DELL N3000 User Manual

Page of 1460
Dell Networking
N2000, N3000, and N4000
Series Switches
User’s Configuration
Guide
Regulatory Models: N2024, N2024P, 
N2038,N2048P, N3024, N3024F, N3024P, 
N3048, N3048P, N4032, N4032F, N4064, 
N4064F

Summary of Contents of user manual for DELL N3000

  • Page 1 Dell Networking N2000, N3000, and N4000 Series Switches User’s Configuration Guide Regulatory Models: N2024, N2024P, N2038,N2048P, N3024, N3024F, N3024P,...
  • Page 2Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A...
  • Page 3Contents 1 Introduction . . . . . . . . . . . . . . . . ....
  • Page 4 Single IP Management . . . . . . . . . . . . . . . 61...
  • Page 5Power over Ethernet (PoE) Plus Features . . . . . . . . 70 Power Over Ethernet (PoE) Plus...
  • Page 6 GARP and GVRP Support . . . . . . . . . . . . . . 78...
  • Page 7 IPv6 Routes . . . . . . . . . . . . . . . . ....
  • Page 8 N2000 Series Back Panel . . . . . . . . . . . . . . 95...
  • Page 9 Using the Device View Switch Locator Feature . . . . . . . . . . . ....
  • Page 10 What Is Out-of-Band Management and In-Band Management? . . . . . . . . . . . ....
  • Page 11 Basic Network Information Configuration Example . . . . . . . . . . . . . ....
  • Page 12 Managing the Stack (CLI) . . . . . . . . . . . . . . ....
  • Page 13Authorization Examples . . . . . . . . . . . . . . . . . 227...
  • Page 14 11 Monitoring and Logging System Information . . . . . . . . . . . . ....
  • Page 15 Monitoring System Information and Configuring Logging (CLI) . . . . . . . . . . . ....
  • Page 16 SNTP Authentication . . . . . . . . . . . . . . . 294 SNTP...
  • Page 17 What Are SNMP Traps? . . . . . . . . . . . . . . 324...
  • Page 18 What Methods Are Supported for File Management? . . . . . . . . . . . ....
  • Page 19 How Does USB Auto Configuration Use the Files on the USB Device? . . . . . . ....
  • Page 20 Default Traffic Monitoring Values . . . . . . . . . . . 414 Monitoring Switch Traffic...
  • Page 2117 Configuring iSCSI Optimization . . . . . . . 459 iSCSI Optimization Overview . . . . ....
  • Page 22 18 Configuring Port Characteristics . . . . . . 477 Port Overview . . . . . ....
  • Page 23 Port Security (Port-MAC Locking) . . . . . . . . . 539 Captive Portal . . ....
  • Page 24 Policy Based Routing . . . . . . . . . . . . . . . ....
  • Page 25 Double-VLAN Tagging . . . . . . . . . . . . . . . 651 Voice...
  • Page 26 Configure the VLANs and Ports on Switch 2 . . . 705 Configuring VLANs Using the CLI . ....
  • Page 27 Configuring Spanning Tree (CLI) . . . . . . . . . . . . . 746 Configuring...
  • Page 28 LLDP-MED Remote Device Information . . . . . 776 Configuring ISDP and LLDP (CLI) . . . ....
  • Page 29 Configuring Protected Ports . . . . . . . . . . . . 799 Configuring LLPF ....
  • Page 30 VLAN Querier Status . . . . . . . . . . . . . . . 827...
  • Page 31 What is the Administrator’s Role? . . . . . . . . . 863 Default Dot1ag Values ....
  • Page 32 Default Traffic Snooping and Inspection Values . . . 885 Configuring Traffic Snooping and Inspection (Web) . . ....
  • Page 3328 Configuring Link Aggregation . . . . . . . . 913 Link Aggregation . . . . ....
  • Page 34 DCB Capability Exchange . . . . . . . . . . . . . . . 992...
  • Page 3531 Configuring Routing Interfaces . . . . . . 1021 Routing Interface Overview . . . . . ....
  • Page 36 Default DHCP Server Values . . . . . . . . . . . . . . 1042...
  • Page 37 Router Discovery Status . . . . . . . . . . . . . 1072 Route Table...
  • Page 38 IP Helper Interface Configuration . . . . . . . . 1102 IP Helper Statistics . . ....
  • Page 39 OSPF Virtual Link Configuration . . . . . . . . . 1132 OSPF Virtual Link Summary ....
  • Page 40 Configuring OSPFv3 Route Redistribution Settings . . . . . . . . . . . . . ....
  • Page 41 Configuring Route Redistribution Settings . . . . 1211 RIP Configuration Example . . . . . . ....
  • Page 42 38 Configuring IPv6 Routing . . . . . . . . . . . 1241 IPv6 Routing Overview...
  • Page 43 IPv6 Static Reject and Discard Routes . . . . . . . . 1263 39 Configuring DHCPv6 Server...
  • Page 44 Configuring the DHCPv6 Server for Prefix Delegation . . . . . . . . . . . ....
  • Page 45 DiffServ for VoIP . . . . . . . . . . . . . . . ....
  • Page 46 CoS Configuration Example . . . . . . . . . . . . . . 1328 42...
  • Page 47 Multicast Interface Configuration . . . . . . . . 1358 Multicast Route Table . . . ....
  • Page 48 Configuring PIM for IPv4 and IPv6 (Web) . . . . . . . 1382 PIM Global Configuration ....
  • Page 49 Configuring and Viewing DVMRP Information . . . . . . . . . . . . . ....
  • Page 5050 Contents
  • Page 51: Introduction 1 Introduction The switches in the Dell Networking N2000/N3000/N4000 series are stackable Layer 2 and 3 switches that extend...
  • Page 52 Audience This guide is for network administrators in charge of managing one or more Dell Networking series switches. To obtain...
  • Page 53Additional Documentation The following documents for the Dell Networking series switches are available at support.dell.com/manuals: • Getting Started Guide—provides information...
  • Page 5454 Introduction
  • Page 55: Switch Feature Overview 2 Switch Feature Overview This section describes the switch user-configurable software features. NOTE: Before proceeding, read the release notes...
  • Page 56 System Management Features Multiple Management Options You can use any of the following methods to manage the switch: • Use...
  • Page 57Log Messages The switch maintains in-memory log messages as well as persistent logs. You can configure remote logging so that...
  • Page 58 IPv6 Management Features Dell Networking series switches provide IPv6 support for many standard management features including HTTP, HTTPS/SSL, Telnet, SSH,...
  • Page 59 • IPv4 Data Center For information about setting the SDM template, see "Managing General System Settings" on page 279. Automatic...
  • Page 60 SNMP Alarms and Trap Logs The system logs events with severity codes and timestamps. The events are sent as SNMP...
  • Page 61Stacking Features For information about creating and maintaining a stack of switches, see "Managing a Switch Stack" on page 171....
  • Page 62 Master Failover with Transparent Transition The stacking feature supports a standby or backup unit that assumes the stack master role...
  • Page 63Security Features Configurable Access and Authentication Profiles You can configure rules to limit access to the switch management interface based...
  • Page 64 RADIUS Support The switch has a Remote Authentication Dial In User Service (RADIUS) client and can support up to 32...
  • Page 65 • BPDU Storm Protection: By default, if Spanning Tree Protocol (STP) bridge protocol data units (BPDUs) are received at a...
  • Page 66 Dot1x Authentication (IEEE 802.1X) Dot1x authentication enables the authentication of system users through a local internal server or an external...
  • Page 67Access Control Lists (ACL) Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking...
  • Page 68 DHCP Snooping DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server. It...
  • Page 69Green Technology Features For information about configuring Green Technology features, see "Configuring Port Characteristics" on page 477. Energy Detect Mode...
  • Page 70 Power over Ethernet (PoE) Plus Features NOTE: The Dell Networking N2024P/N2048P and N3024P/N3048P switches support PoE Plus. The PoE Plus...
  • Page 71Switching Features Flow Control Support (IEEE 802.3x) Flow control enables lower speed switches to communicate with higher speed switches by...
  • Page 72 Auto-MDI/MDIX Support Your switch supports auto-detection between crossed and straight-through cables. Media-Dependent Interface (MDI) is the standard wiring for end...
  • Page 73Broadcast Storm Control When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast frames are flooded to all ports...
  • Page 74 Link Layer Discovery Protocol (LLDP) The IEEE 802.1AB defined standard, Link Layer Discovery Protocol (LLDP), allows the switch to advertise...
  • Page 75has different loss tolerances. Priorities are differentiated by the priority field of the 802.1Q VLAN header. The N4000 switches support...
  • Page 76 Cisco Protocol Filtering The Cisco Protocol Filtering feature (also known as Link Local Protocol Filtering) filters Cisco protocols that should...
  • Page 77Virtual Local Area Network Supported Features For information about configuring VLAN features see "Configuring VLANs" on page 645. VLAN Support...
  • Page 78 GARP and GVRP Support The switch supports the Generic Attribute Registration Protocol (GARP). GARP VLAN Registration Protocol (GVRP) relies on...
  • Page 79Spanning Tree Protocol Features For information about configuring Spanning Tree Protocol features, see "Configuring the Spanning Tree Protocol" on page...
  • Page 80 Bridge Protocol Data Unit (BPDU) Guard Spanning Tree BPDU Guard is used to disable the port in case a new...
  • Page 81Link Aggregation Features For information about configuring link aggregation (port-channel) features, see "Configuring Link Aggregation" on page 913. Link Aggregation...
  • Page 82 Routing Features Address Resolution Protocol (ARP) Table Management You can create static ARP entries and manage many settings for the...
  • Page 83BOOTP/DHCP Relay Agent The switch BootP/DHCP Relay Agent feature relays BootP and DHCP messages between DHCP clients and DHCP servers...
  • Page 84 Virtual Router Redundancy Protocol (VRRP) NOTE: This feature is not available on N2000 switches. VRRP provides hosts with redundant routers...
  • Page 85IPv6 Routing Features NOTE: This feature is not available on N2000 switches. IPv6 Configuration The switch supports IPv6, the next...
  • Page 86 For information about configuring DHCPv6 settings, see "Configuring DHCPv6 Server and Relay Settings" on page 1265. Quality of Service (QoS)...
  • Page 87Internet Small Computer System Interface (iSCSI) Optimization The iSCSI Optimization feature helps network administrators track iSCSI traffic between iSCSI initiator...
  • Page 88 IGMP Snooping Querier When Protocol Independent Multicast (PIM) and IGMP are enabled in a network with IP multicast routing, the...
  • Page 89Layer 3 Multicast Features For information about configuring L3 multicast features, see "Managing IPv4 and IPv6 Multicast" on page 1337....
  • Page 90 Protocol Independent Multicast—Sparse Mode Protocol Independent Multicast-Sparse Mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that...
  • Page 91: Hardware Overview 3 Hardware Overview This section provides an overview of the switch hardware. It is organized by product type: •...
  • Page 92 Figure 3-1. N2048 Switch with 48 10/100/1000BASE-T Ports (Front Panel) Console Port USB Port 48 10/100/1000BASE-T Ports SFP+ Ports In...
  • Page 93Figure 3-3. N2024P Close-up The N2024P front panel, shown in Figure 3-3, has status LEDs for over- temperature alarm, internal...
  • Page 94 • RJ-45 ports support full-duplex mode 10/100/1000 Mbps speeds on standard Category 5 UTP cable. • SFP+ ports support...
  • Page 95Port and System LEDs The front panel contains light emitting diodes (LEDs) that indicate the status of port links, power...
  • Page 96 Figure 3-6. N2048 Mini-SAS Stacking Ports and Fans Mini-SAS stacking ports Power Supplies N2024 and N2048 N2024 and N2048 series...
  • Page 97N2000 LED Definitions This section describes the LEDs on the front and back panels of the switch. Port LEDs Each...
  • Page 98 Table 3-16 shows the 100/1000/10000Base-T port LED definitions. Table 3-1. 100/1000/10000Base-T Port Definitions LED Color Definition Link/SPD LED Off There...
  • Page 99Table 3-3. Console Port LED Definitions LED Color Definition Link/SPD LED Off There is no link. Solid green A link...
  • Page 100 Table 3-4. System LED Definitions (Continued) LED Color Definition Stack Off The switch is in stand-alone mode. master Solid...
  • Page 101Table 3-6. N2000 Series PoE Power Budget Limit One PSU Support Two PSUs Support Model System Power Max. PSU POE+...
  • Page 102 Dell Networking N3000 Series Switch Hardware This section contains information about device characteristics and modular hardware configurations for the...
  • Page 103Figure 3-9. N3048 with 48 10/100/1000BASE-T Ports (Front Panel) 10/100/1000BASE-T Auto-sensing Combo Full Duplex RJ-45 Ports Ports SFP+ Ports The...
  • Page 104 The N3000 front panel also displays status LEDs for over-temperature alarm, internal power supply 1 and switch status on...
  • Page 105Console Port The console port provides serial communication capabilities, which allows communication using RS-232 protocol. The serial port provides a...
  • Page 106 Port and System LEDs The front panel contains light emitting diodes (LEDs) that indicate the status of port links,...
  • Page 107Figure 3-13. N3048 Mini-SAS Stacking Ports Close-up Mini-SAS stacking ports The term mini-SAS refers to the stacking port cable connections...
  • Page 108 N3024P and N3048P Dell Networking N3024P and N3048P switches support one or two 1100-watt FRU power supplies. The N3024P...
  • Page 109LED Definitions This section describes the LEDs on the front and back panels of the switch. Port LEDs Each port...
  • Page 110 Table 3-16 shows the 100/1000/10000Base-T port LED definitions. Table 3-7. 100/1000/10000Base-T Port Definitions LED Color Definition Link/SPD LED Off...
  • Page 111Table 3-9. 10GBase-T Module LED Definitions LED Color Definition Link/SPD LED Off There is no link. Solid green The port...
  • Page 112 Table 3-12. Console Port LED Definitions LED Color Definition Link/SPD LED Off There is no link. Solid green A...
  • Page 113Power Consumption for N3000 Series PoE Switches Table 3-14 shows power consumption data for the PoE-enabled switches. Table 3-14. N3000...
  • Page 114 Table 3-15. N3000 Series PoE Power Budget Limit One PSU Support Two PSUs Support Model System Power Max. PSU...
  • Page 115Dell Networking N4000 Series Switch Hardware NOTE: PowerConnect 8100 has been renamed N4000. Both PowerConnect 8100 and N4000 can run...
  • Page 116 Figure 3-15. N4024 Front Panel 10GbE Copper Ports Module bay USB port Figure 3-16. N4024F Front Panel 10GbE Fiber...
  • Page 117Figure 3-17. N4064 Front Panel Module bay 10GbE Copper Ports USB port Fixed QSFP ports Figure 3-18. N4064F Front Panel...
  • Page 118 A reboot is necessary when a hot-pluggable module is replaced with a module of different type. Specifically, changing from...
  • Page 11910GBase-T Copper Uplink Module The 10GBase-T copper module features four copper ports that can support 10GbE/1GbE/100MbE switching and provides following...
  • Page 120 • Ventilation System The following image show the back panel of the N4000 series switches. Figure 3-19. N4000 Series...
  • Page 121 CAUTION: Remove the power cable from the modules prior to removing the module itself. Power must not be connected...
  • Page 122 Table 3-16 shows the 100/1000/10000Base-T port LED definitions. Table 3-16. 100/1000/10000Base-T Port Definitions LED Color Definition Link LED Off...
  • Page 123Table 3-19. QSFP Module LED Definitions LED Color Definition Link LED Off There is no link. Solid green The port...
  • Page 124 Table 3-21 shows the System LED definitions for the N4000 series switches. Table 3-21. System LED Definitions—N4000 Series Switches...
  • Page 125Switch MAC Addresses The switch allocates MAC addresses from the Vital Product Data information stored locally in flash. MAC addresses...
  • Page 126 1 System OK 42.0 43.4 1 Main OK N/A N/A 04/06/2001 16:36:16 1 Secondary No Power N/A N/A 01/01/1970...
  • Page 127: Using Dell OpenManage Switch Administrator 4 Using Dell OpenManage Switch Administrator This section describes how to use the Dell OpenManage Switch Administrator application. The...
  • Page 128 Starting the Application To access the Dell OpenManage Switch Administrator and log on to the switch: 1 Open a...
  • Page 129 5 The Dell OpenManage Switch Administrator home page displays. The home page is the Device Information page, which contains a...
  • Page 130 Figure 4-2. Switch Administrator Components Navigation Panel Page Tabs Links Save, Print, Refresh, Help Configuration and Status Options Command...
  • Page 131Using the Switch Administrator Buttons and Links Table 4-2 describes the buttons and links available from the Dell OpenManage Switch...
  • Page 132 Defining Fields User-defined fields can contain 1–159 characters, unless otherwise noted on the Dell OpenManage Switch Administrator web page....
  • Page 133Using the Device View Switch Locator Feature The Device View graphic includes a Locate button and a drop-down menu of...
  • Page 134134 Using Dell OpenManage Switch Administrator
  • Page 135: Using the Command-Line Interface 5 Using the Command-Line Interface This section describes how to use the Command-Line Interface (CLI) on a Dell Networking...
  • Page 136 NOTE: For a stack of switches, be sure to connect to the console port on the Master switch. The...
  • Page 137You can also initiate a Telnet session from the OpenManage Switch Administrator. For more information, see "Initiating a Telnet Session...
  • Page 138 Table 5-1. Command Mode Overview Command Mode Access Method Command Prompt Exit or Access Previous Mode User EXEC The...
  • Page 139Entering CLI Commands The switch CLI uses several techniques to help you enter commands. Using the Question Mark to Get...
  • Page 140 If there are no additional command keywords or parameters, or if additional parameters are optional, the following message appears...
  • Page 141Command Output Paging Lines are printed on the screen up to the configured terminal length limit (default 24). Use the...
  • Page 142 Table 5-3. History Buffer Navigation Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with...
  • Page 143: Default Settings 6 Default Settings This section describes the default settings for many of the software features on the Dell Networking...
  • Page 144 Table 6-1. Default Settings (Continued) Feature Default SNMP Traps Enabled Auto Configuration Enabled Auto Save Disabled Stacking Enabled Nonstop...
  • Page 145Table 6-1. Default Settings (Continued) Feature Default Auto-MDI/MDIX Support Enabled Auto Negotiation Enabled Advertised Port Speed Maximum Capacity Broadcast Storm...
  • Page 146 Table 6-1. Default Settings (Continued) Feature Default Routing Mode Disabled OSPF Admin Mode Enabled OSPF Router ID 0.0.0.0 IP...
  • Page 147: Setting the IP Address and Other Basic Network Information 7 Setting the IP Address and Other Basic Network Information This chapter describes how to configure basic network information...
  • Page 148 Table 7-1. Basic Network Information (Continued) Feature Description Default Gateway Typically a router interface that is directly connected to...
  • Page 149Configuring the DNS information, default domain name, and host name mapping help the switch identify and locate other devices on...
  • Page 150 switch, for example Telnet, SSH, DHCP client, and TFTP. If using the out-of- band management port, it is strongly...
  • Page 151transmitted from the switch with the DF (Don't Fragment) bit set in order to receive notification of fragmentation from any...
  • Page 152 Configuring Basic Network Information (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring...
  • Page 153Figure 7-1. Out of Band Interface To enable the DHCP client and allow a DHCP server on your network to...
  • Page 154 Figure 7-2. IP Interface Configuration (Default VLAN) Assigning Network Information to the Default VLAN To assign an IP Address...
  • Page 155 NOTE: You do not need to configure any additional fields on the page. For information about VLAN routing interfaces,...
  • Page 156 Configuring a Default Gateway for the Switch: To configure the switch default gateway: 1 Open the Route Entry Configuration...
  • Page 157Domain Name Server Use the Domain Name Server page to configure the IP address of the DNS server. The switch...
  • Page 158 Default Domain Name Use the Default Domain Name page to configure the domain name the switch adds to a...
  • Page 159Host Name Mapping Use the Host Name Mapping page to assign an IP address to a static host name. The...
  • Page 160 Dynamic Host Name Mapping Use the Dynamic Host Name Mapping page to view dynamic host entries the switch has...
  • Page 161Configuring Basic Network Information (CLI) This section provides information about the commands you use to configure basic network information on...
  • Page 162 Command Purpose CTRL + Z Exit to Privileged EXEC mode. show ip interface vlan 1 Display network information for...
  • Page 163Configuring Static Network Information on the OOB Port NOTE: N2000 switches do not have an out-of-band interface. Beginning in Privileged...
  • Page 164 Static IP subnets on inband ports (configured on switch VLANs) may not overlap with the OOB port subnet. If...
  • Page 165Command Purpose configure Enter Global Configuration mode. ip domain-lookup Enable IP DNS-based host name-to-address translation. ip name-server Enter the IP...
  • Page 166 Basic Network Information Configuration Example In this example, an administrator at a Dell office in California decides not to...
  • Page 1674 View the network information that the DHCP server on the network dynamically assigned to the switch. console#show ip interface...
  • Page 168168 Setting Basic Network Information
  • Page 169: Managing QSFP Ports 8 Managing QSFP Ports QSFP ports available on N4000 series switches can operate in 1 x 40G mode or...
  • Page 170 To change a 4 x 10G port to 1 x 40G mode, enter the following commands on the 40-gigabit...
  • Page 171: Managing a Switch Stack 9 Managing a Switch Stack This chapter describes how to configure and manage a stack of switches. The topics...
  • Page 172 stacked using any port as long as the link bandwidth for parallel stacking links is the same. In other...
  • Page 173and switch software, and propagates changes to the member units. To manage a stack using the serial interface, you must...
  • Page 174 Figure 9-1. Connecting a Stack of Switches Unit 1 Unit 2 Unit 3 The stack in Figure 9-1 has...
  • Page 175series switches. Likewise, Dell Networking N3000 series switches only stack with other Dell N3000 series switches. Dell Networking N4000 series...
  • Page 176 • If the switch you add does not have an assigned unit number, then the switch sets its configured...
  • Page 177You can preconfigure information about a stack member and its ports before you add it to the stack. The preconfiguration...
  • Page 178 Upgrading the firmware on a stack of switches is the same as upgrading the firmware on a single switch....
  • Page 179on the stack master. This type of operation is called nonstop forwarding. When the stack master fails, only the switch...
  • Page 180 storage allows an application on a standalone unit to retain its data across a restart, but since the amount...
  • Page 181Table 9-1. Applications that Checkpoint Data Application Checkpointed Data OSPFv2 Neighbors and designated routers OSPFv3 Neighbors and designated routers Route...
  • Page 182 surviving unit. When a unit fails, the forwarding plane of surviving units removes LAG members on the failed unit...
  • Page 183two fixed stacking ports in the rear of the switch. Stacking on Ethernet ports is not supported. The fixed stacking...
  • Page 184 Managing and Monitoring the Stack (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and...
  • Page 185Changing the ID or Switch Type for a Stack Member To change the switch ID or type: 1 Open the...
  • Page 186 Stack Firmware Synchronization Use the Stack Firmware Synchronization page to control whether the firmware image on a new stack...
  • Page 187Supported Switches Use the Supported Switches page to view information regarding each type of supported switch for stacking, and information...
  • Page 188 Stack Port Summary Use the Stack Port Summary page to configure the stack-port mode and to view information about...
  • Page 189Stack Port Counters Use the Stack Port Counters page to view the transmitted and received statistics, including data rate and...
  • Page 190 NSF Summary Use the NSF Summary page to change the administrative status of the NSF feature and to view...
  • Page 191Checkpoint Statistics Use the Checkpoint Statistics page to view information about checkpoint messages generated by the stack master. To display...
