Resulting Metric ValueNext Metric Style Fin

Level-1 Metric Style Level-2 Metric Style Resulting Metric Valuewide transition narrow transition truncated valuewide transition transition truncated

Figure 57. IPv6 IS-IS Sample TopographyIS-IS Sample Configuration — Congruent TopologyIS-IS Sample Configuration — Multi-topologyIS-IS Sample Configur

router isisnet 34.0000.0000.AAAA.00!address-family ipv6 unicastmulti-topologyexit-address-familyDell (conf-router_isis)#Dell (conf-if-te-3/17)#show co

28Link Aggregation Control Protocol (LACP)Link aggregation control protocol (LACP) is supported on the S4810 platform.Introduction to Dynamic LAGs and

• There is a difference between the shutdown and no interface port-channel commands:– The shutdown command on LAG “xyz” disables the LAG and retains t

• Configure LACP mode.LACP mode[no] port-channel number mode [active | passive | off]– number: cannot statically contain any links.The default is LACP

EXEC Privilege modecopy running-config ftp:// username:password@{hostip | hostname}/filepath/ filename• Save the running-configuration to a TFTP serve

Configuring the LAG Interfaces as DynamicAfter creating a LAG, configure the dynamic LAG interfaces.To configure the dynamic LAG interfaces, use the f

Dell(conf-if-po-32)#switchportDell(conf-if-po-32)#lacp long-timeoutDell(conf-if-po-32)#endDell# show lacp 32Port-channel 32 admin up, oper up, mode la

Figure 58. Shared LAG State TrackingTo avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ab

As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This ef

• If a LAG that is part of a failover group is deleted, the failover group is deleted.• If a LAG moves to the Down state due to this feature, its memb

ARP type: ARPA, ARP Timeout 04:00:00Last clearing of "show interface" counters 00:02:11Queueing strategy: fifoInput statistics: 132 pack

Figure 62. Inspecting Configuration of LAG 10 on ALPHA536Link Aggregation Control Protocol (LACP)

Figure 63. Verifying LAG 10 Status on ALPHA Using the show lacp CommandSummary of the LAG Configuration on AlphaAlpha(conf-if-po-10)#int gig 2/31Alpha

interface GigabitEthernet 2/31no ip addressSummary of the LAG Configuration on BravoBravo(conf-if-gi-3/21)#int port-channel 10Bravo(conf-if-po-10)#no

Figure 64. Inspecting a LAG Port on BRAVO Using the show interface CommandLink Aggregation Control Protocol (LACP)539

9 -rw- 27674906 Jul 06 2007 00:20:24 FTOS-EF-4.7.4.302.bin10 -rw- 27674906 Jul 06 2007 19:54:52 boot-image-FILE11 drw- 8192 Jan 01 1980 00:18:28

Figure 65. Inspecting LAG 10 Using the show interfaces port-channel Command540Link Aggregation Control Protocol (LACP)

Figure 66. Inspecting the LAG Status Using the show lacp commandThe point-to-point protocol (PPP) is a connection-oriented protocol that enables layer

29Layer 2Layer 2 features are supported on the S4810 platform.Manage the MAC Address TableDell Networking OS provides the following management activit

The range is from 10 to 1000000.Configuring a Static MAC AddressA static entry is one that is not subject to aging. Enter static entries manually.To c

interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed:%E90MH:5 %ACL_AGENT-2-ACL_AGENT

mac learning-limit mac-address-stickyUsing sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If yo

no ip address switchport mac learning-limit 1 dynamic no-station-move mac learning-limit station-move-violation log no shutdownLearning Limit Vi

Recovering from Learning Limit and Station Move ViolationsAfter a learning-limit or station-move violation shuts down an interface, you must manually

When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 i

Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup

Two existing exec mode CLIs are enhanced to display and store the running configuration in the compressed mode.show running-config compressed and writ

LACP) port-channel interface as either the primary or backup link in a redundant pair with a physical interface.To ensure that existing network applic

inactive: Vl 100:24:55: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Gi 3/4200:24:55: %RPM0-P:CP %IFMGR-5-ACTIVE: Changed Vlan interf

Figure 70. Configuring Far-End Failure DetectionThe report consists of several packets in SNAP format that are sent to the nearest known MAC address.I

4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set eac

To report interval frequency and mode adjustments, use the following commands.1. Setup two or more connected interfaces for Layer 2 or Layer 3.INTERFA

To set up and activate two or more connected interfaces, use the following commands.1. Setup two or more connected interfaces for Layer 2 or Layer 3.I

Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/0) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Po

30Link Layer Discovery Protocol (LLDP)The link layer discovery protocol (LLDP) is supported on the S4810 platform.802.1AB (LLDP) OverviewLLDP — define

Table 37. Type, Length, Value (TLV) TypesType TLV Description0 End of LLDPDU Marks the end of an LLDPDU.1 Chassis ID An administratively assigned name

Figure 73. Organizationally Specific TLVIEEE Organizationally Specific TLVsEight TLV types have been defined by the IEEE 802.1 and 802.3 working group

interface TenGigabitEthernet 0/4no ip addressshutdown!interface TenGigabitEthernet 0/10no ip addressshutdown!interface TenGigabitEthernet 0/34ip addre

Type TLV Description127 Protocol Identity Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV.IE

Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to:• manage inventory• manage Power over Etherne

Type SubType TLV DescriptionNone or all TLVs must be supported. Dell Networking OS does not currently support these TLVs.127 5 Inventory — Hardware Re

Figure 74. LLDP-MED Capabilities TLVTable 40. Dell Networking OS LLDP-MED CapabilitiesBit Position TLV Dell Networking OS Support0 LLDP-MED Capabiliti

NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivi

Extended Power via MDI TLVThe extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices.A

Important Points to Remember• LLDP is enabled by default.• Dell Networking systems support up to eight neighbors per interface.• Dell Networking syste

Enabling LLDPLLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send period

3. Enter the disable command.LLDP-MANAGEMENT-INTERFACE mode.To undo an LLDP management port configuration, precede the relevant command with the keywo

Figure 77. Configuring LLDPViewing the LLDP ConfigurationTo view the LLDP configuration, use the following command.• Display the LLDP configuration.CO

!interface Vlan 100no ip addressno shutdown!interface Vlan 1000ip address 1.1.1.1/16no shutdownUncompressed config size – 52 lineswrite memory compres

Viewing Information Advertised by Adjacent LLDP AgentsTo view brief information about adjacent devices or to view all the information that neighbors a

Configuring LLDPDU IntervalsLLDPDUs are transmitted periodically; the default interval is 30 seconds.To configure LLDPDU intervals, use the following

• Return to the default setting.CONFIGURATION mode or INTERFACE modeno modeExample of Configuring a Single ModeR1(conf)#protocol lldpR1(conf-lldp)#sho

advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-descri

Figure 78. The debug lldp detail Command — LLDPDU Packet DissectionRelevant Management ObjectsDell Networking OS supports all IEEE 802.1AB MIB objects

MIB Object CategoryLLDP Variable LLDP MIB Object DescriptionmsgTxInterval lldpMessageTxInterval Transmit Interval value.rxInfoTTL lldpRxInfoTTL Time t

Table 44. LLDP System MIB ObjectsTLV Type TLV Name TLV Variable System LLDP MIB Object1 Chassis ID chassis ID subtype Local lldpLocChassisIdSubtypeRem

TLV Type TLV Name TLV Variable System LLDP MIB Objectinterface numbering subtypeLocal lldpLocManAddrIfSubtypeRemote lldpRemManAddrIfSubtypeinterface n

Table 46. LLDP-MED System MIB ObjectsTLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object1 LLDP-MED CapabilitiesLLDP-MED CapabilitiesLocallld

TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object3 Location Identifier Location Data FormatLocal lldpXMedLocLocationSubtypeRemote lldpXMed

- - - network rw ftp: - - - network rw tftp: - - - network rw scp:You can cha

31Microsoft Network Load BalancingThis functionality is supported on the S4810 platform.Network Load Balancing (NLB) is a clustering functionality tha

• With NLB feature enabled, after learning the NLB ARP entry, all the subsequent traffic is flooded on all ports in VLAN1.With NLB, the data frame is

flooded out of all member ports. Since all the servers in the cluster receive traffic, failover and balancing are preserved.Enable and Disable VLAN Fl

32Multicast Source Discovery Protocol (MSDP)Multicast source discovery protocol (MSDP) is supported on the S4810 platform.Protocol OverviewMSDP is a L

Figure 79. Multicast Source Discovery Protocol (MSDP)RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of T

Anycast RPUsing MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to sha

• Accept Source-Active Messages that Fail the RFP Check• Specifying Source-Active Messages• Limiting the Source-Active Cache• Preventing MSDP from Cac

Figure 82. Configuring OSPF and BGP for MSDPMulticast Source Discovery Protocol (MSDP)587

Figure 83. Configuring PIM in Multiple Routing Domains588Multicast Source Discovery Protocol (MSDP)

Figure 84. Configuring MSDPEnable MSDPEnable MSDP by peering RPs in different administrative domains.1. Enable MSDP.CONFIGURATION modeip multicast-msd

For a particular target where VRF is enabled, the show output is similar to the following:Feature State------------------------------VRF enable

Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_

Limiting the Source-Active CacheSet the upper limit of the number of active sources that the Dell Networking OS caches.The default active source limit

Figure 85. MSDP Default Peer, Scenario 1592Multicast Source Discovery Protocol (MSDP)

Figure 86. MSDP Default Peer, Scenario 2Multicast Source Discovery Protocol (MSDP)593

Figure 87. MSDP Default Peer, Scenario 3594Multicast Source Discovery Protocol (MSDP)

Figure 88. MSDP Default Peer, Scenario 4Specifying Source-Active MessagesTo specify messages, use the following command.• Specify the forwarding-peer

Dell(conf)#ip access-list standard fiftyDell(conf)#seq 5 permit host 200.0.0.50Dell#ip msdp sa-cacheMSDP Source-Active Cache - 3 entriesGroupAddr So

Example of Verifying the System is not Caching Local SourcesWhen you apply this filter, the SA cache is not affected immediately. When sources that ar

R3_E600(conf)#do show ip msdp sa-cacheR3_E600(conf)#R3_E600(conf)#do show ip msdp peerPeer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Sourc

Logging Changes in Peership StatesTo log changes in peership states, use the following command.• Log peership state changes.CONFIGURATION modeip msdp

Forcibly Authorizing or Unauthorizing a Port...106Re-Authenticating a P

1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displ

Example of the clear ip msdp peer Command and Verifying Statistics are ClearedR3_E600(conf)#do show ip msdp peerPeer Addr: 192.168.0.1 Local Addr:

technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions.• lack of scalabl

Configuring Anycast RPTo configure anycast RP, use the following commands.1. In each routing domain that has multiple RPs serving a group, create a Lo

CONFIGURATION modeip msdp originator-idExamples of R1, R2, and R3 Configuration for MSDP with Anycast RPThe following example shows an R1 configuratio

no shutdown!interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown!interface Loopback 1 ip address 192.168.0.22/32 no sh

neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22

interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown!interface GigabitEthernet 2/11 ip pim sparse-mode ip address

redistribute connected redistribute bgp 200!router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-mult

33Multiple Spanning Tree Protocol (MSTP)Multiple spanning tree protocol (MSTP) is supported on the S4810 platform.Protocol OverviewMSTP — specified in

Spanning Tree VariationsThe Dell Networking OS supports four variations of spanning tree, as shown in the following table.Table 47. Spanning Tree Vari

• To copy a file from the internal FLASH, enter flash:// followed by the filename.• To copy the running configuration, enter the keyword running-confi

• Prevent Network Disruptions with BPDU Guard• Enabling SNMP Traps for Root Elections and Topology Changes• Configuring Spanning Trees as HitlessEnabl

mstiSpecify the keyword vlan then the VLANs that you want to participate in the MSTI.Examples of Configuring and Viewing MSTIThe following examples sh

Influencing MSTP Root SelectionMSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it bec

NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use

To change the MSTP parameters, use the following commands on the root bridge.1. Change the forward-delay parameter.PROTOCOL MSTP modeforward-delay sec

Modifying the Interface ParametersYou can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding por

you implement only bpduguard, although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up a

To view the enable status of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode.MSTP Sample ConfigurationsT

!(Step 3)interface Vlan 100 no ip address tagged GigabitEthernet 1/21,31 no shutdown!interface Vlan 200 no ip address tagged GigabitEthernet 1/21

Router 3 Running-ConfigurationThis example uses the following steps:1. Enable MSTP globally and set the region name and revision map MSTP instances to

4ManagementManagement is supported on the S4810 platform.This chapter describes the different protocols or services used to manage the Dell Networking

(Step 2)interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0exitinterface 1/0/32 no shutdown spanning-tree port mod

– As shown in the following, the MSTP routers are located in the same region.– Does the debug log indicate that packets are coming from a “Different R

The following example shows viewing the debug log of an unsuccessful MSTP configuration.4w0d4h : MSTP: Received BPDU on Gi 2/21 :ProtId: 0, Ver: 3, Bp

34Multicast FeaturesMulticast features are supported on the S4810 platform.NOTE: Multicast is supported on secondary IP addresses on the S4810 platfor

Figure 92. Multicast with ECMPImplementation InformationBecause protocol control traffic in Dell Networking OS is redirected using the MAC address, an

Protocol Ethernet AddressPIM-SM 01:00:5e:00:00:0d• The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-trace

• If the limit is decreased after it is reached, Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may

no access list limiting Receiver 1, so both IGMP reports are accepted, and two corresponding entries are created in the routing table.Figure 93. Preve

Location Description• no shutdown1/31• Interface GigabitEthernet 1/31• ip pim sparse-mode• ip address 10.11.13.1/24• no shutdown2/1• Interface Gigabit

Location Description• ip igmp access-group igmpjoinfilR2G2• no shutdownRate Limiting IGMP Join RequestsIf you expect a burst of IGMP Joins, protect th

Allowing Access to CONFIGURATION Mode CommandsTo allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGU

Figure 94. Preventing a Source from Transmitting to a GroupTable 50. Preventing a Source from Transmitting to a Group — DescriptionLocation Descriptio

Location Description• no shutdown2/1• Interface GigabitEthernet 2/1• ip pim sparse-mode• ip address 10.11.1.1/24• no shutdown2/11• Interface GigabitEt

Preventing a PIM Router from Processing a JoinTo permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the foll

35Open Shortest Path First (OSPFv2 and OSPFv3)Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on the S4810

Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow

The backbone is the only area with a default area number. All other areas can have their Area ID assigned in the configuration.In the previous example

Figure 96. OSPF Routing ExamplesBackbone Router (BR)A backbone router (BR) is part of the OSPF Backbone, Area 0.This includes all ABRs. It can also in

An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.Autonomous System Border Router (ASBR)The autonomous

available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4

Virtual LinksIn the case in which an area cannot be directly connected to Area 0, you must configure a virtual link between that area and Area 0.The t

• Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command.CONFIGURATION modeprivilege {configure |interface | line | r

OSPF with Dell Networking OSDell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000

period, neighbor OSPFv2 /v3 interfaces save the LSAs from the restarting OSPF interface. Helper neighbor routers continue to announce the restarting r

