Manuale d’uso / di manutenzione del prodotto N4000 del fabbricante Dell
Vai alla pagina of 1460
Dell Networking N2000, N3000, and N4000 Series Switches User’ s Configuration Guide Regulatory Models: N2024, N202 4P , N2038,N2048P , N3024, N3024F , N3024P , N3048, N3048 P , N4032, N4032F , N4064.
Notes and Ca utions NOTE: A NOTE indica tes imp ortant informat ion tha t helps you mak e bette r use of your co mputer . CAUTION: A C AUTION indicate s potent ial damage to hardware or loss of data if inst ructions a re not f ollowed . ________ ____ Information in this publication is subject to change without notice.
Content s 3 Content s 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . 51 About This Docu ment . . . . . . . . . . . . . . . . . . 51 Audi ence . . . . . . . . . . . . . . . . . . . . . . . . . 52 Docume nt Conv entions . . . . . . . . . .
4 Conte nts Single IP Man agement . . . . . . . . . . . . . . . 61 Master Failov er with T ran sparen t T ransit ion . . . . 62 Nonsto p Forwar ding on the Stack . . . . . . . . . 62 Hot Add/Delet e and Firmware Synchr onizat ion . . . . . . . . . . .
Content s 5 Power over Etherne t (PoE) P lus Feature s . . . . . . . . 70 Power Over E thernet (Po E) Plus Configu ratio n . . . . . . . . . . . . . . . . . . . . 70 PoE Plus Support . . . . . . . . . . . . . . . . . . 70 Switch ing Feat ures . . . . .
6 Conte nts GARP and GVRP S upport . . . . . . . . . . . . . . 78 Vo i c e V L A N . . . . . . . . . . . . . . . . . . . . . 78 Guest VLAN . . . . . . . . . . . . . . . . . . . . . 78 Double VLANs . . . . . . . . . . . . . . . . . . . . 78 Spann ing T ree Protocol Feature s .
Content s 7 IPv6 Rout es . . . . . . . . . . . . . . . . . . . . . 85 OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . 85 DHCPv6 . . . . . . . . . . . . . . . . . . . . . . . 85 Quality of Se rvice (QoS) Featu res . . . . . . . . . . . . 86 Diff eren tiate d Ser vice s (Dif fServ ) .
8 Conte nts N2000 Seri es Bac k Pane l . . . . . . . . . . . . . . 95 N2000 LED Def initions . . . . . . . . . . . . . . . . 97 Power Cons umption for N2000 Series PoE Switch es . . . . . . . . . . . . . . . . . . . . . 100 Dell Networ king N3 000 Series Sw itch Hardware .
Content s 9 Using the Device View Swi tch Lo cator Feature . . . . . . . . . . . . . . . . . . . . . . . 133 5 Using the Command-Line Interface . . . . 135 Accessin g the S witch Thr ough th e CLI . . . . . . . . . 135 Conso le Connec tion . . . . . .
10 Conte nts What Is Out-of- Band Manag ement an d In-Ba nd Manage ment? . . . . . . . . . . . . . . 14 9 Default Netwo rk Informatio n . . . . . . . . . . . . . 151 Configu ring Bas ic Network In formation (Web ) . . . . 152 Out-of-Ban d Interf ace .
Content s 11 Basic Netw ork Info rmation C onfiguration Examp le . . . . . . . . . . . . . . . . . . . . . . . . . 166 8 Managing QSFP Ports . . . . . . . . . . . . . . 169 9 Managing a Switch Stack . . . . . . . . . . . 171 Stac king Ove rview . . . .
12 Conte nts Managi ng the S tack (C LI) . . . . . . . . . . . . . . . 192 Confi guring Stack Member , St ack Por t, and NSF Settings . . . . . . . . . . . . . . . . . . . 192 Viewin g and Clea ring Sta cking an d NSF Informatio n . . . . . . . . . . .
Content s 13 Auth orizatio n Example s . . . . . . . . . . . . . . . . . 227 Local A uthori zation Example—D irect Login to Privile ged EX EC Mod e . . . . . . . . . . . 227 T AC ACS+ Aut horiza tion Exa mple—Di rect Login to Privile ged EX EC Mod e .
14 Conte nts 11 Monitoring and Logging Sy stem Information . . . . . . . . . . . . . . . . . . . . . . 243 System Monitor ing Ove rview . . . . . . . . . . . . . 243 What Syst em Information Is Monitored? . . . . . 243 Why Is S ystem Info rmation Need ed? .
Content s 15 Moni toring Sy stem In formatio n and Co nfigur ing Logging (CLI) . . . . . . . . . . . . . . . . . . . . . . . 267 Viewin g System I nformat ion and En abling the Loca tor LED . . . . . . . . . . . . . . . . . . . 267 Runnin g Cable Dia gnostic s .
16 Conte nts SNTP Auth entic ation . . . . . . . . . . . . . . . 294 SNTP Serve r . . . . . . . . . . . . . . . . . . . 296 Summer T ime Config uration . . . . . . . . . . . 299 T i me Zone Con figura tion . . . . . . . . . . . . . 300 Card Confi guratio n .
Content s 17 What Are S NMP T rap s? . . . . . . . . . . . . . . 324 Why Is S NMP Neede d? . . . . . . . . . . . . . . 325 Default SNM P Valu es . . . . . . . . . . . . . . . . . . 325 Con figuri ng SNM P (Web) . . . . . . . . . . . . . . . . 327 SNMP Global Paramete rs .
18 Conte nts What Me thods Ar e Support ed for Fil e Manage ment? . . . . . . . . . . . . . . . . . . . 363 What Fa ctors Should Be Co nsid ered Wh en Managi ng F iles? . . . . . . . . . . . . . . . . . . 364 How Is th e Runn ing Co nfigurat ion Sav ed? .
Content s 19 How Does USB Auto Configu ration Us e the Files on t he USB De vice? . . . . . . . . . . . . . . 391 What Is the Setup File Format? . . . . . . . . . . . 392 What Is the DHC P Auto C onfigurat ion Proc ess? . . . . . . . . . . . . . . . .
20 Conte nts Default T raffic Mon itoring V alues . . . . . . . . . . . 414 Monitor ing Swit ch T raffic (W eb) . . . . . . . . . . . 414 sFlow Agen t Summary . . . . . . . . . . . . . . 41 4 sFlo w Receive r Conf igurati on . . . . . . . . . . 416 sFlow Sa mpler Configuratio n .
Content s 21 17 Configuring iSCSI Optimization . . . . . . . 459 iSCSI Opti mization Overvi ew . . . . . . . . . . . . . . 459 What Do es iSCS I Optimiz ation Do? . . . . . . . . . 460 How Does the Swi tch Detect iSCSI T raffic Flow s? . . . . . . . .
22 Conte nts 18 Configuring Port Characteristics . . . . . . 477 Port Ove rview . . . . . . . . . . . . . . . . . . . . . 477 What Ph ysical Port Ch aracteri stics Ca n Be Conf igure d? . . . . . . . . . . . . . . . . . . 477 What i s Link Depe ndency? .
Content s 23 Port Securi ty (Port-MAC Locking) . . . . . . . . . 539 Cap tive Po rtal . . . . . . . . . . . . . . . . . . . . . . 543 Captiv e Port al Overv iew . . . . . . . . . . . . . . 543 Default Ca ptive Port al Behavior and Setting s . . . 548 Conf iguri ng the Ca ptive P ortal (Web) .
24 Conte nts Poli cy Base d Routi ng . . . . . . . . . . . . . . . . . 594 Overvi ew . . . . . . . . . . . . . . . . . . . . . 594 Limitation s . . . . . . . . . . . . . . . . . . . . . 596 Exam ples . . . . . . . . . . . . . . . . . . . . . 598 Configu ring ACLs (Web) .
Content s 25 Doubl e-VLAN T a gging . . . . . . . . . . . . . . . 651 Vo i c e V L A N . . . . . . . . . . . . . . . . . . . . . 652 Priv ate VLA Ns . . . . . . . . . . . . . . . . . . . 654 Addi tional VLAN Feat ures . . . . . . . . . . . . . 660 Default VLAN Beh avior .
26 Conte nts Confi gure the VLANs and Po rts on Sw itch 2 . . . 705 Confi guri ng VLANs Us ing the C LI . . . . . . . . . 706 Con figuri ng a V oic e VLAN . . . . . . . . . . . . 710 22 Configuring the Spanning T ree Protocol . . . . . . . . . . . . .
Content s 27 Conf igurin g Span ning T re e (CLI) . . . . . . . . . . . . . 746 Configu ring Globa l STP Bridge Settings . . . . . . 746 Conf iguri ng Opti onal S TP Fe atures . . . . . . . . . 747 Configu ring ST P Interface Settings . . . . . . . . 748 Configu ring MS TP Swi tch S ettings .
28 Conte nts LLDP -MED Remo te De vice Info rmat ion . . . . . 776 Configu ring ISDP and L LDP (CLI) . . . . . . . . . . . 777 Configu ring Gl obal ISD P Sett ings . . . . . . . . . 777 Enabli ng ISDP on a P ort . . . . . . . . . . . . . 778 Viewin g and Clea ring ISD P Infor mation .
Content s 29 Configu ring Prot ected Por ts . . . . . . . . . . . . 799 Configu ring LLP F . . . . . . . . . . . . . . . . . . 800 Port-Bas ed T raffic Control Configu ration E xample . . . 801 25 Configuring L2 Multicast Features . . . . 803 L2 Multicas t Overview .
30 Conte nts VLAN Querie r Status . . . . . . . . . . . . . . . 827 MFDB IGM P Snoo ping T able . . . . . . . . . . . 828 MLD Snoo ping Gen eral . . . . . . . . . . . . . . 829 MLD Sn ooping Globa l Querie r Config uratio n . . . 831 MLD Sn ooping VLAN Qu erier .
Content s 31 What is the Admini strator ’ s Role? . . . . . . . . . 863 Default Dot 1ag V alues . . . . . . . . . . . . . . . . . . 864 Con figuri ng Dot 1ag (Web) . . . . . . . . . . . . . . . . 865 Dot1ag Global Config uration . . . . . . . . . . .
32 Conte nts Default T raffic Snoopi ng and In spection V alues . . . 885 Conf iguring T raffic Sn ooping and Inspectio n (We b) . . . . . . . . . . . . . . . . . . . . 887 DHCP Snoopi ng Conf igurati on . . . . . . . . . . 887 DHCP Snoo ping I nterfa ce Co nfigur atio n .
Content s 33 28 Configuring Link Aggregation . . . . . . . . 913 Link Agg regati on . . . . . . . . . . . . . . . . . . . . . 913 Overview . . . . . . . . . . . . . . . . . . . . . . 913 Defa ult L ink Ag gregati on Values . . . . . . . . . . 917 Conf iguring Link Aggreg ation ( Web) .
34 Conte nts DCB Cap ability Exch ange . . . . . . . . . . . . . . . 992 Interope rabilit y with IEEE DC Bx . . . . . . . . . 993 DCBx and Po rt Roles . . . . . . . . . . . . . . . 993 Confi gurati on Sou rce Por t S election Proc ess . . . . . . . . .
Content s 35 31 Configuring Routing Interfaces . . . . . . 10 21 Routing Interfac e Overv iew . . . . . . . . . . . . . . 1021 What Are VLAN R outin g Inter faces ? . . . . . . . 1021 What Are Loopbac k Interfa ces? . . . . . . . . . 1022 What Ar e T unnel Inte rfaces? .
36 Conte nts Default DHCP Serve r V alues . . . . . . . . . . . . . . 1042 Configu ring the DHCP Se rver (W eb) . . . . . . . . . . 1043 DHCP Se rver Net work Prop erties . . . . . . . . 1043 Addre ss Pool . . . . . . . . . . . . . . . . . . . 1045 Addre ss Pool Optio ns .
Content s 37 Router Disco very S tatus . . . . . . . . . . . . . 1072 Rout e T a ble . . . . . . . . . . . . . . . . . . . . 1073 Best Routes T a ble . . . . . . . . . . . . . . . . 1074 Rou te Entry Config urati on . . . . . . . . . . . . 1075 Conf igure d Routes .
38 Conte nts IP Hel per In terfac e Confi gurat ion . . . . . . . . 1102 IP H elper Stati stics . . . . . . . . . . . . . . . . 1104 Config uring L2 an d L3 Relay Fe atures ( CLI) . . . . . . 1105 Confi guri ng L2 DHCP Re lay . . . . . . . . . . . . 1105 Configu ring L3 Rela y (IP Helper) Settin gs .
Content s 39 OSPF Virtual Link Config urati on . . . . . . . . . 1132 OSPF Virtual Link S ummary . . . . . . . . . . . . 1134 OSPF Rout e Redi stribut ion C onfig uration . . . . 1135 OSPF Rout e Redi stributi on Summ ary . . . . . . . 1136 NSF O SPF Config urati on .
40 Conte nts Confi guring O SPFv3 Ro ute Red istribu tion Setting s . . . . . . . . . . . . . . . . . . . . . . 1175 Configu ring NSF Settings for OSPF v3 . . . . . . . 1176 OSPF C onfigura tion Ex amples . . . . . . . . . . . . . 1177 Confi guri ng an OSP F Borde r Rout er and Setting Interfac e Cost s .
Content s 41 Conf iguri ng Rou te Redi stribut ion S etting s . . . . 1211 RIP C onfigur ation Ex ample . . . . . . . . . . . . . . 1213 37 Configuring VRRP . . . . . . . . . . . . . . . . 12 17 VRRP Overv iew . . . . . . . . . . . . . . . . . . . . 1217 How Does VRRP W ork? .
42 Conte nts 38 Configuring IPv6 Routing . . . . . . . . . . . 1241 IPv6 Rou ting Overv iew . . . . . . . . . . . . . . . . . 1241 How Does IPv6 Compare with IPv4? . . . . . . . 1242 How Are I Pv6 Interf aces Confi gured ? . . . . . . 1242 Default IPv6 Rou ting V alues .
Content s 43 IPv6 St atic Reject and Dis card Ro utes . . . . . . . . 1263 39 Configuring DHCPv6 Server and Relay Settings . . . . . . . . . . . . . . . . . . . 1265 DHCPv6 Overvie w . . . . . . . . . . . . . . . . . . . 1265 What Is a DHCPv6 Pool ? .
44 Conte nts Confi guring t he DHC Pv6 Serv er for Pre fix Delega tion . . . . . . . . . . . . . . . . . . . . . 1282 Confi guri ng an Int erface as a DHCPv6 Relay Ag ent . . . . . . . . . . . . . . . . . . . . 1283 40 Configuring Differentiated Services .
Content s 45 DiffServ for V oIP . . . . . . . . . . . . . . . . . 1310 41 Configuring Class-of-Service . . . . . . . 1313 CoS Ove rview . . . . . . . . . . . . . . . . . . . . . 1313 What Are T rusted and Unt ruste d Port Modes ? . . . . . . . . . . .
46 Conte nts CoS C onfigu ration Exam ple . . . . . . . . . . . . . . 1328 42 Configuring Auto V oIP . . . . . . . . . . . . . 1331 Auto V oIP Overview . . . . . . . . . . . . . . . . . . 1331 How Does A uto-V oIP Use ACLs? . . . . . . . . . 1332 Default Aut o V oIP V alues .
Content s 47 Mult icast Int erface C onfigu ration . . . . . . . . 1358 Mult icast Ro ute T ab le . . . . . . . . . . . . . . 1359 Mult icast Admi n Bounda ry Conf igurat ion . . . . 1360 Mult icast Admi n Boundar y Summary . . . . . . 1361 Multica st Stat ic MRou te Conf iguratio n .
48 Conte nts Configu ring PIM for IPv4 an d IPv6 (We b) . . . . . . . 1382 PIM Gl obal Co nfigura tion . . . . . . . . . . . . . 1382 PIM Gl obal St atus . . . . . . . . . . . . . . . . . 1383 PIM In terfac e Confi gurati on . . . . . . . . . . . 1384 PIM In terfac e Summary .