  • Page 192 Managing the Stack (CLI) This section provides information about the commands you use to manage the stack and view...
  • Page 193Command Purpose member unit SID Add a switch to the stack and specify the model of the new stack member....
  • Page 194 Viewing and Clearing Stacking and NSF Information Beginning in Privileged EXEC mode, use the following commands to view stacking...
  • Page 195Stacking and NSF Usage Scenarios Only a few settings are available to control the stacking configuration, such as the designation...
  • Page 196 When all four units are up and running, the show switch CLI command gives the following output: console#show switch...
  • Page 197SW Management Standby Preconfig Plugged- Switch Code Status Status Model ID in Model Status Version ID --- --------- ------- --------...
  • Page 198 2 Preconfigure the switch (SID = 2) as member number 2 in the stack. console#configure console(config)#stack console(config-stack)#member 2 2...
  • Page 199NSF in the Data Center Figure 9-12 illustrates a data center scenario, where the stack of two Dell Networking switches...
  • Page 200 NSF and VoIP Figure 9-13 shows how NSF maintains existing voice calls during a stack master failure. Assume the...
  • Page 201NSF and DHCP Snooping Figure 9-14 illustrates an L2 access switch running DHCP snooping. DHCP snooping only accepts DHCP server...
  • Page 202 If a host is in the middle of an exchange with the DHCP server when the failover occurs, the...
  • Page 203Figure 9-15. NSF and a Storage Area Network When the stack master fails, session A drops. The initiator at 10.1.1.10...
  • Page 204 NSF and Routed Access Figure 9-16 shows a stack of three units serving as an access router for a...
  • Page 205JOIN messages upstream. The control plane updates the driver with checkpointed unicast routes. The forwarding plane reconciles L3 hardware tables....
  • Page 206206 Managing a Switch Stack
  • Page 207: Configuring Authentication, Authorization, and Accounting 10 Configuring Authentication, Authorization, and Accounting This chapter describes how to control access to the switch management interface using...
  • Page 208 Each service is configured using method lists. The method lists define how each service is to be performed by...
  • Page 209Methods that never return an error cannot be followed by any other methods in a method list. • The enable...
  • Page 210 The methods available for authentication are: host-based authentication, public key authentication, challenge-response authentication, and password authentication. Authentication methods are...
  • Page 211Authentication Authentication is the process of validating a user's identity. During the authentication process, only identity validation is done. There...
  • Page 212 Authorization Authorization is used to determine which services the user is allowed to access. For example, the authorization process...
  • Page 213Administrative Profiles The Administrative Profiles feature allows the network administrator to define a list of rules that control the CLI...
  • Page 214 Accounting Accounting is used to record security events, such as a user logging in or executing a command. Accounting...
  • Page 215Authentication Examples It is important to understand that during authentication, all that happens is that the user is validated. If...
  • Page 216 • The passwords strength minimum numeric-characters 2 command sets the minimum number of numeric characters required when password strength...
  • Page 217TACACS+ Authentication Example Use the following configuration to require TACACS+ authentication when logging in over a Telnet connection: aaa authentication...
  • Page 218 NOTE: A user logging in with this configuration would be placed in User EXEC mode with privilege level 1....
  • Page 219The crypto key pubkey-chain ssh command sets SSH to use a public key for the specified administrator login. The user...
  • Page 220 PUTTY Configuration Main Screen On the following screen, the IP address of the switch is configured and SSH is...
  • Page 221On the next screen, PUTTY is configured to use SSH-2 only. This is an optional step that accelerates the login...
  • Page 222 The following screen is the key to the configuration. It is set to display the authentication banner, disable authentication...
  • Page 223The following screen configures the user name to be sent to the switch. A user name is always required. Alternatively,...
  • Page 224 After configuring Putty, be sure to save the configuration. The following screen shows the result of the login process....
  • Page 225Authenticating Without a Public Key When authenticating without the public key, the switch prompts for the user name and password....
  • Page 226 • The aaa authentication login “rad” radius command creates a login authentication list called “rad” that contains the method...
  • Page 227Authorization Examples Authorization allows the administrator to control which services a user is allowed to access. Some of the things...
  • Page 228 • The aaa authorization exec “tacex” tacacs command creates an exec authorization method list called tacex which contains the...
  • Page 229TACACS+ Authorization Example—Custom Administrative Profile This example creates a custom profile that allows the user to control user access to...
  • Page 230 string at the beginning of a line, the period (.) matches any single character, and the asterisk (*) repeats...
  • Page 231profiles and per-command authorization are configured for a user, any command must be permitted by both the administrative profiles and...
  • Page 232 RADIUS Authorization Example—Administrative Profiles The switch should use the same configuration as in the previous authorization example. The RADIUS...
  • Page 233For authenticating users prior to access, the RADIUS standard has become the protocol of choice by administrators of large accessible...
  • Page 234 rejects the user, it returns a negative result. If the server rejects the client or the shared secrets differ,...
  • Page 235Table 10-5. Supported RADIUS Attributes (Continued) Type RADIUS Attribute Name 802.1X User Manager Captive Portal 28 IDLE-TIMEOUT No No Yes...
  • Page 236 How Are RADIUS Attributes Processed on the Switch? The following attributes are processed in the RADIUS Access-Accept message received...
  • Page 237Using TACACS+ Servers to Control Management Access TACACS+ (Terminal Access Controller Access Control System) provides access control for networked devices...
  • Page 238 You can configure each server host with a specific connection type, port, timeout, and shared key, or you can...
  • Page 239Default Configurations Method Lists The method lists shown in Table 10-7 are defined by default. They cannot be deleted, but...
  • Page 240 Table 10-8. Default AAA Methods (Continued) AAA Service (type) Console Telnet SSH Accounting (exec) none none none Accounting none...
  • Page 241Table 10-10. Default Administrative Profiles (Continued) Name Description CP-admin Allows access to the Captive Portal feature. network-operator Allows access to...
  • Page 242242 Configuring Authentication, Authorization, and Accounting
  • Page 243: Monitoring and Logging System Information 11 Monitoring and Logging System Information This chapter provides information about the features you use to monitor the switch,...
  • Page 244 Why Is System Information Needed? The information the switch provides can help you troubleshoot issues that might be affecting...
  • Page 245What Are the Severity Levels? For each local or remote log file, you can specify the severity of the messages...
  • Page 246 To view the log messages in the system startup and operational log files, you must download the log files...
  • Page 247 • Stack ID —This is the assigned stack ID. For the Dell Networking N2000, N3000, and N4000 series switches, the...
  • Page 248 Default Log Settings System logging is enabled, and messages are sent to the console (severity level: warning and above),...
  • Page 249Monitoring System Information and Configuring Logging (Web) This section provides information about the OpenManage Switch Administrator pages to use to...
  • Page 250 Figure 11-2. Stack View For more information about the device view features, see "Understanding the Device View" on page...
  • Page 251System Health Use the Health page to view status information about the switch power and ventilation sources. To display the...
  • Page 252 System Resources Use the System Resources page to view information about memory usage and task utilization. To display the...
  • Page 253Unit Power Usage History Use the Unit Power Usage History page to view information about switch power consumption. To display...
  • Page 254 Integrated Cable Test for Copper Cables Use the Integrated Cable Test for Copper Cables page to perform tests on...
  • Page 255To view a summary of all integrated cable tests performed, click the Show All link. Figure 11-7. Integrated Cable Test...
  • Page 256 Figure 11-8. Transceiver Diagnostics To view a summary of all optical transceiver diagnostics tests performed, click the Show All...
  • Page 257Log Global Settings Use the Global Settings page to enable logging globally, to enable other types of logging. You can...
  • Page 258 RAM Log Use the RAM Log page to view information about specific RAM (cache) log entries, including the time...
  • Page 259Log File The Log File contains information about specific log entries, including the time the log was entered, the log...
  • Page 260 Figure 11-13. Remote Log Server Adding a New Remote Log Server To add a syslog server: 1 Open the...
  • Page 261Figure 11-14. Add Remote Log Server 5 Select the severity of the messages to send to the remote server. NOTE:...
  • Page 262 Email Alert Global Configuration Use the Email Alert Global Configuration page to enable the email alerting feature and configure...
  • Page 263Figure 11-17. Email Alert Mail Server Configuration Adding a Mail Server To add a mail server: 1 Open the Email...
  • Page 264 Figure 11-19. Show All Mali Servers Email Alert Subject Configuration Use the Email Alert Subject Configuration page to configure...
  • Page 265Figure 11-21. View Email Alert Subjects Email Alert To Address Configuration Use the Email Alert To Address Configuration page to...
  • Page 266 Figure 11-23. View Email Alert To Address Configuration Email Alert Statistics Use the Email Alert Statistics page to view...
  • Page 267Monitoring System Information and Configuring Logging (CLI) This section provides information about the commands you use to configure information you...
  • Page 268 Command Purpose show process cpu Displays the CPU utilization for each process currently running on the switch. Running Cable...
  • Page 269Configuring Local Logging Beginning in Privileged EXEC mode, use the following commands to configure the type of messages that are...
  • Page 270 Command Purpose show logging Displays the state of logging and the syslog messages stored in the internal buffer. show...
  • Page 271Configuring Mail Server Settings Beginning in Privileged EXEC mode, use the following commands to configure information about the mail server...
  • Page 272 Configuring Email Alerts for Log Messages Beginning in Privileged EXEC mode, use the following commands to configure email alerts...
  • Page 273Command Purpose logging email test Send a test email to the configured recipient to verify that message-type {urgent | the...
  • Page 274 Logging Configuration Examples This section contains the following examples: • Configuring Local and Remote Logging • Configuring Email Alerting...
  • Page 2754 Verify the remote log server configuration. console#show syslog-servers IP Address/Hostname Port Severity Description ------------------------- ------ -------------- ---------- 192.168.2.10 514...
  • Page 276 Configuring Email Alerting The commands in this example define the SMTP server to use for sending email alerts. The...
  • Page 2772 Configure the username and password that the switch must use to authenticate with the mail server. console(Mail-Server)#username switchN3048 console(Mail-Server)#password...
  • Page 278 Email Alert Logging............................ enabled Email Alert From Address....................... N3048_noreply@dell.com Email Alert Urgent Severity Level.............. 0 Email Alert Non Urgent...
  • Page 279: Managing General System Settings 12 Managing General System Settings This chapter describes how to set system information, such as the hostname, and time...
  • Page 280 Table 12-1. System Information (Continued) Feature Description CLI Banner Displays a message upon connecting to the switch or logging...
  • Page 281Why Does System Information Need to Be Configured? Configuring system information is optional. However, it can be helpful in providing...
  • Page 282 Table 12-3. SDM Template Parameters and Values (Continued) Parameter Dual IPv4/IPv6 Dual IPv4/IPv6 IPv4 Only IPv4 Data Data Center...
  • Page 283SDM Template Configuration Guidelines When you configure the switch to use an SDM template that is not currently in use,...
  • Page 284 To increase security, you can require authentication between the configured SNTP server and the SNTP client on the switch....
  • Page 285What Are the Key PoE Plus Features for the N2024P/N2048P and N3024P/N3048P Switches? Table 12-4 describes some of the key...
  • Page 286 Table 12-4. PoE Plus Key Features (Continued) Feature Description Powered Device (PD) Configurable setting to set the method that...
  • Page 287Configuring General System Settings (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring general...
  • Page 288 Initiating a Telnet Session from the Web Interface NOTE: The Telnet client feature does not work with Microsoft Windows...
  • Page 289 The selected Telnet client launches and connects to the switch CLI. Figure 12-4. Telnet Session Managing General System Settings...
  • Page 290 CLI Banner Use the CLI Banner page to configure a message for the switch to display when a user...
  • Page 291SDM Template Preference Use the SDM Template Preference page to view information about template resource settings and to select the...
  • Page 292 Clock If you do not obtain the system time from an SNTP server, you can manually set the date...
  • Page 293SNTP Global Settings Use the SNTP Global Settings page to enable or disable the SNTP client, configure whether and how...
  • Page 294 SNTP Authentication Use the SNTP Authentication page to enable or disable SNTP authentication, to modify the authentication key for...
  • Page 295Figure 12-10. Add Authentication Key 3 Enter a numerical encryption key ID and an authentication key in the appropriate fields....
  • Page 296 SNTP Server Use the SNTP Server page to view and modify information about SNTP servers, and to add new...
  • Page 297Figure 12-13. Add SNTP Server 3 In the SNTP Server field, enter the IP address or host name for the...
  • Page 298 To view all configured SNTP servers, click the Show All link. The SNTP Server Table displays. You can also...
  • Page 299Summer Time Configuration Use the Summer Time Configuration page to configure summer time (daylight saving time) settings. To display the...
  • Page 300 Time Zone Configuration Use the Time Zone Configuration to configure time zone information, including the amount time the local...
  • Page 301Card Configuration Use the Card Configuration page to control the administrative status of the rear-panel expansion slots (Slot 1 or...
  • Page 302 Slot Summary Use the Slot Summary page to view information about the expansion slot status. To display the Slot...
  • Page 303Supported Cards Use the Supported Cards page to view information about the supported plug-in modules for the switch. To display...
  • Page 304 Power Over Ethernet Global Configuration (N2024P/N2048P and N3024P/N3048P Only) Use the PoE Global Configuration page to configure the PoE...
  • Page 305Power Over Ethernet Interface Configuration (N2024P/N2048P and N3024P/N3048P Only) Use the PoE Interface Configuration page to configure the per-port PoE...
  • Page 306 To view PoE statistics for each port, click Counters. Figure 12-22. PoE Counters Table To view the PoE Port...
  • Page 307Configuring System Settings (CLI) This section provides information about the commands you use to configure system information and time settings...
  • Page 308 Configuring the Banner Beginning in Privileged EXEC mode, use the following commands to configure the MOTD, login, or User...
  • Page 309Managing the SDM Template Beginning in Privileged EXEC mode, use the following commands to set the SDM template preference and...
  • Page 310 Command Purpose sntp trusted-key key_id Specify the authentication key the SNTP server must include in SNTP packets that it...
  • Page 311Setting the System Time and Date Manually Beginning in Privileged EXEC mode, use the following commands to configure the time...
  • Page 312 Command Purpose clock summer-time Use this command if the summer time does not start and date {date month |...
  • Page 313Viewing Slot Information (N4000 Series Only) Use the following commands to view information about Slot 0 and its support. Command...
  • Page 314 Command Purpose power inline priority Configures the port priority level for the delivery of power {critical | high |...
  • Page 315General System Settings Configuration Examples This section contains the following examples: • Configuring System and Banner Information • Configuring SNTP...
  • Page 316 System Contact: Jane Doe System Name: N2048 System Location: RTP100 Burned In MAC Address: 001E.C9AA.AA07 System Object ID: 1.3.6.1.4.1.674.10895.3035...
  • Page 317 Power Supplies: Unit Description Status Average Current Since Power Power Date/Time (Watts) (Watts) ---- ---------- -------- ---------- -------- ------------...
  • Page 318 Figure 12-24. Verify MOTD 318 Managing General System Settings
  • Page 319Configuring SNTP The commands in this example configure the switch to poll an SNTP server to synchronize the time. Additionally,...
  • Page 320 4 View the SNTP status on the switch. console#show sntp status Client Mode: Unicast Last Update Time: MAR 01...
  • Page 321Configuring the Time Manually The commands in this example manually set the system time and date. The time zone is...
  • Page 322322 Managing General System Settings
  • Page 323: Configuring SNMP 13 Configuring SNMP The topics covered in this chapter include: • SNMP Overview • Default SNMP Values • Configuring...
  • Page 324 The SNMP agent maintains a list of variables that are used to manage the switch. The variables are defined...
  • Page 325You can configure various features on the switch to generate SNMP traps that inform the NMS about events or problems...
  • Page 326 Table 13-1. SNMP Defaults Parameter Default Value QoS traps Enabled Multicast traps Disabled Captive Portal traps Disabled OSPF traps...
  • Page 327Configuring SNMP (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring the SNMP agent...
  • Page 328 SNMP View Settings Use the SNMP View Settings page to create views that define which features of the device...
  • Page 329Figure 13-3. Add View 3 Specify a name for the view and a valid SNMP OID string. 4 Select the...
  • Page 330 Access Control Group Use the Access Control Group page to view information for creating SNMP groups, and to assign...
  • Page 331Figure 13-5. Add Access Control Group 3 Specify a name for the group. 4 Select a security model and level...
  • Page 332 SNMPv3 User Security Model (USM) Use the User Security Model page to assign system users to SNMP groups and...
  • Page 333Figure 13-7. Add Local Users 3 Define the relevant fields. 4 Click Apply to update the switch. Click Show All...
  • Page 334 Figure 13-8. Add Remote Users 3 Define the relevant fields. 4 Click Apply to update the switch. Click Show...
  • Page 335Communities Access rights for SNMPv1 and SNMPv2 are managed by defining communities Communities page. When the community names are changed,...
  • Page 336 Figure 13-10. Add SNMPv1,2 Community 3 Specify the IP address of an SNMP management station and the community string...
  • Page 337Notification Filter Use the Notification Filter page to set filtering traps based on OIDs. Each OID is linked to a...
  • Page 338 Figure 13-12. Add Notification Filter 3 Specify the name of the filter, the OID for the filter. 4 Choose...
  • Page 339Figure 13-13. SNMP Notification Recipient Adding a Notification Recipient To add a recipient: 1 Open the Notification Recipient page. 2...
  • Page 340 Figure 13-14. Add Notification Recipient 3 Specify the IP address or hostname of the host to receive notifications. 4...
  • Page 341To access the Trap Flags page, click Statistics/RMON → Trap Manager → Trap Flags in the navigation panel. Figure 13-15....
  • Page 342 Figure 13-16. OSPFv2 Trap Flags OSPFv3 Trap Flags The OSPFv3 Trap Flags page is used to specify which OSPFv3...
  • Page 343Figure 13-17. OSPFv3 Trap Flags Trap Log The Trap Log page is used to view entries that have been written...
  • Page 344 Figure 13-18. Trap Logs Click Clear to delete all entries from the trap log. 344 Configuring SNMP
  • Page 345Configuring SNMP (CLI) This section provides information about the commands you use to manage and view SNMP features on the...
  • Page 346 Command Purpose snmp-server engineID Configure the SNMPv3 Engine ID. local {engineid-string | • engineid-string — The character string that...
  • Page 347Command Purpose snmp-server group Specify the identity string of the receiver and set the groupname {v1 | v2 | v3...
  • Page 348 Command Purpose snmp-server user Configure a new SNMPv3 user. username groupname • username — Specifies the name of the...
  • Page 349Command Purpose show snmp group View SNMP group configuration information. [group_name] show snmp user View SNMP user configuration information. [user_name]...
  • Page 350 Command Purpose snmp-server community- Map the internal security name for SNMP v1 and SNMP group community-string v2 security models...
  • Page 351Configuring SNMP Notifications (Traps and Informs) Beginning in Privileged EXEC mode, use the following commands to allow the switch to...
  • Page 352 Command Purpose snmp-server host host- For SNMPv1 and SNMPv2, configure the system to receive addr [informs [timeout SNMP traps...
  • Page 353Command Purpose snmp-server v3-host {ip- For SNMPv3, configure the system to receive SNMP traps address | hostname} or informs. username...
  • Page 354 SNMP Configuration Examples This section contains the following examples: • Configuring SNMPv1 and SNMPv2 • Configuring SNMPv3 Configuring SNMPv1...
  • Page 355 Community-String Group Name IP Address ----------------- -------------- ------------ private DefaultWrite All public DefaultRead All Traps are enabled. Authentication trap...
  • Page 356 3 Create the user admin, assign the user to the group, and specify the authentication credentials. console(config)#snmp-server user admin...
  • Page 357console#show snmp views Name OID Tree Type ------------------ ------------------------ ------------ Default iso Included Default snmpVacmMIB Excluded Default usmUser Excluded Default...
  • Page 358358 Configuring SNMP
  • Page 359: Managing Images and Files 14 Managing Images and Files This chapter describes how to upload, download, and copy files, such as firmware images...
  • Page 360 Table 14-1. Files to Manage File Action Description image Download Firmware for the switch. The switch can Upload maintain...
  • Page 361Table 14-1. Files to Manage File Action Description SSL certificate files Download Contains information to encrypt, authenticate, and validate HTTPS...
  • Page 362 • N4032, N4032F, N4064, N4064F N3000_N2000 — Dell Networking 2000/3000 series switch firmware for: • N2024, N2048, N2024P, N2048P,...
  • Page 363running-config file. The backup-config file does not exist until you explicitly create one by copying an existing configuration file to...
  • Page 364 • TFTP • SFTP • SCP • FTP • HTTP (Web only) • HTTPS (Web only) You can also...
  • Page 365Editing and Downloading Configuration Files Each configuration file contains a list of executable CLI commands. The commands must be complete...
  • Page 366 ! Display information about direct connections show serial ! End of the script file Managing Files on a Stack...
  • Page 367Managing Images and Files (Web) This section provides information about the OpenManage Switch Administrator pages to use to manage images...
  • Page 368 Active Images Use the Active Images page to set the firmware image to use when the switch boots. If...
  • Page 369USB Flash Drive Use the USB Flash Drive page to view information about a USB flash drive connected to the...
  • Page 370 File Download Use the File Download page to download image (binary) files, SSH and SSL certificates, IAS User files,...
  • Page 371 If you select a transfer mode that requires authentication, additional fields appear in the Download section. If you select...
  • Page 372 File Upload Use the File Upload to Server page to upload configuration (ASCII), image (binary), IAS user, operational log,...
  • Page 373 NOTE: If you are using HTTPS to manage the switch, the download method will be HTTPS. 4 To upload...
  • Page 374 Copy Files Use the Copy Files page to: • Copy the active firmware image to the switch. one or...
  • Page 375Managing Images and Files (CLI) This section provides information about the commands you use to upload, download, and copy files...
  • Page 376 Command Purpose boot system {image1 | Set the image to use as the boot (active) image after the image2}...
  • Page 377Managing Files in Internal Flash Beginning in Privileged EXEC mode, use the following commands to copy, rename, delete and list...
  • Page 378 Command Purpose copy startup-config Save the startup configuration to the backup configuration backup-config file. copy running-config Copy the current...
  • Page 379Managing Files on a USB Flash Device Beginning in Privileged EXEC mode, use the following commands to manage files that...
  • Page 380 Managing Configuration Scripts (SFTP) Beginning in Privileged EXEC mode, use the following commands to download a configuration script from...
  • Page 381File and Image Management Configuration Examples This section contains the following examples: • Upgrading the Firmware • Managing Configuration Scripts...
  • Page 382 Figure 14-9. Image Path 3 View information about the current image. console#show version Image Descriptions image1 :default image image2...
  • Page 383 Set TFTP Server IP............................. 10.27.65.103 TFTP Path...................................... images/ TFTP Filename.................................. dell_0308.stk Data Type...................................... Code Destination Filename........................... image Management access...
  • Page 384 Configuration Saved! 8 Reset the switch to boot the system with the new image. console#reload Are you sure you...
  • Page 385 console#copy tftp://10.27.65.103/labhost.scr script labhost.scr Mode........................................... TFTP Set TFTP Server IP............................. 10.27.65.103 TFTP Path...................................... ./ TFTP Filename.................................. labhost.scr Data Type.........................................
  • Page 386 ip host labpc2 192.168.3.58 ip host labpc3 192.168.3.59 Configuration script 'labhost.scr' applied. 6 Verify that the script was successfully...
  • Page 387 Data Type.............................. Code Management access will be blocked for the duration of the transfer Are you sure you want...
  • Page 388388 Managing Images and Files
  • Page 389: Automatically Updating the Image and Configuration 15 Automatically Updating the Image and Configuration The topics covered in this chapter include: • Auto Configuration Overview •...