Multi-Process OSPFv2 (IPv4 only)Multi-process OSPF is supported on the S4810 platform with Dell Networking OS version 7.8.1.0 and later, and is suppor

Dell(conf-if-gi-2/2)#ip ospf dead-interval 80Dell(conf-if-gi-2/2)#In the following example, the dead interval is set at 4x the hello interval (shown i

• Troubleshooting OSPFv21. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer 3 routing.2. E

Assigning a Router IDIn CONFIGURATION ROUTER OSPF mode, assign the router ID.The router ID is not required to be the router’s IP address. However, Del

3. Return to CONFIGURATION mode to enable the OSPFv2 process globally.CONFIGURATION moderouter ospf process-id [vrf]The range is from 0 to 65535.After

In the example below, an IP address is assigned to an interface and an OSPFv2 area is defined that includes the IP address of a Layer 3 interface.The

Example of Viewing OSPF Status on a Loopback InterfaceDell#show ip ospf 1 intGigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168

Example of the show ip ospf database database-summary CommandTo view which LSAs are transmitted, use the show ip ospf database process-id database-sum

aux Auxiliary lineconsole Primary terminal linevty Virtual terminalDell(conf)#line vty 0Dell(config-line-v

Example of Viewing Passive InterfacesWhen you configure a passive interface, the show ip ospf process-id interface command adds the words passive inte

NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements.

• Change the time interval between hello-packet transmission.CONFIG-INTERFACE modeip ospf hello-interval seconds– seconds: the range is from 1 to 6553

The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration.Dell(conf-if)#ip ospf cost 45Dell(co

Enabling OSPFv2 Graceful RestartGraceful restart is enabled for the global OSPF process.For more information, refer to Graceful Restart.The Dell Netwo

3. Configure the graceful restart role or roles that this OSPFv2 router performs.CONFIG-ROUTEROSPF- id modegraceful-restart role [helper-only | restar

seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max-prefix-length]The optional parameters are:– ge min-prefix-length: is the m

network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3 distribute-list dilling inDell(conf-router_ospf)#Troubleshooting

• View debug messages.EXEC Privilege modedebug ip ospf process-id [event | packet | spf | database-timers rate-limit]To view debug messages for a spec

Figure 98. Basic Topology and CLI Commands for OSPFv2OSPF Area 0 — Gl 1/1 and 1/2router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24

• Disable logging to terminal lines.CONFIGURATION modeno logging monitor• Disable console logging.CONFIGURATION modeno logging consoleAudit and Securi

OSPF Area 0 — Gl 2/1 and 2/2router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0!interface Loo

Assigning IPv6 Addresses on an InterfaceTo assign IPv6 addresses to an interface, use the following commands.1. Assign an IPv6 address to the interfac

– number: the IPv4 address.The format is A.B.C.D.NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address.• Disable OSPF.CONFIGURATION mod

To indicate that hello packets are not transmitted on that interface, when you configure a passive interface, the show ipv6 ospf interface command add

period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. Whe

• Display the Type-11 Grace LSAs sent and received on an OSPFv3 router (shown in the following example).EXEC Privilege modeshow ipv6 ospf database gra

The following example shows the show ipv6 ospf database grace-lsa command.Dell#show ipv6 ospf database grace-lsa!Type-11 Grace LSA (Area 0)LS Age

between the two mechanisms is the extent of the coverage. ESP only protects IP header fields if they are encapsulated by ESP.You decide the set of IPs

– Configuring IPsec Authentication on an Interface– Configuring IPsec Encryption on an Interface– Configuring IPsec Authentication for an OSPFv3 Area–

NOTE: When you configure encryption using the ipv6 ospf encryption ipsec command, you enable both IPsec encryption and authentication. However, when y

When you enabled RBAC and extended logging:• Only the system administrator user role can execute this command.• The system administrator and system se

If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area a

– area area-id: specifies the area for which OSPFv3 traffic is to be encrypted. For area-id, enter a number or an IPv6 prefix.– spi number: is the sec

Examples of the show crypto ipsec CommandsIn the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys

outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE

• show ipv6 routesViewing Summary InformationTo get general route, configuration, links status, and debug information, use the following commands.• Vi

36Policy-based Routing (PBR)Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface.This chapte

To enable a PBR, you create a redirect list. Redirect lists are defined by rules, or routing policies. The following parameters can be defined in the

Implementing Policy-based Routing with Dell Networking OS• Non-contiguous bitmasks for PBR• Hot-Lock PBRNon-contiguous bitmasks for PBRNon-contiguous

The following example creates a redirect list by the name of “xyz.”Dell(conf)#ip redirect-list ?WORD Redirect-list name (max 16 chars) Dell(co

Dell(conf-redirect-list)#redirect 3.3.3.3 ?<0-255> An IP protocol number icmp

The following describes the two log messages formats:• 0 – Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol• 1 – Disp

PBR Exceptions (Permit)Use the command permit to create an exception to a redirect list. Exceptions are used when a forwarding decision should be base

Applying a Redirect-list to an Interface Example:Dell(conf-if-te-2/0)#ip redirect-group xyz Dell(conf-if-te-2/0)#Applying a Redirect-list to an Interf

NOTE: If, the redirect-list is applied to an interface, the output of show ip redirect-list redirect-list-name command displays reachability and ARP s

Create the Redirect-List GOLDEDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLDEDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_G

View Redirect-List GOLDEDGE_ROUTER#show ip redirect-listIP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-ho

37PIM Sparse-Mode (PIM-SM)Protocol-independent multicast sparse-mode (PIM-SM) is supported on the S4810 platform.PIM-SM is a multicast protocol that f

received becomes the outgoing interface associated with the (*,G) entry. This process constructs an RPT branch to the RP.3. If a host on the same subn

Important Point to RememberIf you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface.Configuring PIM

NOTE: You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address.To di

To configure a global expiry time or to configure the expiry time for a particular (S,G) entry, use the following commands.1. Enable global expiry tim

Setting Up a Secure Connection to a Syslog ServerYou can use reverse tunneling with the port forwarding to securely connect to a syslog server.Pre-req

Configuring a Static Rendezvous PointThe rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; eve

interface out of which it is sent and a DR priority value. The router with the greatest priority value is the DR. If the priority value is the same fo

38PIM Source-Specific Mode (PIM-SSM)PIM source-specific mode (PIM-SSM) is supported on the platform.PIM-SSM is a multicast protocol that forwards mult

Configure PIM-SMMConfiguring PIM-SSM is a two-step process.1. Configure PIM-SMM.2. Enable PIM-SSM for a range of addresses.Related Configuration Tasks

• When you remove the mapping configuration, Dell Networking OS removes the corresponding (S,G) states that it created and re-establishes the original

Interface Vlan 400Group 239.0.0.1Uptime 00:00:05Expires NeverRouter mode INCLUDELas

39Port MonitoringPort monitoring is supported on the S4810 platform.Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traf

2 Te 0/0 Te 0/2 both Port N/A N/ADell (conf-mon-sess-2)#do show running-config monitor session!monitor ses

0 Te 0/13 Gi 0/1 rx interface Port-based10 Te 0/14 Gi 0/2 rx interface Port-based20 Te 0/15 Gi 0/3

Configuring Port MonitoringTo configure port monitoring, use the following commands.1. Verify that the intended monitoring port has no configuration o

Configure Egress ACLs... 140Applying

3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”.If you do not, the system displays an error when you attempt to enable role-ba

Note: Source as VLAN is achieved via Flow based mirroring. Please refer section Enabling Flow-Based Monitoring.In the following example, the host and

3. Apply the ACL to the monitored port.INTERFACE modeip access-group access-listExample of the flow-based enable CommandTo view an access-list that yo