Content s 49 Configu ring and V iewing DVMRP Informatio n . . . . . . . . . . . . . . . . . . . . 1416 L3 Multicas t Configur ation Example s . . . . . . . . . 1417 Configu ring Mu lticast V LAN Ro uting W ith IGMP and PIM -SM . . . . . . . . . . . . .
50 Conte nts.
Introd uction 51 1 Introduction The switches i n the Dell Netwo rking N2000/N 3000/N400 0 series ar e stack able Layer 2 and 3 switches tha t extend t he Dell Networking LA N switching product range. These switches i nclude the following features: • 1U form factor , rack-mountabl e chassis design.
52 Introduct ion Audience This guide is for net work administrators in char ge of managing one or more Dell Ne tworking se ries switches . T o obtain the greatest bene fit from this guide, you should have a basic understan ding of Ethernet networks and local area netw ork (LAN) concepts.
Introd uction 53 Additional Do cumentation The following documents for the Dell Networking serie s switches ar e available at supp ort.d ell. com/ma nuals : • Getti ng Start ed Guide— provides information a bout the swit ch models in the series, including front and back panel featur es.
54 Introduct ion.
Switch Featu re Overvi ew 55 2 Switch Feature Overview This secti on describes the switch user -configurable softwar e featur es. The topics covere d in this section include: NOTE: Bef ore proc eeding, read th e release notes for this pro duct. T he rele ase notes a re part of t he firmware d ownload.
56 Switch Featur e Overv iew System Manage ment Feature s Multiple Mana gement Options Y ou can use any of the following methods to manage the switch: • Use a web browser to access the Dell OpenManage Switch Admini strator interface. T he switch contains an em bedded W eb server that serves HTML pag es.
Switch Featu re Overvi ew 57 Log Message s The switch maint ains in-memory log messages as well as persist ent logs. Y ou can configure remote logging so that the swit ch sends log messag es to a remote SYSLOG serv er . Y ou can also configure the switch to email log messages to a confi gured SMTP server .
58 Switch Featur e Overv iew IPv6 Manag ement Features Dell Networking series switches pro vide IPv6 support for many standard management features including HT TP , HT TPS/SSL, T elne t, SSH, SNMP , SNTP , TFTP , and traceroute on b oth the in-band and out -of -band management ports.
Switch Featu re Overvi ew 59 •I P v 4 D a t a C e n t e r F or i nformation a bout setti ng the SDM te mplate, see " Managing Gener al System Set tings" on page 279 .
60 Switch Featur e Overv iew SNMP Alarms and T rap Logs The system logs event s with severity codes and tim estamps. The events are sent as SNMP tra ps to a tr ap r ecipi ent li st. F or information about configuring SNMP trap s and alarm s, se e "C onfig uring SNMP" on page 323.
Switch Featu re Overvi ew 61 Stacking Feature s F or information about cr eating and maintaini ng a stack of switches, s ee "Managing a Switch Stack" on p age 171. High Stac k Count The Dell Network ing N2000, N30 00, and N4000 serie s switches include a stacking feat ure th at allows up to 12 switches to operate as a sing le unit.
62 Switch Featur e Overv iew Master F ailover wit h T ransparent T ransitio n The stacking fe ature suppor ts a standby or backup unit that assumes the stack maste r role if the st ack master fails.
Switch Featu re Overvi ew 63 Security Featur es Configura ble Ac cess and Authenticati on Profi les Y ou can configure rules to limit acces s to the switch management interface based on criteria such as a ccess type and source IP addr ess of the management host.
64 Switch Featur e Overv iew RADIUS Suppor t The switch has a Remote Authent ication Dial In User Service (R ADIUS) client and can support up to 32 named authentication and accounting R ADIUS server s. The switch al so supports R ADIUS Attribute 4, which is the configuration of a NAS-IP addr e ss.
Switch Featu re Overvi ew 65 • BPDU Storm Prot ection: By default, if Spannin g T ree P rotocol (STP) bridg e protocol data u nits (BPDUs) ar e received at a rate of 15pps or greater for thr ee cons ecutive seconds on a port, the p ort will be diagnostica lly disabled.
66 Switch Featur e Overv iew Dot1x Authent ication (IEEE 802.1X) Dot1x a uthenticatio n enables the a uthenticat ion of syst em users through a local internal server or a n external s erver . Only authenticated and approved system users can transmit and receive frames over the po rt.
Switch Featu re Overvi ew 67 Access Contro l Lists (ACL ) Access Control List s (ACLs) ensure that only authorized users have access to specific r esources wh ile blocking o ff any unwarranted attempts to r each network resources.
68 Switch Featur e Overv iew DHCP Snooping DHCP Snooping is a security featur e that monitors DH CP messages bet ween a DHCP client and DHCP server . It filters harmful DHCP messages an d builds a bindings database of (MA C addr ess, IP addr ess, VLAN ID, port) tuples that are sp ecified as authori zed.
Switch Featu re Overvi ew 69 Green T echnology Fe atures F or information about configuring Gr een T echnology featu res, see "Configuring P ort Characteristics" on pa ge 477.
70 Switch Featur e Overv iew Power over Ethern et (PoE) Plus Featu res F or information about configuring P oE Plus featur e s, see "Managing General System Settings" on p age 279.
Switch Featu re Overvi ew 71 Switching Feature s Flow Contr ol Suppor t (IEE E 802.3x) Flow cont rol enables lower s peed switches to communicate with higher speed switches by requesting that the higher speed switch r efrain from sending pack ets for a limited period of time.
72 Switch Featur e Overv iew Auto-MDI/MDI X Support Y our sw itch suppor ts auto-det ection betw een crossed and s traight-thr ough cable s. Media -Depend ent Inte rface (MDI) is the stand ard wiri ng for en d stations, a nd the standar d wiring for hubs an d switches is know n as Media- Depend ent In terfac e with C rossov er (MDIX ).
Switch Featu re Overvi ew 73 Broadcast St orm Control When Layer 2 frames are forwarded, br oadcast, unknown unicast , and multicast frames ar e flooded to all ports on the r elevant vi rtual local area network (VLAN). The flooding occupies bandwidth, and loads all nodes connected on all ports.
74 Switch Featur e Overv iew Link Layer Discovery Pro tocol (LLDP) The IEEE 802.1AB defined standard, Link La yer Discover y P rotocol (L LDP), allows the sw itch to advertise major ca pabili ties and physical d escriptio ns. This information can help you identi fy system topology a nd detect bad configurations on the LAN.
Switch Featu re Overvi ew 75 has different loss tolerances. P riorities are differentiated by the priority field of the 802.1Q VLAN header . The N4000 switches support lossless transport of frames on up to two priorit y classes.
76 Switch Featur e Overv iew Cisco Proto col Filteri ng The Cisco Protocol F iltering feature (also known as Link L ocal P rotocol F i ltering) filters Cisco protocols that should not normally be rel ayed by a bridge. The group addresses of these Cisco protocols do not fa ll within the IEEE defined range of the 802.
Switch Featu re Overvi ew 77 V irtual Loca l Area Networ k Supported Features F or information about configuring VLAN features see "Configuring VLANs" on page 64 5. VLAN Support VLANs are collect ions of switching port s that compr ise a single broadcast domain.
78 Switch Featur e Overv iew GARP and GVRP Support The switch supports the Generic Attribut e Registration P rotocol (GARP). GARP VLAN Registration Protocol (GVR P) r elies o n the services prov ided by GARP to provide IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN cr eation on 802.
Switch Featu re Overvi ew 79 Spanning T ree Protoc ol Featur es F or information about configuring Spa nning T ree P rotocol features, see "Configuring the Spannin g T ree Protocol" on page 715. Spanning T ree Protocol (STP) Spanning T ree P rotocol (IEEE 802.
80 Switch Featur e Overv iew Bridge Pr otocol Data Unit (BPDU) Gu ard Spanning T ree BPDU Guar d is us ed to disable the port in case a new device tries to e nter the already existing topo logy of STP . Thus devic es, which were original ly not a part of STP , are not allowed to influence the S TP topolog y .
Switch Featu re Overvi ew 81 Link Aggrega tion Features F or information about configuring link aggregation (port-channel) features, see "Configuring Link Aggregation" on page 913. Link Aggregat ion Up to eight ports can combine to fo rm a single Link Aggregation Group (LAG).
82 Switch Featur e Overv iew Routing Fe atures Address Resol ution Protocol (ARP) T able Management Y ou can create static ARP entries a nd manage many settings for the dynamic ARP table, such as age time for ent ries, r etries, and cache size. F or information about managing the ARP tab le, see "Configuring IP Routing " on page 1 063.
Switch Featu re Overvi ew 83 BOOTP/DHCP Relay Agen t The switch BootP/ DHCP Relay Agent feat ur e relays BootP and DHCP messages be tween DHCP client s and DHCP serv ers that ar e locate d in differ ent IP subnets. F or information about configuring the BootP /DHCP Relay agent, se e "Configuring L2 and L3 Relay F eatures" on page 1087.
84 Switch Featur e Overv iew V irtual Rout er Redund ancy Protocol (VRRP) VRRP prov ides host s with redundant routers i n the network topo logy without any need for the hosts to reconfigur e or know that there are multiple routers.
Switch Featu re Overvi ew 85 IPv6 Routing Features IPv6 Config uration The sw itch su pports IPv6, th e ne xt ge nerati on of the Int erne t P roto col. Y ou can globally enable IP v6 on the switch and confi gure settings such as the IPv6 hop limit and ICMPv6 rate limit error interval.
86 Switch Featur e Overv iew F or information about configuring DH C Pv6 settings, see "Co nfiguring DHCPv6 Se rver and Rel ay Setting s" on pag e 1265.
Switch Featu re Overvi ew 87 Internet Small Computer Sy stem Interf ace (iSCSI) Optimizati on The iSCSI Optimiza tion featur e helps network admini strators tr ack iSCSI traffic betw een iSCSI initi ator and targ et systems.
88 Switch Featur e Overv iew IGMP Snoopi ng Querier When P rotocol Independent Multicast (PIM) and IGM P are enab led in a network with IP multicast routing , the IP multic ast router a cts as the IGM P querier .
Switch Featu re Overvi ew 89 Layer 3 Multicast Features F or information about configuring L3 multicast features, s ee "Managing IPv4 and IPv6 Mult icast" on pag e 1337.
90 Switch Featur e Overv iew Protocol I ndependent Mult icast—Spars e Mode Pr o t o c o l I n d e p e n d e n t M u l t i c a s t - S p a r s e M o d e ( P I M - S M ) i s u s e d t o e f f i c i e n t l y rout e mult icast tr affi c to mul ticast g roups that m ay span wi de area ne tworks , and where bandwidth is a cons traint.
Hardware Overview 91 3 Hardware Overview This section provides an overview of the switch hardware. It is or ganized by product type: • Dell Ne tworking N 2000 Series Sw itch Hardware • Dell Ne two.
92 Hardware Overview Figure 3-1. N2048 Switc h with 48 10/100/100 0BASE-T Ports (Fro nt Panel) In ad dition to the swit ch port s, the fr ont panel of ea ch model in the N 2000 series includes the following port s: •C o n s o l e p o r t •U S B p o r t Figure 3-2.
Hardware Overview 93 Figure 3-3 . N2024P Close-up The N2024P front panel, shown in F igure 3-3, has s tatus LEDs for over - temperatur e alarm, inter nal power and status on the top row . The bottom row of sta tus L EDs di splays stack mast er , mo dular power s uppl y (MPS) statu s and fan alarm status.
94 Hardware Overview • RJ-45 port s support full-dup le x mod e 10/100/1000 M bps speeds on standar d Category 5 UTP cable. • SFP+ ports support SFP+ transceivers and SFP+ copper twin-ax techn ology op erating at 10 G or 1G plus SFP tra nsceivers operat ing at 1G.
Hardware Overview 95 Port and System LEDs The front panel contains light emitting diodes (LEDs) that indicate the status of p ort links, pow er supplies, fans, stacking, and t he overall sy stem status. See "N200 0 LED Definit ions" on p age 97 for mor e information.
96 Hardware Overview Figure 3-6. N2048 Mini-S AS Stacking Ports an d Fans Power Supplies N2024 and N2048 N2024 and N20 48 series s witches have an i nternal 100-w att power supply . The addit ional r edundant power su pply (Dell Netwo rking R PS720) provi des 180 watts of power and gives full redunda ncy for the swit ch.
Hardware Overview 97 N2000 LED Defin itions This secti on describes the LEDs on the fron t and back panels o f the switch. Port LEDs Each port on an N2000 swit ch includ es two LEDs . On e LED i s on t he le ft side of the por t, and the second LED i s on the right side of the p ort.
98 Hardware Overview T able 3-1 6 shows the 100 /1000/1 0000Base- T port L ED definitions. Stacki ng Por t LEDs T able 3-1. 100 /1000/10000Base-T Port Definitions LED Color Defini tion Link/S PD LED Off There is no l ink. Solid yellow The port is operatin g at 10/100 Mbps.
Hardware Overview 99 System LEDs The system LEDs , located on the back panel, provide in formation about the power supplies, thermal conditions, and dia gnostics. T able 3-21 shows the System LE D definitions f or the N2000 serie s switches. T abl e 3-3.
100 Hardware Overview Power Consump tion for N2000 Ser ies PoE Switches T able 3-5 shows power consumption da ta for the P oE -enabled swi tches. The P oE power budget for each interface is controlled by the switch firmware. The administrator can limit the power supp lied on a por t or prioritize power to some ports over others.
Hardware Overview 101 T able 3-6. N2000 Serie s PoE Power Budget Limit One PS U Suppor t T wo PSU s Support Model Name System Po wer Max. Dissipat ion Max.
102 Hardware Overview Dell Networking N3000 Se ries Switch Hardware This secti on contains information ab out device character istics and modular hardwa re configurations for the N3000 series switches.
Hardware Overview 103 Figure 3-9. N3048 with 48 10/10 0/1000BASE-T Ports (Front Panel) The additi onal ports are on the ri ght side of the front panel, as sho wn in F igure 3- 9 and Figure 3-10 on pa ge 103. Figure 3-1 0. Ad ditional N3 000 Series P orts The N3000 f ront panel above als o contains a r eset butt on (pinhole) and several status LEDs.
104 Hardware Overview The N3000 front panel also disp lays status LEDs fo r over -temperatur e alarm, internal p ower supply 1 and sw itch status on the top r ow . The bottom ro w of status LE Ds displays st ack master , internal power sup ply 2 and fan alarm.
Hardware Overview 105 Conso le Port The console port provides serial communication capabilit ies, which allows communication using RS-232 protocol. The serial p ort provides a dir ect connection to th.
106 Hardware Overview Port an d System LEDs The front panel contains light emitting diodes (LEDs) that indicate the status of port li nks, power supplies, fans , stacking, and the overall sy stem status. F or information abou t the status t hat the LE Ds indicate, se e the User ’s Co nfigu rat ion Gui de.
Hardware Overview 107 Figure 3-1 3. N3048 Mi ni-SAS S tacking Ports C lose-up The term mini-SAS r efers to the stacking port cable connections shown in F igure 3-13. See "Managing a S witch Stack" on p age 171 for informatio n on using the mini-SAS ports to connect switches.
108 Hardware Overview N3024P a nd N3048P Dell Networking N3024P a nd N3048P switches supp ort one or two 1100-watt FRU power supplies. The N30 24P switch is sup plied with a single 715-w att power supply (the default configuration) and supports an additi onal 1100-wat t supply .
Hardware Overview 109 LED Definitio ns This secti on describes the LEDs on the fron t and back panels o f the switch. Port LEDs Each port on an N3000 seri es switch includes two LEDs. One LED is on the lef t sid e of th e po rt, a nd th e sec ond LED is on th e ri ght si de of the port .