  • Page 390 fails - either because it is disabled, no USB storage device is present, or no configuration or images files...
  • Page 391file. If no dellswitch.setup file is available, the switch checks for a file with a *.text configuration file and a...
  • Page 392 be using the same configuration file and/or image on the USB device. This method allows different IP addresses to...
  • Page 393The general format of the configuration file lines is as follows. The IP address and subnet mask are required. The...
  • Page 394 Obtaining IP Address Information DHCP is enabled by default on the Out-of-Band (OOB) interface on N3000 and N4000 switches....
  • Page 395Obtaining the Image Auto Configuration attempts to download an image file from a TFTP server only if no configuration file...
  • Page 396 The TFTP client makes three unicast requests. If the unicast attempts fail, or if the DHCP OFFER did not...
  • Page 397Table 15-1 summarizes the config files that may be downloaded and the order in which they are sought. Table 15-1....
  • Page 398 Monitoring and Completing the DHCP Auto Configuration Process When the switch boots and triggers an Auto Configuration, a message...
  • Page 399What Are the Dependencies for DHCP Auto Configuration? The Auto Configuration process from TFTP servers depends upon the following network...
  • Page 400 Default Auto Configuration Values Table 15-3 describes the Auto Configuration defaults. Table 15-3. Auto Configuration Defaults Feature Default Description...
  • Page 401Managing Auto Configuration (Web) This section provides information about the OpenManage Switch Administrator pages to use to manage images and...
  • Page 402 Managing Auto Configuration (CLI) This section provides information about the commands you manage the Auto-Install Configuration feature on the...
  • Page 403Auto Configuration Example A network administrator is deploying three Dell Networking switches and wants to quickly and automatically install the...
  • Page 404 4 Create a setup file named dellswitch.setup. The setup file contains the following lines: 001E.C9AA.AC17 switchA.txt N2000vR.5.4.1.stk 001E.C9AA.AC20 switchB.txt...
  • Page 405Enabling DHCP Auto Configuration and Auto Image Download If no USB device is connected to the USB port on the...
  • Page 406 Easy Image Upgrade via USB If a USB device is detected during bootup and there is an image on...
  • Page 407: Monitoring Switch Traffic 16 Monitoring Switch Traffic This chapter describes sFlow features, Remote Monitoring (RMON), and Port Mirroring features. The topics covered...
  • Page 408 monitored devices. sFlow datagrams forward sampled traffic statistics to the sFlow Collector for analysis. You can specify up to...
  • Page 409sFlow Sampling The sFlow Agent in the Dell Networking software uses two forms of sampling: • Statistical packet-based sampling of...
  • Page 410 Counter Sampling The primary objective of Counter Sampling is to efficiently, periodically export counters associated with Data Sources. A...
  • Page 411The RMON agent in the switch supports the following groups: • Group 1—Statistics. Contains cumulative traffic and error statistics. •...
  • Page 412 For each source port, you can specify whether to mirror ingress traffic (traffic the port receives, or RX), egress...
  • Page 413 disabling of spanning tree on a destination port means that administrators must only connect the destination port to directly...
  • Page 414 Default Traffic Monitoring Values The sFlow agent is enabled by default, but sampling and polling are disabled on all...
  • Page 415Figure 16-2. sFlow Agent Summary Monitoring Switch Traffic 415
  • Page 416 sFlow Receiver Configuration Use the sFlow Receiver Configuration page to configure settings for the sFlow receiver to which the...
  • Page 417sFlow Sampler Configuration Use the sFLow Sampler Configuration page to configure the sFlow sampling settings for switch ports. To display...
  • Page 418 sFlow Poll Configuration Use the sFLow Poll Configuration page to configure how often a port should collect counter samples....
  • Page 419Interface Statistics Use the Interface Statistics page to display statistics for both received and transmitted packets. The fields for both...
  • Page 420 Etherlike Statistics Use the Etherlike Statistics page to display interface statistics. To display the page, click Statistics/RMON → Table...
  • Page 421GVRP Statistics Use the GVRP Statistics page to display switch statistics for GVRP. To display the page, click Statistics/RMON →...
  • Page 422 EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. For...
  • Page 423Utilization Summary Use the Utilization Summary page to display interface utilization statistics. To display the page, click Statistics/RMON → Table...
  • Page 424 Counter Summary Use the Counter Summary page to display interface utilization statistics in numeric sums as opposed to percentages....
  • Page 425Switchport Statistics Use the Switchport Statistics page to display statistical summary information about switch traffic, address tables, and VLANs. To...
  • Page 426 RMON Statistics Use the RMON Statistics page to display details about switch use such as packet processing statistics and...
  • Page 427RMON History Control Statistics Use the RMON History Control page to maintain a history of statistics on each port. For...
  • Page 428 Figure 16-15. Add History Entry 3 Select the port or LAG on which you want to maintain a history...
  • Page 429RMON History Table Use the RMON History Table page to display interface-specific statistical network samplings. Each table entry represents all...
  • Page 430 RMON Event Control Use the RMON Events Control page to define RMON events. Events are used by RMON alarms...
  • Page 431Figure 16-18. Add an Event Entry 3 If the event sends an SNMP trap, specify the SNMP community to receive...
  • Page 432 RMON Event Log Use the RMON Event Log page to display a list of RMON events. To display the...
  • Page 433RMON Alarms Use the RMON Alarms page to set network alarms. Alarms occur when certain thresholds are crossed for the...
  • Page 434 Adding an Alarm Table Entry To add an alarm: 1. Open the RMON Alarms page. 2. Click Add. The...
  • Page 435Port Statistics Use the Port Statistics page to chart port-related statistics on a graph. To display the page, click Statistics/RMON...
  • Page 436 LAG Statistics Use the LAG Statistics page to chart LAG-related statistics on a graph. To display the page, click...
  • Page 437Port Mirroring Use the Port Mirroring page to create a mirroring session in which all traffic that is sent or...
  • Page 438 Figure 16-25. Add Source Port 5 Click Apply. 6 Repeat the previous steps to add additional source ports. 7...
  • Page 439Monitoring Switch Traffic (CLI) This section provides information about the commands you use to manage traffic monitoring features on the...
  • Page 440 Command Purpose sflow rcvr-index polling Enable a new sFlow poller instance on an interface range. if_type if_number poll- •...
  • Page 441Command Purpose sflow rcvr-index sampling Enable a new sflow sampler instance for the interface. sampling-rate [size] CTRL + Z Exit...
  • Page 442 Command Purpose rmon alarm number Add an alarm entry variable interval • number — The alarm index. (Range: 1–65535)...
  • Page 443Command Purpose rmon collection history Enable an RMON MIB history statistics group on the index [owner interface. ownername] [buckets NOTE:...
  • Page 444 Configuring Port Mirroring Use the following commands in Privileged EXEC mode to configure a port mirroring session. Command Purpose...
  • Page 445Configuring RSPAN RSPAN is an extension of port mirroring that operates across multiple switches. Use the following commands in Privileged...
  • Page 446 Command Purpose exit Exit to Privileged EXEC mode. Configuring RSPAN (Transit Switch) Command Purpose configure Enter Global Configuration mode....
  • Page 447Traffic Monitoring Configuration Examples This section contains the following examples: • Configuring sFlow • Configuring RMON • Configuring Remote Capture...
  • Page 448 Owner String...................... receiver1 Time out.......................... 99994 IP Address:....................... 192.168.30.34 Address Type...................... 1 Port.............................. 6343 Datagram Version.................. 5 Maximum Datagram...
  • Page 449Configuring RMON This example generates a trap and creates a log entry when the number of inbound packets are undeliverable...
  • Page 450 Configuring Remote Capture This example configures the switch to mirror packets transmitted and received by the switch CPU to...
  • Page 4515 On the Capture Options dialog, click Manage Interfaces. Monitoring Switch Traffic 451
  • Page 452 6 Add a new interface by giving the switch IP address and the default remote port (2002). First, select...
  • Page 4538 Click OK to accept the entry. 9 On the Add new interfaces dialog, click Apply and then click Close....
  • Page 454 10 From the Wireshark:Capture Options dialog, select the remote switch and click Start. Remote Capture Caveats Remote capture over...
  • Page 455Configuring RSPAN RSPAN supports the transport of mirrored packets across the network to a remote switch. Ports may be configured...
  • Page 456 4 Enable the monitor session: console(config)#monitor session 1 mode RSPAN cannot use the CPU as a mirror source. Instead,...
  • Page 457 console(config-if-Te1/0/1)#switchport mode trunk console(config-if-Te1/0/1)#switchport trunk allowed vlan 723 console(config-if-Te1/0/1)#exit 3 Configure a mirroring session with the remote VLAN 723...
  • Page 458458 Monitoring Switch Traffic
  • Page 459: Configuring iSCSI Optimization 17 Configuring iSCSI Optimization NOTE: This feature is not available on N2000 switches. This chapter describes how to configure...
  • Page 460 What Does iSCSI Optimization Do? In networks containing iSCSI initiators and targets, iSCSI Optimization helps to monitor iSCSI sessions...
  • Page 461On N4000 switches, when the iSCSI CoS mode is disabled, the DCBX iSCSI Application Priority TLV is not generated by...
  • Page 462 What Information Does the Switch Track in iSCSI Traffic Flows? Packets are examined to find the following data, which...
  • Page 463How Does iSCSI Optimization Interact With Dell EqualLogic Arrays? The iSCSI feature includes auto-provisioning support with the ability to detect...
  • Page 464 How Does iSCSI Optimization Interact with DCBx? NOTE: The DCBx feature is available on the N4000 switches only. The...
  • Page 465"Configuring iSCSI Optimization Between Servers and a Disk Array" on page 473. iSCSI CoS and Priority Flow Control/Enhanced Transmission Selection...
  • Page 466 Default iSCSI Optimization Values Table 17-1 shows the default values for the iSCSI optimization feature. Table 17-1. iSCSI Optimization...
  • Page 467Configuring iSCSI Optimization (Web) This section provides information about the OpenManage Switch Administrator pages to use to the iSCSI features...
  • Page 468 iSCSI Targets Table Use the Targets Table page to view and configure iSCSI targets on the switch. To access...
  • Page 469iSCSI Sessions Table Use the Sessions Table page to view summary information about the iSCSI sessions that the switch has...
  • Page 470 iSCSI Sessions Detailed Use the Sessions Detailed page to view detailed information about an iSCSI sessions that the switch...
  • Page 471Configuring iSCSI Optimization (CLI) This section provides information about the commands you use to configure iSCSI settings on the switch....
  • Page 472 Command Purpose iscsi cos {enable | disable | Optionally set the quality of service profile that will vtp vtp...
  • Page 473iSCSI Optimization Configuration Examples iSCSI optimization is enabled by default with the appropriate settings to operate properly is almost all...
  • Page 474 The following commands show how to configure the iSCSI example depicted in Figure 17-6. Remember that iSCSI optimization is...
  • Page 475 console(config-if)#switchport mode trunk 4 Configure the DCBx port role as auto-downstream. This step automatically enables PFC and ETS on...
  • Page 476 5 Enter Interface Configuration mode for CNA connected ports 1-4 and array connected ports 16-17. console(config)#interface range te1/0/1-4,te1/0/16-17 6...
  • Page 477: Configuring Port Characteristics 18 Configuring Port Characteristics This chapter describes how to configure physical switch port characteristics, including settings such as administrative...
  • Page 478 Table 18-1. Port Characteristics Feature Description Auto negotiation Enables a port to advertise its transmission rate, duplex mode and...
  • Page 479Table 18-2. Port Characteristics (Continued) Feature Description Auto negotiation Enables a port to advertise its transmission rate, duplex mode and...
  • Page 480 You can create a maximum of 72 dependency groups16 groups. The ports participating in the Link Dependency can be...
  • Page 481What Interface Types are Supported? The physical ports on the switch include the out-of-band (OOB) interface (N3000 and N4000 only)...
  • Page 482 To enter Interface Configuration mode for a physical switch port, the following information is required: • Type — For...
  • Page 483For many features, you can configure a range of interfaces. When you enter Interface Configuration mode for multiple interfaces, the...
  • Page 484 NOTE: Cable diagnostics may give misleading results if green mode is enabled on the port. Disable green mode prior...
  • Page 485Default Port Values Table 18-3Table 18-4 lists the default values for the port characteristics that this chapter describes. Table 18-3....
  • Page 486 Configuring Port Characteristics (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring port...
  • Page 487Configuring Multiple Ports To configure port settings on multiple ports: 1 Open the Port Configuration page. 2 Click Show All...
  • Page 488 Figure 18-3. Copy Port Settings 8 Click Apply. 488 Configuring Port Characteristics
  • Page 489Link Dependency Configuration Use the Link Dependency Configuration page to create link dependency groups. You can create a maximum of...
  • Page 490 In the following example, Group 1 is configured so that Port 3 is dependent on Port 4. Figure 18-5....
  • Page 491Link Dependency Summary Use the Link Dependency Summary page to view all link dependencies on the system and to access...
  • Page 492 Port Green Ethernet Configuration Use the Green Ethernet Configuration page to enable or disable energy- saving modes on each...
  • Page 493Port Green Ethernet Statistics Use the Green Ethernet Statistics page to view information about per-port energy savings. To display the...
  • Page 494 To view a summary of energy savings for the switch and all ports, click Summary. Figure 18-9. Green Ethernet...
  • Page 495Port Green Ethernet LPI History Use the Green Ethernet LPI History page to view data about the amount of time...
  • Page 496 Configuring Port Characteristics (CLI) This section provides information about the commands you use to configure port characteristics. For more...
  • Page 497Command Purpose speed {10 Configure the speed of a given Ethernet interface or allow |100|1000|10000 | auto the interface to...
  • Page 498 Command Purpose link-dependency group Enter the link-dependency mode to configure a link- group_id dependency group. add interface Add member...
  • Page 499Command Purpose interface interface Enter interface configuration mode for the specified interface. The interface variable includes the interface type and...
  • Page 500 Port Configuration Examples This section contains the following examples: • Configuring Port Settings • Configuring a Link Dependency Groups...
  • Page 501Configuring a Link Dependency Groups The commands in this example create two link dependency groups. Group 1 has port 3...
  • Page 502502 Configuring Port Characteristics
  • Page 503: Configuring Port and System Security 19 Configuring Port and System Security This chapter describes how to configure port-based and system security features, which control...
  • Page 504 IEEE 802.1X What is IEEE 802.1X? The IEEE 802.1X standard provides a means of preventing unauthorized access by supplicants...
  • Page 505authentication server (a RADIUS server). The result of the authentication process determines whether the supplicant is authorized to access services...
  • Page 506 What is MAC-Based 802.1X Authentication? MAC-based authentication allows multiple supplicants connected to the same port to each authenticate individually....
  • Page 507 NOTE: MAB initiates only after the dot1x guest VLAN period times out. If the client responds to any of...
  • Page 508 • Tunnel-Medium-Type=802 • Tunnel-Private-Group-ID=VLANID VLANID is 12-bits and has a value between 1 and 4093. Dynamic VLAN Creation If...
  • Page 509authentication server. If the credentials are verified, the authentication server informs the switch to unblock the switch port and allows...
  • Page 510 Table 19-1. IEEE 802.1X Monitor Mode Behavior (Continued) Case Sub-case Regular Dot1x Dot1x Monitor Mode Invalid Filter-id Port State:...
  • Page 511Table 19-1. IEEE 802.1X Monitor Mode Behavior (Continued) Case Sub-case Regular Dot1x Dot1x Monitor Mode Port/Client Delete Guest Port State:...
  • Page 512 Table 19-2. Default Port-Based Security Values Feature Description Global 802.1X status Disabled 802.1X authentication method none Per-port 802.1X status...
  • Page 513series switches. For details about the fields on a page, click at the top of the page. Dot1x Authentication Use...
  • Page 514 2 Click Show All to display the Dot1x Authentication Table page. 3 In the Ports list, select the check...
  • Page 515 5 To re-authenticate immediately, check Reauthenticate Now for all ports to be re-authenticated. 6 Click Apply. The authentication process is...
  • Page 516 Figure 19-4. Network Security Authenticated Users Port Access Control Configuration Use the Port Access Control Configuration page to globally...
  • Page 517Port Access Control History Log Summary Use the Port Access Control History Log Summary page to view log messages about...
  • Page 518 Figure 19-7. Internal Authentication Server Users Configuration NOTE: If no users exist in the IAS database, the IAS Users...
  • Page 519 2 From the User menu, select the user to remove, select the user to remove. 3 Select the Remove check...
  • Page 520 Configuring IEEE 802.1X (CLI) This section provides information about commands you use to configure 802.1X and Port Security settings....
  • Page 521Command Purpose dot1x port-control Specify the 802.1X mode for the port. {force-authorized | NOTE: For standard 802.1X implementations in which...
  • Page 522 NOTE: To enable 802.1X Monitor Mode to help troubleshoot authentication issues, use the dot1x system-auth-control monitor command in Global...
  • Page 523Command Purpose dot1x timeout supp- Set the time that the switch waits for a response before timeout seconds retransmitting an...
  • Page 524 Command Purpose dot1x dynamic-vlan If the RADIUS assigned VLAN does not exist on the enable switch, allow the switch...
  • Page 525Configuring Internal Authentication Server Users Beginning in Privileged EXEC mode, use the following commands to add users to the IAS...
  • Page 526 The switch uses an authentication server with an IP address of 10.10.10.10 to authenticate clients. Port 7 is connected...
  • Page 527Figure 19-10. 802.1X Example Physically Unsecured Devices Physically Secured Devices Clients Authentication Server (Ports 1 and 3) (RADIUS) Dell Networking...
  • Page 528 console(config-if)#dot1x port-control force- authorized console(config-if)#exit 4 Configure Port 7 to require MAC-based authentication with MAB. console(config)#interface gi1/0/7 console(config-if-Gi1/0/7)#dot1x port-control...
  • Page 529 Filter Id...................................... VLAN Assigned.................................. 1 (Default) Interface...................................... Gi1/0/3 User Name...................................... dflint Supp MAC Address............................... 0004.5A55.EFAD Session Time................................... 826 Filter...
  • Page 530 10 View 802.1X information about Port 8. console#show dot1x interface Gi1/0/8 Administrative Mode............... Enabled Dynamic VLAN Creation Mode........ Enabled...
  • Page 531 NOTE: Dynamic VLAN creation applies only to authorized ports. The VLANs for unauthorized and guest users must be configured...
  • Page 532 To configure the switch: 1 Create the VLANs and configure the VLAN names. console(config)#vlan 100 console(config-vlan100)#name Authorized console(config-vlan100)#exit console(config)#vlan...
  • Page 533 8 Enable periodic reauthentication of the client on the ports and set the number of seconds to wait between reauthentication...
  • Page 534 Allowing Dynamic VLAN Creation of RADIUS-Assigned VLANs The network in this example uses a RADIUS server to provide VLAN...
  • Page 535 5 Allow the switch to dynamically create VLANs when a RADIUS-assigned VLAN does not exist on the switch. console(config)#dot1x dynamic-vlan...
  • Page 536 • The RADIUS or 802.1X server must specify the policy to assign. For example, if the DiffServ policy to...
  • Page 537To configure the switch: 1 Configure the DiffServ traffic class that matches SSH traffic. console#configure console(config)#class-map match-all cl-ssh console(config-classmap)#match srcl4port...
  • Page 538 console(config)#aaa authentication dot1x default radius 8 Enter Interface Configuration mode for ports 1–23 and enable MAC- based authentication. console(config)#interface...
  • Page 539Port Security (Port-MAC Locking) The Port Security feature allows you to limit the number of source MAC addresses that can...
  • Page 540 Port Security Use the Port Security page to enable MAC locking on a per-port basis. When a port is...
  • Page 541Figure 19-12. Configure Port Security Settings 5 Click Apply. Configuring Port and System Security 541
  • Page 542 Configuring Port Security (CLI) Beginning in Privileged EXEC mode, use the following commands to enable port security on an...
  • Page 543Captive Portal This section describes how to configure the Captive Portal feature. The topics covered in this section include: •...
  • Page 544 Figure 19-13. Connecting to the Captive Portal Switch with Captive Portal RADIUS Server (Optional) Captive Portal User (Host) Default...
  • Page 545You can configure the switch to send SNMP trap messages to any enabled SNMP Trap Receivers for several Captive Portal...
  • Page 546 Figure 19-14. Customized Captive Portal Welcome Screen How Does Captive Portal Work? When a port is enabled for Captive...
  • Page 547 • Logout Page — If the user logout mode is enabled, this page displays in a pop-up window after the...
  • Page 548 Default Captive Portal Behavior and Settings Captive Portal is disabled by default. If you enable Captive Portal, no interfaces...
  • Page 549Table 19-4. Default Captive Portal Values Feature Value Authentication Timeout 300 seconds Configured Captive Portals 1 Captive Portal Name Default...
  • Page 550 Configuring the Captive Portal (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring...
  • Page 551To display the Captive Portal Configuration page, click System → Captive Portal → Configuration. Figure 19-17. Captive Portal Configuration From...
  • Page 552 From the Captive Portal Configuration page, click Summary to view summary information about the Captive Portal instances configured on...
  • Page 553Figure 19-20. Captive Portal Download Image Page 3 Make sure Download is selected in the Available Images menu, and click...
  • Page 554 Figure 19-21. Captive Portal Authentication Page 7 Select the branding image to use and customize other page components such...
  • Page 555 9 Click the Logout Page link to configure the page that contains the logout window. NOTE: You can configure...
  • Page 556 13 Customize the look and feel of the Logout Page, such as the background image and successful logout message....
  • Page 557Figure 19-24. Local User Configuration From the Local User page, click Add to add a new user to the local...
  • Page 558 From the Local User page, click Show All to view summary information about the local users configured in the...
  • Page 559Table 19-5. Captive Portal User RADIUS Attributes Attribute Number Description Range Usage Default Session-Timeout 27 Logout once Integer Optional 0...
  • Page 560 Figure 19-27. User Group From the User Group page, click Add to configure a new user group. Figure 19-28....
  • Page 561To delete a configured group, select the Remove check box associated with the group and click Apply. Interface Association From...
  • Page 562 Captive Portal Global Status The Captive Portal Global Status page contains a variety of information about the Captive Portal...
  • Page 563Figure 19-32. Captive Portal Activation and Activity Status NOTE: Use the Block and Unblock buttons to control the blocked status....
  • Page 564 Figure 19-33. Interface Activation Status Interface Capability Status The Interface Capability Status page contains information about interfaces that can...
  • Page 565Client Summary Use the Client Summary page to view summary information about all authenticated clients that are connected through the...
  • Page 566 Figure 19-36. Client Detail Captive Portal Interface Client Status Use the Interface Client Status page to view clients that...
  • Page 567Figure 19-38. Captive Portal - Client Status Configuring Port and System Security 567
  • Page 568 Configuring Captive Portal (CLI) This section provides information about the commands you use to create and configure Captive Portal...
  • Page 569Command Purpose CTRL + Z Exit to Privileged EXEC mode. show captive-portal View the Captive Portal administrative and operational [status]...
  • Page 570 Command Purpose user-logout (Optional) Enable user logout mode to allow an authenticated client to deauthenticate from the network. If...
  • Page 571Command Purpose block (Optional) Block all traffic for a Captive Portal configuration. If the Captive Portal is blocked, users cannot...
  • Page 572 Command Purpose user group group-id Configure a group. Each Captive Portal that requires [name name] authentication has a group...
  • Page 573Command Purpose clear captive portal users (Optional) Delete all captive portal user entries from the local database. Managing Captive Portal...