Remote Port Mirroring ExampleRemote port mirroring uses the analyzers shown in the aggregation network in Site A.The VLAN traffic on monitored links f

• You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session f

• By default, destination port sends the mirror traffic to the probe port by stripping off the rpm header. We can also configure the destination port

R 100 Active T Fo 0/44R 300 Active T Fo 0/52Configuring the Sample Remot

Dell(conf)#mac access-list standard mac_aclDell(config-std-macl)#permit 00:00:00:00:11:22 count monitorDell(config-std-macl)#exitDell(conf)#interface

Dell(conf-if-vl-20)#mode remote-port-mirroringDell(conf-if-vl-20)#tagged te 0/1Dell(conf-if-vl-20)#exitDell(conf)#interface vlan 30Dell(conf-if-vl-30)

5. Show the output for the LACP. Dell#show interfaces port-channel brief Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel

4direction Specify rx, tx or both in case to monitor ingress/egress or both ingress and egress packets on the specified port..5erpm source-ip <id&g

• Disable console logging.CONFIGURATION modeno logging consoleSending System Messages to a Syslog ServerTo send system messages to a specified syslog

ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted

39th byte in a given ERPM packet. The first 38/42 bytes of the header needs to be ignored/ chopped off.– Some tools support options to edit the captur

40Private VLANs (PVLAN)The private VLAN (PVLAN) feature is supported on the S4810 platform.For syntax details about the commands described in this cha

– A primary VLAN has one or more secondary VLANs.– A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the sw

INTERFACE VLAN mode[no] private-vlan mapping secondary-vlan vlan-list• Display type and status of PVLAN interfaces.EXEC mode or EXEC Privilege modesho

4. Select the PVLAN mode.INTERFACE modeswitchport mode private-vlan {host | promiscuous | trunk}• host (isolated or community VLAN port)• promiscuous

4. Map secondary VLANs to the selected primary VLAN.INTERFACE VLAN modeprivate-vlan mapping secondary-vlan vlan-listThe list of secondary VLANs can be

4. Add one or more host ports to the VLAN.INTERFACE VLAN modetagged interface or untagged interfaceYou can enter the interfaces singly or in range for

Dell(conf-vlan-100)# private-vlan mode isolatedDell(conf-vlan-100)# untagged Gi 2/2Private VLAN Configuration ExampleThe following example shows a pri

• The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.• All the ports in the secondary VLANs (bot

• Specify the minimum severity level for logging to a syslog server.CONFIGURATION modelogging trap level• Specify the minimum severity level for loggi

The following examples show the results of using this command without the command options on the C300 and S50V switches in the topology diagram previo

switchport mode private-vlan promiscuous no shutdown!interface GigabitEthernet 0/4 no ip address switchport switchport mode private-vlan host n

41Per-VLAN Spanning Tree Plus (PVST+)Per-VLAN spanning tree plus (PVST+) is supported on the S4810 platform.Protocol OverviewPVST+ is a variation of s

Table 51. Spanning Tree Variations Dell Networking OS SupportsDell Networking Term IEEE SpecificationSpanning Tree Protocol (STP) 802 .1dRapid Spannin

Enabling PVST+When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN.1. Enter PVST context.PROTOCOL PVST modeprotocol spanning

Figure 103. Load Balancing with PVST+The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priorit

Root Identifier has priority 4096, Address 0001.e80d.b6d6Root Bridge hello time 2, max age 20, forward delay 15Bridge Identifier has priority 4096, Ad

PROTOCOL PVST modevlan max-ageThe range is from 6 to 40.The default is 20 seconds.The values for global PVST+ parameters are given in the output of th

The range is from 0 to 240, in increments of 16.The default is 128.The values for interface PVST+ parameters are given in the output of the show spann

PVST+ in Multi-Vendor NetworksSome non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D B

%TSM-6-SFM_DISCOVERY: Found SFM 6%TSM-6-SFM_DISCOVERY: Found SFM 7%TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP%TSM-6-SFM_DISCOVERY: Found SFM 8%TSM-6

Example of Viewing the Extend System ID in a PVST+ ConfigurationDell(conf-pvst)#do show spanning-tree pvst vlan 5 briefVLAN 5Executing IEEE compatible

no ip address tagged GigabitEthernet 2/12,32 no shutdown!interface Vlan 200 no ip address tagged GigabitEthernet 2/12,32 no shutdown!interface

42Quality of Service (QoS)Quality of service (QoS) is supported on the S4810 platform.Differentiated service is accomplished by classifying and queuin

Feature DirectionConfigure a Scheduler to Queue EgressSpecify WRED Drop Precedence EgressCreate Policy Maps Ingress + EgressCreate Input Policy Maps I

Figure 105. Dell Networking QoS ArchitectureImplementation InformationThe Dell Networking QoS implementation complies with IEEE 802.1p User Priority B

Setting dot1p Priorities for Incoming TrafficDell Networking OS places traffic marked with a priority in a queue based on the following table.If you s

class dynamic dotp or trust dot1p. When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default V

Policy-Based QoS ConfigurationsPolicy-based QoS configurations consist of the components shown in the following example.Figure 106. Constructing Polic

Creating a Layer 3 Class MapA Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined i

The following example matches IPv6 traffic with a DSCP value of 40.Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40The fo

– user (for user programs)– uucp (UNIX to UNIX copy protocol)Example of the show running-config logging CommandTo view nondefault settings, use the sh

numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended.• Specify the order in which you want to apply

-----------------------------------------------------------------------20416 1 18 IP 0x0 0 0 23.64.0.5/32 0.0.0.0/0 20 220417 1 18

Creating an Input QoS PolicyTo create an input QoS policy, use the following steps.1. Create a Layer 3 input QoS policy.CONFIGURATION modeqos-policy-i

Configuring Policy-Based Rate ShapingTo configure policy-based rate shaping, use the following command.• Configure rate shape egress traffic.QOS-POLIC

Create Policy MapsThere are two types of policy maps: input and output.Creating Input Policy MapsThere are two types of input policy-maps: Layer 3 and

Table 55. Default DSCP to Queue MappingDSCP/CP hex range (XXX)xxxDSCP Definition Traditional IP PrecedenceInternal Queue ID DSCP/CP decimal111XXX Netw

Mapping dot1p Values to Service QueuesAll traffic is by default mapped to the same queue, Queue 0.If you honor dot1p on ingress, you can create servic

Creating Output Policy MapsCreating output policy maps is supported on the S4810 platform.1. Create an output policy map.CONFIGURATION modepolicy-map-

• Displaying Color Maps• Display Color Map ConfigurationCreating a DSCP Color MapYou can create a DSCP color map to outline the differentiated service

Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16Dell(conf)# qos dscp-co

Enabling Timestamp on Syslog MessagesBy default, syslog messages do not include a time/date stamp stating when the error or message was created.To ena

Display detailed information about a color policy for a specific interfaceDell# show qos dscp-color-policy detail te 0/10Interface TenGigabitEthernet

The range is from 1 to 3.Weighted Random Early DetectionWeighted random early detection (WRED) is supported on the S4810 platform.The WRED congestion

Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Ratewred_teng_g 467 4671 50wred_fortyg_y 467 4671 50wred_fortyg_g 467 4671 25Cre

wred_teng_y 467 4671 100wred_teng_g 467 4671 50wred_fortyg_y 467 4671 50wred_

• The estimated number of CAM entries the policy-map will consume.• Whether or not the policy-map can be applied.• The number of interfaces in a port-

are time-sensitive, such as video on demand (VoD) or voice over IP (VoIP) applications. In such cases, you can use ECN in conjunction with WRED to res

WRED/ECN configurations for the queues that belong to backplane ports are common to all the backplane ports and cannot be specified separately for eac