110 Hardware Overview T able 3-1 6 shows the 100 /1000/1 0000Base- T port L ED definitions. Module Bay LEDs The f ollo wing table s desc ribe t he pu rpos e of each o f the m odul e bay L EDs when SFP+ and 10 GBaseT modules are used. T able 3-7. 100 /1000/10000Base-T Port Definitions LED Color Defini tion Link/S PD LED Off There is no l ink.
Hardware Overview 111 T abl e 3-9. 10G Base-T Mo dule LED Def initions LED Color D efiniti on Link/S PD LED Off Th ere is no link. Soli d green The port is operating at 10 Gbp s. Solid amber The port is ope rating at 100/1000 Mb ps. Activi ty LED Off There is no current tra nsmit/ receive acti vity .
112 Hardware Overview System LEDs The system LEDs, located on the back panel, provide information about the power su pplies, th ermal c onditions , and diagnos tics. T able 3-21 sho ws the Sys tem LED definitio ns for the N3 000 series switches. T able 3-12 .
Hardware Overview 113 Power Consumpti on for N3000 Series PoE Switches T able 3-14 shows power consumption data for the P oE-enabled switches. The P oE power budget for each interface is controlled by the switch firmware . The administrator can limit the power supplied on a port or priorit ize power to some ports ov er othe rs.
114 Hardware Overview T able 3-15 . N3000 Se ries PoE Power Budge t Limit One PSU Support T wo PSUs S upport Model Name System Powe r Max. Dissipat ion Max.
Hardware Overview 115 Dell Networking N4000 Series Switch Hardware NOTE: PowerCon nect 8100 has been renamed N4000. Both PowerC onnect 8100 and N4 000 can ru n firmwar e versio ns 6.
116 Hardware Overview Figure 3-15. N4024 Fro nt Panel Figure 3-16. N4024F Front Panel N4032 and N4032F switches ca n be sta cked w ith other N 4000 swit ches using 10G or 40G SFP+ or QSFP modules in the module bay . The N4064 fr ont panel provides 64 x 10GbE copper po rts and two fixed QSFP po rts, each suppo rting 4 x 10 G or 1 x 40G connecti ons.
Hardware Overview 117 Figure 3-17. N4064 Front Pa nel Figure 3-1 8. N 4064F Front Panel The N4064 a nd N4064F switches can be stack ed with o ther N4000 switches using the 10G or 40G SFP+ or Q SFP modules in the modul e bay or fix ed QSFP po rts.
118 Hardware Overview A reboo t is necessary when a hot-plugg able module is repl aced with a module of different t ype. Specifically , changing from a 40 G module to a 10G module or from a 10G module to a 40G module requir es a r eboot. Plug-in modules with any p ort configur ed as a stack ing port are not hot-swappable.
Hardware Overview 119 10GB ase-T Coppe r Up link Modu le The 10GBase - T copper modul e featur es four co pper ports t hat can s upport 10GbE/1GbE/1 00MbE switching and p rovides following feat ures: • Com plies with IEEE802 .3z, IEE E 802.3, IEEE802.
120 Hardware Overview • V entilation Sy stem The following image show the back panel of the N4 000 series switches. Figure 3-19. N4000 Series B ack Panel Conso le Por t The console port is for management th rough a serial interface.
Hardware Overview 121 V entilation System The N4000 series switches ha ve two fans . Each switch al so has four thermal sensors and a fan sp eed controller , which can be used to control F AN spee ds. Y ou can verify operation by observing the LEDs. LED Definitio ns This secti on describes the LEDs on the fron t and back panels o f the switch.
122 Hardware Overview T able 3-1 6 shows the 100 /1000/1 0000Base- T port L ED definitions. Module Bay LEDs The f ollo wing table s desc ribe t he pu rpos e of each o f the m odul e bay L EDs when SFP+, 10GB ase- T , and QSF P modules are used. T able 3-16.
Hardware Overview 123 Out-o f-Ban d Ether net Mana gement Port LEDs T able 3-20 shows the LED definitions for the OOB Ethernet management port. System LEDs The system LEDs , located on the back panel, provide in formation about the power supplies, thermal conditions, and dia gnostics.
124 Hardware Overview T able 3-21 sho ws the Sys tem LED definitio ns for the N4 000 series switches. T able 3-21 . System LED Definitions—N40 00 Series Switche s LED Color Definition System Blinki ng blue The switch is boo ting Solid red A critical system error has occurred.
Hardware Overview 125 Switch MAC Addresses The swi tch alloc ates MAC add r esse s from the Vital P roduct Data info rmatio n stored locally in flash. MA C addresses ar e used as follows: Shown below .
126 Hardware Overview 1 System OK 42.0 43. 4 1 Main OK N/A N/A 04/06/2001 16:36:16 1 Secondary No Power N/A N/A 01/01/1970 00:00:00 USB Port Power Status: ---------------------- Device Not Present console#show ip interface out-of-band IP Address......
Using Dell Ope nManage Switc h Adminis trator 127 4 Using Dell Open Manage Switch Administrator This section describes how to use the Dell OpenManage Switch Administrator appl ication.
128 Using Dell OpenM anage Switch Admin istrato r Starting the Applica tion T o access the Dell OpenMana ge Switch Administrator and log on to the switch: 1 Open a web browser . 2 Enter the IP add r ess of the switch in the ad dr ess bar and press <Enter>.
Usin g Dell Ope nManage Switch Admi nistrat or 129 5 The Del l Ope nMa nage Switc h Admin istrat or home page displa ys. The hom e page is the Device Information page, which cont ains a graphical representation of the fr ont panel of the switch. F or more informa tion about th e home page, s ee "Device Information" on page 249.
130 Using Dell OpenM anage Switch Admin istrato r Figure 4-2. Switc h Adminis trator Compon ents Naviga tion Pane l Page T a bs Links Save, Print, R efresh, Help Confi guratio n and Sta tus Opti ons C.
Usin g Dell Ope nManage Switch Admi nistrat or 131 Using the Sw itch Administ rator Bu ttons and Link s T ab le 4-2 descr ibes t he but tons and li nks a vail able f rom the Dell Open Man age Switch Admini strator interface. T a ble 4-2. Button and Li nk Descriptio ns Button or Link Desc riptio n Support Opens the Dell Support page at support.
132 Using Dell OpenM anage Switch Admin istrato r Defining Fields User -defined fields can contain 1 – 159 characters, unless otherwise noted on the Dell OpenMa nage Switch Administrator web pa ge.
Usin g Dell Ope nManage Switch Admi nistrat or 133 Using the Devi ce View Swit ch Locator Fea ture The Device Vi ew graphic includes a Lo cat e button and a drop -down menu of timer sett ings. When yo u click Loc at e , the switch locato r LED on the back panel of the switch blinks for the numbe r of seconds sel ected from the timer menu.
134 Using Dell OpenM anage Switch Admin istrato r.
Usin g the Command -Line I nterfa ce 135 5 Using the Command-Lin e Interface This section describes how to use the Command-Line Interface (CLI) on a Dell Netw orking N2000, N3 000, and N4000 series swit ches.
136 Usin g the Command -Li ne In terface 2 Start the t erminal emulator , such as Microsoft Hyp erT erminal , and selec t the appropriate seria l port (for e xam ple, COM 1) to connect to the console. 3 Confi gur e the manage ment sta tion ser ial po rt with th e foll owing setting s: • Dat a rate — 9600 baud.
Usin g the Command -Line I nterfa ce 137 Y ou can also ini tiate a T elnet sessi on from the Ope nManage Switch Administrator . F or more information, see "Initiating a T elnet Session from the W eb I nterface " on page 2 88. Understan ding Command Mode s The CLI groups commands into modes accor ding to the command function.
138 Usin g the Command -Li ne In terface T able 5-1. Comm and Mod e Overv iew Command Mo de Access Meth od Command P rompt Exit or A ccess Prev ious Mode User EXEC The u ser is automatically in User EXEC mode unl ess the user i s defi ned as a privil eged user .
Usin g the Command -Line I nterfa ce 139 Enterin g CLI Commands The switch CLI uses several techniques to help you enter commands. Using the Quest ion Mark to Get Hel p Enter a question mark (?) at t he command prompt to display the commands available in the current mode.
140 Usin g the Command -Li ne In terface If there are no additional command keyw ords or parameters, or if additional parameters are op tional, t he following mess age appears i n the out put: <cr> Press ente r to execute the command.
Usin g the Command -Line I nterfa ce 141 Command Outpu t Paging Lines are printed on the screen up to the configured terminal length limit (default 24). Use the space bar to show the next page of output or the carriage return to show the next line of out put.
142 Usin g the Command -Li ne In terface T able 5-3. History Buf fer Navigation Keyw ord Sourc e or Destina tion Up-arrow key <Ctrl> +<P> Recalls c ommands in t he history buffer , beginning with the most recent command. Repeat s the key sequence to r ecal l successive ly older commands.
Default Setting s 143 6 Default Settings This secti on describes the de fault settings fo r many of the softwar e featur es on the Dell Networking series sw itches. T able 6- 1. Default Settin gs Feature D efault IP addr ess None Subnet mask None Default gateway None DHCP client Enabled on out-of -band (OOB) interface.
144 Defaul t Settings SNMP T raps Enabled Au to Conf igura tion Enab led Aut o S av e Di sa bl ed Stacking Enabled Nonstop F orwarding on the Stack Enabled sFlo w Enabled ISDP Enabled (V ersions 1 and.
Default Setting s 145 Auto-MDI/MDIX Support Enabled Aut o N eg ot ia ti on En ab le d Advertised P ort Speed Maximum Capacity Broadcast Storm Control Disabled P or t Mirroring Disabled LLDP Enabled LL.
146 Defaul t Settings Routing Mode Disabled OSPF Admin Mode Enabled OSPF R outer I D 0.0. 0.0 IP Helpe r and UDP Re lay Ena bled RIP Enabled VRRP Disabled T unnel and Lo opback Interf aces None IPv6 R.
Settin g Basic Netwo rk Informatio n 147 7 Setting the IP Address and Ot her Basic Network Information This chapter describ es how to config ure b asic network information for the switch, s uch as the IP address, subnet mas k, and default ga teway .
148 Setting Basic Network Informatio n Additionall y , this chapter des cribes ho w to view host name-to-IP address mappings that have been dynamically learned by the system. Why Is Ba sic Networ k Infor mation Needed? Dell Networking series switches are layer 2/3 managed switches.
Settin g Basic Netwo rk Informatio n 149 Configuring the DNS information, default domain name, and host name mapping hel p the switch identify and l ocate other devi ces on the netwo rk and on the Inte rnet. F or example, to upgrad e the switch software by using a TFTP server on the network, you must identify the TFTP server .
150 Setting Basic Network Informatio n switch, for exa mple T elnet, SSH, DHCP client, and TFTP . If using the out-of- band management port, it is strongly r ecommended that the port be connected only to a physically i s olated secure management network.
Settin g Basic Netwo rk Informatio n 151 transm itted fr om the s witch w ith the DF (Don' t F ragment) b it set i n or der to receive notification of f ragmentation fr om any tr ansi t route rs. Up on rece ivi ng an ICMP Destination Unreachab le, F ragmentation needed but DF set notification, the switch will r educe the MSS.
152 Setting Basic Network Informatio n Configuring Basic Network Information (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring basic network information on the Dell Netwo rking N2000, N3000, and N40 00 series switche s.
Settin g Basic Netwo rk Informatio n 153 Figure 7-1. O ut of Band Interfac e T o enable the DHCP client and allow a DHCP server on your network to autom atically as sign the networ k informati on to the OOB int erface, select DHCP from the Protocol menu.
154 Setting Basic Network Informatio n Figure 7-2. IP Interf ace Config uration (Default VL AN) Assigning Network Information to the Default VLAN T o assign an IP Addres s and subnet mask to th e default VLAN: 1 Fr o m t h e Interface men u, select V LAN 1 .
Settin g Basic Netwo rk Informatio n 155 Route Entry Configurat ion (Switch Defaul t Gateway) Use the Route Entry Configuration page to co nfigur e the d efault gateway for the switch. The default VLAN uses the switch de fault gateway as its default gateway .
156 Setting Basic Network Informatio n Configuring a Default Gateway for the Switch: T o configure the switch default gateway : 1 Open the Route Ent ry Configuration page.
Settin g Basic Netwo rk Informatio n 157 Domain Name Server Use the Domai n Name Serve r page to configure the IP address of the DNS server . The switch uses the DNS server t o translate hostnames into IP addr esses. To d i s p l a y t h e Domain Na me Ser ver page, cl ick System → IP Addressing → Domain Na me Ser ver in the navigation panel.
158 Setting Basic Network Informatio n Default Domai n Name Use the Defau lt Domai n Name page to configure the domain name the switch adds to a local (unqualified) hostname. To d i s p l a y t h e Default Domain Name page, cli ck System → IP Addressing → Default Domain Name in the navigation panel.
Settin g Basic Netwo rk Informatio n 159 Host Name Mapping Use the Host Name Mapping page to as sign an IP addr ess to a static host name. The Host N ame Mapping page pr ovides on e IP addr ess per hos t. To d i s p l a y t h e Host Name Mappi ng page, click System → IP Addressing → Host Nam e Mapping.
160 Setting Basic Network Informatio n Dynamic Host Name Mappi ng Use the Dyna mic H ost Na me Mappi ng page to view dynamic host entries the switch has learned. The switch learns hosts dy namically by using the configured DNS server to resolve a hostname.
Settin g Basic Netwo rk Informatio n 161 Configuring Ba sic Network Information (CLI) This section provides information about the commands you use to configure basic networ k information on the Dell Netw orking N200 0, N3000, a nd N4000 series switches.
162 Setting Basic Network Informatio n Managing DHCP Leases Beginning in P rivileged EXEC mode, use the following commands to manage and troubleshoot DHCP leases on the switch. CTRL + Z Exit to Privil eged EXEC mod e. show ip interface vlan 1 Disp lay netw ork informati on for VLAN 1.
Settin g Basic Netwo rk Informatio n 163 Configuri ng Static Net work Information on the OOB Port NOTE: N2000 s witches do no t have a n out -of-band interface . Beginning in P rivileged EXEC mode, use the following commands to configure a static IP addres s, subnet mask , and default gate way on the OOB port.
164 Setting Basic Network Informatio n Static IP sub nets on inband ports (configured on switch VLANs ) may not overlap with the OOB port subnet. If configuring management access on the front-panel po rts, it is r ecomended that: • A VLAN other than the defaul t VLAN be used to avoid attack vectors enabled by in correc t cablin g.
Settin g Basic Netwo rk Informatio n 165 Command Purpo se configure Enter Global Configuration mode. ip domain-lookup Enabl e IP DNS- based h ost na me-to-addr ess transla tion. ip name-ser ver ip_add ress Enter the IP addres s of an available n ame server to use to r esolve ho st names and IP ad dres ses.
166 Setting Basic Network Informatio n Basic Network Information Configuration Example In this e xample, an admi nistrator at a D ell office in California decide s not to use the Del l Easy Se tup W izard to perfor m the initia l switch co nfigurat ion.
Settin g Basic Netwo rk Informatio n 167 4 View the network informa tion that the DHCP server on the network dynami cally assigned to the switch. console# show ip interface out-of-band IP Address........................ 10.27.22.153 Subnet Mask.......
168 Setting Basic Network Informatio n.
Man aging QS FP Ports 169 8 Managing QSFP Ports QSFP ports available on N4 000 series switches can op erate in 1 x 40G mode or i n 4 x 1 0 G m o d e. A pp r op ri a te ca b le s mu s t b e us e d t ha t ma t ch t he s el ec te d mode. When changing from one mod e to another , a switch reboot is requir ed.