  • Page 574 Captive Portal Configuration Example The manager of a resort and conference center needs to provide wired Internet access to...
  • Page 575 4. Configure the Captive Portal settings for each Captive Portal, such as the verification mode. 5. Associate interfaces with the...
  • Page 576 console(config)#captive-portal console(config-CP)#user group 2 name Conference console(config-CP)#user group 3 name Employee console(config-CP)#exit 3. Configure the Guest Captive Portal. console(config)#captive-portal...
  • Page 5776. Use the web interface to customize the Captive Portal pages that are presented to users when they attempt to...
  • Page 578 Authentication Manager Overview The Authentication Manager supports the hierarchical configuration of host authentication methods on an interface. Dell switches...
  • Page 579When a client is connected to a port, the switch tries to authenticate the user/client using the methods in configuration...
  • Page 580 Authentication priority allows a higher-priority method (not currently running) to interrupt an authentication in progress with a lower-priority method....
  • Page 581console(config-if-Te1/0/4)#dot1x reauthentication console(config-if-Te1/0/4)#dot1x port-control mac-based console(config-if-Te1/0/4)#dot1x mac-auth-bypass console(config-if-Te1/0/4)#exit Configuring Port and System Security 581
  • Page 582 Denial of Service Denial of Service (DoS) refers to the exploitation of a variety of vulnerabilities which would interrupt...
  • Page 583: Configuring Access Control Lists 20 Configuring Access Control Lists This chapter describes how to configure Access Control Lists (ACLs), including IPv4, IPv6, and...
  • Page 584 Depending on whether an ingress or egress ACL is applied to a port, when the traffic enters (ingress) or...
  • Page 585MAC access list actions include CoS queue assignment, mirroring, redirection to another port, and logging, as well as the usual...
  • Page 586 delivered to the mirror interface while the packet itself is forwarded normally through the device. You cannot configure a...
  • Page 587A named time range can contain up to 10 configured time ranges. Only one absolute time range can be configured...
  • Page 588 on less than 32 bits will be expanded internally to match on 32 bits with a variable mask. This...
  • Page 589Table 20-1. ACL Software Limits Limitation N2000 N3000 N4000 Maximum Number of ACLs (any 100 100 100 type) Maximum Number...
  • Page 590 • The order of the rules is important: when a packet matches multiple rules, the first rule takes precedence....
  • Page 591ACL Configuration Details How Are ACLs Configured? To configure ACLs, follow these steps: 1 Create a MAC ACL by specifying...
  • Page 592 In general, any rule that specifies matching on an upper-layer protocol field should also include matching constraints for as...
  • Page 593Table 20-3. Common IP Protocol Numbers (Continued) IP Protocol Number Protocol 0x08 EGP 0x09 IGP 0x11 UDP Using IP and...
  • Page 594 Policy Based Routing Overview In contemporary inter-networks, network administrators often need to implement packet routing according to specific organizational...
  • Page 595based routing. If the network administrator instead wants to drop a packet that does not match the specified criteria, a...
  • Page 596 • List of default next hop IP addresses — The set ip default next-hop command checks the list of...
  • Page 597Resource-Sharing Between ACLs and PBR ACLs associated with a route-map and general ACLs share the same hardware resources. If PBR...
  • Page 598 interface. Changes to an existing route-map associated with an interface (or to the associated ACLs) do not take effect...
  • Page 599Configuring ACLs (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring ACLs on a...
  • Page 600 Figure 20-2. Add IP ACL 4 Click Apply. Removing IPv4 ACLs To delete an IPv4 ACL: 1 From the...
  • Page 601IP ACL Rule Configuration Use the IP ACL Rule Configuration page to define rules for IP-based ACLs. The access list...
  • Page 602 Figure 20-4. IP ACL - Rule Configuration Removing an IP ACL Rule To delete an IP ACL rule: 1...
  • Page 603MAC ACL Configuration Use the MAC ACL Configuration page to define a MAC-based ACL. To display the MAC ACL Configuration...
  • Page 604 Renaming or Removing MAC ACLs To rename or delete a MAC ACL: 1 From the MAC ACL Name menu...
  • Page 605MAC ACL Rule Configuration Use the MAC ACL Rule Configuration page to define rules for MAC-based ACLs. The access list...
  • Page 606 IPv6 ACL Configuration Use the IPv6 ACL Configuration page to add or remove IP-based ACLs. To display the IP...
  • Page 607Removing IPv6 ACLs To delete an IPv6 ACL: 1 From the IPv6 ACL Name menu on the IPv6 ACL Configuration...
  • Page 608 Figure 20-10. IPv6 ACL - Rule Configuration Removing an IPv6 ACL Rule To delete an IPv6 ACL rule: 1...
  • Page 609ACL Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied...
  • Page 610 Time Range Entry Configuration Use the Time Range Entry Configuration page to define time ranges to associate with ACL...
  • Page 611Figure 20-13. Add a Time Range 3 Click Apply. 4 Click Configuration to return to the Time Range Entry Configuration...
  • Page 612 Configuring ACLs (CLI) This section provides information about the commands you use to create and configure ACLs. For more...
  • Page 613Command Purpose {deny | permit} {every | Enter the permit and deny conditions for the extended {{ipv4-protocol | 0-255 ACL....
  • Page 614 Command Purpose continued – When “eq” is specified, IP ACL rule matches only if the layer 4 port number...
  • Page 615Command Purpose continued • flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | - psh] [+ack |...
  • Page 616 Command Purpose continued • igmp-type igmp-type—When igmp-type is specified, IP ACL rule matches on the specified IGMP message type...
  • Page 617Command Purpose interface interface (Optional) Enter interface configuration mode for the specified interface. The interface variable includes the interface type...
  • Page 618 Configuring a MAC ACL Beginning in Privileged EXEC mode, use the following commands to create an MAC ACL, configure...
  • Page 619Command Purpose continued – When “gt” is specified, IPv6 ACL rule matches if the layer 4 destination port number is...
  • Page 620 Command Purpose continued – This option is visible only if the protocol is tcp. – Ack – Acknowledgement bit...
  • Page 621Command Purpose continued • routing—Specifies that IP ACL rule matches on routed packets. Routed packets contain an IPv6 “routing” extension...
  • Page 622 Command Purpose mac access-group name Bind the specified MAC ACL to an interface. direction seqnum NOTE: To apply this...
  • Page 623Configuring an IPv6 ACL Beginning in Privileged EXEC mode, use the following commands to create an IPv6 ACL, configure rules...
  • Page 624 Command Purpose {deny | permit} {ipv6- • {deny | permit}–Specifies whether the IP ACL rule protocol | number |...
  • Page 625Command Purpose (Continued) • destination ipv6 prefix — IPv6 prefix in IPv6 global address format. • flow label value —...
  • Page 626 Command Purpose CTRL + Z Exit to Privileged EXEC mode. show ipv6 access-lists Display all IPv6 access lists and...
  • Page 627Command Purpose periodic {days-of-the- Configure a recurring time entry for the named time week time} to {[days-of- range. the-week ]...
  • Page 628 ACL Configuration Examples This section contains the following examples: • "Basic Rules" on page 628 • "Internal System ACLs"...
  • Page 629 permit ip 10.0.46.0 0.0.1.255 any • Inbound rule allowing access TO hosts with IP addresses ranging from 10.0.48.0 to...
  • Page 630 ip access-list Allow-10-1-1-x permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255 permit icmp 10.1.1.0 0.0.0.255 any permit ip 0.0.0.0 255.255.255.255 any...
  • Page 631following list has corrected rules that allow Telnet and UDP packets only and rely on the implicit "deny all" after...
  • Page 632 ! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23 permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet !...
  • Page 633Multiple access lists can be configured on an interface. The processing order is determined by the last parameter on the...
  • Page 634 5 Create an ACL named web-limit that denies HTTP traffic during the work-hours time range. console(config)#ip access-list web-limit console(config-ip-acl)#deny...
  • Page 635interface range gi1/0/24-48 ip access-list deny-ftp in exit Allow FTP Traffic Only to an FTP Server This ACL limits traffic...
  • Page 636 ip access-list no-ping deny icmp any any icmp-message echo deny icmp any any icmp-message echo-reply permit every exit interface...
  • Page 637periodic weekdays 07:30 to 18:00 exit ip access-list redirect-traffic permit ip any 172.16.1.0 255.255.255.0 redirect te1/0/1 time-range work-hours permit every...
  • Page 638 interface te1/0/1 ip access-group rate-limit-www in exit Rate Limit In-Band Management Traffic The following is an example of rate...
  • Page 639A Consolidated DoS Example This example includes some ACL rules to consider to reduce DoS attacks on the switch. It...
  • Page 640 ! Further limit inbound traffic on in-band management ports. ! Allow only VLAN 99 SSH and TFTP, no telnet,...
  • Page 641Route-Map with Scheduled Redirection of RFC 1918 Addresses to a Different Next- Hop time-range work-hours periodic weekdays 07:30 to 18:00...
  • Page 642 Figure 20-14. Policy Based Routing on VLAN Interfaces Example Layer 3 Switch Physical Port 1/0/2 VLAN Interface 10 L2...
  • Page 643interface gi 1/0/24 switchport mode trunk switchport trunk native vlan 40 switchport trunk allowed vlan remove 1 Enable Routing on...
  • Page 644 PBR is to route non-matching traffic or traffic which is addressed to a non- connected interface normally. 2 Create...
  • Page 645: Configuring VLANs 21 Configuring VLANs This chapter describes how to configure VLANs, including port-based VLANs, protocol-based VLANs, double-tagged VLANs, subnet-based VLANs,...
  • Page 646 priority over other traffic, such as data. Administrators also use VLANs to protect network resources. Traffic sent by authenticated...
  • Page 647Figure 21-1. Simple VLAN Topology Router Engineering VLAN 100 Switch Payroll VLAN 300 Tech Pubs VLAN 200 In this example,...
  • Page 648 Table 21-1 provides an overview of the types of VLANs you can use to logically divide the network. Table...
  • Page 649 trunk port are forwarded on the native VLAN. Packets received on another interface belonging to the native VLAN are...
  • Page 650 Tagging may be required when a single port supports multiple devices that are members of different VLANs. For example,...
  • Page 651Double-VLAN Tagging For trunk ports, which are ports that connect one switch to another switch, the Dell Networking series switches...
  • Page 652 Figure 21-2. Double VLAN Tagging Network Example Voice VLAN The Voice VLAN feature enables switch ports to carry voice...
  • Page 653Identifying Voice Traffic Some VoIP phones contain full support for IEEE 802.1X. When these phones are connected to a port...
  • Page 654 default PVID of the port, and the voice traffic is received tagged with the predefined VLAN. As a result,...
  • Page 655 • Isolated VLAN—A secondary VLAN. It carries traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be...
  • Page 656 Figure 21-3 shows an example Private VLAN scenario, in which five hosts (H- A through H-E) are connected to...
  • Page 657Isolated Ports An endpoint connected to an isolated port is allowed to communicate with endpoints connected to promiscuous ports only....
  • Page 658 Table 21-3. Forwarding Rules for Traffic in Primary VLAN To From promiscuous community 1 community 2 isolated stack (trunk)...
  • Page 659Limitations and Recommendations • Only a single isolated VLAN can be associated with a primary VLAN. Multiple community VLANs can...
  • Page 660 • It is recommended that the private VLAN IDs be removed from the trunk ports connected to devices that...
  • Page 661Default VLAN Behavior One VLAN is configured on the Dell Networking series switches by default. The VLAN ID is 1,...
  • Page 662 Table 21-7 shows the default values or maximum values for VLAN features. Table 21-7. Additional VLAN Default and Maximum...
  • Page 663Configuring VLANs (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring VLANs on a...
  • Page 664 Table 21-8. VLAN Port Membership Definitions Port Control Definition Blank Blank: the interface is not a VLAN member. Packets...
  • Page 665Figure 21-5. Add VLAN 4 Click Apply. Configuring Ports as VLAN Members To add member ports to a VLAN: 1...
  • Page 666 Figure 21-6. Add Ports to VLAN 4 Click Apply. 5 Verify that the ports have been added to the...
  • Page 667 In Figure 21-7, the presence of the letter U in the Current row indicates that the port is an...
  • Page 668 VLAN Port Settings Use the VLAN Port Settings page to add ports to an existing VLAN and to configure...
  • Page 669Figure 21-9. VLAN Settings for All Ports VLAN LAG Settings Use the VLAN LAG Settings page to map a LAG...
  • Page 670 From the LAG Settings page, click Show All to see the current VLAN settings for all LAGs. You can...
  • Page 671Bind MAC to VLAN Use the Bind MAC to VLAN page to map a MAC address to a VLAN. After...
  • Page 672 Bind IP Subnet to VLAN Use the Bind IP Subnet to VLAN page to assign an IP Subnet to...
  • Page 673GVRP Parameters Use the GVRP Parameters page to enable GVRP globally and configure the port settings. To display the GVRP...
  • Page 674 Figure 21-17. GVRP Port Parameters Table 674 Configuring VLANs
  • Page 675Protocol Group Use the Protocol Group page to configure which EtherTypes go to which VLANs, and then enable certain ports...
  • Page 676 Adding a Protocol Group To add a protocol group: 1 Open the Protocol Group page. 2 Click Add to...
  • Page 677Figure 21-20. Configure Protocol Group 8 Click Apply. 9 Click Show All to see the protocol-based VLANs and their members....
  • Page 678 Double VLAN Global Configuration Use the Double VLAN Global Configuration page to specify the value of the EtherType field...
  • Page 679Double VLAN Interface Configuration Use the Double VLAN Interface Configuration page to specify the value of the EtherType field in...
  • Page 680 Figure 21-24. Double VLAN Port Parameter Table 680 Configuring VLANs
  • Page 681Voice VLAN Use the Voice VLAN Configuration page to configure and view voice VLAN settings that apply to the entire...
  • Page 682 Configuring VLANs (CLI) This section provides information about the commands you use to create and configure VLANs. For more...
  • Page 683packets. Untagged packets are treated as belonging to the access VLAN. Packets received with a VLAN ID other than the...
  • Page 684 automatically configured as a member of all VLANs. You can remove them from membership in specific VLANs. By default,...
  • Page 685Command Purpose switchport trunk Set the list of allowed VLANs that can receive and send {allowed vlan vlan- traffic on...
  • Page 686 Configuring a Port in General Mode Beginning in Privileged EXEC mode, use the following commands to configure an interface...
  • Page 687Command Purpose switchport general pvid (Optional) Set the port VLAN ID. Untagged traffic that vlan-id enters the switch through this...
  • Page 688 Configuring VLAN Settings for a LAG The VLAN mode and memberships settings you configure for a port are also...
  • Page 689Configuring Double VLAN Tagging Beginning in Privileged EXEC mode, use the following commands to configure an interface to send and...
  • Page 690 Command Purpose dvlan-tunnel ethertype Configure the EtherType to use for uplink or access {802.1Q | vman | interfaces. custom...
  • Page 691Configuring MAC-Based VLANs Beginning in Privileged EXEC mode, use the following commands to associate a MAC address with a configured...
  • Page 692 Configuring IP-Based VLANs Beginning in Privileged EXEC mode, use the following commands to associate an IP subnet with a...
  • Page 693Configuring a Protocol-Based VLAN Beginning in Privileged EXEC mode, use the following commands to create and name a protocol group,...
  • Page 694 Command Purpose protocol vlan group all (Optional) Add all physical interfaces to the protocol- groupid based group identified by...
  • Page 695Configuring GVRP Beginning in Privileged EXEC mode, use the following commands to enable GVRP on the switch and on an...
  • Page 696 Command Purpose vlan makestatic vlan-id (Optional) Change a dynamically created VLAN (one that is created by GVRP registration) to...
  • Page 697Configuring Voice VLANs Beginning in Privileged EXEC mode, use the following commands to enable the Voice VLAN feature on the...
  • Page 698 VLAN Configuration Examples This section contains the following examples: • Configuring VLANs Using Dell OpenManage Administrator • Configuring VLANs...
  • Page 699Figure 21-26 shows the network topology for this example. As the figure shows, there are two switches, two file servers,...
  • Page 700 Table 21-10 shows the port assignments on the switches. Table 21-10. Switch Port Connections Port/LAG Function Switch 1 1...
  • Page 701Configuring VLANs Using Dell OpenManage Administrator This example shows how to perform the configuration by using the web- based interface....
  • Page 702 Figure 21-28. VLAN Membership - VLAN 200 3 Click Apply. 4 Assign ports 2–15 and LAG1 to the Payroll...
  • Page 703Figure 21-29. LAG Settings 6 Configure port 1 as a trunk port. a From the Switching → VLAN → Port...
  • Page 704 Figure 21-31. Trunk Port Configuration 8 Configure the MAC-based VLAN information. a Go to the Switching → VLAN →...
  • Page 705Configure the VLANs and Ports on Switch 2 Use the following steps to configure the VLANs and ports on Switch...
  • Page 706 Configuring VLANs Using the CLI This example shows how to perform the same configuration by using CLI commands. Configure...
  • Page 7074. Assign LAG1 to the Payroll VLAN and specify that frames will always be transmitted tagged with a VLAN ID...
  • Page 708 8. View the VLAN settings. console#show vlan VLAN Name Ports Type Authorization ----- --------- ------------ --------- ------------- 1 Default...
  • Page 709Configure the VLANs and Ports on Switch 2 Use the following steps to configure the VLANs and ports on Switch...
  • Page 710 Configuring a Voice VLAN The commands in this example create a VLAN for voice traffic with a VLAN ID...
  • Page 711 6 Disable authentication for the voice VLAN on the port. This step is required only if the voice phone does...
  • Page 712 switch(config-vlan-100)# private-vlan association 101-102 switch(config-vlan-100)# exit This completes the configuration of the private VLAN. The only remaining step is...
  • Page 713103 isolated console#show vlan private-vlan Primary VLAN Secondary VLAN Community ------------ -------------- ------------------- 100 102 101 console(config)#show vlan VLAN Name...
  • Page 714714 Configuring VLANs
  • Page 715: Configuring the Spanning Tree Protocol 22 Configuring the Spanning Tree Protocol This chapter describes how to configure the Spanning Tree Protocol (STP) settings on...
  • Page 716 transitioning of the port to Forwarding). The difference between the RSTP and the traditional STP (IEEE 802.1d) is the...
  • Page 717How Does MSTP Operate in the Network? In the following diagram of a small 802.1d bridged network, STP is necessary...
  • Page 718 Figure 22-2 shows the logical single STP network topology. Figure 22-2. Single STP Topology For VLAN 10 this single...
  • Page 719The logical representation of the MSTP environment for these three switches is shown in Figure 22-3. Figure 22-3. Logical MSTP...
  • Page 720 In order for MSTP to correctly establish the different MSTIs as above, some additional changes are required. For example,...
  • Page 721MSTP with Multiple Forwarding Paths Consider the physical topology shown in Figure 22-4. It might be assumed that MSTI 2...
  • Page 722 What are the Optional STP Features? The Dell Networking series switches support the following optional STP features: • BPDU...
  • Page 723Root Guard Root guard is another way of controlling the spanning-tree topology other than setting the bridge priority or path...
  • Page 724 NOTE: Loop Guard should be configured only on non-designated ports. These include ports in alternate or backup roles. Root...
  • Page 725The switch spanning tree configuration is global in nature. Enabling RSTP- PV disables other spanning tree modes on the switch....
  • Page 726 To accelerate convergence time once DRC has switched over to a new root port, STP-PV transmits dummy packets out...
  • Page 727IndirectLink Rapid Convergence Feature To handle indirect link failure, the STP standard requires that a switch passively wait for “max_age”...
  • Page 728 on ports that should have a path to the root. The port where the switch received the inferior BPDU...
  • Page 729Interoperability Between STP-PV and RSTP-PV Modes STP-PV is derived from 802.1D and RSTP-PV is derived from 802.1w. The fallback mechanism...
  • Page 730 RSTP-PV region and the MSTP region, the RSTP-PV switch sends VLAN1 BPDUs in IEEE standard format, so they can...
  • Page 731Figure 22-7. RSTP-PV and RSTP Interoperability Root for VLAN2 and 3 1/0/1 1/0/1 SW1 SW2 1/0/2 1/0/1 1/0/3 1/0/4 VLAN1...
  • Page 732 The VLAN 1 STP instance of SW1 and SW2 are joined with the STP instance running in SW3. VLANs...
  • Page 733 • The MSTP domain contains the root bridge for ALL VLANs. This implies that the CIST Root Bridge ID is...
  • Page 734 • The alternative is that the RSTP-PV domain contains the root bridges for ALL VLANs. This is only true...
  • Page 735Default STP Values Spanning tree is globally enabled on the switch and on all ports and LAGs. Table 22-1 summarizes...
  • Page 736 Configuring Spanning Tree (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring STP...
  • Page 737Figure 22-9. Spanning Tree Global Settings Configuring the Spanning Tree Protocol 737
  • Page 738 STP Port Settings Use the STP Port Settings page to assign STP properties to individual ports. To display the...
  • Page 739Configuring STP Settings for Multiple Ports To configure STP settings for multiple ports: 1 Open the STP Port Settings page....
  • Page 740 STP LAG Settings Use the STP LAG Settings page to assign STP aggregating ports parameters. To display the STP...
  • Page 741Figure 22-13. Configure STP LAG Settings 3 For each LAG to configure, select the check box in the Edit column...
  • Page 742 To view RSTP Settings for all interfaces, click the Show All link. The Rapid Spanning Tree Table displays. Figure...
  • Page 743MSTP Settings The Multiple Spanning Tree Protocol (MSTP) supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over...
  • Page 744 Viewing and Modifying the Instance ID for Multiple VLANs To configure MSTP settings for multiple VLANS: 1 Open the...
  • Page 745MSTP Interface Settings Use the MSTP Interface Settings page to assign MSTP settings to specific interfaces. To display the MSTP...
  • Page 746 Configuring Spanning Tree (CLI) This section provides information about the commands you use to configure STP settings on the...
  • Page 747Command Purpose show spanning-tree View information about spanning tree and the spanning [detail] [active | tree configuration on the switch....
  • Page 748 Command Purpose spanning-tree tcnguard Prevent the port from propagating topology change notifications. CTRL + Z Exit to Privileged EXEC...
  • Page 749Configuring MSTP Switch Settings Beginning in Privileged EXEC mode, use the following commands to configure MSTP settings for the switch....
  • Page 750 Configuring MSTP Interface Settings Beginning in Privileged EXEC mode, use the following commands to configure MSTP settings for the...
  • Page 751STP Configuration Examples This section contains the following examples: • STP Configuration Example • MSTP Configuration Example • RSTP-PV Access...
  • Page 752 Figure 22-19. STP Example Network Diagram Of the four switches in Figure 22-19, the administrator decides that Switch A...
  • Page 753The administrator also configures Port Fast BPDU filtering and Loop Guard to extend STP’s capability to prevent network loops. For...
  • Page 754 Figure 22-20. MSTP Configuration Example To make multiple switches be part of the same MSTP region, make sure the...
  • Page 755 console(config-mst)#instance 10 add vlan 10 4 Create MST instances 20 and associate it to VLAN 20. console(config-mst)#instance 20 add...
  • Page 756 RSTP-PV Access Switch Configuration Example In this configuration, all 1G ports are presumed to be connected to host machines,...
  • Page 757console(config-if)#exit console(config)#interface range gi1/0/1-12 console(config-if)#switchport access vlan 3 console(config-if)#exit console(config)#interface range gi1/0/1-12 console(config-if)#switchport access vlan 4 console(config-if)#exit Configuring the Spanning...
  • Page 758 RSTP-PV Aggregation Layer Switch Configuration Example In this configuration example, two aggregation-layer switches are configured. Ports 1–4 are configured...