To configure the weight factor for WRED and ECN capabilities, global buffer pools for multiple queues, and associating a service class with ECN markin

Guidelines for Configuring ECN for Classifying and Color-Marking PacketsKeep the following points in mind while configuring the marking and mapping of

Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue).Classifying Incoming Packe

• Configure FTP Server Parameters (optional)• Configure FTP Client Parameters (optional)Enabling the FTP ServerTo enable the system as an FTP server,

Until Release 9.3(0.0), the software has the capability to qualify only on the 6-bit DSCP part of the ToS field in IPv4 Header. You can now accept and

This marking action to set the color of the packet is allowed only on the ‘match-any’ logical operator of the class-map.This marking-action can be con

seq 15 permit any dscp 40 ecn 3!ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0!ip access-list standard dscp_40_non_ecn seq 5

Applying DSCP and VLAN Match Criteria on a Service QueueYou can configure Layer 3 class maps which contain both a Layer 3 Differentiated Services Code

Classifying Incoming Packets Using ECN and Color-MarkingExplicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packe

Until Release 9.3(0.0), the software has the capability to qualify only on the 6-bit DSCP part of the ToS field in IPv4 Header. You can now accept and

This marking action to set the color of the packet is allowed only on the ‘match-any’ logical operator of the class-map.This marking-action can be con

Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic classConsider the example where there are no different traffic classes

service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50Approach with explicit ECN match qualifiers for ECN packets:!ip access

43Routing Information Protocol (RIP)Routing information protocol (RIP) is supported on the S4810 platform.RIP is based on a distance-vector algorithm;

– For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information.– For a loopback interface, enter the keyword loo

Implementation InformationDell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on i

Enabling RIP GloballyBy default, RIP is not enabled in Dell Networking OS.To enable RIP globally, use the following commands.1. Enter ROUTER RIP mode

192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 0/0192.162.2.0/24 auto-summary192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 0/019

distribute-list prefix-list-name in• Assign a configured prefix list to all outgoing RIP routes.ROUTER RIP modedistribute-list prefix-list-name outTo

You can set one RIP version globally on the system using system. This command sets the RIP version for RIP traffic on the interfaces participating in

The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and rec

The autosummary command requires no other configuration commands. To disable automatic route summarization, enter no autosummary in ROUTER RIP mode.NO

Enable debugging of RIP.Example of the debug ip rip CommandThe following example shows the confirmation when you enable the debug function.Dell#debug

Core 2 RIP OutputThe examples in the section show the core 2 RIP output.Examples of the show ip Commands to View Core 2 Information• To display Core 2

The following example shows the show ip protocols command to show the RIP configuration activity on Core 2.Core2#show ip protocolsRouting Protocol is

Example of an ACL that Permits Terminal AccessTo view the configuration, use the show config command in LINE mode.Dell(config-std-nacl)#show config!ip

Examples of the show ip Commands to View Learned RIP Routes on Core 3The following example shows the show ip rip database command to view the learned

GigabitEthernet 3/44 2 2 GigabitEthernet 3/43 2 2Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0Rou

ip address 192.168.2.1/24 no shutdown!router ripversion 2network 10.11.20.0network 10.11.30.0network 192.168.1.0network 192.168.2.0782Routing Infor

44Remote Monitoring (RMON)Remote monitoring (RMON) is supported on the S4810 platform.RMON is an industry-standard implementation that monitors networ

long as the master RPM had been running long enough to sample all the data. NMS backs up all the long-term data collection and displays the failover d

The following example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20

– controlEntry: specifies the RMON group of statistics using a value.– integer: a value from 1 to 65,535 that identifies the RMON Statistics Table. Th

45Rapid Spanning Tree Protocol (RSTP)Rapid spanning tree protocol (RSTP) is supported on the S4810 platform.Protocol OverviewRSTP is a Layer 2 protoco

Important Points to Remember• RSTP is disabled by default.• Dell Networking OS supports only one Rapid Spanning Tree (RST) instance.• All interfaces i

3. Enable the interface.INTERFACE modeno shutdownExample of Verifying an Interface is in Layer 2 Mode and EnabledTo verify that an interface is in Lay

Example of Terminal Line AuthenticationIn the following example, VTY lines 0-2 use a single authentication method, line.Dell(conf)#aaa authentication

Figure 109. Rapid Spanning Tree Enabled GloballyTo view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privil

BPDU : sent 121, received 2The port is not in the Edge port modePort 379 (GigabitEthernet 2/3) is designated ForwardingPort path cost 20000, Port prio

Modifying Global ParametersYou can modify RSTP parameters.The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites th

NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time.The range is fr

To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode.Enabling SNMP Traps for Root Ele

• If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.• When you add a physical port to a port chann

The range is from 50 to 950 milliseconds.Example of Verifying Hello-Time IntervalDell(conf-rstp)#do show spanning-tree rstp briefExecuting IEEE compat

46Software-Defined Networking (SDN)Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the S

47SecuritySecurity features are supported on the S4810 platform.This chapter describes several ways to provide security to the Dell Networking system.

– system: sends accounting information of any other AAA configuration.– exec: sends accounting information when a user has logged in to EXEC mode.– co

Local Preference... 192Multi-Exi

• Telnet to the peer RPM. You do not need to configure the management port on the peer RPM to be able to telnet to it.EXEC Privilege modetelnet-peer-r

CONFIG-LINE-VTY modeaccounting commands 15 com15accounting exec execAcctExample of Enabling AAA Accounting with a Named Method ListDell(config-line-vt

NOTE: In the release 9.4.(0.0), RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS and TACACS groups and then map mu

3. Assign a method-list-name or the default list to the terminal line.LINE modelogin authentication {method-list-name | default}To view the configurat

The following example shows enabling authentication from the RADIUS server.Dell(config)# aaa authentication enable default radius tacacsRadius and TAC

Privilege levels 2 through 14 are not configured and you can customize them for different users and access.After you configure other privilege levels,

Configuring the Enable Password CommandTo configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the co

To assign commands and passwords to a custom privilege level, use the following commands. You must be in privilege level 15.1. Assign a user name and

Line 2: All other users are assigned a password to access privilege level 8.Line 3: The configure command is assigned to privilege level 8 because it

• Configure a custom privilege level for the terminal lines.LINE modeprivilege level level– level level: The range is from 0 to 15. Levels 0, 1, and 1

Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP as the transpor

You can then send any user a message using the send command from EXEC Privilege mode. Alternatively, you can clear any line using the clear command fr

Configuration Task List for RADIUSTo authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can communicate w

• Enable AAA login authentication for the specified RADIUS method list.LINE modelogin authentication {method-list-name | default}This procedure is man

Setting Global Communication Parameters for all RADIUS Server HostsYou can configure global communication parameters (auth-port, key, retransmit, and

TACACS+Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication.Config

Example of a Failed AuthenticationTo view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privi

Example of Specifying a TACACS+ Server HostDell(conf)#Dell(conf)#aaa authentication login tacacsmethod tacacs+Dell(conf)#aaa authentication exec tacac

Command AuthorizationThe AAA command authorization feature configures Dell Networking OS to send each configuration command to a TACACS server for aut

ip ssh server version {1|2}• Display SSH connection information.EXEC Privilege modeshow ip sshSpecifying an SSH VersionThe following example uses the

• ip ssh hostbased-authentication enable: enable host-based authentication for the SSHv2 server.• ip ssh key-size: configure the size of the server-ge

The following example configures the time-based rekey threshold for an SSH session to 30 minutes.Dell(conf)#ip ssh rekey time 30 The following example

5. To save the changes, use the saveenv command.uBoot modesaveenv6. Reload the system.uBoot modereset7. Copy startup-config.bak to the running config.