170 Managi ng QS FP Port s T o change a 4 x 10G port to 1 x 40G mode, enter the following commands on the 40-gigab it interface: console(config)#interface Fo2/1/1 console(config-if-Fo2/1/1)#hardware profile portmode 1x40g This command will not take effect until the switch is rebooted.
Managi ng a S witch Stack 171 9 Managing a Switc h Stack This chapter describes how to configur e and manage a stack of switches. The topics covered in t his chapter include: • Stacking Overview •.
172 Managi ng a S witch Stack stack ed using any port as long as the li nk bandwidth for para llel stacking links is the same. In other words, all the port types on the N4 000 series switches can be used for stacking.
Managi ng a S witch Stack 173 and switch softwar e, and propagate s changes to the member units . T o manage a stack using the serial interfac e, you must connect to the stack master via the connect command or by physically connecting the cable to the stack mast er .
174 Managi ng a S witch Stack Figur e 9-1. Conn ecting a Stack of Sw itches The stack in F igur e 9-1 has the follow i ng physical connections between the switches: • The lowe r stacking port on U nit 1 is conn ected to the upper stacking port on Unit 2.
Managi ng a S witch Stack 175 series sw itches. Li kewis e, Dell Networ king N3000 se ries swit ches only stac k with other De ll N3000 serie s switches. Dell Networking N4000 s eries switche s stack wi th other Dell N etworking N4000 series sw itches.
176 Managi ng a S witch Stack • If th e switch you add does not have an assi gned uni t number , then th e switch s ets it s configur ed unit number to the lowe st unassi gned unit number . • If the unit number is configured and there are no other devices using the unit numb er , then the switch starts using the configured unit num ber .
Managi ng a S witch Stack 177 Y ou can pre configur e information about a stack member and its ports be fore you add it to the stack. The preconfiguration takes place on the stack master .
178 Managi ng a S witch Stack Upgrading the firmwar e on a stack of s witches is the same as upgrading t he firmware on a single switch. After you down load a new imag e by using the F ile Download page or co py command, the downloaded image is distributed to all the connected units of the stack.
Managi ng a S witch Stack 179 on the stack master . This type of operation is called nonstop forwar ding. When the s tack master fails, o nly the switch ASIC s on the stack ma ster need to be restar ted.
180 Managi ng a S witch Stack storage allo ws an applicat ion on a st andalone unit to r etain it s data across a restart, but s ince the amoun t of storage i s limited, pe rsistent st orage is not always pract ical. The NSF checkpoint s ervice allows the stack master to co mmunicate certain data to th e backup unit i n the stack.
Managi ng a S witch Stack 181 Switch Stack MAC Addre ssing and Stack Design Conside rations The switch stack uses the MAC addr esses assigned to the stack master . If the backup unit assumes control due to a stack master failur e or warm restart, the backup unit continues to use the original stack master ’s MA C addresses.
182 Managi ng a S witch Stack surviving unit. When a unit fail s, the forwarding plane of surviving units removes LAG membe rs on th e failed uni t so that i t only fo rwards traffic onto LAG members that r emain up. If a LAG i s left with no active members, the LAG goes down.
Managi ng a S witch Stack 183 two fixe d stacking ports in the r ear of the switch. Stacking on Ethernet ports is not sup ported. The fixed st acking por ts show as T we ntygigab itStackin g and ar e abbreviat ed T w . NSF is enabled by default. Y ou can disable NSF to redirect the CPU r esources consumed by data checkpointing.
184 Managi ng a S witch Stack Managing a nd Monitoring the Stack (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring stacking on a Dell Networki ng N2000, N3000, and N40 00 series s witches.
Managi ng a S witch Stack 185 Chan ging th e ID or Switc h T y pe for a Stac k Membe r T o change the switch ID or type: 1 Open the Unit Configurat ion page. 2 Cli ck Add to dis play th e Add Unit pag e. Figure 9-3. Add Remo te Log Serv er Settin gs 3 Specify the swit ch ID, and select the m odel num ber of the switch.
186 Managi ng a S witch Stack Stack Firmwar e Synchroniz ation Use the Stack F irmwa re Synchronizatio n page to control whether the firmwar e image on a new stack memb er can be automat ically upgraded or downgraded to match the firmware image of the stack master .
Managi ng a S witch Stack 187 Supported Swit ches Use the Supported Switches pa ge to view info rmat ion regarding each typ e of supp ort ed swit ch f or stac kin g, and information r egarding the supported switches. To d i s p l a y t h e Supported Switches page, cl ick System → Stac k Managem ent → Supported Switches in the n avigation panel.
188 Managi ng a S witch Stack Stack Port Summary Use the Stack P ort Summary page to configur e the stack-port mode and to view information a bout the stackab le ports. This sc r een displays the unit, the stackable interface, the configur ed mode of the interface, the running mode as well as the link stat us and link sp eed of the stack able port.
Managi ng a S witch Stack 189 Stack Port Coun ters Use the Stack P ort Counters page to view t he transmitted and r eceived statistics, including data rate a nd error rate. To d i s p l a y t h e Stack P ort Counters page, clic k System → Stack Manage ment → Stack P oint C ounters in the navigation panel.
190 Managi ng a S witch Stack NSF Summary Use the NSF Su mma ry page to chang e the administrat ive status of the NSF feature and to view NSF info rmation. To d i s p l a y t h e NSF Summary page, click System → Stack Mana gement → NSF Summary in the navigation panel.
Managi ng a S witch Stack 191 Checkpoint Statis tics Use the Checkpoint Statistics page to view information about che ckpoint mess ages genera ted by t he sta ck mast er . To d i s p l a y t h e Checkpoint Statistics page , clic k System → Stack Managem ent → Checkpoint Statistics in the na viga tion p anel.
192 Managi ng a S witch Stack Mana ging the S tack (CLI) This section provides information about the commands you use to manage the stack and view information about the s witch stack. F or more information about the se commands, see the Dell Ne tworking N2000, N 3000, and N4000 Series S witches CLI Reference Guide at supp ort .
Managi ng a S witch Stack 193 member unit SID Add a swi tch to the stack and specify the model of t he new stack member . • unit - The switch unit ID • SID - Th e inde x into t he da tabase of the su pporte d switch types, indic ating the type of the swi tch being prec onf igu red.
194 Managi ng a S witch Stack V iewing and Cl earing S tacking a nd NSF In formation Beginning in P rivileged EXEC mode, use the following commands to view stacking informat ion and to clear NSF st atistics. Command Pu rpose show switch [ stack- member -number] View information about all stack members or the specified member .
Managi ng a S witch Stack 195 Stacking and NSF Usage Sc enario s Only a fe w settings a re avai lable to co ntrol the st acking configurat ion, such as the designation of the s tandby unit or enabling/disab ling NSF . The examples in this section de scribe how the s tac king and NSF featur e act in various environments.
196 Managi ng a S witch Stack When all four units ar e up and running, the show switch CLI command gives the fo llow ing ou tput: console# show switch At this point, if Unit 2 is power ed off or reboo.
Managi ng a S witch Stack 197 Preconfig uring a Stack Member T o preconfigure a stack member before connecting the phys ical unit to the stack, use the show suppo rt switchtype co mmand to obtai n the S ID of th e unit to be added.
198 Managi ng a S witch Stack 2 Pr econ figur e the swit ch (SID = 2) as member num ber 2 in the stack. console# configure console(config)# stack console(config-stack)# member 2 2 console(config-stack)# exit console(config)# exit 3 Confirm th e stack configuration .
Managi ng a S witch Stack 199 NSF in the Data Cent er F igure 9-12 illustrates a data center scenar io , where the stack of two Dell Networki ng switches acts as an acces s switch. The access switch is connected to two aggregation switches, AS1 and AS 2.
200 Managi ng a S witch Stack NSF and V oIP F igure 9-13 shows how NSF mai ntains e xisting voice calls during a stack master fai lure. Assume the top uni t is the stack master . When the st ack master fails, the call from phone A is immediately disconnected.
Managi ng a S witch Stack 201 NSF and DHCP Snooping F igure 9-14 illustrates an L2 access switch running DHCP snooping. DHCP snooping only acce pts DHCP serv er messages on ports configured as trus ted ports. DHCP snooping listens to DHCP messages to build a bindings database t hat lists t he IP addr ess the D HCP server has assigned to each host.
202 Managi ng a S witch Stack If a host is in the middle of an ex change with the D HCP server when the failover occurs, the ex change is interrupte d while the control plane restarts. When DHCP snooping is enabled, t he hardwar e traps all D HCP packets to the CPU.
Managi ng a S witch Stack 203 Figure 9-15. NSF an d a Storag e Area Netw ork When the stack master fails, session A drops. The initiator at 10.1. 1.10 detect s a link down on its pri mary NIC and a ttempts to reesta blish the session on its backup NIC to a different IP address on the disk array .
204 Managi ng a S witch Stack NSF and Ro uted A ccess F igure 9-16 shows a s tack of thr ee units s erving as an access router for a se t of hosts. T wo LAGs connect the stack to tw o aggregation routers. Each LAG is a member of a VLAN routing interfa ce.
Managi ng a S witch Stack 205 JOIN messages up stream. The control plane updat es the driver wit h checkpointed unicast routes. Th e forwar ding plane reconciles L3 hardwar e table s. The OSPF grac eful r estart finishes, and the contro l plane deletes any stal e unicast routes not r elearned at this poin t.
206 Managi ng a S witch Stack.
Configu ring Authe nticati on, Autho rization , and Accoun ting 10 Configuring Authentication, Authorization, and Accounting This chapter describes how to control access to the switch manag ement interface using aut henticati on and auth orizat ion. It also describes how to recor d this access using accounting.
208 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting Each service is configured usi ng method lists. The method lists define how each service is to be performed by specifying the methods available to perform a service. The first method in a list is t ried first.
Configu ring Aut henticati on, Author ization , and Acco unting 209 Methods that never return an error ca nnot be followed by any other me thods in a method list. •T h e enable method uses the enable password. If there is no enable password defined, then the enable method will r eturn an error .
210 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting The methods avail able for authenticati on ar e: host-based auth entication, publi c key authentic ation, chal lenge-respon se authenti cation, an d password authen tication.
Configu ring Aut henticati on, Author ization , and Acco unting 211 Authentication Aut henti cati on is th e proce ss of valida ting a u ser 's iden tity . During the authentication process, only identity va lidation is done. Ther e is no determination made of which swit ch services the user is allowed to access.
212 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting Authorization Authorizat ion is used to determine which services the user is allowed to access. F or example, the autho rization process may assign a user ’s privil ege level, which det ermines the set o f commands the user can execute.
Configu ring Aut henticati on, Author ization , and Acco unting 213 Administrative Profiles The Administrative Profiles feature allows the netwo rk administra tor to define a list of rules that control the CLI commands available to a user . These rules are collect ed in a “profile.
214 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting Accountin g Accounting is used to r ecord security events, such as a user logging in or ex ecuting a command. Accounting re cords may be sent upon completion of an event (stop-only) or at bot h the beginning and end of an event (start- stop).
Configu ring Aut henticati on, Author ization , and Acco unting 215 Authenticatio n Examples It is important to understand that during a uthentication, all that happens is that the user is validated. If any attribut es are r et urned from the server , they are not processed during a uthentication.
216 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting •T h e pass words stre ngth mini mum num eric -cha racte rs 2 command s ets the mi nimum nu mber of numer ic char acters r equir ed whe n passwor d strength checking is enabled.
Configu ring Aut henticati on, Author ization , and Acco unting 217 T ACACS+ Authentication Exa mple Use the fo llowing configurat ion to require T ACACS+ authe ntication when log gin g in ov er a T el net connec tio n: aaa authentication login “tacplus” tacacs aaa authentication enable “tacp” tacacs tacacs-server host 1.
218 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting Public Key SSH Aut henticati on Example The following is an example of a publ ic ke y configuration for SSH login. Using a too l such as putty and a private/pub lic key infra structur e, one can enable secur e log in to th e Dell Networki ng switc h witho ut a pa sswor d.
Configu ring Aut henticati on, Author ization , and Acco unting 219 The crypto key pub key -chain s sh comm and sets SSH to us e a pub lic k ey for the specified adminis trator login. The user login is specif ied by the username command, not the ias-user command.
220 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting PUTTY Configuration Main Sc ree n On the foll owing scree n, the IP addr ess of th e switch is configur ed and SSH i s selected as the secure login protocol.
Configu ring Aut henticati on, Author ization , and Acco unting 221 On the next scr ee n, P UTTY is configured to use SSH-2 only . This is an optional step that accelerates the login process.
222 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting The following screen is the key to the co nfiguration. It is set to displ ay the authen tication banner , disabl e authenti cation.
Configu ring Aut henticati on, Author ization , and Acco unting 223 The following screen configur es the user name to be sent to the switch. A user name is always requir ed. Alternatively , leave Auto-log in name blank and the system will prompt for a use r name.
224 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting After configuring P utty , be sure to sav e the configuration. The following scre en shows the r esult of the l ogin process. The user name is enter ed automatically and the swit ch confirms that public k ey authentication occurs.
Configu ring Aut henticati on, Author ization , and Acco unting 225 Authenticating Without a Public Key When aut henticating wi thout the pub lic key , the sw itch promp ts for the user name and passwor d. This is a SSH function, not a switch function.
226 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting •T h e aaa authent ication login “r ad” radius command crea tes a login authen tication list call ed “rad” t hat contain s the method ra dius. If this method r etur ns an erro r , the user will f ail to log in.
Configu ring Aut henticati on, Author ization , and Acco unting 227 Authoriza tion Examples Autho rization allows the administrator to control which services a user is allowed to access.
228 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting •T h e aaa author ization ex ec “tacex” t acacs command cr eates an e x ec authoriza tion method list cal led tace x which contains the method t acacs.
Configu ring Aut henticati on, Author ization , and Acco unting 229 T ACACS+ Authorization Exa mple—Custom Adminis trative P rofile This examp le creates a custom profile that al lows the user to control user access to the switch by configuring a a d minis trative profile that only allows access to AAA r elated commands.
230 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting stri ng at the be ginning of a line , the peri od (.) matc hes any s ingle charact er , and th e asteris k (*) repe ats the pr eviou s match zero or more times .
Configu ring Aut henticati on, Author ization , and Acco unting 231 profiles and per -command authorization are configur e d for a use r , any comman d must be pe rmitted b y both the admini strative profile s and by per - com mand au thor izat ion .
232 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting RADIUS Authori zation Exampl e—Administrative Pr ofiles The switch should use the same configura tion as in the pr evious authorizati on example. The R ADIUS server should be configured such that it will send the Cisco A V P air attribute with the “roles” value.
Configu ring Aut henticati on, Author ization , and Acco unting 233 F or authenticating users prior to access, the R A DIUS standar d has become the protocol of choice by ad ministrators of larg e accessible netw orks.
234 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting rej ects the user , it r eturns a negati ve r esult. If the server r ejects the clie nt or the s har ed secrets differ , the server returns no res ult. If the server requires additional verification from the user , i t r eturns a challenge, and the request process begins ag ain.
Configu ring Aut henticati on, Author ization , and Acco unting 235 28 IDLE- TIMEOUT No No Y es 29 TER MINA TION- ACTION Y es No N o 30 CALLED-ST A TION-ID Y es No No 31 CAL LING-ST A TION-ID Y es No .
236 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting How Are RADIUS Attri butes Processed on the Switch? The following attributes are processed in the RADIUS Access-Accept message r eceived from a R ADIUS server : • NAS -PORT—ifInd ex of the p ort to b e aut hentica ted.
Configu ring Aut henticati on, Author ization , and Acco unting 237 Using T ACACS+ Servers to Con trol Manage ment Access T ACACS+ (T e rminal Access Controller Access Control System) provides access control for networked devi ces vi a one or mor e centralized servers.