  • Page 759 console(config)#spanning-tree vlan 1,3 root primary console(config)#spanning-tree vlan 2,4 root secondary 7 Configure two uplink ports per uplink switch: console(config)#interface...
  • Page 760760 Configuring the Spanning Tree Protocol
  • Page 761: Discovering Network Devices 23 Discovering Network Devices This chapter describes the Industry Standard Discovery Protocol (ISDP) feature and the Link Layer Discovery...
  • Page 762 LLDP is a one-way protocol; there are no request/response sequences. Information is advertised by stations implementing the transmit function,...
  • Page 763Default IDSP and LLDP Values ISDP and LLDP are globally enabled on the switch and enabled on all ports by...
  • Page 764 Table 23-3 summarizes the default values for LLDP-MED. Table 23-3. LLDP-MED Defaults Parameter Default Value LLDP-MED Mode Disabled on...
  • Page 765Configuring ISDP and LLDP (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring IDSP...
  • Page 766 ISDP Cache Table From the ISDP Neighbor Table page, you can view information about other devices the switch has...
  • Page 767ISDP Interface Configuration From the ISDP Interface Configuration page, you can configure the ISDP settings for each interface. If ISDP...
  • Page 768 ISDP Statistics From the ISDP Statistics page, you can view information about the ISDP packets sent and received by...
  • Page 769LLDP Configuration Use the LLDP Configuration page to specify LLDP parameters. Parameters that affect the entire system as well as...
  • Page 770 To view the LLDP Interface Settings Table, click Show All. From the LLDP Interface Settings Table page, you can...
  • Page 771LLDP Statistics Use the LLDP Statistics page to view LLPD-related statistics. To display the LLDP Statistics page, click Switching →...
  • Page 772 LLDP Connections Use the LLDP Connections page to view the list of ports with LLDP enabled. Basic connection details...
  • Page 773To view additional information about a device connected to a port that has been discovered through LLDP, click the port...
  • Page 774 LLDP-MED Global Configuration Use the LLDP-MED Global Configuration page to change or view the LLDP-MED parameters that affect the...
  • Page 775LLDP-MED Interface Configuration Use the LLDP-MED Interface Configuration page to specify LLDP-MED parameters that affect a specific interface. To display...
  • Page 776 LLDP-MED Local Device Information Use the LLDP-MED Local Device Information page to view the advertised LLDP local data for...
  • Page 777Configuring ISDP and LLDP (CLI) This section provides information about the commands you use to manage and view the device...
  • Page 778 Enabling ISDP on a Port Beginning in Privileged EXEC mode, use the following commands to enable ISDP on a...
  • Page 779Configuring Global LLDP Settings Beginning in Privileged EXEC mode, use the following commands to configure LLDP settings that affect the...
  • Page 780 Command Purpose lldp notification Enable remote data change notifications on the interface. lldp transmit-tlv [sys- Specify which optional type-length-value...
  • Page 781Configuring LLDP-MED Settings Beginning in Privileged EXEC mode, use the following commands to configure LLDP-MED settings that affect the entire...
  • Page 782 Viewing LLDP-MED Information Beginning in Privileged EXEC mode, use the following commands to view information about the LLDP-MED Protocol...
  • Page 783 console#show isdp Timer....................................45 Hold Time................................60 Version 2 Advertisements.................Enabled Neighbors table time since last change...00 days 00:00:00 Device ID................................none Device...
  • Page 784 console(config-if-Te1/0/3)#description “Test Lab Port” 6 Exit to Privileged EXEC mode. console(config-if-Te1/0/3)# <CTRL + Z> 7 View global LLDP settings...
  • Page 785Port Description: Test Lab Port System Capabilities Supported: bridge, router System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.168.2.1...
  • Page 786786 Discovering Network Devices
  • Page 787: Configuring Port-Based Traffic Control 24 Configuring Port-Based Traffic Control This chapter describes how to configure features that provide traffic control through filtering the...
  • Page 788 The Priority Flow Control (PFC) feature, which is available on the N4000 switches only, provides a way to distinguish...
  • Page 789configured limit is 10%, this is converted to ~25000 PPS, and this PPS limit is set in the hardware. You...
  • Page 790 Access Control Lists (ACLs) and LLPF can exist on the same interface. However, the ACL rules override the LLPF...
  • Page 791Configuring Port-Based Traffic Control (Web) This section provides information about the OpenManage Switch Administrator pages to use to control port-based...
  • Page 792 Storm Control Use the Storm Control page to enable and configure the storm control feature. To display the Storm...
  • Page 793Figure 24-3. Storm Control 5 Click Apply. Configuring Port-Based Traffic Control 793
  • Page 794 Protected Port Configuration Use the Protected Port Configuration page to prevent ports in the same protected ports group from...
  • Page 795Figure 24-5. Add Protected Ports Group 5 Click Apply. 6 Click Protected Port Configuration to return to the main page....
  • Page 796 Figure 24-7. View Protected Port Information 11 To remove a port from a protected port group, select the Remove...
  • Page 797Figure 24-8. LLPF Interface Configuration To view the protocol types that have been blocked for an interface, click Show All....
  • Page 798 Configuring Port-Based Traffic Control (CLI) This section provides information about the commands you use to configure port-based traffic control...
  • Page 799Command Purpose CTRL + Z Exit to Privileged EXEC mode. show interfaces detail Display detailed information about the specified interface,...
  • Page 800 Configuring LLPF Beginning in Privileged EXEC mode, use the following commands to configure LLPF settings. Command Purpose configure Enter...
  • Page 801Port-Based Traffic Control Configuration Example The commands in this example configure storm control, LLPF, and protected port settings for various...
  • Page 802 5 Verify the configuration. console#show storm-control te1/0/1 Bcast Bcast Mcast Mcast Ucast Ucast Intf Mode Level Mode Level Mode...
  • Page 803: Configuring L2 Multicast Features 25 Configuring L2 Multicast Features This chapter describes the layer 2 multicast features on the Dell Networking series switches....
  • Page 804 desirable as it reduces the network load by sending packets only to other hosts/switches/routers that have indicated an interest...
  • Page 805When a packet with a broadcast or multicast destination MAC address is received, the switch will flood a copy into...
  • Page 806 the switch sees a multicast router in the VLAN, it forwards the group to the multicast router and does...
  • Page 807IGMP Snooping Querier When PIM and IGMP are enabled in a network with IP multicast routing, the IP multicast router...
  • Page 808 • PIMv2 hello packets with destination IP address as FF02::D Dynamically learned multicast routers are timed out after an...
  • Page 809There are two types of MVR ports: source and receiver. • Source port is the port where multicast traffic is...
  • Page 810 NOTE: If a multicast source is connected to a VLAN on which both L3 multicast and IGMP snooping are...
  • Page 811GMRP is similar to IGMP snooping in its purpose, but IGMP snooping is more widely used. GMRP must be running...
  • Page 812 Snooping Switch Restrictions Partial IGMPv3 and MLDv2 Support The IGMPv3 and MLDv2 protocols allow multicast listeners to specify the...
  • Page 813Topologies Where the Multicast Source Is Not Directly Connected to the Querier If the multicast source is not directly connected...
  • Page 814 Default L2 Multicast Values Details about the L2 multicast are in Table 25-1. Table 25-1. L2 Multicast Defaults Parameter...
  • Page 815Table 25-1. L2 Multicast Defaults (Continued) Parameter Default Value GMRP Disabled globally and per-interface Configuring L2 Multicast Features 815
  • Page 816 Configuring L2 Multicast Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring...
  • Page 817Bridge Multicast Group Use the Bridge Multicast Group page to create new multicast service groups or to modify ports and...
  • Page 818 Table 25-2 contains definitions for port/LAG IGMP management settings. Table 25-2. Port/LAG IGMP Management Settings Port Control Definition D...
  • Page 819 4 In the Bridge Multicast Group tables, assign a setting by clicking in the Static row for a specific port/LAG....
  • Page 820 MRouter Status Use the MRouter Status page to display the status of dynamically learned multicast router interfaces. To access...
  • Page 821General IGMP Snooping Use the General IGMP snooping page to configure IGMP snooping settings on specific ports and LAGs. To...
  • Page 822 Figure 25-6. Edit IGMP Snooping Settings 3 Edit the IGMP snooping fields as needed. 4 Click Apply. The IGMP...
  • Page 823Figure 25-7. Copy IGMP Snooping Settings 5 Click Apply. The IGMP snooping settings are modified, and the device is updated....
  • Page 824 Global Querier Configuration Use the Global Querier Configuration page to configure IGMP snooping querier settings, such as the IP...
  • Page 825VLAN Querier Use the VLAN Querier page to specify the IGMP snooping querier settings for individual VLANs. To display the...
  • Page 826 3 Return to the VLAN Querier page and select the new VLAN from the VLAN ID menu. 4 Specify...
  • Page 827VLAN Querier Status Use the VLAN Querier Status page to view the IGMP snooping querier settings for individual VLANs. To...
  • Page 828 MFDB IGMP Snooping Table Use the MFDB IGMP Snooping Table page to view the multicast forwarding database (MFDB) IGMP...
  • Page 829MLD Snooping General Use the MLD Snooping General page to add MLD members. To access this page, click Switching →...
  • Page 830 Figure 25-15. MLD Snooping Table 2 Select the Edit checkbox for each VLAN to modify. 3 Edit the MLD...
  • Page 831Copying MLD Snooping Settings to VLANs To copy MLD snooping settings: 1 From the General MLD snooping page, click Show...
  • Page 832 MLD Snooping VLAN Querier Use the MLD Snooping VLAN Querier page to specify the MLD snooping querier settings for...
  • Page 833 2 Enter the VLAN ID and, if desired, an optional VLAN name. 3 Return to the VLAN Querier page...
  • Page 834 MLD Snooping VLAN Querier Status Use the VLAN Querier Status page to view the MLD snooping querier settings for...
  • Page 835MFDB MLD Snooping Table Use the MFDB MLD Snooping Table page to view the MFDB MLD snooping table settings for...
  • Page 836 MVR Global Configuration Use the MVR Global Configuration page to enable the MVR feature and configure global parameters. To...
  • Page 837MVR Members Use the MVR Members page to view and configure MVR group members. To display the MVR Members page,...
  • Page 838 MVR Interface Configuration Use the MVR Interface Configuration page to enable MVR on a port, configure its MVR settings,...
  • Page 839Figure 25-27. MVR - Add to Group 2 Select the interface to add to the MVR group. 3 Specify the...
  • Page 840 MVR Statistics Use the MVR Statistics page to view MVR statistics on the switch. To display the MVR Statistics...
  • Page 841GARP Timers The Timers page contains fields for setting the GARP timers used by GVRP and GMRP on the switch....
  • Page 842 Figure 25-31. Garp Timers Table 3 For each port or LAG to configure, select the check box in the...
  • Page 843Copying GARP Timer Settings From One Port to Others To copy GARP timer settings: 1 Select the Copy Parameters From...
  • Page 844 Figure 25-33. GMRP Port Configuration Table 3 For each port or LAG to configure, select the check box in...
  • Page 845Copying Settings From One Port or LAG to Others To copy GMRP settings: 1 Select the Copy Parameters From check...
  • Page 846 Configuring L2 Multicast Features (CLI) This section provides information about the commands you use to configure L2 multicast settings...
  • Page 847Command Purpose show mac address-table View entries in the multicast MAC address table. The multicast [vlan vlan-id] show mac address-table...
  • Page 848 Command Purpose ip igmp snooping vlan Specify the multicast router time-out value for to vlan-id mcrtexpiretime associate with a...
  • Page 849Command Purpose ip igmp snooping querier Allow the IGMP snooping querier to participate in the election participate vlan- querier election...
  • Page 850 Command Purpose ipv6 mld snooping vlan Enables MLD snooping immediate-leave mode on the vlan-id immediate-leave specified VLAN. Enabling immediate-leave...
  • Page 851Command Purpose ipv6 mld snooping Allow the MLD snooping querier to participate in the querier election querier election process when...
  • Page 852 Command Purpose mvr querytime time Set the MVR query response time. The value for time is in units of...
  • Page 853Configuring GARP Timers and GMRP Beginning in Privileged EXEC mode, use the following commands to configure the GARP timers and...
  • Page 854 Case Study on a Real-World Network Topology Multicast Snooping Case Study Figure 25-35 shows the topology that the scenarios...
  • Page 855 • Multicast Sources: Server A – 239.20.30.40, Server B – 239.20.30.42 • Subnets: VLAN 10 – 192.168.10.x, VLAN 20 –...
  • Page 856 3 A forwarding entry is created by D3 for VLAN20, 239.20.30.42 – 1/0/6, 1/0/20. 4 Client D will receive...
  • Page 857 2 A multicast forwarding entry is created on D2 VLAN20, 239.20.30.40 – 1/0/20, PortChannel1. 3 The Client F report message...
  • Page 858 Multicast Source and Listener connected to Multicast Router via intermediate snooping switches and are part of different routing VLANs:...
  • Page 859: Configuring Connectivity Fault Management 26 Configuring Connectivity Fault Management This chapter describes how to configure the Connectivity Fault Management feature, which is specified...
  • Page 860 IEEE Std. 802.3 LAN, Dot1ag addresses fault diagnosis at the service layer across networks comprising multiple LANs, including LANs...
  • Page 861Higher levels have a broader, but less detailed, view of the network. As a result, a provider could include multiple...
  • Page 862 Figure 26-2 depicts two MEPs and the MIPs that connect them in a maintenance domain. Figure 26-2. Maintenance Endpoints...
  • Page 863Figure 26-3. Provider View for Service Level OAM What is the Administrator’s Role? On the switch, the administrator configures the...
  • Page 864 Troubleshooting Tasks In the event of a connectivity loss between MEPs, the administrator can perform path discovery, similar to...
  • Page 865Configuring Dot1ag (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring Dot1ag features on...
  • Page 866 Figure 26-5. Dot1ag MD Configuration Dot1ag MA Configuration Use the MA Configuration page to associate a maintenance domain level...
  • Page 867To add an MA, click the Add link at the top of the page. Dot1ag MEP Configuration Use the MEP...
  • Page 868 To add a MEP, click the Add link at the top of the page. A VLAN must be associated...
  • Page 869Dot1ag RMEP Summary Use the RMEP Summary page to view information on remote MEPs that the switch has learned through...
  • Page 870 Dot1ag L2 Ping Use the L2 Ping page to generate a loopback message from a specified MEP. The MEP...
  • Page 871Figure 26-11. Dot1ag L2 Traceroute Dot1ag L2 Traceroute Cache Use the L2 Traceroute Cache page to view link traces retained...
  • Page 872 Dot1ag Statistics Use the Statistics page to view Dot1ag information for a selected domain and VLAN ID. To display...
  • Page 873Configuring Dot1ag (CLI) This section provides information about the commands you use to configure Dot1ag settings on the switch. For...
  • Page 874 Configuring MEP Information Beginning in Privileged Exec mode, use the following commands to configure the mode and view related...
  • Page 875Dot1ag Ping and Traceroute Beginning in Privileged Exec mode, use the following commands to help identify and troubleshoot Ethernet CFM...
  • Page 876 Dot1ag Configuration Example In the following example, the switch at the customer site is part of a Metro Ethernet...
  • Page 8772 Configure port 1/0/5 as an MEP for service VLAN 200 so that the port can exchange CFM PDUs with...
  • Page 878878 Configuring Connectivity Fault Management
  • Page 879: Snooping and Inspecting Traffic 27 Snooping and Inspecting Traffic This chapter describes Dynamic Host Configuration Protocol (DHCP) Snooping, IP Source Guard (IPSG), and...
  • Page 880 What Is DHCP Snooping? Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature that monitors DHCP messages between...
  • Page 881How Is the DHCP Snooping Bindings Database Populated? The DHCP snooping application uses DHCP messages to build and maintain the...
  • Page 882 DHCP Snooping and VLANs DHCP snooping forwards valid DHCP client messages received on non- routing VLANs. The message is...
  • Page 883What Is IP Source Guard? IPSG is a security feature that filters IP packets based on source ID. This feature...
  • Page 884 What is Dynamic ARP Inspection? Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP...
  • Page 885re-enable the port. DAI rate limiting cannot be enabled on trusted interfaces. Use the no ip arp inspection limit command...
  • Page 886 Table 27-1. Traffic Snooping Defaults (Continued) Parameter Default Value Static DHCP bindings None configured IPSG mode Disabled on all...
  • Page 887Configuring Traffic Snooping and Inspection (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring...
  • Page 888 DHCP Snooping Interface Configuration Use the DHCP Snooping Interface Configuration page to configure the DHCP Snooping settings on individual...
  • Page 889To view a summary of the DHCP snooping configuration for all interfaces, click Show All. Figure 27-4. DHCP Snooping Interface...
  • Page 890 DHCP Snooping VLAN Configuration Use the DHCP Snooping VLAN Configuration page to control the DHCP snooping mode on each...
  • Page 891DHCP Snooping Persistent Configuration Use the DHCP Snooping Persistent Configuration page to configure the persistent location of the DHCP snooping...
  • Page 892 DHCP Snooping Static Bindings Configuration Use the DHCP Snooping Static Bindings Configuration page to add static DHCP bindings to...
  • Page 893DHCP Snooping Dynamic Bindings Summary The DHCP Snooping Dynamic Bindings Summary lists all the DHCP snooping dynamic binding entries learned...
  • Page 894 DHCP Snooping Statistics The DHCP Snooping Statistics page displays DHCP snooping interface statistics. To access the DHCP Snooping Statistics...
  • Page 895IPSG Interface Configuration Use the IPSG Interface Configuration page to configure IPSG on an interface. To access the IPSG Interface...
  • Page 896 IPSG Binding Summary The IPSG Binding Summary page displays the IPSG Static binding list and IPSG dynamic binding list...
  • Page 897DAI Global Configuration Use the DAI Configuration page to configure global DAI settings. To display the DAI Configuration page, click...
  • Page 898 DAI Interface Configuration Use the DAI Interface Configuration page to select the DAI Interface for which information is to...
  • Page 899Figure 27-17. DAI Interface Configuration Summary Snooping and Inspecting Traffic 899
  • Page 900 DAI VLAN Configuration Use the DAI VLAN Configuration page to select the VLANs for which information is to be...
  • Page 901DAI ACL Configuration Use the DAI ACL Configuration page to add or remove ARP ACLs. To display the DAI ACL...
  • Page 902 Figure 27-22. Dynamic ARP Inspection Rule Configuration To view a summary of the ARP ACL rules that have been...
  • Page 903Figure 27-24. Dynamic ARP Inspection Statistics Snooping and Inspecting Traffic 903
  • Page 904 Configuring Traffic Snooping and Inspection (CLI) This section provides information about the commands you use to configure DHCP snooping,...
  • Page 905Command Purpose ip dhcp snooping Configure the interval, in seconds, at which the DHCP database write-delay Snooping database will be...
  • Page 906 Command Purpose clear ip dhcp snooping Reset the DHCP snooping statistics to zero. statistics Configuring IP Source Guard Beginning...
  • Page 907Command Purpose exit Exit to Privileged EXEC mode. show ip verify interface View IPSG parameters for a specific port or...
  • Page 908 Command Purpose arp access-list acl-name Create an ARP ACL with the specified name (1–31 characters) and enter ARP Access-list...
  • Page 909Command Purpose show ip arp inspection View the Dynamic ARP Inspection configuration on the vlan [vlan-range ] specified VLAN(s). This...
  • Page 910 Traffic Snooping and Inspection Configuration Examples This section contains the following examples: • Configuring DHCP Snooping • Configuring IPSG...
  • Page 911To configure the switch: 1 Enable DHCP snooping on VLAN 100. console#config console(config)#ip dhcp snooping vlan 100 2 Configure LAG...
  • Page 912 Configuring IPSG This example builds on the previous example and uses the same topology shown in Figure 27-25. In...
  • Page 913: Configuring Link Aggregation 28 Configuring Link Aggregation This chapter describes how to create and configure link aggregation groups (LAGs), which are also...
  • Page 914 Figure 28-1. LAG Configuration LAGs can be configured on stand-alone or stacked switches. In a stack of switches, the...
  • Page 915This provides a more resilient LAG. Best practices suggest using dynamic link aggregation instead of static link aggregation.When a port...
  • Page 916 How Do LAGs Interact with Other Features? From a system perspective, a LAG is treated just as a physical...
  • Page 917 • The port cannot be a mirrored port The following are the interface restrictions • The configured speed of a...
  • Page 918 Configuring Link Aggregation (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring LAGs...
  • Page 919To view or edit settings for multiple LAGs, click Show All. LACP Parameters Dynamic link aggregation is initiated and maintained...
  • Page 920 Figure 28-3. LACP Parameters Configuring LACP Parameters for Multiple Ports To configure LACP settings: 1 Open the LACP Parameters...
  • Page 921Figure 28-4. LACP Parameters Table 3 Select the Edit check box associated with each port to configure. 4 Specify the...
  • Page 922 Figure 28-5. LAG Membership Adding a Port to a Static LAG To add a static LAG member: 1 Open...
  • Page 923LAG Hash Configuration Use the LAG hash algorithm to set the traffic distribution mode on the LAG. You can set...
  • Page 924 Figure 28-7. LAG Hash Summary 924 Configuring Link Aggregation
  • Page 925Configuring Link Aggregation (CLI) This section provides information about the commands you use to configure link aggregation settings on the...
  • Page 926 Configuring Link Aggregation Groups Beginning in Privileged EXEC mode, use the following commands to add ports as LAG members...
  • Page 927Command Purpose hashing-mode mode Set the hashing algorithm on the LAG. The mode value is a number from 1 to...
  • Page 928 Command Purpose interface port-channel Enter interface configuration mode for the specified LAG. number You can also specify a range...
  • Page 929Link Aggregation Configuration Examples This section contains the following examples: • Configuring Dynamic LAGs • Configuring Static LAGs NOTE: The...
  • Page 930 3 View information about LAG 1. console#show interfaces po1 Channel Ports Ch-Type Hash Type Min-links Local Prf ------- -------------...
  • Page 9313 View information about LAG 2. console#show interfaces po2 Channel Ports Ch-Type Hash Type Min-links Local Prf ------- ------------- -------...
  • Page 932 Multi-Switch LAG (MLAG) Overview In a typical L2 network, the Spanning Tree Protocol (STP) is deployed to avoid packet...
  • Page 933Deployment Scenarios MLAG is intended to support higher bandwidth utilization in scenarios where a redundant L2 network is desired. In...
  • Page 934 Figure 28-9. MLAG in an L2 Network SW4 MLAG Peer Link Traffic flows on all available links. SW1 SW2...
  • Page 935Definitions Refer to Figure 28-10 for the definitions that follow. Figure 28-10. MLAG Components L3 Network Virtual Link Peer-Link P4...
  • Page 936 MLAG member ports: Ports on the peer MLAG switches that are part of the MLAG interface (P1 on SW1...
  • Page 9372 STP The default STP mode for Dell Networking switches is RSTP. VLANs cannot be configured to contain both MLAG...
  • Page 938 The administrator should also ensure that the following are identical before enabling MLAG: – FDB entry aging timers –...
  • Page 939Operation in the Network Below is a sample MLAG topology and discussion: Figure 28-11. Example MLAG Topology C C1 C2...
  • Page 940 Supported topologies and the way traffic is handled in these topologies is explained in the following sections. The MLAG...
  • Page 941The MLAG component internally configures filters so that traffic ingressing a peer-link is blocked from egress on the peer MLAG...
  • Page 942 DCPDP and Peer Link Failures DCPDP is intended to provide a secondary layer of protection against peer link failures....