The default HMAC algorithms are the following:• hmac-md5• hmac-md5-96• hmac-sha1• hmac-sha1-96• hmac-sha2-256• hmac-sha2-256-96When FIPS is enabled, t

• Using RSA Authentication of SSH• Configuring Host-Based SSH AuthenticationImportant Points to Remember• If you enable more than one method, the orde

5. Bind the public keys to RSA authentication.EXEC Privilege modeip ssh rsa-authentication my-authorized-keys flash://public_keyExample of Generating

admin@Unix_client# cat ssh_host_rsa_key.pubssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/AyWhVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDl

TelnetTo use Telnet with SSH, first enable SSH, as previously described.By default, the Telnet daemon is enabled. If you want to disable the Telnet da

You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization.Configure local

Dell(config-line-vty)#end(same applies for radius and line authentication)VTY MAC-SA Filter SupportDell Networking OS supports MAC access lists which

command to each role and as a result, it is easier and much more efficient to administer user rights. If a user’s role matches one of the allowed user

You must specify at least local authentication. For consistency, the best practice is to define the same authentication method list across all lines,

operator user role. This role does not have access to the commands that are available to the system security administrator for cryptography operations

5. Reload the system.uBoot modereset6. Configure a new enable password.CONFIGURATION modeenable {secret | password}7. Save the running-config to the s

• If you inherit a user role, you cannot modify or delete the inheritance. If you want to change or remove the inheritance, delete the user role and c

When you modify a command for a role, you specify the role, the mode, and whether you want to restrict access using the deleterole keyword or grant ac

The following example shows that the secadmin role can now access Interface mode (highlighted in bold).Role Inheritance Modes

Adding and Deleting Users from a RoleTo create a user name that is authenticated based on a user role, use the username name password encryption-type

the same or greater than the privilege level of those commands. Users with defined roles can use commands provided their role is permitted to use thos

accounting commands role netadmin ucraaaline vty 3login authentication ucraaaauthorization exec ucraaaaccounting commands role netadmin ucraaaline vty

role is Force10-avpair= ”shell:role=<user-role>“ where user-role is a user defined or system-defined role.In the following example, you create a

Active accounted actions on tty2, User john Priv 1 Role netoperatorTask ID 1, EXEC Accounting record, 00:00:30 Elapsed,service=shellActive accounted a

Role access: secadmin,sysadminDell#show role mode configure interfaceRole access: netadmin, sysadminDell#show role mode configure lineRole access: net

48Service Provider BridgingService provider bridging is supported on the S4810 platform.VLAN StackingVirtual local area network (VLAN) stacking is sup

Restoring the Factory Default SettingsRestoring the factory-default settings deletes the existing NVRAM settings, startup configuration, and all confi

Figure 110. VLAN Stacking in a Service Provider NetworkImportant Points to Remember• Interfaces that are members of the Default VLAN and are configure

Configure VLAN StackingConfiguring VLAN-Stacking is a three-step process.1. Creating Access and Trunk Ports2. Assign access and trunk ports to a VLAN

interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdownEnable VLAN-Stacking for a VLANTo enable VLAN-Stacking for a V

To configure trunk ports, use the following commands.1. Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making i

Example of Debugging a VLAN and its PortsThe port notations are as follows:• MT — stacked trunk• MU — stacked access port• T — 802.1Q trunk port• U —

untagged traffic and maps each to the appropriate VLAN, as shown by the packet originating from Building A.Therefore, a mismatched TPID results in the

Figure 112. Single and Double-Tag First-byte TPID Match846Service Provider Bridging

Figure 113. Single and Double-Tag TPID MismatchThe following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with

Network PositionIncoming Packet TPIDSystem TPID Match Type Pre-Version 8.2.1.0Version 8.2.1.0+0x8100 single-tag matchswitch to VLAN switch to VLAN0x81

• Make packets eligible for dropping based on their DEI value.CONFIGURATION modedei enableBy default, packets are colored green, and DEI is marked 0 o

5802.1ag802.1ag is available only on the S4810 platforms.Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install

Example of Viewing DEI-Marking ConfigurationTo display the DEI-marking configuration, use the show interface dei-mark [interface slot/port | linecard

configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration. For e

Mapping C-Tag to S-Tag dot1p ValuesTo map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands.1. Allo

Figure 115. VLAN Stacking without L2PTYou might need to transport control traffic transparently through the intermediate network to the other region.

the intermediate network because only Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the origina

Enabling Layer 2 Protocol TunnelingTo enable Layer 2 protocol tunneling, use the following command.1. Verify that the system is running the default CA

4. Set a maximum rate at which the RPM processes BPDUs for L2PT.VLAN STACKING modeprotocol-tunnel rate-limitThe default is: no rate limiting.The range

49sFlowConfiguring sFlow is supported on the S4810 platform.OverviewThe Dell Networking Operating System (OS) supports sFlow version 5.sFlow is a stan

Important Points to Remember• The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset.• Dell Networking recomm

0 UDP packets dropped165 sFlow samples collected69 sFlow samples dropped due to sub-samplingLinecard 1 Port set 0 H/W sampling rate 8192Gi 1/16: confi

In addition to providing end-to-end OAM in native Layer 2 Ethernet Service Provider/Metro networks, you can also use CFM to manage and troubleshoot an

Dell#show sflowsFlow services are enabledGlobal default sampling rate: 32768Global default counter polling interval: 201 collectors configuredCollecto

Example of Viewing sFlow Configuration (Line Card)Dell#show sflow stack-unit 1stack-unit 1 Samples rcvd from h/w :165 Samples dropped for

As a result of back-off, the actual sampling-rate of an interface may differ from its configured sampling rate. You can view the actual sampling-rate

0 UDP packets exported0 UDP packets dropped0 sFlow samples collected0 sFlow samples dropped due to sub-samplingImportant Points to Remember• To export

IP SA IP DA srcAS and srcPeerASdstAS and dstPeerASDescriptionwhere is source is reachable over ECMP.BGP BGP Exported Exported Extended gateway data is

50Simple Network Management Protocol (SNMP)Simple network management protocol (SNMP) is supported on the S4810 platform.NOTE: On Dell Networking route

Configuration mode. When the FIPS mode is enabled on the system, SNMPv3 operates in a FIPS-compliant manner, and only the FIPS-approved algorithm opti

Configuration Task List for SNMPConfiguring SNMP version 1 or version 2 requires a single step.NOTE: The configurations in this chapter use a UNIX env

Creating a CommunityFor SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS.The management station gene

snmp-server group group-name 3 noauth auth read name write name• Configure an SNMPv3 view.CONFIGURATION modesnmp-server view view-name oid-tree {inclu

Figure 3. Maintenance PointsMaintenance End PointsA maintenance end point (MEP) is a logical entity that marks the end point of a domain.There are two

• Read the value of a single managed object.snmpget -v version -c community agent-ip {identifier.instance | descriptor.instance}• Read the value of th

Configuring Contact and Location Information using SNMPYou may configure system contact and location information from the Dell Networking system or fr

Subscribing to Managed Object Value Updates using SNMPBy default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon cert

snmp coldstart SNMP_COLD_START: Agent Initialized - SNMP COLD_START. SNMP_WARM_START:Agent Initialized - SNMP WARM_START.s

envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: som

SNMP OID <oid> %RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: STACKUNIT0 high-capacity rising threshold alarm from SNMP OID <oid>Copy C

MIB Object OID Object Values DescriptioncopySrcFileName is not required.copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.51 = Dell Networking OS file2 =

Copying a Configuration FileTo copy a configuration file, use the following commands.NOTE: In UNIX, enter the snmpset command for help using the follo

• Copy the running-config to the startup-config from the UNIX machine.snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyD

Copying the Startup-Config Files to the Server via FTPTo copy the startup-config to the server via FTP from the UNIX machine, use the following comman

Implementation InformationBecause the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or p

s filepath/filename copyDestFileType.index i 3 copyServerAddress.index a server-ip-address copyUserName.index s server-login-id copyUserPassword.index

Obtaining a Value for MIB ObjectsTo obtain a value for any of the MIB objects, use the following command.• Get a copy-config MIB object value.snmpset

Assigning a VLAN AliasWrite a character string to the dot1qVlanStaticName object to assign a name to a VLAN.Example of Assigning a VLAN Alias using SN

• Seven hex pairs represent a stack unit. Seven pairs accommodate the greatest number of ports available — 64 ports on the S4810 . On the S4810 , the

Example of Adding an Untagged Port to a VLAN using SNMPIn the following example, Port 0/2 is added as an untagged member of VLAN 10.>snmpset -v2c -

The following OIDs are configurable through the snmpset command.The node OID is 1.3.6.1.4.1.6027.3.18F10-ISIS-MIB::f10IsisSysOloadSetOverloadF10-ISIS-

Fetch Dynamic MAC Entries using SNMPDell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs.NOT

Example of Fetching MAC Addresses Learned on a Non-default VLAN Using SNMPIn the following example, GigabitEthernet 1/21 is moved to VLAN 1000, a non-

To display the interface number, use the following command.• Display the interface index number.EXEC Privilege modeshow interfaceExample of Deriving t

Untagged 2)dot3aCommonAggFdbStatusSNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 << Status active, 2 – status inactiveExam

Creating a Maintenance DomainConnectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in Maintenance Doma

• When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the echo response output may not be displayed. To

51StackingStacking is supported on the S4810 platform.Stacking is supported on the S4810 platform with the Dell Networking Operating System (OS) versi

• LogsThe master switch maintains stack operation with minimal impact in the event of:• Switch failure• Inter-switch stacking link failure• Switch ins

-----------------------------------------------------------------0 Member not present1 Management online S4810 S4810 4810-8-3-12-

Stack MAC : 00:01:e8:d5:ef:81-- Stack Info --Unit UnitType Status ReqTyp CurTyp Version Ports-------------------------------------------------

0 Standby online S4810S4810 7.8.1.0 521 Management online S4810S4810 7.8.1.0 522 Member online S4810S4810 7.8.1

High Availability on S-Series StacksS-Series stacks have master and standby management units analogous to Dell Networking route processor modules (RPM

Management Access on S-Series StacksYou can access the stack via the console port or VTY line.• Console access — You may access the stack through the

– Stacking with 1G interfaces is not supported.• Stacking on the S4810 is accomplished through front-end user ports on the chassis.• All stack units m

If the stack is running Dell Networking OS version 8.3.12.0 and the new unit is running an earlier software version, the new unit is put into a card p

Configuring BGP Route Reflectors...232Aggregating Routes...

These roles define the relationships between all devices so that each device can monitor the layers under its responsibility.Creating a Maintenance En

3. Reload the switch.EXEC Privilege modereloadDell Networking OS automatically assigns a number to the new unit and adds it as member switch in the st

7. Reload the stack one unit at a time.EXEC Privilege modeshow system briefStart with the management unit, then the standby, then each of the members

Dell(conf)#Dell#02:39:18: %STKUNIT4-M:CP %SYS-5-CONFIG_I: Configured from consoleReload each unit in the stack. After the reload is complete, the four

Setting ports Te 0/0 Te 0/1 Te 0/2 Te 0/3 as stack group will make their interface configs obsolete aftera reload.[confirm yes/no]:yesS4810-1#show sys

4. Assign a stack group to each unit.CONFIGURATION modestack-unit id stack-group id5. Connect the new unit to the stack using stacking cables.Example

stack group configuration conflict occurs between the new unit and the provisioned stack unit, the configuration of the new unit takes precedence.1. A

• Dell Networking OS resets all the units in the losing stack; they all become stack members.• If there is no unit numbering conflict, the stack membe

Creating a Virtual Stack Unit on an S-Series StackUse virtual stack units to configure ports on the stack before adding a new unit.• Create a virtual

Up Time : 57 min, 0 secDell Networking OS Version : 8-3-7-13Jumbo Capable : yesPOE Capable : noBurned In MAC : 00:01:e8:8a:df:e6No Of

3 Management online S4810 S4810 8-3-12-13 644 Member not present5 Member not present6 Member not present7 Member

Example of Viewing Configured MIPsDell#show ethernet cfm maintenance-points local mip-----------------------------------------------------------------

redundancy force-failover stack-unitA new standby is elected. When the former stack master comes back online, it becomes a member unit.• Prevent the s

Examples of Viewing the Status for Stacked SwitchesThe following example shows four switches stacked together with two 40G links in a ring topology.De

1 0 up up 7200 up 72001 1 up up 7200 up 7440Speed in RPThe following example shows three switches stacked together

1 Member online S4810 S4810 8-3-7-13 642 Member not present3 Standby online S4810 S4810 8-3-7-13 64The following examp

Recover from Stack Link FlapsS-Series stack link integrity monitoring enables units to monitor their own stack ports and disable any stack port that f

6 Member not present7 Member not present8 Member not present9 Member not present10 Member not present11 Member

52Storm ControlStorm control is supported on the S4810 platform.The storm control feature allows you to control unknown-unicast and broadcast traffic

53Spanning Tree Protocol (STP)The spanning tree protocol (STP) is supported on the S4810 platform.Protocol OverviewSTP is a Layer 2 protocol — specifi

Important Points to Remember• STP is disabled by default.• The Dell Networking OS supports only one spanning tree instance (0). For multiple instances

To configure and enable the interfaces for Layer 2, use the following command.1. If the interface has been assigned an IP address, remove it.INTERFACE

The default is 100 minutes.The range is from 100 to 65535 minutes.Continuity Check MessagesContinuity check messages (CCM) are periodic hellos.Continu

Figure 121. Spanning Tree Enabled GloballyTo enable STP globally, use the following commands.1. Enter PROTOCOL SPANNING TREE mode.CONFIGURATION modepr

To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mod

spanning-tree 0Modifying Global ParametersYou can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello-time,

PROTOCOL SPANNING TREE modemax-age secondsThe range is from 6 to 40.The default is 20 seconds.To view the current values for global parameters, use th

CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops if it is enabled on an interface connected to a network.

• When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware.• When you r

• disables spanning tree on an interface• drops all BPDUs at the line card without generating a console messageExample of Blocked BPDUsDell(conf-if-gi

Root Bridge hello time 2, max age 20, forward delay 15Dell#STP Root GuardSTP root guard is supported on the S4810 platform.Use the STP root guard fe

Figure 123. STP Root Guard Prevents Bridging LoopsConfiguring Root GuardEnable STP root guard on a per-port or per-port-channel basis.Dell Networking

• Enable root guard on a port or port-channel interface.INTERFACE mode or INTERFACE PORT-CHANNEL modespanning-tree {0 | mstp | rstp | pvst} rootguard–

Enabling CCMTo enable CCM, use the following commands.1. Enable CCM.ECFM DOMAIN modeno ccm disableThe default is Disabled.2. Configure the transmit in

STP Loop GuardSTP loop guard is supported only on the S4810 platform.The STP loop guard feature provides protection against Layer 2 forwarding loops (

Figure 124. STP Loop Guard Prevents Forwarding LoopsConfiguring Loop GuardEnable STP loop guard on a per-port or per-port channel basis.Dell Networkin

• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard

54System Time and DateSystem time and date settings and the network time protocol (NTP) are supported on the S4810 platform.You can set system times a

Information included in the NTP message allows the client to determine the server time regarding local time and adjust the local clock accordingly. In

Configure the Network Time ProtocolConfiguring NTP is a one-step process.• Enabling NTPRelated Configuration Tasks• Configuring NTP Broadcasts• Settin

Example of Updating the System Clock Relative to NTPR5/R8(conf)#do show calendar06:31:02 UTC Mon Mar 13 1989R5/R8(conf)#ntp update-calendar 1R5/R8(con

– For a loopback interface, enter the keyword loopback then a number between 0 and 16383.– For a port channel interface, enter the keyword lag then a

4. Configure an NTP server.CONFIGURATION modentp server ip-address [key keyid] [prefer] [version number]Configure the IP address of a server and the f

NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time sca

Sending Linktrace Messages and ResponsesLinktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multica

Dell Networking OS Time and DateYou can set the time and date using the Dell Networking OS CLI.Configuration Task List The following is a configuratio

– month: enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.