238 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting Y ou can configure each serv er host with a specific connection type, port, timeout, and shared k e y , or you can use global configuration for the ke y and timeo ut. The T ACACS+ server can do the authentication itself, or redir ect the request to another back-end device.
Configu ring Aut henticati on, Author ization , and Acco unting 239 Default Configurations Method Lists The method lists shown in T able 10-7 ar e defined by default. They cannot be deleted, but they can be modified. Using the “no” command on these lists will return them to their default configuration.
240 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting Access Lines (Non-AAA) T able 10-9 shows the default configuration of t he access lines that do not use met hod li sts. Administr ative Prof iles The administrative profiles shown in T able 10-1 0 ar e system-defined and may not be deleted or a ltered.
Configu ring Aut henticati on, Author ization , and Acco unting 241 CP -admin Allows access to the Captive P ortal feature. network-operator Allows access to all User EXEC mode commands and show commands.
242 Confi gurin g Authe nticati on, Aut hori zation , and Acco unting.
Monito ring an d Logging Sy stem Inf ormatio n 243 11 Monitoring and Logging Syste m Information This chapter prov ides information abou t the features you use to monitor the switch, including logging, cable tests, and emai l alerting.
244 Monit oring and Lo gging Sy stem Inf ormatio n Why Is Sy stem Inf ormation Needed? The information the swi tch provides ca n help you troubleshoot issues that might be affe cting system performance. The cable diagnostics test help you troubles hoot problem s with the phy sical connections to the switch .
Monito ring an d Loggin g System Inf ormatio n 245 What Are the Severity Levels ? F or each local or remote log file, you can specify the severity of the mes sages to log. E ach severit y level is id entified by a name and a number . T able 11-1 provides information ab out the severity levels.
246 Monit oring and Lo gging Sy stem Inf ormatio n T o view the log messa ges in the system st artup and operat ional log files, y ou must downloa d the log files to an administrat ive host. The s tartup log fi les are named slogX .txt a nd the o peratio n log files are named ologX .
Monito ring an d Loggin g System Inf ormatio n 247 • Stack ID —This is the assigned stack ID. F or the Dell Networking N2000, N3000, and N4000 se ries s witches , the stac k ID numbe r is alwa ys 1. The number 1 is used for sys tems without stacking ability .
248 Monit oring and Lo gging Sy stem Inf ormatio n Default Log Settings System logging is enabled, and me ssages are s ent to the console (severity level: warn ing and above), and R AM lo g (severity level: informational and above). Switch auditing, CL I command logging, W eb logging, and SNMP logging are disabled.
Monito ring an d Loggin g System Inf ormatio n 249 Monitoring S ystem Info rmation and C onfiguring Logging (W eb) This secti on provides information about the O penManage Switch Administrator pages to use to monitor system information and configure logging on the Dell Networking N2000 , N3000 , and N4000 series sw itches.
250 Monit oring and Lo gging Sy stem Inf ormatio n Figure 11-2. Stack View F or more information ab out the device view feat ures, se e "Understanding the Device View" on page 13 2.
Monito ring an d Loggin g System Inf ormatio n 251 System Healt h Use the Health page to vi ew status informati on about the s witch power and ventilation sources. To d i s p l a y t h e Heal th page, click System → General → Health in the navigation panel.
252 Monit oring and Lo gging Sy stem Inf ormatio n System Resour ces Use the System Resources page to vie w information about memory usage and task uti lization. To d i s p l a y t h e System Resources page, c lick System → General → System Reso urc es in th e navi gation pan el.
Monito ring an d Loggin g System Inf ormatio n 253 Unit Power Usage Hist ory Use the Unit P ower Usag e His tory page to vie w inf orm atio n abou t swi tch power consumption. To d i s p l a y t h e Unit P owe r Usage Histor y page, cl ick System → General → Unit P ower Usage H istory in the navigation panel.
254 Monit oring and Lo gging Sy stem Inf ormatio n Integ rated Cable T est for Copp er Cables Use the Integrated Cable T est for Copper Cables page to perf orm tests on copper cables.
Monito ring an d Loggin g System Inf ormatio n 255 T o view a summary of all integra ted cabl e tests p erformed, cl ick the Show All link. Figure 1 1-7. Integr ated Cable T est Summa ry Optical T ransceiver Dia gnostics Use the T r ansceiv er Di agnost ics page to p erform te sts on Fiber Optic cables.
256 Monit oring and Lo gging Sy stem Inf ormatio n Figure 11-8. T ransceiver Diagnostics T o view a summary of all opt ical transceive r diagnostics test s performed, click the Show All link.
Monito ring an d Loggin g System Inf ormatio n 257 Log Globa l Setti ngs Use the Global Settin gs page to enable logg ing globally , to enab le other types of logging. Y ou can also sp ecify the severity of m essages that are logged to the console, R AM log, and flash-based log file.
258 Monit oring and Lo gging Sy stem Inf ormatio n RAM Log Use the RA M L o g page to view info rm atio n abou t spe cifi c RAM (ca che) log entrie s, including the time the log wa s entered, the log sev erity , and a description of the log. To d i s p l a y t h e RAM L og , click System → Logs → RA M L o g in the navigation panel.
Monito ring an d Loggin g System Inf ormatio n 259 Log Fil e The Log F il e contains information about spec ific log entries , including the time the lo g was entered, the log se verity , and a descrip tion of the log . To d i s p l a y t h e Lo g F i le , click System → Logs → Lo g F il e in t he navi gation panel.
260 Monit oring and Lo gging Sy stem Inf ormatio n Figure 11-13. Remote Lo g Server Addi ng a New Rem ote Lo g Server T o add a syslog serve r: 1 Open the Remote L og Ser ver page. 2 Click Add to displa y the Add R emote Log Server page. 3 Specify the IP addr ess or hostname of the remot e server .
Monito ring an d Loggin g System Inf ormatio n 261 Figure 11 -14. Add Remote L og Server 5 Select the severit y of the messages to send to the remote server . 6 Cli ck Apply . Click the Show All link to view or remove r emote log servers configured on the system.
262 Monit oring and Lo gging Sy stem Inf ormatio n Email Alert Global Confi guration Use the Email Ale rt Global Configurati on page to enable the emai l alerting feature and configur e global setting s so that syste m log messages can be s ent to from the switch to one or more emai l accounts.
Monito ring an d Loggin g System Inf ormatio n 263 Figure 11-17 . Email Alert Mail Serve r Configuratio n Addin g a Mail Serv er T o add a mail server: 1 Open the Email Al ert Mail Server Con figurati on page. 2 Cli ck Add to dis play th e Email Alert Ma il Server Add page.
264 Monit oring and Lo gging Sy stem Inf ormatio n Figure 11-19. Show Al l Mali Servers Email Alert Subject Configur ation Use the Email Alert Subject Configuration page to configure the sub ject line for email alerts that are sent by the switch. Y ou can customize the subject for the message sev erity and entry status.
Monito ring an d Loggin g System Inf ormatio n 265 Figure 11 -21. View Email Al ert Subje cts Email Al ert T o Addre ss Confi guration Use the Em ail A lert T o A ddres s Co nfigu ratio n page to specify where the email alerts ar e sent.
266 Monit oring and Lo gging Sy stem Inf ormatio n Figure 11 -23. View Email Aler t T o Addre ss Config uration Email Alert Statisti cs Use the Email Alert Statistics pa ge to view the numbe r of emails that were successfully and unsucce ssfully sent, and wh en emails wer e sent.
Monito ring an d Loggin g System Inf ormatio n 267 Monitoring S ystem Info rmation and Configuring Logging (CLI) This section provides information about the commands you use to configure information you use to monitor the Dell Netw orking N200 0, N3000, and N4000 series switches.
268 Monit oring and Lo gging Sy stem Inf ormatio n Running Ca ble Diagn ostics Beginning in P rivileged EXEC mode, use t he following commands to run the cabl e diag nostic test s. show process cpu Di splay s the CPU utiliza tion for each process currently runn ing on the sw itch.
Monito ring an d Loggin g System Inf ormatio n 269 Configuri ng Local Loggi ng Beginning in P rivileged EXEC mode, use the following commands to configure the type of messages that are logged and where the messages are logged locally . Command Purpo se configure Enter Global Configuration mode.
270 Monit oring and Lo gging Sy stem Inf ormatio n Configuri ng Remote Loggi ng Beginning in P rivileged EXEC mode, us e the following commands to define a remot e server to whi ch the switch se nds log messag es. show logging Displa ys the st ate of l ogging a nd the syslog m essages stor ed in th e interna l buff er .
Monito ring an d Loggin g System Inf ormatio n 271 Configuri ng Mail Server Se ttings Beginning in P rivileged EXEC mode, use the following commands to configure informat ion about the mail server (SMTP host) on the network that will init ially r eceive the email alerts from the switch and r elay them to the correct r ecipient.
272 Monit oring and Lo gging Sy stem Inf ormatio n Configuri ng Email Alerts f or Log Messag es Beginning in P rivileged EXEC mode, use the following commands to configure email alerts so that log messages are sent to the specified address. Command Pu rpose configure Enter Glo bal Co nfigur atio n mode .
Monito ring an d Loggin g System Inf ormatio n 273 logging email test mess age-t ype { urgent | non- urgent | b oth} message-body body Send a test ema il to the confi gured recipient to v erify that the featu re is properly configured. CTRL + Z Exit to Privileg ed EXEC mode.
274 Monit oring and Lo gging Sy stem Inf ormatio n Logging Co nfigura tion Exampl es This section contains the following e xamples: • Configurin g Loca l and Remo te L ogging • Configurin g Email A lerting Configuri ng Local and Remot e Logging This e xample shows how t o enable switch a uditing and CLI command logging.
Monito ring an d Loggin g System Inf ormatio n 275 4 V erify the remote log se rver configuration. console# show syslog-servers IP Address/Hostname Port Severity Description ------------------------- ------ -------------- ---------- 192.
276 Monit oring and Lo gging Sy stem Inf ormatio n Configuri ng Email Alerti ng The commands in this example define the SMTP server to use for sending email alerts. The mail server does not require authentication a nd uses the standar d TCP port for SM TP , port 25, which ar e the default values.
Monito ring an d Loggin g System Inf ormatio n 277 2 Configure the username a nd password that the switch m ust use to authen ticate with the ma il se rver .
278 Monit oring and Lo gging Sy stem Inf ormatio n Email Alert Logging............................ enabled Email Alert From Address....................... N3048_noreply@dell.com Email Alert Urgent Severity Level.............. 0 Email Alert Non Urgent Severity Level.
Managi ng Genera l System Set tings 279 12 Managing General System Settings This chapter de scribes how to set system information, such as t he hostname, and time s ettings, and how to select the Switch Da tabase Ma nagement (SDM) template t o use on the s witch.
280 Managi ng Genera l System Set tings The switch can obtain the time from a S imple Network Time P ro tocol (SNTP) server , or you can set the time manually . T able 12-2 describes the settings that help the switch keep t rack of time. The Dell Net working N2024 P/N2048P and N3 024P/N3048P switch ports are IEEE 802.
Managi ng Genera l System Set tings 281 Why Does Syst em Information Need to Be Configured? Configuring system information is optional. However , it can be helpful in providing administra tive information ab out the s witch.
282 Managi ng Genera l System Set tings IPv4 un icas t rout es N2000 N3000 N4000 256 8160 8160 0 8160 8160 512 12288 12288 0 0 8160 IPv6 Neighbor Discovery P rot ocol (NDP) en tries N2000 N3000 N4000 .
Managi ng Genera l System Set tings 283 SDM T emplate Configura tion Guidelines When you configure the switch to use an SDM template that is not curr ently in use, you must r eload the switch for the configuration to take effect.
284 Managi ng Genera l System Set tings T o increase security , you can re quire authentication bet ween the configured SNTP server and the SNTP client on the sw itch. Authenticat ion is provided by Message Diges t 5 (MD5). MD5 verifies the integ rity of the communication and authenticates the origin of the communication.
Managi ng Genera l System Set tings 285 What Are the Key PoE Plus Featur es for the N2024P/N2 048P and N3024P/N304 8P Switches? T able 12-4 des cribes some of the key P oE Plus features the switches support.
286 Managi ng Genera l System Set tings Default Gener al System Infor mation By default, no system information or time information is configur ed, and the SNTP client is disabled. The default SDM T emplate applied to the switch is the Du al IPv4-IP v6 temp late.
Managi ng Genera l System Set tings 287 Configuri ng General Sys tem Settings (Web) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring general syst em settings on the Dell Netwo rking N2000, N3000, and N4000 series switches.
288 Managi ng Genera l System Set tings Initiating a T elnet Session from the Web Interface T o launch a T elnet session: 1 Fr o m t h e System → Gene ral → System Informat ion page, click the T e lnet link. 2 Click the Te l n e t button. Figure 12 -2.
Managi ng Genera l System Set tings 289 The selected T elnet clie nt launches and connects to the switch CLI. Figure 12 -4. T el net Sess ion.
290 Managi ng Genera l System Set tings CLI Banner Use the CLI Banner page to configure a message for the switch to display when a user connects to the switch by using the CLI. Y ou can configure differ ent banners for various CLI modes and access meth ods.
Managi ng Genera l System Set tings 291 SDM T emplate Preference Use the SDM T emplate Preference page to vie w infor mati on abou t temp late resource se ttings and to s elect the tem plate that the switch uses . If you select a new SDM temp late for the sw itch to use, you m ust reboot the swit ch before the temp late is appli ed.
292 Managi ng Genera l System Set tings Clock If you do not obtain the system time from an SNTP server , you can manually set the da te and time on th e switch on the Clock pa ge. The Clock page a lso dis plays info rmat ion ab out the tim e sett ings conf igured on the sw itc h.
Managi ng Genera l System Set tings 293 SNTP Global Sett ings Use the SNTP G lobal Settin gs page to enable or disable the SNTP client, configure whether and how often the client sends SNTP r equests, and determine whether the switch can receive SNTP broadcasts.
294 Managi ng Genera l System Set tings SNTP Authenti cation Use the SNTP Authentication page to enable or disable SN TP authenti cation, to modify the au thenticati on key for a selecte d encryption key ID, to des ignate the selec ted authentica tion key as a trusted key , a nd to remove the selected encryption key ID.
Managi ng Genera l System Set tings 295 Figure 12-10. Add Aut henticati on Key 3 Enter a nu merical encrypti on key ID and an aut hentica tion k ey in the appropriate field s. 4 If the k ey is to be used to auth enticate a unicast SNTP s erver , select the Tr u s t e d K e y check box.
296 Managi ng Genera l System Set tings SNTP Server Use the SNTP Ser ver page to view and modify information about SN TP servers, and to add new SNTP servers tha t the switch can us e for time synchronization. The switch can accept t ime information from both IPv4 and IPv6 SNTP servers .
Managi ng Genera l System Set tings 297 Figure 12 -13. Ad d SNTP S erver 3 In the SNTP Server field, enter the IP a ddres s or host name for the new SNTP server . 4 Specify wh ether the inform ation ent er ed in t he SNTP Server field is an IPv4 ad dres s, IPv6 add ress , or a hostn ame (DNS).
298 Managi ng Genera l System Set tings T o v iew all configured SNTP servers, click the Show All link. The S NTP Server T able display s. Y ou can al so use th e SNTP Server T able pag e to remove or edit ex isting SNTP serv ers.
Managi ng Genera l System Set tings 299 Summer T ime Configurat ion Use the Summer T ime Configuration page to configure summer time (daylig ht savin g time) settings. To d i s p l a y t h e Summe r T ime Configurat ion page, c lick System → Ti m e Sync hroniz atio n → Summe r T ime Con figurat ion in the navigation panel.
300 Managi ng Genera l System Set tings T ime Zone Configurat ion Use the T ime Z one Configuratio n to configure time zone information, including the a mount time the lo cal time is offset fro m UTC and the acronym that r epresents the local time zone.