  • Page 943 b Configure the timeout interval, if desired. vpc domain 1 role 10 exit Modifications to priority and timeout interval...
  • Page 944 When the peer-link is configured, the MLAG component disables learning on the port-channel configured as the peer-link. 4 Configure...
  • Page 945 to the primary switch for handling. FDB entries learned on MLAG interfaces are synced between the two devices. interface...
  • Page 946 2 On the MLAG standby switch, shut down the MLAG peer-link. 3 Copy the new firmware to the standby...
  • Page 947MLAG domain for the MLAG feature to automatically utilize the peer-link to forward packets around failures. MLAG VLANs may have...
  • Page 948 Alternative Recommended L3 Connectivity The loop-free topology shown in Figure 28-13 uses the MLAG switches as L2 switches in...
  • Page 949L3 VLAN Termination on MLAG Not Supported In the “two-armed” fully routed scenario shown in Figure 28-14, both the routed...
  • Page 950 In the scenario shown in Figure 28-15(similar to the previous scenario), the downstream router is not configured with port-channel...
  • Page 951the case where a link from the router to one of the MLAG peers fails. Static routes must be added...
  • Page 952 Virtual Router Redundancy Protocol If VRRP is enabled on a VLAN that has an MLAG port as its member,...
  • Page 953transmitted with the source MAC address as the physical MAC address and not the virtual MAC address. In the example...
  • Page 954 such as ECMP and redundant router pairs, will allow a L3 routed network to utilize bandwidth efficiently. L3 routing...
  • Page 955 • Shutting down a MLAG port-channel on the secondary MLAG peer has no effect. The operator can shut down the...
  • Page 956 • An N/A entry indicates that state synchronization is not required (usually for a link local protocol) and the...
  • Page 957Table 28-2. MLAG State Synchronization Per Feature (Continued) Components MLAG State Synchronization Support MFDB No IGMP/MLD Snooping No DOT1Qbb No...
  • Page 958 Table 28-2. MLAG State Synchronization Per Feature (Continued) Components MLAG State Synchronization Support VOIP No iSCSI No DOT1AD No...
  • Page 959Basic Configuration Example This example shows the configuration of the two MLAG peers and a single MLAG partner in the...
  • Page 960 exit snmp-server engineid local 800002a203001ec9dec52b snmp-server agent boot count 2 feature vpc vpc domain 1 peer-keepalive enable exit exit...
  • Page 961vpc 1 exit snmp-server engineid local 800002a203001ec9dec513 snmp-server agent boot count 3 feature vpc vpc domain 1 peer-keepalive enable exit...
  • Page 962 Status Reporting The status outputs of the various VPC commands are self-explanatory. Both the configured and operational status is...
  • Page 963LAG-SW(config)#show vpc role Self ---- Keep-alive admin status........................ Disabled Keep-alive operational status.................. Disabled Priority....................................... 100 System MAC address............................. 001E.C9DE.B777 Time-out..........................................
  • Page 964 MLAG-Peer-A(config)#show interfaces status po2 Port Description Channel ------- ------------------------------ Po2 Operational State.............................. Up Admin Mode..................................... Enabled Port Channel Flap...
  • Page 965VPC role....................................... Secondary System MAC address............................. 001E.C9dE.C513 MLAG-Peer-B#show vpc statistics peer-link Peer link control messages transmitted......... 95 Peer link control...
  • Page 966 A Complete Example The following example configures eight VLANs (10–17) across two VPCs. VPC 1 is connected to an...
  • Page 967interface Gi1/0/1 channel-group 3 mode active description "Old-Iron-Partner-Link" exit ! interface Gi1/0/8 switchport access vlan 100 exit ! interface Gi1/0/23...
  • Page 968 ! interface port-channel 3 description "Old-Iron-Partner-Link" switchport mode trunk switchport trunk allowed vlan 1-99,101-4093 vpc 2 exit snmp-server engineid...
  • Page 969description "Old-Iron-Partner-Link" exit ! interface Gi1/0/8 switchport access vlan 100 exit ! interface Gi1/0/23 channel-group 2 mode active description "MLAG-Partner-Link"...
  • Page 970 description "Old-Iron-Partner-Link" switchport mode trunk switchport trunk allowed vlan 1-99,101-4093 vpc 2 exit snmp-server engineid local 800002a203001ec9dec513 snmp-server agent...
  • Page 971channel-group 1 mode active exit ! interface Gi1/0/4 channel-group 1 mode active exit ! interface port-channel 1 switchport mode trunk...
  • Page 972 ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface...
  • Page 973interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 description "MLAG-Peer-Link" switchport trunk encapsulation dot1q...
  • Page 974 Status Reporting The following shows the status of various components of the switches in the above configuration. The switch...
  • Page 975LAG-SW#show spanning-tree Spanning tree Enabled BPDU flooding Disabled Portfast BPDU filtering Disabled mode mst CST Regional Root: 80:00:00:1E:C9:DE:B7:77 Regional Root...
  • Page 976 Gi1/0/23 Enabled 128.23 0 DIS Disb No Gi1/0/24 Enabled 128.24 0 DIS Disb No Gi1/0/25 Enabled 128.25 0 DIS...
  • Page 977Po17 Enabled 96.666 0 DIS Disb No Po18 Enabled 96.667 0 DIS Disb No Po19 Enabled 96.668 0 DIS Disb...
  • Page 978 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Name State Prio.Nbr Cost...
  • Page 979Self Role...................................... Primary Peer Role...................................... Secondary Peer detection................................. Peer detected, VPC Operational Peer-Link details ----------------- Interface...................................... Po1 Peer link status..................................
  • Page 980 MLAG-Peer-A#show vpc 1 VPC id# 1 ----------------- Config mode.................................... Enabled Operational mode............................... Enabled Port channel................................... Po2 Local MemberPorts Status...
  • Page 981MLAG-Peer-A#show vpc statistics peer-keepalive Total transmitted.............................. 20908 Tx successful.................................. 20908 Tx errors...................................... 0 Total received................................. 20835 Rx successful.................................. 20835 Rx...
  • Page 982982 Configuring Link Aggregation
  • Page 983: Configuring Data Center Bridging Features 29 Configuring Data Center Bridging Features This chapter describes how to manage the features developed for use in data...
  • Page 984 Table 29-1. Data Center Features (Continued) Feature Description DCBx Allows DCB devices to exchange configuration information, using type-length-value (TLV)...
  • Page 985Priority Flow Control Ordinarily, when flow control is enabled on a physical link, it applies to all traffic on the...
  • Page 986 Operator configuration of PFC is used only when the port is configured in a manual role. When interoperating with...
  • Page 987PFC Configuration Page Use the PFC Configuration page to enable priority flow control on one or more interfaces and to...
  • Page 988 Figure 29-2. PFC Statistics Configuring PFC Using the CLI Beginning in Privileged EXEC mode, use the following commands to...
  • Page 989Command Purpose interface interface Enter interface configuration mode for the specified interface. The interface variable includes the interface type and...
  • Page 990 PFC Configuration Example The network in this example handles both data and voice traffic. Because the voice traffic is...
  • Page 991 console(config-dcb)#exit 4 Enable VLAN tagging on the ports so the 802.1p priority is identified. Trunk mode can also be...
  • Page 992 DCB Capability Exchange The Data Center Bridging Exchange Protocol (DCBx) is used by DCB devices to exchange configuration information...
  • Page 993Interoperability with IEEE DCBx To be interoperable with legacy industry implementations of the DCBx protocol, The Dell Networking N4000 switches...
  • Page 994 explicitly by the operator. These ports advertise their configuration to their peer if DCBx is enabled on that port....
  • Page 995the willing parameter is disabled on auto-downstream. By default, auto- downstream ports have the recommendation TLV parameter enabled. Auto- downstream...
  • Page 996 • The port role is auto-upstream. • The port is enabled with link up and DCBx enabled. • The...
  • Page 997no lldp tlv-select dcbxp ets-recommend no lldp tlv-select dcbxp pfc These commands eliminate only the DCBX TLVs from use by...
  • Page 998 Command Purpose lldp tlv-select dcbxp Override the global configuration for the LLDP DCBx [pfc | application- TLVs on this...
  • Page 999Command Purpose show lldp tlv-select Display the interface TLV configuration for all interfaces interface {all |interface} or for the specified...
  • Page 1000 NOTE: Minimum bandwidth guarantees and scheduling mechanisms apply only when the switch is congested. When the switch is not...
  • Page 1001The minimum bandwidth setting can be used to override the strict priority and weighted settings. The highest numbered strict priority...
  • Page 1002 Commands This section provides information about the commands you use to manually configure and monitor ETS. For more information...
  • Page 1003ETS Configuration Example This example configures four classes of traffic: Best effort traffic CoS Queue 0 for untagged and VLAN-tagged...
  • Page 1004 console(config-if-Te1/0/2)#classofservice dot1p-mapping 0 0 console(config-if-Te1/0/2)#classofservice dot1p-mapping 1 0 console(config-if-Te1/0/2)#classofservice dot1p-mapping 2 0 console(config-if-Te1/0/2)#classofservice dot1p-mapping 3 1 console(config-if-Te1/0/2)#classofservice dot1p-mapping 4...
  • Page 1005 CAUTION: Sharing of bandwidth among CoS Queues is disabled if the sum of the minimum bandwidth settings equals 100%....
  • Page 1006 priority traffic (typically control plane or low bandwidth, low latency traffic) is assigned the highest numbered TCG. It is...
  • Page 1007It is recommended that the sum of minimum bandwidth percentages configured on the CoS queues mapped to any TCG be...
  • Page 1008 It is recommended that the maximum bandwidth be configured to be greater than the minimum bandwidth or the weight...
  • Page 1009ETS Theory of Operation First Level of Scheduling To understand the first level of scheduling, consider Table 29-1. Assume that...
  • Page 1010 Second Level of Scheduling To consolidate different traffic classes within different traffic types in a typical DCB environment, ETS...
  • Page 1011At time t2, a burst of LAN traffic is incoming at the rate of 4 Gbps, this burst is allowed...
  • Page 1012 Traffic is passed across stacking links using WDRR for all CoS queues. This will affect the observed behavior of...
  • Page 1013console(config-if-Te1/0/1)#classofservice traffic-class-group 2 2 console(config-if-Te1/0/1)#traffic-class-group weight 30 70 0 console(config-if-Te1/0/1)#traffic-class-group strict 2 N4000 Operation When DCBx is enabled on manually...
  • Page 1014 processing strict priority traffic is skewed to be the bandwidth of the individual TCG divided by the sum of...
  • Page 1015: Managing the MAC Address Table 30 Managing the MAC Address Table This chapter describes the L2 MAC address table the switch uses to forward...
  • Page 1016 What Information Is in the MAC Address Table? Each entry in the address table, whether it is static or...
  • Page 1017Managing the MAC Address Table (Web) This section provides information about the OpenManage Switch Administrator pages to use to manage...
  • Page 1018 Figure 30-2. Adding Static MAC Address 3 Select the interface to associate with the static address. 4 Specify the...
  • Page 1019Global Address Table The Global Address Table page contains fields for querying information in the dynamic address table, including the...
  • Page 1020 Managing the MAC Address Table (CLI) This section provides information about the commands you use to manage the MAC...
  • Page 1021: Configuring Routing Interfaces 31 Configuring Routing Interfaces This chapter describes the routing (layer 3) interfaces the Dell Networking series switches support, which...
  • Page 1022 For each VLAN routing interface you can assign a static IP address, or you can allow a network DHCP...
  • Page 1023What Are Tunnel Interfaces? Tunnels are a mechanism for transporting a packet across a network so that it can be...
  • Page 1024 Why Are Routing Interfaces Needed? The routing interfaces this chapter describes have very different applications and uses, as this...
  • Page 1025Loopback Interfaces When packets are sent to the loopback IP address, the network should be able to deliver the packets...
  • Page 1026 Default Routing Interface Values By default, no routing interfaces are configured. When you create a VLAN, no IP address...
  • Page 1027Configuring Routing Interfaces (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring VLAN routing...
  • Page 1028 DHCP Lease Parameters Use the DHCP Lease Parameters page to view information about the network information automatically assigned to...
  • Page 1029Figure 31-4. VLAN Routing Summary Tunnel Configuration Use the Tunnels Configuration page to create, configure, or delete a tunnel. To...
  • Page 1030 Tunnels Summary Use the Tunnels Summary page to display a summary of configured tunnels. To display the page, click...
  • Page 1031Loopbacks Configuration Use the Loopbacks Configuration page to create, configure, or remove loopback interfaces. You can also set up or...
  • Page 1032 Loopbacks Summary Use the Loopbacks Summary page to display a summary of configured loopback interfaces on the switch. To...
  • Page 1033Configuring Routing Interfaces (CLI) This section provides information about the commands you use to configure VLAN routing interfaces, loopbacks, and...
  • Page 1034 Command Purpose ip local-proxy-arp Enable local proxy ARP on the interface to allow the switch to respond to ARP...
  • Page 1035Configuring Loopback Interfaces Beginning in Privileged EXEC mode, use the following commands to configure a loopback interface. Command Purpose configure...
  • Page 1036 Configuring Tunnels Beginning in Privileged EXEC mode, use the following commands to configure a loopback interface. NOTE: For information...
  • Page 1037: Configuring DHCP Server and Relay Settings 32 Configuring DHCP Server and Relay Settings This chapter describes how to configure the switch to dynamically assign network...
  • Page 1038 How Does DHCP Work? When a host connects to the network, the host’s DHCP client broadcasts a message requesting...
  • Page 1039discover requests typically include options for the IP address (option 50), subnet mask (option 1), default gateway (option 3), and...
  • Page 1040 The administrator is using a Microsoft DHCP server. Microsoft DHCP servers do not have native support for DHCP Option...
  • Page 1041 option subnet-mask 255.255.254.0; option domain-name-servers 10.1.218.3, 10.1.219.3; range dynamic-bootp 10.1.222.3 10.1.222.254; range dynamic-bootp 10.1.223.3 10.1.223.254; default-lease-time 21600; max-lease-time 43200;...
  • Page 1042 The DHCP Layer 2 Relay feature permits Layer 3 Relay agent functionality in Layer 2 switched networks. The switch...
  • Page 1043Configuring the DHCP Server (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring the...
  • Page 1044 Adding Excluded Addresses To exclude an address: 1 Open the Network Properties page. 2 Click Add Excluded Addresses to...
  • Page 1045Deleting Excluded Addresses To remove an excluded address: 1 Open the Network Properties page. 2 Click Delete Excluded Addresses to...
  • Page 1046 Figure 32-5. Address Pool Adding a Network Pool To create and configure a network pool: 1 Open the Address...
  • Page 1047Figure 32-6. Add Network Pool The Engineering pool also configures clients to use 192.168.5.1 as the default gateway IP address...
  • Page 1048 In Figure 32-7, the Static pool name is Lab, and the name of the client in the pool is...
  • Page 1049Address Pool Options Use the Address Pool Options page to view manually configured options. You can define options when you...
  • Page 1050 Figure 32-9. Add DHCP Option 5 Click Apply. 6 To verify that the option has been added to the...
  • Page 1051Figure 32-10. View Address Pool Options DHCP Bindings Use the DHCP Bindings page to view information about the clients that...
  • Page 1052 DHCP Server Reset Configuration Use the Reset Configuration page to clear the client bindings for one or more clients....
  • Page 1053DHCP Server Statistics Use the Server Statistics page to view general DHCP server statistics, messages received from DHCP clients, and...
  • Page 1054 Configuring the DHCP Server (CLI) This section provides information about the commands you use to configure and monitor the...
  • Page 1055Configuring a Dynamic Address Pool Beginning in Privileged EXEC mode, use the following commands to create an address pool with...
  • Page 1056 Configuring a Static Address Pool Beginning in Privileged EXEC mode, use the following commands to create a static address...
  • Page 1057Command Purpose default-router address1 Specify the list of default gateway IP addresses to be [address2....address8] assigned to the DHCP client....
  • Page 1058 DHCP Server Configuration Examples This section contains the following examples: • Configuring a Dynamic Address Pool • Configuring a...
  • Page 10596 In Global Configuration mode, add the addresses to exclude from the pool. Clients will not be assigned these IP...
  • Page 1060 Configuring a Static Address Pool The commands in this example create an address pool that assigns the address 192.168.2.10...
  • Page 1061 console(config-dhcp-pool)#exit 8 View information about the static address pool. console#show ip dhcp pool configuration "Tyler PC" Pool: Tyler PC...
  • Page 10621062 Configuring DHCP Server and Relay Settings
  • Page 1063: Configuring IP Routing 33 Configuring IP Routing This chapter describes how to configure routing on the switch, including global routing settings, Address...
  • Page 1064 Table 33-1. IP Routing Features (Continued) Feature Description ICMP Router Discovery Hosts can use IRDP to identify operational routers...
  • Page 1065Default IP Routing Values Table 33-2 shows the default values for the IP routing features this chapter describes. Table 33-2....
  • Page 1066 Table 33-2. IP Routing Defaults (Continued) Parameter Default Value Route Preference Values Preference values are as follows: • Local—0...
  • Page 1067Configuring IP Routing Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring IPv4...
  • Page 1068 IP Statistics The IP statistics reported on the Statistics page are as specified in RFC 1213. To display the...
  • Page 1069ARP Create Use the Create page to add a static ARP entry to the Address Resolution Protocol table. To display...
  • Page 1070 ARP Table Configuration Use the Table Configuration page to change the configuration parameters for the Address Resolution Protocol Table....
  • Page 1071Router Discovery Configuration Use the Configuration page to enter or change router discovery parameters. To display the page, click Routing...
  • Page 1072 Router Discovery Status Use the Status page to display router discovery data for each interface. To display the page,...
  • Page 1073Route Table Use the Route Table page to display the contents of the routing table. To display the page, click...
  • Page 1074 Best Routes Table Use the Best Routes Table page to display the best routes from the routing table. To...
  • Page 1075Route Entry Configuration Use the Route Entry Configuration page to add new and configure router routes. To display the page,...
  • Page 1076 Figure 33-10. Router Route Entry and Preference Configuration 2 Next to Route Type, use the drop-down box to add...
  • Page 1077Configured Routes Use the Configured Routes page to display the routes that have been manually configured. NOTE: For a static...
  • Page 1078 Route Preferences Configuration Use the Route Preferences Configuration page to configure the default preference for each protocol (for example...
  • Page 1079Configuring IP Routing Features (CLI) This section provides information about the commands you use to configure IPv4 routing on the...
  • Page 1080 Adding Static ARP Entries and Configuring ARP Table Settings Beginning in Privileged EXEC mode, use the following commands to...
  • Page 1081Configuring Router Discovery (IRDP) Beginning in Privileged EXEC mode, use the following commands to configure IRDP settings. Command Purpose configure...
  • Page 1082 Configuring Route Table Entries and Route Preferences Beginning in Privileged EXEC mode, use the following commands to configure IRDP...
  • Page 1083Command Purpose show ip route [ip-address View the routing table. [mask | prefix-length] • ip-address — Specifies the network for...
  • Page 1084 IP Routing Configuration Example In this example, the Dell Networking switches are L3 switches with VLAN routing interfaces. VLAN...
  • Page 1085Configuring Dell Networking Switch A To configure Switch A. 1 Enable routing on the switch. console#configure console(config)#ip routing 2 Assign...
  • Page 1086 Configuring Dell Networking Switch B To configure Switch B: 1 Enable routing on the switch. console#configure console(config)#ip routing 2...
  • Page 1087: Configuring L2 and L3 Relay Features 34 Configuring L2 and L3 Relay Features This chapter describes how to configure the L2 DHCP Relay, L3 DHCP...
  • Page 1088 fields in the DHCP request. If the number of hops is greater than the configured number, the agent discards...
  • Page 1089Enabling L2 Relay on VLANs You can enable L2 DHCP relay on a particular VLAN. The VLAN is identified by...
  • Page 1090 Table 34-1. Default Ports - UDP Port Numbers Implied By Wildcard Protocol UDP Port Number IEN-116 Name Service 42...
  • Page 1091configuration for the destination UDP port. If so, the relay agent unicasts the packet to the configured server IP addresses....
  • Page 1092 Table 34-2 shows the most common protocols and their UDP port numbers and names that are relayed. Table 34-2....
  • Page 1093Default L2/L3 Relay Values By default L2 DHCP relay is disabled. L3 relay (UDP) is enabled, but no UDP destination...
  • Page 1094 Configuring L2 and L3 Relay Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring...
  • Page 1095DHCP Relay Interface Configuration Use this page to enable L2 DHCP relay on individual ports. NOTE: L2 DHCP relay must...
  • Page 1096 Figure 34-3. DHCP Relay Interface Summary 1096 Configuring L2 and L3 Relay Features
  • Page 1097DHCP Relay Interface Statistics Use this page to display statistics on DHCP Relay requests received on a selected port. To...
  • Page 1098 DHCP Relay VLAN Configuration Use this page to enable and configure DHCP Relay on specific VLANs. To access this...
  • Page 1099To display the page, click Routing → BOOTP/DHCP Relay Agent → Configuration in the navigation panel. Figure 34-7. DHCP Relay...
  • Page 1100 IP Helper Global Configuration Use the Global Configuration page to add, show, or delete UDP Relay and Helper IP...
  • Page 1101Figure 34-9. Add Helper IP Address 3. Select a UDP Destination port name from the menu or enter the UDP...
  • Page 1102 IP Helper Interface Configuration Use the Interface Configuration page to add, show, or delete UDP Relay and Helper IP...
  • Page 1103Figure 34-11. Add Helper IP Address 3. Select the interface to use for the relay. 4. Select a UDP Destination...
  • Page 1104 IP Helper Statistics Use the Statistics page to view UDP Relay Statistics for the switch. To display the page,...
  • Page 1105Configuring L2 and L3 Relay Features (CLI) This section provides information about the commands you use to configure L2 and...
  • Page 1106 Command Purpose dhcp l2relay remote-id Enable setting the DHCP Option 82 Remote ID for a remoteId vlan vlan-range VLAN....
  • Page 1107Configuring L3 Relay (IP Helper) Settings Beginning in Privileged EXEC mode, use the following commands to configure switch and interface...
  • Page 1108 Command Purpose ip helper-address Configure the relay of certain UDP broadcast packets {server-address | received on the VLAN routing...
  • Page 1109Relay Agent Configuration Example The example in this section shows how to configure the L3 relay agent (IP helper) to...
  • Page 1110 2 Relay DNS packets received on VLAN 10 to 192.168.40.43 console(config-if-vlan10)#ip helper-address 192.168.40.35 domain console(config-if-vlan10)#exit 3 Relay SNMP traps...
  • Page 1111: Configuring OSPF and OSPFv3 35 Configuring OSPF and OSPFv3 This chapter describes how to configure Open Shortest Path First (OSPF) and OSPFv3. OSPF...
  • Page 1112 OSPF Overview OSPF is an Interior Gateway Protocol (IGP) that performs dynamic routing within a network. Dell Networking series...
  • Page 1113What Are OSPF Routers and LSAs? When a Dell Networking switch is configured to use OSPF for dynamic routing, it...
  • Page 1114 OSPF Feature Details This section provides details on the following OSPF features: • Max Metric • Static Area Range...
  • Page 1115mode. OSPF does not begin in stub router mode when OSPF is globally enabled. If the operator wants to avoid...
  • Page 1116 Static Area Range Cost This feature allows a network operator to configure a fixed OSPF cost that is always...
  • Page 1117LSA Pacing OSPF refreshes each self-originated LSA every 30 minutes. Because a router tends to originate many LSAs at the...
  • Page 1118 Flood Blocking OSPF is a link state routing protocol. Routers describe their local environment in Link State Advertisements (LSAs),...