– time-zone: enter the three-letter name for the time zone. This name displays in the show clock output.– start-month: enter the name of one of the 12

– start-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day

55Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213.DSCP, hop-limits, flow

ipv6 address 2::1/64tunnel destination 90.1.1.1tunnel source 60.1.1.1tunnel mode ipv6ip no shutdownThe following sample configuration shows a tunnel c

Configuring a Tunnel InterfaceYou can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands.To configure the tunnel inte

Configuring the tunnel source anylocalThe anylocal argument can be used in place of the ip address or interface, but only with multipoint receive-only

56Uplink Failure Detection (UFD)Uplink failure detection (UFD) is supported on the S4810 platform.Feature DescriptionUFD provides detection of the los

Figure 126. Uplink Failure DetectionHow Uplink Failure Detection WorksUFD creates an association between upstream and downstream interfaces. The assoc

• Set the amount of time a trace result is cached.ETHERNET CFM modetraceroute cache hold-time minutesThe default is 100 minutes.The range is from 10 t

Figure 127. Uplink Failure Detection ExampleIf only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstrea

– An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. No uplink-state tracking is perf

Configuring Uplink Failure DetectionTo configure UFD, use the following commands.1. Create an uplink-state group and enable the tracking of upstream l

4. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group

Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50)The following example message shows the Sys

02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/3 02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to

Dell#show uplink-state-group detail(Up): Interface up (Dwn): Interface down (Dis): Interface disabledUplink State Group : 1 Status: Enabled, UpU

The following example shows viewing the UFD configuration for the S50.Dell#show running-config uplink-state-group!no enableuplink state track 1downstr

Dell(conf-uplink-state-group-3)#Dell(conf-uplink-state-group-3)#exitDell(conf)#exitDell#00:13:06: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from cons

57Upgrade ProceduresTo find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed

Priority Defects Trap MessageMAC Status defect%ECFM-5-ECFM_MAC_STATUS_ALARM: MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 30

58Virtual LANs (VLANs)Virtual LANs (VLANs) are supported on the S4810 platform.VLANs are a logical broadcast domain or logical grouping of interfaces

By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Defau

information is preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header. The VLAN ID i

• Configure a port-based VLAN (if the VLAN-ID is different from the Default VLAN ID) and enter INTERFACE VLAN mode.CONFIGURATION modeinterface vlan vl

The following example shows the steps to add a tagged interface (in this case, port channel 1) to VLAN 4. To view the interface’s status. Interface (p

Moving Untagged InterfacesTo move untagged interfaces from the Default VLAN to another VLAN, use the following commands.1. Access INTERFACE VLAN mode

T Gi 3/1 4 Active U Gi 3/2Dell#The only way to remove an interface from the Default VLAN is to place the interface in Default

To configure a port so that it can be a member of an untagged and tagged VLANs, use the following commands.1. Remove any Layer 2 or Layer 3 configurat

59VLT Proxy GatewayYou can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to a L

When the routing table across DCs is not symmetrical, there is a possibility of a routing miss by a DC that do not have the route for the L3 traffic.

Displaying Ethernet CFM StatisticsTo display Ethernet CFM statistics, use the following commands.• Display MEP CCM statistics.EXEC Privilege modeshow

8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled.9.“vlt-peer-mac transmit” is recommended only for square V

• There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV.•

2. Trace route across VLT domains may show extra hops.3. IP route symmetry must be maintained across the VLT domains. Assume if the route to a destina

8. Packet duplication – Assume exclude-vlan (say VLAN 10) is configured on C2/D2 for C1’s MAC. If packets for VLAN 10 with C1’s MAC get a hit at C2, t

3. You can configure the remote MAC address of a VLT peer for a static proxy gateway and exclude a VLAN or a range of VLANs from proxy routing. This p

60Virtual Link Trunking (VLT)Virtual link trunking (VLT) is supported on the S4810 platform.OverviewVLT allows physical links between two chassis to a

Figure 129. VLT on S4810 SwitchesVLT on Core SwitchesYou can also deploy VLT on core switches.Uplinks from servers to the access layer and from access

Figure 130. Enhanced VLTVLT TerminologyThe following are key VLT terms.• Virtual link trunk (VLT) — The combined port channel between an attached devi

Configure Virtual Link TrunkingVLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on b

• VLT Heartbeat is supported only on default VRFs.• In a scenario where one hundred hosts are connected to a Peer1 on a non-VLT domain and traffic flo

6802.1X802.1X is supported on the S4810 platform.802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disa

– The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it.– The system automatically includes the required VLANs in V

– The chassis backup link does not carry control plane information or data traffic. Its use is restricted to health checks only.• Virtual link trunks

• Software features supported on VLT physical ports– In a VLT domain, the following software features are supported on VLT physical ports: 802.1p, LLD

MAC address is selected as the Primary Peer. You can configure another peer as the Primary Peer using the VLT domain domain-id role priority priority-

VLT and StackingYou cannot enable stacking on S4810 units with VLT.If you enable stacking on a unit on which you want to enable VLT, you must first re

PIM-Sparse Mode Support on VLTThe designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for mult

(DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router.On a VL

local DA entries in TCAM. In case a VLT node is down, a timer that allows you to configure the amount of time needed for peer recovery provides resili

• VLT resiliency — After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until t

Non-VLT ARP SyncSynchronization for non-ARP routing table entries is supported on the S4810 platform.ARP entries (including ND entries) learned on oth

Figure 7. EAP Frames Encapsulated in Ethernet and RADUISThe authentication process involves three devices:• The device attempting to access the networ

Sample RSTP ConfigurationThe following is a sample of an RSTP configuration.Using the example shown in the Overview section as a sample VLT topology,

Configuring a VLT InterconnectTo configure a VLT interconnect, follow these steps.1. Configure the port channel for the VLT interconnect on a VLT swit

Enabling VLT and Creating a VLT DomainTo enable VLT and create a VLT domain, use the following steps.1. Enable VLT on a switch, then configure a VLT d

Configuring a VLT Backup LinkTo configure a VLT backup link, use the following command.1. Specify the management interface to be used for the backup l

Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands.1. Enter VLT-domain configuratio

Connecting a VLT Domain to an Attached Access Device (Switch or Server)To connect a VLT domain to an attached access device, use the following command

Configuring a VLT VLAN Peer-Down (Optional)To configure a VLT VLAN peer-down, use the following commands.1. Enter VLT-domain configuration mode for a

3. Enter VLT-domain configuration mode for a specified VLT domain.CONFIGURATION modevlt domain domain-idThe range of domain IDs is from 1 to 1000.4. E

8. Configure enhanced VLT. Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode.CONFI

VLT Sample ConfigurationTo review a sample VLT configuration setup, study these steps.1. Configure the VLT domain with the same ID in VLT peer 1 and V