Managi ng Genera l System Set tings 301 Card Configu ration Use the Card Configuration pa ge to control the administrative status of the rear -panel expansion slots (Slot 1 or Slot 2) and to configure the plug-in module to use in the slot.
302 Managi ng Genera l System Set tings Slot Summary Use the Slot Summar y page to view information about the expansion slot status. To d i s p l a y t h e Slot Summary page , click Switching → Slots → Summary in the navigation panel. Figure 12-18.
Managi ng Genera l System Set tings 303 Supported Car ds Use the Supported Cards page to view infor mation about the s upported plug-in modules for the swi tch. To d i s p l a y t h e Supported Cards page , click Switching → Slots → Supported Cards in the navigation panel.
304 Managi ng Genera l System Set tings Power Over Ether net Global Con figuration ( N2024P/N204 8P and N3024P/N304 8P Only) Use the P oE Global Co nfiguratio n page to configure the P oE set tings for the switch.
Managi ng Genera l System Set tings 305 Power Over Ethernet Interfac e Configu ration ( N2024P/N20 48P and N3024P/N304 8P Only) Use the P oE Interface Con figuration page to configure the per -port P oE settings. F rom this page, y ou can also access the P oE Counters ta ble and P oE P ort T able.
306 Managi ng Genera l System Set tings T o view P oE statistics for each port, click Co unters. Figure 12-22. PoE Coun ters T able T o view the P oE P ort T ab le, click Show All .
Managi ng Genera l System Set tings 307 Configuring System Settings (CLI) This section provides information about the commands you use to configure system informat ion and time settings on the Dell Netw orking N2000, N3000, and N4000 series switches .
308 Managi ng Genera l System Set tings Configuri ng the Banner Beginning in P rivileged EXEC mode, use the following commands to configure the MOTD, login, or User EXEC banner . The switch supports the following banner messages: • MOTD —Displays when a user connects to the switch.
Managi ng Genera l System Set tings 309 Managing the SDM T emplate Beginning in P rivileged EXEC mode, use the following commands to set the SDM tem plate p re fer ence a nd to view i nform ation about the avail able S DM templ ates .
310 Managi ng Genera l System Set tings sntp tr usted-key ke y_i d Speci fy the auth enticatio n key the SNTP serv er must inc lude in SNTP packets that it sends to the switch . The ke y_i d number must be an en cryption key ID defined in the previou s step.
Managi ng Genera l System Set tings 311 Setting th e System T ime and Date Manually Beginning in P rivileged EXEC mode, use the following commands to configure the time and date, time zone, and summer time settings. Comman d Purpose clock set { mm/dd/yyyy hh:m m:ss } | { hh:mm:ss mm/dd/yyyy Config ure the time and date.
312 Managi ng Genera l System Set tings Configuri ng the Expansi on Slots (N3000 Ser ies Only) Beginning in P rivileged EXEC mode, use the following commands to configure a nd view information abou t the expansion slots and plug- in modules (car ds).
Managi ng Genera l System Set tings 313 V iewing Slot Infor mation (N4000 Ser ies Only) Use the following commands to view information about Slot 0 and its support. Configuri ng PoE Setting s (N2024P/N20 48P and N3024P/ N3048P Only) Beginning in P rivileged EXEC mode, use the following commands to configure P oE information.
314 Managi ng Genera l System Set tings power inline priority {critic al | high | low} Configures the port priority le vel for the delive ry of power to an attached device. power inline high-power Conf igur e the port hi gh pow er mo de for con nec ted-d evice compatibil ity .
Managi ng Genera l System Set tings 315 General System Settings Configuratio n Examples This section contains the following exa mples: • Configurin g System and Ba nner Information • Configu ring .
316 Managi ng Genera l System Set tings System Contact: Jane Doe System Name: N2048 System Location: RTP100 Burned In MAC Address: 001E.C9AA.AA07 System Object ID: 1.
Managi ng Genera l System Set tings 317 Power Supplies: Unit Description Status Average Current Since Power Power Date/Time (Watts) (Watts) ---- ---------- -------- ---------- -------- ------------ 1 System OK 5.0 97.8 1 Main Failure 1 Secondary OK 97.
318 Managi ng Genera l System Set tings Figure 12-24. V erify MOTD.
Managi ng Genera l System Set tings 319 Configuri ng SNTP The commands in this example configure the switch to poll an SNTP server to synchronize the time. Ad ditionally , the SNTP sessions between t he client and server must be authentica ted. T o configure the switch: 1 Configure the authentication informa tion.
320 Managi ng Genera l System Set tings 4 View the SNTP status on the switch. console# show sntp status Client Mode: Unicast Last Update Time: MAR 01 09:12:43 2010 Unicast servers: Server Status Last response --------------- ------------ --------------------- 192.
Managi ng Genera l System Set tings 321 Configuri ng the T ime Manually The co mmands in thi s example manuall y set the syst em time and date. The time zo ne is se t to Eas tern Stand ard Ti me (EST), w hich has an offset of -5 hour s. S umme r ti me is ena ble d and uses th e pr eco nfig ur ed Unite d St ate s settings.
322 Managi ng Genera l System Set tings.
Conf iguring SNMP 323 13 Configuring SNMP The topics covered in t his chapter include: • SNMP Overview • Defa ult SNM P V a lues • Configurin g SNMP (W eb) • Configurin g SNMP (CL I) • SNMP C onfiguration E xamples SNMP Overview Simple Network Management Pr otocol (SNMP) provides a method for managing network devices.
324 Confi gurin g SNMP The SNMP agent ma intains a list of variable s tha t are used to manage t he switch. The variables are defined in the MIB. The MIB presents the variables controlled by the agent . The SNMP agent defines the MIB specification format, as well as the format us ed to access the info rmation over the network.
Conf iguring SNMP 325 Y ou can configure va rious features on the switch to generate SNMP traps that inform the NMS about eve nts or problems that occur on the switch. T raps generated by the switch can also be vi ewed locally by using the web-based interface or CLI.
326 Confi gurin g SNMP T able 13-2 describes the two views that are defined by default. By default, three groups are defined. T able 13-3 describes the group s. The Read, W rite, and Notify v alues define the preconfigured views that are associat ed with th e groups.
Conf iguring SNMP 327 Configuring SNMP (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring the SNMP agent on a Dell Networking N2000 , N3000, and N4000 series switches. F or details abo ut the fields on a page, click at the top of the page.
328 Confi gurin g SNMP SNMP V iew Settin gs Use the SNMP Vi e w S e t t i n g s page to c rea te v iews th at de fine w hich f eatur es of the device ar e accessible and which ar e blocked. Y ou can create a view that includes or e xcludes OIDs cor responding to inte rfaces.
Conf iguring SNMP 329 Figure 13 -3. Add View 3 Specify a n ame for the view and a valid SNMP OID string . 4 Select the view type. 5 Cli ck Apply . The SNMP vie w is added, and the device is update d. Click Show A ll to view information about configur ed SNMP V iews.
330 Confi gurin g SNMP Access Contr ol Group Use the Access Contro l Group page to view informat ion for creati ng SNMP groups, and to assign SNMP access privileges. Gr oups allow network m a n a g e r s t o a s s i g n a c c e s s r i g h t s t o s p e c i f i c d e v i c e f e a t u r es o r f ea t u re s a s p e c t s .
Conf iguring SNMP 331 Figure 13-5. Add Access C ontrol Group 3 Specify a n ame for the group. 4 Select a security model and level 5 Define the context prefix and the operation. 6 Cli ck Apply to update t he switch. Click Show A ll to view i nformati on abou t ex isting a ccess c ontrol configurations.
332 Confi gurin g SNMP SNMPv3 User Securi ty Model (USM) Use the User Security Model page to assign s ystem users to SNMP groups and to define t he user authentica tion method. To d i s p l a y t h e User Security Model pa ge , cli ck System → SNMP → User Security Model in t he navig ation pa nel.
Conf iguring SNMP 333 Figure 13-7. Add Local Users 3 Define th e relevant fields. 4 Cli ck Apply to update t he switch. Click Show A ll to vi ew the User Security Model T able, which conta ins information about configur ed Local and Remote Users.
334 Confi gurin g SNMP Figur e 13-8. Add Remote Users 3 Define the relevan t fields. 4 Click Apply to up date the sw itch. Click Show Al l to vie w the Us er Securi ty Mod el T able, which contains information about configur ed Local and Remote Users.
Conf iguring SNMP 335 Communities Access rights for SNMPv1 and S NMPv2 are managed by defining communities Comm unities page. When the community names ar e changed, access rights ar e also changed. SNMP Communities a re defined only for SNMP v1 and SN MP v2.
336 Confi gurin g SNMP Figure 13-10. Add SNMP v1,2 Community 3 Specif y the IP a ddr ess of an SNMP manag ement st ation an d the community string to act as a passwor d that will aut henticat e the management station to the SNMP agent on the switch. 4 Select the a ccess mode.
Conf iguring SNMP 337 Notifica tion Filt er Use the Noti fication Filter page to set filter ing traps b ased on OIDs. E ach OID is link ed to a de vice featur e or a featur e aspect. The Notification Filter page also allows you to f ilter notificati ons.
338 Confi gurin g SNMP Figure 1 3-12. Add Notifica tion Filter 3 Specify the name of t he filter , th e OID for th e filter . 4 Cho ose wh ether to send ( includ e) trap s or infor ms to th e trap recipient or prevent the switch from sending (exclude) the traps or informs.
Conf iguring SNMP 339 Figure 13-13. SNMP Notification Recipi ent Adding a Notification Recipient T o add a r ecipient: 1 Open the Notifica tion Recipient page.
340 Confi gurin g SNMP Figure 1 3-14. Add Notifica tion Recip ient 3 Specify the IP address or hostname of the host t o r eceive n otifications. 4 Select wh ether to s end traps or informs to th e specified recipient 5 Define the relevant f ields for the SNMP v ersion you use.
Conf iguring SNMP 341 T o access the T r ap Fl ags page, click Statistics/RMON → T r ap Man ager → Tr a p F l a g s in the navigation panel. Figure 13 -15. T rap Fla gs OSPFv2 T rap Flags The OSPFv2 T rap Flags page is used to specify which OSPFv2 traps you want to enable or disable.
342 Confi gurin g SNMP Figure 13 -16. OSPFv2 T rap Flags OSPFv3 T rap Flags The OSPFv3 T rap Flags page is use d to spe cify which OSP Fv3 trap s yo u wa nt to enable or disable.
Conf iguring SNMP 343 Figure 13 -17. OS PFv3 T rap Flags Tr a p L o g The Tr a p L o g p age is used to v iew entries that hav e been writte n to the trap log. T o access the Tr a p L o g page, cl ick Statistics/RMON → T rap Manager → Tr a p L o g in the nav igation panel.
344 Confi gurin g SNMP Figure 13-18. T rap Lo gs Click Clear to de lete a ll entr ies fro m the trap lo g..
Conf iguring SNMP 345 Configuring SNMP (CLI) This section provides information ab out the commands you use to manage and view SNMP featur es on the switch. F or more information about these commands, see the Dell Networking N2000 , N3000, and N4 000 Series Switches CLI Reference Guide at supp ort .
346 Confi gurin g SNMP Configuri ng SNMP Views, Grou ps, and Users Beginning in P rivileged EXEC mode, use the following commands to define SNMP views, and SN MP groups, and local and r emote SNMPv3 users. snmp-s erver eng ineID local { engineid -string | defaul t} Confi gure the S NMPv3 Engine ID.
Conf iguring SNMP 347 snmp-ser ver group groupname { v1 | v2 | v3 { noaut h | auth | priv } [ notify view-name ]} [ conte xt view-name ] [ read view-name ] [ write view-name ] Spec ify the i denti ty strin g of th e re ceive r and set the r eceiver timeo ut valu e.
348 Confi gurin g SNMP snmp-ser ver user username gro upname [ rem ote engin eid -strin g ] [{ auth-md5 password | auth-sha password | auth-m d5-key md5-key | auth-sh a-key sha-ke y } [ priv-des password | priv -des-key des-k ey ]] Config ure a new SNMPv3 user .
Conf iguring SNMP 349 Configuri ng Communities Beginning in P rivileged EXEC mode, use the following commands to configure access rights for S NMPv1 and SNMPv2. show snmp group [ group_name ] View SNMP group conf igurati on informatio n. show snmp user [ user_nam e ] Vi ew S NMP us er con figu rati on inf ormat ion.
350 Confi gurin g SNMP snmp-s erver co mmunit y- group community - strin g group-name [ ipaddress ip-address ] Map the in ter nal s ecu rity n ame for SNMP v1 a nd S NMP v2 securi ty models to the group name. • com mu nity -strin g — Com munity string t hat acts like a password and permits access to the SNMP protocol .
Conf iguring SNMP 351 Configuri ng SNMP Notificat ions (T raps and In forms) Beginning in P rivileged EXEC mode, use the following commands to allow the switch to send SNMP t raps and to configure which traps ar e sent.
352 Confi gurin g SNMP snmp-server host host- addr [ informs [ timeout second s ] [ ret ries retr ies ] | traps version { 1 | 2 }] ] community -string [ udp - port port ] [ filter filtername ] F or SNMPv 1 and SNMPv2, c onfigure the s ystem to receiv e SNM P tra ps or info rms.
Conf iguring SNMP 353 snmp-ser ver v3-host { ip- address | hostna me } userna me { trap s | informs } [ noaut h | auth | priv ] [ timeout second s ] [ retrie s retr ies ] [ udpport port ] [ filter filtername ] F or SN MPv3, con figure the sys tem to receiv e SNMP traps or informs.
354 Confi gurin g SNMP SNMP Configuration Examples This section contains the following e xamples: • Configu ring SNMP v1 and SN MPv2 • Configurin g SNMPv3 Configuri ng SNMPv1 and SNMPv2 This e xampl e shows how to comple te a basic SNMPv1/v2 conf iguration.
Conf iguring SNMP 355 Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Version 3 notifications System Contact: System Location: Configuri ng SNMPv3 This e xample shows how to complete a basic SNMPv3 configuration. The commands create a view that includes objects from t he int erne t MIB subtr ee (O ID 1.
356 Confi gurin g SNMP 3 Create the user admin , assign the user to th e group, and specify the authen tication cr edential s. console(config)# snmp-server user admin group_snmpv3 auth-md5 secretkey 4 Specify the IP add r ess of the host wh ere t raps are to be sent.
Conf iguring SNMP 357 console# show snmp views console# show snmp group console# show snmp user Name OID Tree Type ------------------ ------------------------ ------------ Default iso Included Default.
358 Confi gurin g SNMP.
Manag ing Imag es and Fi les 359 14 Managing Image s and Files This chapter de scribes how to upload, download, and copy files, such a s firmware images and configuration files, on the switch.
360 Managi ng Ima ges a nd Fil es T abl e 14-1. Files to Mana ge File Action Description image Download Upload Copy F irmware for the switch. The swi tch can mainta in t wo image s: the active image and the b ackup image . startup-config Download Upload Copy Conta ins th e soft ware confi gurat ion tha t loads during the boot process.
Manag ing Imag es and Fi les 361 Why Is File Management Needed? This section provides some r easons why you might choose to manage various files. Image Files The switch can store two firmware images, but only one is active . The other image file is a backup image.
362 Managi ng Ima ges a nd Fil es • N40 32, N40 32F , N4 064, N40 64F N3000 _ N2000 — Dell Networkin g 2000/300 0 series switch firmware for: • N20 24, N2 048, N20 24P , N 2048P , N3024 , N3024P , N3 024F , N3048, N3048P And the version number is: V ersion Numbering Convention • M ajor release numbe rs star t at 6.
Manag ing Imag es and Fi les 363 running-config file. The backup-config file does not exist until y ou explicitly create one by copying an e xisting configuration file to the backup-config fil e or downloading a backup-con fig file to the switch. Y ou can also cr eate configuration script s, wh ich are text files th at conta ins CLI commands.