  • Page 1119Flood blocking cannot be enabled on virtual interfaces. While the feature could be allowed on virtual interfaces, it is less...
  • Page 1120 Default OSPF Values OSPF is globally enabled by default. To make it operational on the router, you must configure...
  • Page 1121Table 35-2 shows the per-interface default values for OSPF and OSPFv3. Table 35-2. OSPF Per-Interface Defaults Parameter Default Value Admin...
  • Page 1122 Configuring OSPF Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring OSPF...
  • Page 1123OSPF Area Configuration The Area Configuration page lets you create a Stub area configuration and NSSA once you’ve enabled OSPF...
  • Page 1124 Configuring an OSPF Stub Area To configure the area as an OSPF stub area, click Create Stub Area. The...
  • Page 1125Configuring an OSPF Not-So-Stubby Area To configure the area as an OSPF not-so-stubby area (NSSA), click NSSA Create. The pages...
  • Page 1126 OSPF Stub Area Summary The Stub Area Summary page displays OSPF stub area detail. To display the page, click...
  • Page 1127OSPF Area Range Configuration Use the Area Range Configuration page to configure and display an area range for a specified...
  • Page 1128 OSPF Interface Statistics Use the Interface Statistics page to display statistics for the selected interface. The information is displayed...
  • Page 1129OSPF Interface Configuration Use the Interface Configuration page to configure an OSPF interface. To display the page, click Routing →...
  • Page 1130 OSPF Neighbor Table Use the Neighbor Table page to display the OSPF neighbor table list. When a particular neighbor...
  • Page 1131OSPF Neighbor Configuration Use the Neighbor Configuration page to display the OSPF neighbor configuration for a selected neighbor ID. When...
  • Page 1132 OSPF Link State Database Use the Link State Database page to display OSPF link state, external LSDB table, and...
  • Page 1133Figure 35-12. OSPF Virtual Link Creation After you create a virtual link, additional fields display, as the Figure 35-13 shows....
  • Page 1134 OSPF Virtual Link Summary Use the Virtual Link Summary page to display all of the configured virtual links. To...
  • Page 1135OSPF Route Redistribution Configuration Use the Route Redistribution Configuration page to configure redistribution in OSPF for routes learned through various...
  • Page 1136 OSPF Route Redistribution Summary Use the Route Redistribution Summary page to display OSPF Route Redistribution configurations. To display the...
  • Page 1137NSF OSPF Configuration Use the NSF OSPF Configuration page to configure the non-stop forwarding (NSF) support mode and to view...
  • Page 1138 Configuring OSPFv3 Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring OSPFv3...
  • Page 1139OSPFv3 Area Configuration Use the Area Configuration page to create and configure an OSPFv3 area. To display the page, click...
  • Page 1140 Configuring an OSPFv3 Stub Area To configure the area as an OSPFv3 stub area, click Create Stub Area. The...
  • Page 1141Configuring an OSPFv3 Not-So-Stubby Area To configure the area as an OSPFv3 not-so-stubby area (NSSA), click Create NSSA. The pages...
  • Page 1142 OSPFv3 Stub Area Summary Use the Stub Area Summary page to display OSPFv3 stub area detail. To display the...
  • Page 1143OSPFv3 Area Range Configuration Use the Area Range Configuration page to configure OSPFv3 area ranges. To display the page, click...
  • Page 1144 OSPFv3 Interface Configuration Use the Interface Configuration page to create and configure OSPFv3 interfaces. To display the page, click...
  • Page 1145OSPFv3 Interface Statistics Use the Interface Statistics page to display OSPFv3 interface statistics. Information is only displayed if OSPF is...
  • Page 1146 OSPFv3 Neighbors Use the Neighbors page to display the OSPF neighbor configuration for a selected neighbor ID. When a...
  • Page 1147OSPFv3 Neighbor Table Use the Neighbor Table page to display the OSPF neighbor table list. When a particular neighbor ID...
  • Page 1148 OSPFv3 Link State Database Use the Link State Database page to display the link state and external LSA databases....
  • Page 1149OSPFv3 Virtual Link Configuration Use the Virtual Link Configuration page to define a new or configure an existing virtual link....
  • Page 1150 After you create a virtual link, additional fields display, as the Figure 35-30 shows. Figure 35-30. OSPFv3 Virtual Link...
  • Page 1151OSPFv3 Virtual Link Summary Use the Virtual Link Summary page to display virtual link data by Area ID and Neighbor...
  • Page 1152 OSPFv3 Route Redistribution Configuration Use the Route Redistribution Configuration page to configure route redistribution. To display the page, click...
  • Page 1153OSPFv3 Route Redistribution Summary Use the Route Redistribution Summary page to display route redistribution settings by source. To display the...
  • Page 1154 NSF OSPFv3 Configuration Use the NSF OSPFv3 Configuration page to configure the non-stop forwarding (NSF) support mode and to...
  • Page 1155Configuring OSPF Features (CLI) This section provides information about the commands you use to configure and view OSPF settings on...
  • Page 1156 Command Purpose default-information Control the advertisement of default routes. originate [always] • always — Normally, OSPF originates a default...
  • Page 1157Command Purpose passive-interface default Configure OSPF interfaces as passive by default. This command overrides any interface-level passive mode settings.OSPF does...
  • Page 1158 Configuring OSPF Interface Settings Beginning in Privileged EXEC mode, use the following commands to configure per-interface OSPF settings. Command...
  • Page 1159Command Purpose ip ospf dead-interval Set the OSPF dead interval for the interface. seconds The seconds variable indicates the number...
  • Page 1160 Command Purpose exit Exit to Global Configuration Mode router ospf Enter OSPF configuration mode. passive-interface vlan Make an interface...
  • Page 1161Command Purpose area area-id default-cost Configure the metric value (default cost) for the type 3 integer summary LSA sent into...
  • Page 1162 Configuring Virtual Links Beginning in Privileged EXEC mode, use the following commands to configure OSPF Virtual Links. Command Purpose...
  • Page 1163Command Purpose area area-id virtual-link Set the OSPF hello interval for the virtual link. neighbor-id hello-interval The seconds variable indicates...
  • Page 1164 Configuring OSPF Area Range Settings Beginning in Privileged EXEC mode, use the following commands to configure an OSPF area...
  • Page 1165Command Purpose distribute-list Specify the access list to filter routes received from the accesslistname out {rip | source protocol. The...
  • Page 1166 Configuring NSF Settings for OSPF Beginning in Privileged EXEC mode, use the following commands to configure the non-stop forwarding...
  • Page 1167Configuring OSPFv3 Features (CLI) This section provides information about the commands you use to configure OSPFv3 settings on the switch....
  • Page 1168 Command Purpose distance ospf {external | Set the preference values of OSPFv3 route types in the inter-area | intra-area...
  • Page 1169Configuring OSPFv3 Interface Settings Beginning in Privileged EXEC mode, use the following commands to configure per-interface OSPFv3 settings. Command Purpose...
  • Page 1170 Command Purpose ipv6 ospf dead-interval Set the OSPFv3 dead interval for the interface. seconds The seconds variable indicates the...
  • Page 1171Command Purpose show ipv6 ospf interface View summary information for all OSPFv3 interfaces [interface-type interface- configured on the switch or...
  • Page 1172 Command Purpose area area-id nssa [no- Create and configure an NSSA for the specified area ID. redistribution] [default- •...
  • Page 1173Configuring Virtual Links Beginning in Privileged EXEC mode, use the following commands to configure OSPFv3 Virtual Links. Command Purpose configure...
  • Page 1174 Configuring an OSPFv3 Area Range Beginning in Privileged EXEC mode, use the following commands to configure an OSPFv3 area...
  • Page 1175Configuring OSPFv3 Route Redistribution Settings Beginning in Privileged EXEC mode, use the following commands to configure OSPFv3 route redistribution settings....
  • Page 1176 Configuring NSF Settings for OSPFv3 Beginning in Privileged EXEC mode, use the following commands to configure the non-stop forwarding...
  • Page 1177OSPF Configuration Examples This section contains the following examples: • Configuring an OSPF Border Router and Setting Interface Costs •...
  • Page 1178 To Configure Border Router A: 1 Enable routing on the switch. console#configure console(config)#ip routing 2 Create VLANS 70, 80,...
  • Page 11795 Configure the OSPF area ID, priority, and cost for each interface. NOTE: OSPF is globally enabled by default. To...
  • Page 1180 Configuring Stub and NSSA Areas for OSPF and OSPFv3 In this example, Area 0 connects directly to two other...
  • Page 1181Switch A is a backbone router. It links to an ASBR (not defined here) that routes traffic outside the AS....
  • Page 1182 console(config-if-vlan12)#exit 7 Define the OSPF and OSPFv3 router IDs for the switch: console(config)#ipv6 router ospf console(config-rtr)#router-id 3.3.3.3 console(config-rtr)#exit console(config)#router...
  • Page 1183 console(config)#interface vlan 5 console(config-if-vlan5)#ip address 10.2.3.2 255.255.255.0 console(config-if-vlan5)#ipv6 address 3000:2:3::/64 eui64 console(config-if-vlan5)#ipv6 ospf console(config-if-vlan5)#ipv6 ospf areaid 0 console(config-if-vlan5)#exit console(config)#interface...
  • Page 1184 console(config-router)#network 10.2.4.0 0.0.0.255 area 0.0.0.2 6 For IPv4: Configure a metric cost to associate with static routes when they...
  • Page 1185Figure 35-37. OSPF Configuration—Virtual Link Switch B is an ABR that directly connects Area 0 to Area 1. Note that...
  • Page 1186 Switch C is a ABR that enables a virtual link from the remote Area 2 in the AS to...
  • Page 1187Interconnecting an IPv4 Backbone and Local IPv6 Network In Figure 35-38, two Dell Networking L3 switches are connected as shown...
  • Page 1188 4 Set the OSPFv3 router ID. console(config)#ipv6 router ospf console(config-rtr)#router-id 1.1.1.1 console(config-rtr)#exit 5 Configure the IPv4 address and OSPF...
  • Page 1189To configure Switch B: 1 Create the VLANs. console(config)#vlan 2,15 console(config-vlan70,80,90)#interface te1/0/1 console(config-if-Te1/0/1)#switchport mode trunk console(config-if-Te1/0/1)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan...
  • Page 1190 8 Configure the loopback interface. The switch uses the loopback IP address as the OSPF and OSPFv3 router ID....
  • Page 1191 network 172.20.0.0 0.0.255.255 area 0 network 172.21.0.0 0.0.255.255 area 1 area 1 range 172.21.0.0 255.255.0.0 summarylink timers spf 3...
  • Page 1192 ip routing router ospf router-id 1.1.1.1 network 172.21.0.0 0.0.255.255 area 1 timers spf 3 5 exit interface vlan 101...
  • Page 1193 ip address 172.21.2.2 255.255.255.0 routing ip ospf hello-interval 1 ip ospf dead-interval 4 ip ospf network point-to-point exit interface...
  • Page 1194 switchport mode trunk exit interface loopback 0 ip address 172.21.254.2 255.255.255.255 exit exit Discussion With no area range cost...
  • Page 1195LS Age: 49 LS options: (E-Bit) LS Type: Network Summary LSA LS Id: 172.21.0.0 (network prefix) Advertising Router: 10.10.10.10 LS...
  • Page 1196 exec-timeout 0 exit vlan 101-103 exit ip routing router ospf router-id 10.10.10.10 network 172.20.0.0 0.0.255.255 area 0 network 172.21.0.0...
  • Page 1197 config hostname R1 line console exec-timeout 0 exit vlan 101,104 exit ip routing router ospf router-id 1.1.1.1 network 172.21.0.0...
  • Page 1198 router ospf router-id 2.2.2.2 network 172.21.0.0 0.0.255.255 area 0 timers spf 3 5 exit vlan 102,104 exit interface vlan...
  • Page 1199 exit interface vlan 103 ip address 172.21.1.1 255.255.255.0 routing ip ospf hello-interval 1 ip ospf dead-interval 4 ip ospf...
  • Page 12001200 Configuring OSPF and OSPFv3
  • Page 1201: Configuring RIP 36 Configuring RIP This chapter describes how to configure Routing Information Protocol (RIP) on the switch. RIP is a...
  • Page 1202 What Is Split Horizon? RIP uses a technique called split horizon to avoid problems caused by including routes in...
  • Page 1203Default RIP Values RIP is globally enabled by default. To make it operational on the router, you configure and enable...
  • Page 1204 Configuring RIP Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring RIP...
  • Page 1205RIP Interface Configuration Use the Interface Configuration page to enable and configure or to disable RIP on a specific interface....
  • Page 1206 RIP Interface Summary Use the Interface Summary page to display RIP configuration status on an interface. To display the...
  • Page 1207RIP Route Redistribution Configuration Use the Route Redistribution Configuration page to configure the RIP Route Redistribution parameters. The allowable values...
  • Page 1208 RIP Route Redistribution Summary Use the Route Redistribution Summary page to display Route Redistribution configurations. To display the page,...
  • Page 1209Configuring RIP Features (CLI) This section provides information about the commands you use to configure RIP settings on the switch....
  • Page 1210 Configuring RIP Interface Settings Beginning in Privileged EXEC mode, use the following commands to configure per-interface RIP settings. Command...
  • Page 1211Configuring Route Redistribution Settings Beginning in Privileged EXEC mode, use the following commands to configure an OSPF area range and...
  • Page 1212 Command Purpose redistribute ospf [metric Configure RIP to allow redistribution of routes from the metric] [match [internal] OSPF. [external...
  • Page 1213RIP Configuration Example This example includes four Dell Networking switches that use RIP to determine network topology and route information....
  • Page 1214 console(config-if-vlan10)#ip address 192.168.10.1 255.255.255.0 console(config-if-vlan10)#ip rip console(config-if-vlan10)#ip rip receive version both console(config-if-vlan10)#ip rip send version rip2 console(config-if-vlan10)#exit console(config)#interface vlan...
  • Page 1215Vl10 192.168.10.1 RIP-2 Both Enable Down Vl20 192.168.10.1 RIP-2 Both Enable Down Vl30 192.168.10.1 RIP-2 Both Disable Down Configuring RIP...
  • Page 12161216 Configuring RIP
  • Page 1217: Configuring VRRP 37 Configuring VRRP NOTE: This feature is not available on N2000 switches. This chapter describes how to configure Virtual...
  • Page 1218 be configured. A given port may appear as more than one virtual router to the network, also, more than...
  • Page 1219What Is VRRP Accept Mode? The accept mode allows the switch to respond to pings (ICMP Echo Requests) sent to...
  • Page 1220 With standard VRRP, the backup router takes over only if the router goes down. With VRRP interface tracking, if...
  • Page 1221Default VRRP Values Table 37-1 shows the global default values for VRRP. Table 37-1. VRRP Defaults Parameter Default Value Admin...
  • Page 1222 Configuring VRRP Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring VRRP...
  • Page 1223VRRP Virtual Router Status Use the Router Status page to display virtual router status. To display the page, click Routing...
  • Page 1224 VRRP Virtual Router Statistics Use the Router Statistics page to display statistics for a specified virtual router. To display...
  • Page 1225VRRP Router Configuration Use the Configuration page to configure a virtual router. To display the page, click Routing → VRRP...
  • Page 1226 VRRP Route Tracking Configuration Use the Route Tracking Configuration page to view routes that are tracked by VRRP and...
  • Page 1227Figure 37-6. Add Route Tracking 2 Select the virtual router ID and VLAN routing interface that will track the route....
  • Page 1228 VRRP Interface Tracking Configuration Use the Interface Tracking Configuration page to view interfaces that are tracked by VRRP and...
  • Page 1229Figure 37-8. VRRP Interface Tracking Configuration 2 Select the virtual router ID and VLAN routing interface that will track the...
  • Page 1230 Configuring VRRP Features (CLI) This section provides information about the commands you use to configure VRRP settings on the...
  • Page 1231Command Purpose vrrp vr-id timers {learn | Configure the VRRP timer settings. advertise seconds} Use the keyword learn to enable...
  • Page 1232 VRRP Configuration Example This section contains the following VRRP examples: • VRRP with Load Sharing • VRRP with Route...
  • Page 1233This example configures two VRRP groups on each router. Router A is the VRRP master for the VRRP group with...
  • Page 1234 9 Configure an optional description to help identify the VRRP group. console(config-if-vlan10)#vrrp 20 description backup 10 Enable the VRRP...
  • Page 1235 8 Specify the IP address that the virtual router function will use. The router is the virtual IP address owner...
  • Page 1236 VRRP with Route and Interface Tracking In Figure 37-10, the VRRP priorities are configured so that Router A is...
  • Page 1237To configure Router A: 1 Enable routing for the switch. console#config console(config)#ip routing 2 Create and configure the VLAN routing...
  • Page 1238 console(config-if-vlan10)#vrrp 10 track ip route 192.168.200.0/24 console(config-if-vlan10)#exit Router B is the backup router for VRID 10. The configured priority...
  • Page 12398 Enable the VRRP groups on the interface. console(config-if-vlan10)#vrrp 10 mode console(config-if-vlan10)#exit console(config)#exit Configuring VRRP 1239
  • Page 12401240 Configuring VRRP
  • Page 1241: Configuring IPv6 Routing 38 Configuring IPv6 Routing This chapter describes how to configure general IPv6 routing information on the switch, including global...
  • Page 1242 How Does IPv6 Compare with IPv4? There are many conceptual similarities between IPv4 and IPv6 network operation. Addresses still...
  • Page 1243While optional in IPv4, router advertisement is mandatory in IPv6. Router advertisements specify the network prefix(es) on a link which...
  • Page 1244 Table 38-1. IPv6 Routing Defaults (Continued) Parameter Default Value IPv6 Router Route Preferences Local—0 Static—1 OSPFv3 Intra—110 OSPFv3 Inter—110...
  • Page 1245Configuring IPv6 Routing Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring IPv6...
  • Page 1246 Interface Configuration Use the Interface Configuration page to configure IPv6 interface parameters. This page has been updated to include...
  • Page 1247Interface Summary Use the Interface Summary page to display settings for all IPv6 interfaces. To display the page, click Routing...
  • Page 1248 IPv6 Statistics Use the IPv6 Statistics page to display IPv6 traffic statistics for one or all interfaces. To display...
  • Page 1249IPv6 Neighbor Table Use the IPv6 Neighbor Table page to display IPv6 neighbor details for a specified interface. To display...
  • Page 1250 DHCPv6 Client Parameters Use the DHCPv6 Client Parameters page to view information about the network information automatically assigned to...
  • Page 1251DHCPv6 Client Statistics Use the DHCPv6 Client Statistics page to view information about DHCPv6 packets received and transmitted on a...
  • Page 1252 IPv6 Router Entry Configuration Use the IPv6 Route Entry Configuration page to configure information for IPv6 routes. To display...
  • Page 1253IPv6 Route Table Use the IPv6 Route Table page to display all active IPv6 routes and their settings. To display...
  • Page 1254 IPv6 Route Preferences Use the IPv6 Route Preferences page to configure the default preference for each protocol. These values...
  • Page 1255Configured IPv6 Routes Use the Configured IPv6 Routes page to display selected IPv6 routes. NOTE: For a static reject route,...
  • Page 1256 Configuring IPv6 Routing Features (CLI) This section provides information about the commands you use to configure IPv6 routing on...
  • Page 1257Configuring IPv6 Interface Settings Beginning in Privileged EXEC mode, use the following commands to configure IPv6 settings for VLAN, tunnel,...
  • Page 1258 Configuring IPv6 Neighbor Discovery Use the following commands to configure IPv6 Neighbor Discovery settings. Command Purpose ipv6 nd prefix...
  • Page 1259Command Purpose ipv6 nd ns-interval Set the interval between router advertisements for advertised milliseconds neighbor solicitations. The range is 1000...
  • Page 1260 Configuring IPv6 Route Table Entries and Route Preferences Beginning in Privileged EXEC mode, use the following commands to configure...
  • Page 1261Command Purpose ipv6 route distance Set the default distance (preference) for static IPv6 integer routes. Lower route preference values are...
  • Page 1262 IPv6 Show Commands Use the following commands in Privileged EXEC mode to view IPv6 configuration status and related data....
  • Page 1263IPv6 Static Reject and Discard Routes A static configured route with a next-hop of “null” causes any packet matching the...
  • Page 1264 • ipv6 route 2001::/16 null 254 ipv6 route 2002::/16 null 254 These address ranges are reserved and not reachable...
  • Page 1265: Configuring DHCPv6 Server and Relay Settings 39 Configuring DHCPv6 Server and Relay Settings This chapter describes how to configure the switch to dynamically assign network...
  • Page 1266 What Is a DHCPv6 Pool? DHCPv6 pools are used to specify information for DHCPv6 server to distribute to DHCPv6...
  • Page 1267Figure 39-1. DHCPv6 Prefix Delegation Scenario In Figure 39-1, the Dell Networking acts as the Prefix Delegation (PD) server and...
  • Page 1268 Configuring the DHCPv6 Server and Relay (Web) This section provides information about the OpenManage Switch Administrator pages for configuring...
  • Page 1269DHCPv6 Pool Configuration Use the Pool Configuration page to set up a pool of DHCPv6 parameters for DHCPv6 clients. The...
  • Page 1270 Figure 39-4. Pool Configuration 4 From the DNS Server Address menu, select an existing DNS Server Address to associate...
  • Page 1271Prefix Delegation Configuration Use the Prefix Delegation Configuration page to configure a delegated prefix for a pool. At least one...
  • Page 1272 DHCPv6 Pool Summary Use the Pool Summary page to display settings for all DHCPv6 Pools. At least one pool...
  • Page 1273DHCPv6 Interface Configuration Use the DHCPv6 Interface Configuration page to configure a DHCPv6 interface. To display the page, click Routing...
  • Page 1274 Figure 39-8 shows the screen when the selected interface mode is Server. Figure 39-8. DHCPv6 Interface Configuration - Server...
  • Page 1275DHCPv6 Server Bindings Summary Use the Server Bindings Summary page to display all DHCPv6 server bindings. To display the page,...
  • Page 1276 DHCPv6 Statistics Use the DHCPv6 Statistics page to display DHCPv6 statistics for one or all interfaces. To display the...
  • Page 1277Configuring the DHCPv6 Server and Relay (CLI) This section provides information about the commands you use to configure and monitor...
  • Page 1278 Command Purpose domain-name domain Set up to five DNS domain names to provide to a DHCPv6 client by the...
  • Page 1279Configuring DHCPv6 Interface Information Beginning in Privileged EXEC mode, use the following commands to configure an interface as a DHCPv6...
  • Page 1280 Command Purpose ipv6 dhcp server pool- Configure DHCPv6 server functionality on the interface. name [rapid-commit] • pool-name — The...
  • Page 1281DHCPv6 Configuration Examples This section contains the following examples: • Configuring a DHCPv6 Stateless Server • Configuring the DHCPv6 Server...
  • Page 1282 4 Configure the DHCPv6 server functionality on VLAN 100. Clients can use the preference value to determine which DHCPv6...
  • Page 1283 console(config-dhcp6s-pool)#prefix-delegation 2001:DB8:1002::/32 00:01:00:09:f8:79:4e:00:04:76:73:43:76 valid- lifetime 600 preferred-lifetime 400 console(config-dhcp6s-pool)#exit 3 Configure the DHCPv6 server functionality on VLAN 200 and...
  • Page 1284 Relay Interface Number.....................Vl100 Relay Remote ID............................ Option Flags............................... 1284 Configuring DHCPv6 Server and Relay Settings
  • Page 1285: Configuring Differentiated Services 40 Configuring Differentiated Services This chapter describes how to configure the Differentiated Services (DiffServ) feature. DiffServ enables traffic to...