364 Managi ng Ima ges a nd Fil es •T F T P •S F T P •S C P •F T P • HTTP ( W eb onl y) • HTTPS (W eb o nly ) Y ou can also copy files between the file system on the internal flash and a USB flash drive that is connect ed to th e exte rna l USB port .
Manag ing Imag es and Fi les 365 Editing and Dow nloading Configuration Files Each configuration file contains a list of e x ec utable CLI commands. The commands must be complete and in a lo gical order , as if you wer e entering them by using the switch CLI.
366 Managi ng Ima ges a nd Fil es ! Display information about direct connections show serial ! End of the script file Mana ging Fi les on a St ack Image files downloaded to the mas ter unit of a stack ar e automaticall y downloaded t o all stack members.
Manag ing Imag es and Fi les 367 Managing Images a nd Files (W eb) This secti on provides information about the O penManage Switch Adm inist rato r page s to use to ma nage im age s and f iles on a Dell Net workin g N2000, N30 00, and N4000 series switche s.
368 Managi ng Ima ges a nd Fil es Active Image s Use the Act ive I mages page to set the firm ware image to use when the sw itch boots. If you change the boot image, it does not become t he active image until you reset the switch. On the N4000 series switches, the images are named act ive and backu p .
Manag ing Imag es and Fi les 369 USB Flash Driv e Use the USB F lash Dri ve pag e to view informatio n about a USB fla sh drive connected to the USB port on the front panel of the switch. The page also displays information about the files stored on the USB flash drive.
370 Managi ng Ima ges a nd Fil es File Do wnload Use the F ile Down load page to download i mage (binary) f iles, SSH and SSL cer tifi cat es, IA S Us er fi les , and c onf ig uration (ASCII), files from a r emote serv er to th e switc h.
Manag ing Imag es and Fi les 371 If you sele ct a transfer mode that r equir es authen tication , additi onal fiel ds appear i n the Downl oad secti on. If y ou select HTTP as the download method, some of the fields are hidden. 4 T o downlo ad using HT TP , click Browse and sele ct the fil e to download , then cli ck Apply .
372 Managi ng Ima ges a nd Fil es File Up load Use the F ile Upload t o Ser ver page to upload config uration (ASCII), image (binary), IA S user , operational log, and startup log files from t he switch to a remote server .
Manag ing Imag es and Fi les 373 4 T o upload by using HT TP , click Apply . A dialog box opens to al low you to open or save th e file. Figure 14 -7. Fi le Upload 5 T o upload by usi ng any method ot her than HT TP , ent er the IP ad dres s of the server and specify a name for t he file.
374 Managi ng Ima ges a nd Fil es Copy Fil es Use the Copy F iles pa ge to : • Copy the active firmware image to th e switch. one or all mem bers of a stack. • Copy the running, startup, or backup confi gurati on file to the star tup or backup confi guration file.
Manag ing Imag es and Fi les 375 Managing Images a nd Files (CLI) This section provides information about the commands you use to upload, download, and copy files to and from the Dell Networki ng N2000, N3 000, and N4000 series switches .
376 Managi ng Ima ges a nd Fil es boot system { image1 | image2 } Set t he image to u se as the boot (active) image after the swit ch resets. Imag es on the N4 032/N40 64 are named active and backup .
Manag ing Imag es and Fi les 377 Managing Fil es in Interna l Flash Beginning in P rivileged EXEC mode, use the following commands to copy , rename, delete and lis t the files in the internal flas h. Command Purpo se dir List the fi les in the flash file syst em.
378 Managi ng Ima ges a nd Fil es copy startup-co nfig backup-config Save the sta rtup co nfig urati on to the ba ckup c onfigu rati on file . copy running- config startup-config Copy the cu rrent configurat ion to the st artup confi guration . This sav es the current con figurati on to NVR AM.
Manag ing Imag es and Fi les 379 Managing Fil es on a USB Flash Device Beginning in P rivileged EXEC mode, use the following commands to manage files that ar e on a USB device th at is plugged int o the USB flas h port on the front panel of the switch.
380 Managi ng Ima ges a nd Fil es Managing Co nfigurat ion Scri pts (SFT P) Beginning in P rivileged EXEC mode, use the following commands to download a configuration sc ript from a r em ote system to the swit ch, valida te the scrip t, and activate it .
Manag ing Imag es and Fi les 381 File and Image Management Config uration Examples This section contains the following exa mples: • Upg rading the F irmwa re • Man aging C onfiguration Scripts Upgrading th e Firmware This e xample for a N4032 shows how to downloa d a firmwar e image to the switch and activ ate it.
382 Managi ng Ima ges a nd Fil es Figure 14-9. Image Path 3 View information about the current image. console# show version Image Descriptions image1 :default image image2 : Images currently available on Flash 4 Downloa d the image to the swit ch. After you execute the copy command, you must verify that you wa nt to sta rt the down load.
Manag ing Imag es and Fi les 383 Set TFTP Server IP............................. 10.27.65.103 TFTP Path...................................... images/ TFTP Filename.................................. dell_0308.stk Data Type..............................
384 Managi ng Ima ges a nd Fil es Configuration Saved! 8 Reset the switch to boot the system with the n ew image. console# reload Are you sure you want to continue? (y/n) y Reloading all switches.
Manag ing Imag es and Fi les 385 console# copy tftp://10.27.65.103/labhost.scr script labhost.scr Mode........................................... TFTP Set TFTP Server IP............................. 10.27.65.103 TFTP Path..............................
386 Managi ng Ima ges a nd Fil es ip host labpc2 192.168.3.58 ip host labpc3 192.168.3.59 Configuration script 'labhost.scr' applied. 6 V erify that the script was su ccessfully appli ed. console# show hosts Host name: test Name/address lookup is enabled Name servers (Preference order): 192.
Manag ing Imag es and Fi les 387 Data Type.............................. Code Management access will be blocked for the duration of the transfer Are you sure you want to start? (y/n) y 3 Copy the running-config to the USB fla sh drive. console# copy running-config usb://rc_backup.
388 Managi ng Ima ges a nd Fil es.
Auto Image and C onfigu ration Update 389 15 Automatically U pdating the Imag e and Config uration The topics covered in t his chapter include: • Aut o Config uration O vervie w • What A r e the D.
390 Auto I mage and Co nfigu ration U pdate fails - either because it is disabled, no USB storage device is present, or no configuration or images files are present on the USB storage device, the switch uses t he DHCP A uto Install process.
Auto Image and C onfigu ration Update 391 file. If no dellswitch.set up file is avai la ble, the switch checks for a file with a *.text configuration file a nd a *.stk ima ge file. If mult iple .te xt files e xist, the switch uses the dellswit ch.text file.
392 Auto I mage and Co nfigu ration U pdate be using the same configuration file and/or image on the USB device. This method allows different IP addresses t o be assigned, but the same configuration file or image is do wnloaded to multiple switches.
Auto Image and C onfigu ration Update 393 The general format of the configuration file lines is as follows. The IP address and subnet mask are requir ed. The MAC addr ess, configuration file, and image file name entries ar e optiona l. MAC_address IP_Address Subnet_Mask Config_F ile Image_File The followi ng exampl e shows a *.
394 Auto I mage and Co nfigu ration U pdate Obtaining IP A ddress Information DHCP i s enable d by def ault o n the Ou t-of -Ban d (OOB) in terfac e on N3000 and N4000 swit ches. DHCP is enabled by default on VL AN 1 on the N2000 switches. If an IP addr ess has not be en assigned, t he switch issu es reque sts for an IP addr ess assig nment.
Auto Image and C onfigu ration Update 395 Obtaining the Image Auto Configuration at tempts to download a n image file f rom a TFTP server only if no configuration fi le was found in the internal flash or a USB drive, or even with a saved configuration file that has A uto Configuration enabled.
396 Auto I mage and Co nfigu ration U pdate The TFTP client makes three unicast r e quests. If the unicast attempts fail, or if the DHCP OFFER did not specify a TFTP server addr ess, the TFTP client makes three broadcas t r eques ts.
Auto Image and C onfigu ration Update 397 T able 1 5-1 summ arizes the config file s that may be downlo aded and the order in which they are sought. T able 15-2 dis plays the dete rmining factors for iss uing unicast or broadcast TFTP request s. T able 1 5-1.
398 Auto I mage and Co nfigu ration U pdate Monitorin g and Completing the DHCP Aut o Configura tion Process When the switch b oots and triggers a n Auto Configurat ion, a message displays on the console screen to indic ate that the proce ss is starting.
Auto Image and C onfigu ration Update 399 What Are the Dependencies fo r DHCP Auto Configu ration? The Auto Configurati on process from TFTP servers depends upon the following network services: • A DH CP server must be configured on the n etwork with appropriate services.
400 Auto I mage and Co nfigu ration U pdate Default Auto C onfiguration V alues T able 15-3 descri bes the Auto Configuration defaults. T able 15-3. Auto Configu ration De faults Featur e Def ault Des.
Auto Image and C onfigu ration Update 401 Managing Auto Configuration (W eb) This secti on provides information about the O penManage Switch Adm inist rato r page s to use to ma nage im age s and f iles on a Dell Net workin g N2000, N30 00, and N4000 series switche s.
402 Auto I mage and Co nfigu ration U pdate Managing Auto Configuration (CLI) This section provides information about the commands you manage the Auto-Install Configuration featur e on th e switch. F or more information about these commands, see th e Dell Net working N2000, N3000, and N40 00 Series Switches CLI Refer ence Guide at support.
Auto Image and C onfigu ration Update 403 Auto Configu ration Example A netwo rk adminis trator is deplo ying thr ee Dell Networ king s witche s and wants to quick ly and au tomati cally inst all the .
404 Auto I mage and Co nfigu ration U pdate 4 Create a setup file nam ed dellswitch.setup . The set up fil e contai ns the follo wing lines : 001E.C9AA.AC17 switchA.txt N2000vR.5.4.1.stk 001E.C9AA.AC20 switchB.txt N2000vR.5.4.1.stk 001E.C9AA.AC33 switchC.
Auto Image and C onfigu ration Update 405 Enabling DHCP Aut o Configurati on and Auto Image Downlo ad If no USB device is connected to the USB port on the Dell Networking switch and no configuration f.
406 Auto I mage and Co nfigu ration U pdate Easy Image Upgr ade via USB If a USB dev ice is detected during b ootup and ther e is an image on the USB device, and the switch has no startu p config file, then the image version is checked against the active image version.
Monit oring S witch T raff ic 407 16 Monitoring Switch T raffic This chapter de scribes sFlow fe atures, R emote Monitori ng (RMON), and P ort Mirroring features .
408 Monit oring Sw itch T ra ffic monitored devices. sFlow datagrams f orw ard sampled tra ffic stat istics to the sFlow Collector for analysis. Y o u can specify up to eight differ ent sFlow receiv ers to whi ch the switch sends sFlow datagrams. Figure 16-1.
Monit oring S witch T raff ic 409 sFlow Sampling The sFlow Agent in the Dell Netw orking software uses two forms of sampling: • Statistical packet-based sampling of switched or routed P acket Flows .
410 Monit oring Sw itch T ra ffic Counte r Sampling The primary objective of Counter Sam pling is to efficiently , periodically export counters associa ted with Data Sources. A maximum Sampling Interval is assig ned to each s Flow instance as sociated wi th a Data Source.
Monit oring S witch T raff ic 411 The RMON agent in the switch supports the following groups: • Group 1— Statis tics. Contains cumula tive traffic a nd error stati stics. • Group 2 —History . Generat es reports from pe riodic traffic samplin g that are useful for analyzing trends.
412 Monit oring Sw itch T ra ffic F or each source port, you can specify whether to mirror ingres s traffic (traffic the port receives, or RX), egress traffic (traffic the port sends, or TX), or both ingress and egr ess traffic. The packet that is copied to the destinati on port is in the same format as the original pack et on the wir e.
Monit oring S witch T raff ic 413 disabli ng of spann ing tr ee on a destinati on port me ans that administr ators must only connect the de stinati on port to dir ectly attached probes to avoid the possibility of a network loop. • GVRP is disa bled on dest ination p orts such that GVRP PDUs ar e never received from or transm itted to th e port.
414 Monit oring Sw itch T ra ffic Default T raffic Monitoring V alues The sFlow age nt is enabled by default, but s ampling and poll ing are disabled on all ports. Additionally , no sFlow receivers (collectors) are configur ed. T able 16-1 contains additional default values for the sFl ow feature.
Monit oring S witch T raff ic 415 Figure 16-2. sFlow Agent Su mmary.
416 Monit oring Sw itch T ra ffic sFlow Receive r Configura tion Use the sFlow Receiver Config uration pag e to con figur e se ttings f or the sFlow r eceiver to w hich the switch se nds sFlow datagrams. Y ou can configur e up to eight sFlow receivers that will receive datagrams.
Monit oring S witch T raff ic 417 sFlow Sampler Con figuration Use the sFL ow Sampler Configuration page to configure the sFlow sampling settings for switch ports. To d i s p l a y t h e Sampl er Co nfig urat ion page, click System → sFlow → Samp ler C onfig urat ion in the navigation panel.
418 Monit oring Sw itch T ra ffic sFlo w Poll Con figur ation Use the sF Low P oll Co nfig urat ion page t o configure how often a port should collect counter samples. To d i s p l a y t h e Sampler Configuration page, click System → sFlow → Sam pler C onfi gura tio n in the navigation panel.
Monit oring S witch T raff ic 419 Inte rface Stat istic s Use the Interface Statistics page to disp lay st ati stics for bo th receiv ed an d transmitted packets. The fields for both r eceived and transmitted packets ar e identical. T o display the page, cl ick Statistics/RMON → T able V iews → Interf ace Statistics in the navigation panel.
420 Monit oring Sw itch T ra ffic Etherli ke Statistics Use the Etherlike Statistics p age to d ispla y inter face sta tisti cs. T o display the page, click Statistics/RMON → Ta b l e V i e w s → Eth erli ke Statistics in the navigation panel. Figure 16-7.
Monit oring S witch T raff ic 421 GVRP Statist ics Use the GVRP Statistics page to display switch st atistics for GVRP . T o display the page, cl ick Statistics/RMON → T able V iews → GVRP Statistics in the navigation panel.
422 Monit oring Sw itch T ra ffic EAP Statist ics Use the EAP Stati stics page to di splay informati on about EAP pack ets receiv ed on a specific port. F or more information about EAP , see "Configuring P ort and System Security" on p age 503.
Monit oring S witch T raff ic 423 Util izatio n Su mmary Use the Utilizat ion Summary page to disp lay interface uti lization statist ics. T o display the page, cl ick Statistics/RMON → T able V iews → Utiliza tion Summary in the navigation panel.
424 Monit oring Sw itch T ra ffic Counter Summary Use the Counter Summary page to dis play interface utiliza tion statistics in numeric sums as op posed to pe rcentages. T o display the page, click Statistics/RMON → Ta b l e V i e w s → Counter Summary in the navigation panel.
Monit oring S witch T raff ic 425 Switchport Statis tics Use the Switchport Statistics page to di splay st atistical s ummary information about swi tch traffi c, address tables, an d VLANs. T o display the page, cl ick Statistics/RMON → T able V iews → Switchport Statistics in the navigation panel.
426 Monit oring Sw itch T ra ffic RMON Statis tics Use the RMON Statistics page to display de tails about switch use such a s pack et processing statistics and errors that have occurred on t he switch. T o display the page, click Statistics/RMON → RMON → Statistics in the navigation panel.
Monit oring S witch T raff ic 427 RMON History Cont rol Statisti cs Use the RMON H istory Control page to m aintain a history o f statisti cs on each port. F or each interface (either a phy sical port or a port-channel), you can define how many buckets e xist, and the time interval between each bucket snapshot.