  • Page 1286 How Does DiffServ Functionality Vary Based on the Role of the Switch? How you configure DiffServ support in Dell...
  • Page 1287 Dell Networking N2000, N3000, and N4000 series switches software supports the Traffic Conditioning Policy type which is associated with...
  • Page 1288 Configuring DiffServ (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring DiffServ features...
  • Page 1289Class Configuration Use the DiffServ Class Configuration page to add a new DiffServ class name, or to rename or delete...
  • Page 1290 2 Enter a name for the class and select the protocol to use for class match criteria. 3 Click...
  • Page 1291Figure 40-5. DiffServ Class Criteria Configuring Differentiated Services 1291
  • Page 1292 Policy Configuration Use the DiffServ Policy Configuration page to associate a collection of classes with one or more policy...
  • Page 1293Figure 40-7. Add DiffServ Policy 2 Enter the new Policy Name. 3 Click Apply to save the new policy. 4...
  • Page 1294 Policy Class Definition Use the DiffServ Policy Class Definition page to associate a class to a policy, and to...
  • Page 1295Figure 40-10. Policy Class Definition Packet Marking Traffic Condition Follow these steps to have packets that match the class criteria...
  • Page 1296 Policing Traffic Condition Follow these steps to perform policing on the packets that match this policy class: 1 Select...
  • Page 1297Service Configuration Use the DiffServ Service Configuration page to activate a policy on a port. To display the page, click...
  • Page 1298 Service Detailed Statistics Use the DiffServ Service Detailed Statistics page to display packet details for a particular port and...
  • Page 1299Flow-Based Mirroring Use the Flow-Based Mirroring page to create a mirroring session in which the traffic that matches the specified...
  • Page 1300 Configuring DiffServ (CLI) This section provides information about the commands you use to configure DiffServ settings on the switch....
  • Page 1301CLI Command Description match cos Add to the specified class definition a match condition for the Class of Service value....
  • Page 1302 CLI Command Description match srcip Add to the specified class definition a match condition based on the source IP...
  • Page 1303CLI Command Description match protocol Add to the specified class definition a match condition based on the value of the...
  • Page 1304 DiffServ Policy Attributes Configuration Beginning in Privilege Exec mode, use the following commands to configure policy attributes and view...
  • Page 1305CLI Command Description conform-color class-map-name Specify the color class for color-aware policing. [exceed-color class-map-name] The action for the policy-class-map instance...
  • Page 1306 DiffServ Service Configuration Beginning Privilege Exec mode, use the following commands to associate a policy with an interface and...
  • Page 1307DiffServ Configuration Examples This section contains the following examples: • Providing Subnets Equal Access to External Network • DiffServ for...
  • Page 1308 The following commands show how to configure the DiffServ example depicted in Figure 40-17. 1 Enable DiffServ operation for...
  • Page 1309 console(config-policy-map)#class development_dept console(config-policy-classmap)#assign-queue 4 console(config-policy-classmap)#exit console(config-policy-map)#exit 4 Attach the defined policy to 10-Gigabit Ethernet interfaces 1/0/1 through 1/0/4 in...
  • Page 1310 DiffServ for VoIP One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP...
  • Page 1311The following commands show how to configure the DiffServ example depicted in Figure 40-18. 1 Set queue 6 on all...
  • Page 1312 console(config-policy-classmap)#exit console(config-policy-map)#exit 5 Attach the defined policy to an inbound service interface. console(config)#interface tengigabitethernet 1/0/1 console(config-if-Te1/0/1)#service-policy in pol_voip console(config-if-Te1/0/1)#exit...
  • Page 1313: Configuring Class-of-Service 41 Configuring Class-of-Service This chapter describes how to configure the Class-of-Service (CoS) feature. The CoS queueing feature lets you...
  • Page 1314 Each ingress port on the switch has a default priority value (set by configuring VLAN Port Priority in the...
  • Page 1315How Are Traffic Queues Defined? For each queue, you can specify: • Minimum bandwidth guarantee—A percentage of the port’s maximum...
  • Page 1316 • Weighted Random Early Detection (WRED)—Drops packets queued for transmission selectively based their drop precedence level. For each of...
  • Page 1317Table 41-1. CoS Global Defaults Parameter Default Value IP DSCP value to queue mapping IP DSCP Queue 0–7, 24–31 1...
  • Page 1318 Configuring CoS (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring CoS features...
  • Page 1319To display the Queue Mapping Table for the selected Trust Mode, click the Show All link at the top of...
  • Page 1320 Interface Configuration Use the Interface Configuration page to define the interface shaping rate for egress packets on an interface...
  • Page 1321Interface Queue Configuration Use the Interface Queue Configuration page to configure egress queues on interfaces. The settings you configure control...
  • Page 1322 To access the Interface Queue Status page, click the Show All link at the top of the page. Interface...
  • Page 1323Figure 41-5. Interface Queue Drop Precedence Configuration To access the Interface Queue Drop Precedence Status page, click the Show All...
  • Page 1324 Configuring CoS (CLI) This section provides information about the commands you use to configure CoS settings on the switch....
  • Page 1325CoS Interface Configuration Commands Beginning in Privileged Exec mode, use the following commands in to configure the traffic shaping and...
  • Page 1326 CLI Command Description cos-queue min-bandwidth Specify the minimum transmission bandwidth (range: bw 0-100% in 1% increments) for each interface...
  • Page 1327Configuring Interface Queue Drop Probability Beginning in Privileged Exec mode, use the following commands in to configure characteristics of the...
  • Page 1328 CoS Configuration Example Figure 41-6 illustrates the network operation as it relates to CoS mapping and queue configuration. Four...
  • Page 1329Continuing this example, the egress port te1/0/8 is configured for strict priority on queue 6, and a weighted scheduling scheme...
  • Page 1330 mapping from the switch defaults to support lossless1 transport of frames on CoS queue 4, with a 50% minimum...
  • Page 1331: Configuring Auto VoIP 42 Configuring Auto VoIP Voice over Internet Protocol (VoIP) allows you to make telephone calls using a computer network...
  • Page 1332 Auto-VoIP is limited to 16 sessions and makes use of the switch CPU to classify traffic. It is preferable...
  • Page 1333Configuring Auto VoIP (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring Auto VoIP...
  • Page 1334 Figure 42-2. Auto VoIP Interface Configuration To display summary Auto VoIP configuration information for all interfaces, click the Show...
  • Page 1335Configuring Auto VoIP (CLI) This section provides information about the commands you use to configure Auto VoIP settings on the...
  • Page 13361336 Configuring Auto VoIP
  • Page 1337: Managing IPv4 and IPv6 Multicast 43 Managing IPv4 and IPv6 Multicast NOTE: This feature not available on N2000 switches. This chapter describes how to...
  • Page 1338 recipient host. The IP routing protocols can route multicast traffic, but the IP multicast protocols handle the multicast traffic...
  • Page 1339What Multicast Protocols Does the Switch Support? Multicast protocols are used to deliver multicast packets from one source to multiple...
  • Page 1340 When Is L3 Multicast Required on the Switch? Use the IPv4/IPv6 multicast feature on Dell Networking series switches to...
  • Page 1341For more information about when to use PIM-DM, see "Using PIM-DM as the Multicast Routing Protocol" on page 1352. For...
  • Page 1342 DVMRP, PIM-DM, and PIM-SM) and have a tree-like topology, as there is no support for features like reverse path...
  • Page 1343What Is PIM? The Protocol Independent Multicast protocol is a simple, protocol- independent multicast routing protocol. PIM uses an existing...
  • Page 1344 candidate RPs to all the PIM routers in the network. Each PIM router then runs the RP selection algorithm...
  • Page 1345 • This (*, G) Join travels hop-by-hop to the RP, building a branch of the Shared Tree that extends from...
  • Page 1346 – The RP sends a source group (S, G) Join back towards the source to create a branch of...
  • Page 1347Phase 3: Shortest Path Tree Figure 43-4. PIM-SM SPT—Part 1 • PIM-SM has the capability for last-hop routers (i.e., routers...
  • Page 1348 Figure 43-5. PIM-SM SPT—Part 2 • Finally, special (S, G) RP-bit Prune messages are sent up the Shared Tree...
  • Page 1349Figure 43-6. PIM-SM SPT—Part 3 • At this point, (S, G) traffic is now flowing directly from the first -hop...
  • Page 1350 • At this point, the RP no longer needs the flow of (S, G) traffic since all branches of...
  • Page 1351creates a performance problem in that it limits the number of packets that can be processed and places a high...
  • Page 1352 sending the encapsulated Register messages. This removes the load from the CPU of the first-hop router and the RP,...
  • Page 1353router on its RPF interface, the State Refresh message causes an existing prune state to be refreshed. State Refresh messages...
  • Page 1354 Using DVMRP as the Multicast Routing Protocol DVMRP is used to communicate multicast information between L3 switches or routers....
  • Page 1355Default L3 Multicast Values IP and IPv6 multicast is disabled by default. Table 43-2 shows the default values for L3...
  • Page 1356 Table 43-2. L3 Multicast Defaults (Continued) Parameter Default Value MLD Query Interval 125 seconds MLD Query Max Response Time...
  • Page 1357Configuring General IPv4 Multicast Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring...
  • Page 1358 Multicast Interface Configuration Use the Interface Configuration page to configure the TTL threshold of a multicast interface. At least...
  • Page 1359Multicast Route Table Use the Route Table page to view information about the multicast routes in the IPv4 multicast routing...
  • Page 1360 Multicast Admin Boundary Configuration The definition of an administratively scoped boundary is a way to stop the ingress and...
  • Page 1361Multicast Admin Boundary Summary Use the Admin Boundary Summary page to display existing administratively scoped boundaries. To display the page,...
  • Page 1362 Multicast Static MRoute Summary Use the Static MRoute Summary page to display static routes and their configurations. To display...
  • Page 1363Configuring IPv6 Multicast Features (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring the...
  • Page 1364 Configuring IGMP and IGMP Proxy (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and...
  • Page 1365IGMP Interface Configuration Use the Interface Configuration page to configure and/or display router interface parameters. You must configure at least...
  • Page 1366 IGMP Interface Summary Use the Interface Summary page to display IGMP routing parameters and data. You must configure at...
  • Page 1367Figure 43-20. IGMP Cache Information Managing IPv4 and IPv6 Multicast 1367
  • Page 1368 IGMP Interface Source List Information Use the Source List Information page to display detailed membership information for an interface....
  • Page 1369IGMP Proxy Interface Configuration The IGMP Proxy is used by IGMP Router (IPv4 system) to enable the system to issue...
  • Page 1370 IGMP Proxy Configuration Summary Use the Configuration Summary page to display proxy interface configurations by interface. You must have...
  • Page 1371IGMP Proxy Interface Membership Info Use the Interface Membership Info page to display interface membership data for a specific IP...
  • Page 1372 Detailed IGMP Proxy Interface Membership Information Use the Interface Membership Info Detailed page to display detailed interface membership data....
  • Page 1373Configuring MLD and MLD Proxy (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring...
  • Page 1374 MLD Routing Interface Configuration Use the Interface Configuration page to enable selected IPv6 router interfaces to discover the presence...
  • Page 1375MLD Routing Interface Summary Use the Interface Summary page to display information and statistics on a selected MLD-enabled interface. You...
  • Page 1376 received on the selected interface in order for data to be displayed here. To access this page, click IPv6...
  • Page 1377MLD Traffic The MLD Traffic page displays summary statistics on the MLD messages sent to and from the router. To...
  • Page 1378 MLD Proxy Configuration When you configure an interface in MLD proxy mode, it acts as a proxy multicast host...
  • Page 1379MLD Proxy Configuration Summary Use the Configuration Summary page to view configuration and statistics on MLD proxy-enabled interfaces. To display...
  • Page 1380 MLD Proxy Interface Membership Information The Interface Membership Information page lists each IP multicast group for which the MLD...
  • Page 1381Detailed MLD Proxy Interface Membership Information The Interface Membership Information Detailed page provides additional information about the IP multicast groups...
  • Page 1382 Configuring PIM for IPv4 and IPv6 (Web) This section provides information about the OpenManage Switch Administrator pages for configuring...
  • Page 1383PIM Global Status Use the Global Status page to view the administrative status of PIM-DM or PIM-SM on the switch....
  • Page 1384 PIM Interface Configuration Use the Interface Configuration page to configure specific VLAN routing interfaces with PIM. To display the...
  • Page 1385PIM Interface Summary Use the Interface Summary page to display a PIM-enabled VLAN routing interface interface and its settings. To...
  • Page 1386 Candidate RP Configuration The Candidate RP is configured on the Add Candidate RP page. Use the Candidate RP Configuration...
  • Page 1387Figure 43-41. Add Candidate RP 3 Select the VLAN interface for which the Candidate RP is to be configured. 4...
  • Page 1388 Static RP Configuration Use the Static RP Configuration page to display or remove the configured RP. The page also...
  • Page 1389Figure 43-43. Add Static RP 3 Enter the IP address of the RP for the group range. 4 Enter the...
  • Page 1390 SSM Range Configuration Use this page to display or remove the Source Specific Multicast (SSM) group IP address and...
  • Page 1391Figure 43-45. Add SSM Range 3 Click the Add Default SSM Range check box to add the default SSM Range....
  • Page 1392 BSR Candidate Configuration Use this page to configure information to be used if the interface is selected as a...
  • Page 1393BSR Candidate Summary Use this page to display information about the configured BSR candidates. To display this page, click IPv4...
  • Page 1394 Configuring DVMRP (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring DVMRP on...
  • Page 1395DVMRP Interface Configuration Use the Interface Configuration page to configure a DVMRP VLAN routing interface. You must configure at least...
  • Page 1396 DVMRP Configuration Summary Use the Configuration Summary page to display the DVMRP configuration and data for a selected interface....
  • Page 1397DVMRP Next Hop Summary Use the Next Hop Summary page to display the next hop summary by Source IP. To...
  • Page 1398 DVMRP Prune Summary Use the Prune Summary page to display the prune summary by Group IP. To display the...
  • Page 1399Configuring L3 Multicast Features (CLI) This section provides information about the commands you use to configure general IPv4 multicast settings...
  • Page 1400 Command Purpose exit Exit to Global Config mode. exit Exit to Privileged EXEC mode. show ip multicast View system-wide...
  • Page 1401Configuring and Viewing IPv6 Multicast Route Information Beginning in Privileged EXEC mode, use the following commands to configure static IPv6...
  • Page 1402 Configuring and Viewing IGMP Beginning in Privileged EXEC mode, use the following commands to configure IGMP on the switch...
  • Page 1403Command Purpose ip igmp startup-query- Set the number of queries sent out on startup —at count count intervals equal to...
  • Page 1404 Configuring and Viewing IGMP Proxy Beginning in Privileged EXEC mode, use the following commands to configure the upstream VLAN...
  • Page 1405Configuring and Viewing MLD Beginning in Privileged EXEC mode, use the following commands to configure MLD on the switch and...
  • Page 1406 Command Purpose show ipv6 mld interface [vlan View MLD information for all interfaces or for vlan-id] the specified interface....
  • Page 1407Command Purpose show ipv6 mld-proxy View a summary of the host interface status parameters. show ipv6 mld-proxy interface View a...
  • Page 1408 Command Purpose show ip pim interface vlan View the PIM-DM information for the specified vlan-id interface. show ip pim...
  • Page 1409Command Purpose show ipv6 pim interface vlan View the PIM information for the specified vlan-id interface. show ipv6 pim neighbor...
  • Page 1410 Configuring and Viewing PIM-SM for IPv4 Multicast Routing Beginning in Privileged EXEC mode, use the following commands to configure...
  • Page 1411Command Purpose ip pim rp-candidate vlan Configure the router to advertise itself to the BSR vlan-id group-address group- router as...
  • Page 1412 Command Purpose exit Exit to Global Config mode. exit Exit to Privileged EXEC mode. show ip pim View system-wide...
  • Page 1413Command Purpose ipv6 pim bsr-candidate vlan Configure the switch to announce its candidacy as a vlan-id hash-mask-length bootstrap router (BSR)...
  • Page 1414 Command Purpose ipv6 pim ssm {default | Define the Source Specific Multicast (SSM) range of group-address/prefix-length } IPv6 multicast...
  • Page 1415Command Purpose show ipv6 pim rp-hash View the RP router being selected for the specified groupaddr multicast group address from...
  • Page 1416 Configuring and Viewing DVMRP Information Beginning in Privileged EXEC mode, use the following commands to configure DVMRP on the...
  • Page 1417L3 Multicast Configuration Examples This section contains the following configuration examples: • Configuring Multicast VLAN Routing With IGMP and PIM-SM...
  • Page 1418 Figure 43-54. IPv4 Multicast VLAN Routing Video Server L3 Switch A (PIM RP) Port 23 Port 24 L3 Switch...
  • Page 1419 console#configure console(config)#no ip igmp snooping console(config)#no ipv6 mld snooping console(config)#vlan 10,20 console(config-vlan10,20)#exit 2 Configure port 23 and 24 as...
  • Page 1420 console(config-if-vlan20)#exit 8 Globally enable IP multicast, IGMP, and PIM-SM on the switch. console(config)#ip multicast console(config)#ip igmp console(config)#ip pim sparse...
  • Page 1421Configuring DVMRP The following example configures two DVMRP interfaces on the switch to enable inter-VLAN multicast routing. To configure the...
  • Page 14221422 Managing IPv4 and IPv6 Multicast
  • Page 1423: Feature Limitations and Platform Constants A Feature Limitations and Platform Constants • Table A-1 lists the feature limitations and Table A-2 lists the platform...
  • Page 1424 Table A-1. Feature Limitations (Continued) Feature N2000 Series N3000 Series N4000 Series IP Helper Max entries 64 512 512...
  • Page 1425Table A-1. Feature Limitations (Continued) Feature N2000 Series N3000 Series N4000 Series Authentication HTTP lists Max Count 1 1 1...
  • Page 1426 Table A-1. Feature Limitations (Continued) Feature N2000 Series N3000 Series N4000 Series Login History 50 50 50 QoS features...
  • Page 1427Table A-2. Platform Constants Feature N2000 Series N3000 Series N4000 Series MAC addresses assigned per system 4 4 4 Reference...
  • Page 1428 Table A-2. Platform Constants (Continued) Feature N2000 Series N3000 Series N4000 Series Static filter entries Unicast MAC and source...
  • Page 1429Table A-2. Platform Constants (Continued) Feature N2000 Series N3000 Series N4000 Series Port MAC locking Dynamic addresses per port 600...
  • Page 1430 Table A-2. Platform Constants (Continued) Feature N2000 Series N3000 Series N4000 Series Tunnels Number of configured v6-over-v4 N/A 8...
  • Page 1431Table A-2. Platform Constants (Continued) Feature N2000 Series N3000 Series N4000 Series IP Multicast Number of IPv4/IPv6 Multicast N/A 2048...
  • Page 1432 Table A-2. Platform Constants (Continued) Feature N2000 Series N3000 Series N4000 Series CoS Device Characteristics Configurable Queues per port...
  • Page 1433: System Process Definitions B System Process Definitions The following process/thread definitions are intended to assist the end user in troubleshooting switch issues....
  • Page 1434 Table B-1. System Process Definitions (Continued) Name Task Summary bcmXGS3AsyncTask BCM system task: SDK XGX3 hw task BootP Boot...
  • Page 1435Table B-1. System Process Definitions (Continued) Name Task Summary Dot1s transport task Spanning Tree tasks dot1s_helper_task dot1s_task dot1s_timer_task dot1xTask 802.1x...
  • Page 1436 Table B-1. System Process Definitions (Continued) Name Task Summary hapiBpduTxTask High Level API - SDK Integration Layer hapiL2AsyncTask hapiL2FlushTask...
  • Page 1437Table B-1. System Process Definitions (Continued) Name Task Summary mcastMapTask Multicast Mapping Tasks mgmdMapTask mvrTask MVR Message Handler nim_t Network...
  • Page 1438 Table B-1. System Process Definitions (Continued) Name Task Summary simPts_task System Interface Manager (time zone, system name, service port...
  • Page 1439Table B-1. System Process Definitions (Continued) Name Task Summary tJobTask VxWorks Task tL7Timer0 System Timer tLogTask System LOG processing tNet0...
  • Page 14401440 System Process Definitions
  • Page 1441: IndexIndex Numerics address table. See MAC address table. 10GBase-T copper uplink module, 119 administrative profiles, 213 defaults, 240 802.1p RADIUS...
  • Page 1442 CLI configuration, 402 B defaults, 400 back pressure, 72 defined, 389 DHCP, 405 banner, CLI, 315 configuration file, 395...
  • Page 1443 localization, 547 DHCP auto configuration, 395 understanding, 543, 546 downloading, 365 user logout mode, 547 editing, 365 users, RADIUS...
  • Page 1444 D enabling, 405 monitoring, 398 DAI process, 393 defaults, 885 optional features, 884 DHCP client, 1041 purpose, 885 default...
  • Page 1445 examples, 1281 diffServ, 86 pool, 1266 discovery, device, 761 prefix delegation, 1266 document conventions, 52 relay agent, configuring, 1283...
  • Page 1446 log messages, 272 and stacking, 366 enable authentication, 211 downloading to the switch, 364 types, 359 energy detect mode,...
  • Page 1447 VLAN IEEE 802.1ag guest, 533 administrator, 863 GVRP, 650 carrier network, 860 statistics, 421 configuration (CLI), 873 configuration (web),...
  • Page 1448 IGMP snooping, 87 default VLAN, 154, 163 defaults, 814 OOB port, 163 querier, 88 IP helper, 83, 1089 querier,...
  • Page 1449 tunnel, 84 CLI configuration, 777 IPv6 ACL configuration, 606 configuring, 778 enabling, 778 IPv6 interface example, 782 configuring, 1242...
  • Page 1450 LED locator LED 100/1000/10000Base-T port, 97, enabling, 133, 267 109, 121 log messages, 57 port, 119 SFP port, 97,...
  • Page 1451 defaults, 1016 MLAG, 932 defined, 1015 MLD, 90 dynamic, 1019 defaults, 1355 managing, CLI, 1020 understanding, 1342 populating, 1015...
  • Page 1452 configuring (web), 816 network information defaults, 814 CLI configuration, 161 understanding, 803 default, 151 when to use, 809 defined,...
  • Page 1453 defaults, 1120 IPv4 web-based difference from OSPFv3, 1113 configuration, 1382 examples, 1177 IPv6 web-based flood blocking, 1118, 1195 configuration,...
  • Page 1454 Port LEDs, 97, 109, 121 Q port mirroring QoS configuring, 437 CoS queuing mode, enabling, 412 diffserv, 86 understanding,...
  • Page 1455RMON, 60 best routes, 1074 CLI management, 439 configuring, 1082 defaults, 414 IPv6, 1260, 1262 example, 449 RSPAN, 73, 411...
  • Page 1456 SFP port LEDs, 97, 109, 121 SSL files, 363 SFP+ module, 118 SSM range, 1390 SFTP, managing files, 380...
  • Page 1457 default, 790, 984 web-based configuration, 287 example, 801 system LEDs, 119 understanding, 788 system time, 283 STP and LAGs,...
  • Page 1458 traps VLAN, 916 OSPF, 341 authenticated and unauthenticated, 507 trunk port CLI configuration, 682 and 802.1X authentication, 533, 535...
  • Page 1459VLANs dynamically created, 534 RADIUS-assigned, 534 voice traffic, identifying, 653 voice VLAN, 653 and LLDP-MED, 654 example, 710 understanding, 652...
  • Page 1460Index 1460
downloadlike
ArtboardArtboardArtboard
Report Bug