428 Monit oring Sw itch T ra ffic Figure 16 -15. Add His tory Entry 3 Select the port or LAG on which yo u want to mai ntain a hi story of stati stics. 4 Specify an own er , the number of h istorical buckets to k eep, and the sampling interval. 5 Click Apply to add the entry to the RMON History Control T able .
Monit oring S witch T raff ic 429 RMON Histor y T able Use the RMON His tory T able page to display interface-speci fic statistical network sampling s.
430 Monit oring Sw itch T ra ffic RMON Event Control Use the RMON Events Con trol page to define RMON events. Events ar e used by RMON alarms to force some action when a thre shold is crossed for a particular RMON counter . The event information can be stored in a log and /or se nt as a trap to a tra p recei ver .
Monit oring S witch T raff ic 431 Figure 16-18. Add an Eve nt Entry 3 If the event sends an SNMP trap, specify the SNMP community to receive the t rap. 4 Optionally , provide a d escription of the event and the name of the ev ent owner . 5 Select an even t type.
432 Monit oring Sw itch T ra ffic RMON Event Log Use the RMON Event L og page to display a l ist of RMON events. T o display the page, click Statistics/RMON → RMON → Even ts Log in the navigation panel.
Monit oring S witch T raff ic 433 RMON Alarms Use the RMON Alarms page to set n etwork alarms. Alarms occur when certain thresholds ar e crossed for the configur ed RMON counters. The alarm triggers an event t o occur . The ev ents can be configured as part of the RMON Events group .
434 Monit oring Sw itch T ra ffic Addin g an Al arm T able E ntry T o add an alarm: 1. Open the RMON Al arms page. 2. Click Add. The Add a n Alarm Entry page displays. Figure 16 -21. Add an Alarm Entry 3. Complete the fields on this page as need ed. Use the help m enu to learn more information abou t the data r equired for each field.
Monit oring S witch T raff ic 435 Port Stat istic s Use the P ort Statistics page to chart port-r elated statis tics on a gra ph. T o display the page, cl ick Statistics/RMON → Charts → P o rt Statistics in the navigation panel.
436 Monit oring Sw itch T ra ffic LAG Statist ics Use the LAG Statistics page to chart LA G -related statisti cs on a graph. T o display the page, click Statistics/RMON → Char ts → LA G Statistics in the navigation panel.
Monit oring S witch T raff ic 437 Port Mirro ring Use the P ort Mirroring page to create a mirrori ng session in which all traffic that is sent or r eceived (or both) on on e or mor e source ports is mirror ed to a destination port.
438 Monit oring Sw itch T ra ffic Figure 16-25. Add Sourc e Port 5 Click Apply . 6 Repeat the pre vious steps to add a dditional source po rts. 7 Click P ort M irr oring to retu rn to t he P ort M irr oring page. 8 Enabl e the admi nistrat ive mode a nd specify the des tination port.
Monit oring S witch T raff ic 439 Monitoring S witch T raffic (CL I) This section provides information ab out the commands you use to manage traffic monitoring features on the sw it ch and to view information ab out switch traffic.
440 Monit oring Sw itch T ra ffic sflow rcvr -index polling if_type i f_number poll- inter val Enable a new sFl ow poller instance on an interface range. • rcvr -inde x — The sFlow Rec eiver a ssociat ed with the polle r (Range: 1–8) . • if_ty pe if_ num ber — Th e list of inte rfaces to poll.
Monit oring S witch T raff ic 441 Configuri ng RMON Beginning in P rivileged EXEC mode, use the following commands to configure RMON alarms, collection history , and events. The table al so lists the commands you us e to view information collected by the RMON probe.
442 Monit oring Sw itch T ra ffic rmon alar m number va ria ble int erv al { absolute | de lta } ri sin g- threshold value [ event- number ] rising- threshold value [ event- number ] [ startup direction ] [ owner strin g ] Add an alarm entry • num ber — The ala rm index.
Monit oring S witch T raff ic 443 Viewi ng Statistics Use the following commands in Priv ileged EXEC mode to view sta tistics about the traffic handled by the s witch. rmon collecti on history index [ owner ownername ] [ buck ets bucket-num ber ] [ int erva l secon ds ] Enable an RMON MIB history statistics grou p on the interfac e.
444 Monit oring Sw itch T ra ffic Configuri ng Port Mirrori ng Use the following commands in Privileged EXEC mode to configure a port mirroring session.
Monit oring S witch T raff ic 445 Configuri ng RSP AN RSP AN is an e xtension of port mirrori ng t hat operates acro ss multiple switches. Use the following commands in P rivil eged EXEC mode to configure RSP AN. R emember to assign VLANs to phys ical interfaces (ste ps not shown).
446 Monit oring Sw itch T ra ffic Configuring RSP AN (T ransit Switch) Configuring RSP AN (Destination Switch) exit Exit to P rivileged EXEC mode. Command Pu rpose configure Enter Glo bal Co nfigur atio n mode . vlan vlan-id Create an RSP AN VLA N. remote-spa n Configur e the VLAN as a spanning VLA N.
Monit oring S witch T raff ic 447 T raffic Monitoring Co nfiguration Examples This section contains the following exa mples: • Configurin g sFlow • Configurin g RMON • Configu ring Remote C aptu.
448 Monit oring Sw itch T ra ffic Owner String...................... receiver1 Time out.......................... 99994 IP Address:....................... 192.168.30.34 Address Type...................... 1 Port.............................. 6343 Datagram Version.
Monit oring S witch T raff ic 449 Configuri ng RMON This e xample generate s a trap and cr eates a log e ntry when the numb er of inbound packets are undeliverable due to errors increases by 20 or more. F irst, an RMON event is created. Then, the alarm is created.
450 Monit oring Sw itch T ra ffic Configuri ng Remote Capture This e xample configures t he switch to mirror pack ets transmitted and receiv ed by the switch CP U to a W ire shark client.
Monit oring S witch T raff ic 451 5 On the Capture Options dialog, click Manage Inte rfaces ..
452 Monit oring Sw itch T ra ffic 6 Add a ne w interf ace by gi ving t he switch I P addr ess and the defau lt r emote port (20 02). F irst, se lect the Rem ote In te rf ace s tab an d click Add . 7 Enter the s witch IP addr ess and port ( 2002). Choose Null authentication (default).
Monit oring S witch T raff ic 453 8 Cli ck OK to accept th e entry . 9 On the Add new i nterfa ces dialog, click Apply and th en c lick Close ..
454 Monit oring Sw itch T ra ffic 10 F rom the Wir eshark:Capt ure Opt ions dialog, select the r emote switch and click Start . Remote Capture Caveats Remote capture over an in-ban d port captures the capture packets transmitted to th e W ireshark client.
Monit oring S witch T raff ic 455 Configuri ng RSP AN RSP AN supports th e transport o f mirror ed pack ets across the networ k to a remote s witch. P orts may be configur ed as source ports, intermediate ports, or destination ports. RSP A N So urce Switch This example m irrors in terfa ce gi1/0/ 3 to VLA N 723.
456 Monit oring Sw itch T ra ffic 4 Ena ble th e mon itor se ssion: console(config)#monitor session 1 mode RSP AN cannot use the CPU as a mirror source. Instead, configur e remote capture to view packets sent to or from the switch CPU. RSP AN T ransit Switch The following is an example of an RS P AN transit switch configuration.
Monit oring S witch T raff ic 457 console(config-if-Te1/0/1)#switchport mode trunk console(config-if-Te1/0/1)#switchport trunk allowed vlan 723 console(config-if-Te1/0/1)#exit 3 Con figure a mirror in.
458 Monit oring Sw itch T ra ffic.
Configu ring iSCSI Opt imizatio n 459 17 Configuring iSCSI Optimization NOTE: This feature is not availa ble on N2000 switches . This chapter describ es how to config ure I nternet Small Computer S ystem Interface (iSCSI ) optimization, which enab les special qual ity of service (QoS ) treatment for iSCSI tra ffic.
460 Config uring iSCS I Optimizati on What Does iSCSI Opt imization Do? In networks containing iS CSI initiators and t argets, iS CSI Optimization helps to monito r iSCSI sessions or give iSCSI traffic pr eferential Q oS treatment.
Configu ring iSCSI Opt imizatio n 461 On N4000 s witches, when th e iSCSI Co S mode is disabled, the DCBX iSCSI Application P riority TL V is not generate d by the switch.
462 Config uring iSCS I Optimizati on What Informat ion Does the Swit ch T rack in iSCSI T raffic Flo ws? P ackets ar e examined to find the following data, which is used in tracking the sessio n and .
Configu ring iSCSI Opt imizatio n 463 How Does iSCSI Optimi zation Inter act With Dell Eq ualLogic Arrays ? The iSCSI featur e includes auto-p rovisioning support w ith the ability to detect directly connected Dell EqualL ogic (EQL) SAN storage arr ays and automatically reconfigure the switch to enhance s torage traffic flows.
464 Config uring iSCS I Optimizati on How Does iSCSI Opti mization Inter act with DCBx? The Data Center Bridging Exchange (DCBx) compo nent supports the reception, decoding, and transmission of the Appl ication P riority TL V .
Configu ring iSCSI Opt imizatio n 465 "Configuring iSCSI Optimization Between Servers a nd a Disk Array" on page 473. iSCSI CoS and Pr iority Flow Contro l/Enhanced T ransmission Selecti on .
466 Config uring iSCS I Optimizati on Default iSCSI Optimization V a lues T able 1 7-1 shows the de fault value s for the iSCSI optimiz ation feature. T able 17 -1.
Configu ring iSCSI Opt imizatio n 467 Configuring iSCSI Optimization (W eb) This secti on provides information about the O penManage Switch Administrator page s to use to the iSCSI features on a Dell Netw orking N2000, N30 00, and N4000 series switche s.
468 Config uring iSCS I Optimizati on iSCSI T argets T able Use the Ta r g e t s T a b l e page to view and configur e iSCSI tar gets on the switch. T o access the Ta r g e t s Ta b l e page, c lick System → iSCSI → Ta r g e t s in the navigation panel.
Configu ring iSCSI Opt imizatio n 469 iSCSI Ses sions T able Use the Sessions T able page to view summary information about the iSCSI ses sions that t he sw itch h as dis cove red. An iSCSI sessi on oc curs when a n iSCSI initiat or and iSCSI tar get communicate over one or mor e TC P connections.
470 Config uring iSCS I Optimizati on iSCSI Sessi ons Detailed Use the Ses sions Deta iled page to view detailed i nformation about an iSCSI ses sions that t he swit ch ha s disc overed. T o access the Sessio ns De taile d page, cl ick System → iSCS I → Sessions Detailed in the navig ation panel.
Configu ring iSCSI Opt imizatio n 471 Configuring iSCSI Optimization (CLI) This section provides information about the commands you use to configure iSCSI setting s on the switch. F or more informat ion about the commands, see the Dell Ne tworking N2000, N300 0, and N4000 S eries Sw itches CLI Refe r ence G uide at support.
472 Config uring iSCS I Optimizati on iscsi cos { enabl e | disable | vtp vtp | ds cp dscp [ remark ] Optio nally se t the quali ty of se rvice profil e that wil l be applied to iSCS I flows. • enable —Enables application of preferential QoS treatment to iSCSI f rames.
Configu ring iSCSI Opt imizatio n 473 iSCSI Optimization Configuration Examples iSCSI opt imization is ena bled by default with t he appropriate s ettings to operate properly i s almost all configurat ions. However , you find it necessary to alter those setti ngs, the fo llowing proc edure illustr ates the co nfiguration steps requ ired.
474 Config uring iSCS I Optimizati on The following commands sho w how to configure the iSCSI example depi cted in F igure 17-6. Re member that iSCSI optimization is enabled by default. 1 Set the system MTU to 92 16 to enable t he use of jumbo fram es.
Configu ring iSCSI Opt imizatio n 475 consol e(conf ig-i f)# switch port m ode tr unk 4 Configure the DCBx port role as auto-downstream. This step automati cally e nables PFC and ETS on t he ports usi ng the confi gurati on received from the othe r switch.
476 Config uring iSCS I Optimizati on 5 Enter I nterface Configur ation mod e for CNA connect ed ports 1-4 and array connecte d ports 16-17. consol e(conf ig)# interf ace rang e te1/0/ 1-4,t e1/0/1 6-17 6 Enabl e VLAN tagging t o allow th e CNA connected por ts to carry 802.
Conf igurin g Port Ch arac teristic s 477 18 Configuring Port Characteristics This chapter describes how to configur e physical sw itch port characteristics , including settings such as administrative status and maximum frame sizeGreen Ethernet set tings.
478 Confi gurin g Port Charac teri stics Au to ne gotia tion Enabl es a p ort to advert ise it s tran smiss ion ra te, duplex mode an d flow contro l abilit ies to its partner .
Conf igurin g Port Ch arac teristic s 479 What is Link Depen dency? The link dependency fea ture provides the ability to enable or disable one or more po rts based on th e link state of one or more different po rts. W ith link dependency enabled o n a port, the link s tate of that port is dependent on the link state of another port.
480 Confi gurin g Port Charac teri stics Y ou can creat e a maximum of 72 dependency groups16 groups. The ports participating in the Link Dependency can be across all the Sta ck Units (Man age r/Memb er un it). Link Action The link action specifies the action that the group memb ers will tak e when the dependent port is down.
Conf igurin g Port Ch arac teristic s 481 What Inte rface T ypes are Supported? The physical ports on the switch include the out-of -band (OOB) interface (N3000 and N40 00 only) a nd Ethernet switch ports. The OOB interface supports a limited set of featur es and is for switch mana gement only .
482 Confi gurin g Port Charac teri stics T o enter Interface Configuration mode for a ph ysical switch port, the following information is r equired: • T ype — F or physica l switch ports, the type.
Conf igurin g Port Ch arac teristic s 483 F or many features, you can configur e a range of interfaces. When you enter Interface Configuration mode for multiple interfaces, the commands you ex ecute apply to all interfaces specified in t he range.
484 Confi gurin g Port Charac teri stics NOTE: Cable diagno stics may give misle ading resu lts if gr een mode is e nabled on the po rt. Disa ble gre en mode prio r to runn ing any cab le diag nostic s.
Conf igurin g Port Ch arac teristic s 485 Default Port V alues T able 18-3 T able 18-4 lis ts the defaul t values for the port characteri stics th at this c hapter de scribe s.
486 Confi gurin g Port Charac teri stics Configuring Port Ch aracteristics (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring p ort characteristics on a Dell Networ king N2000, N3000, and N400 0 series switches.
Conf igurin g Port Ch arac teristic s 487 Configuring Multiple Ports T o configure port settings on multiple port s: 1 Open the P ort Configurat ion page. 2 Cli ck Show All to displa y the P ort Configuration T able page. 3 In the Po r t s list, select the check box in t he Edit column for th e port to configure.
488 Confi gurin g Port Charac teri stics Figure 1 8-3. Copy Port Se ttings 8 Click Apply ..
Conf igurin g Port Ch arac teristic s 489 Link Dependenc y Configurat ion Use the Link Dep endency Configurat ion page to create link dep endency groups. Y ou can cr eate a maximum of 16 dependency groups. The page displays the gro ups whether they have b een configured or not.
490 Confi gurin g Port Charac teri stics In the foll owing example, Group 1 is configured so tha t P ort 3 is depend ent on P ort 4. Figur e 18-5. Link D ependen cy Grou p Configu ration 6 Click Apply . The Link D ependency settings for the group are mod ified, and the dev ice is upd ated.
Conf igurin g Port Ch arac teristic s 491 Link Dependenc y Summary Use the Link Dependency S ummary page to view all link dependencies on the system and t o acce ss the Link Dependency Configuration page. Y ou can create a ma ximum of 16 dependency groups.
492 Confi gurin g Port Charac teri stics Port Green Et hernet Configur ation Use the Green Et hernet Configur ation page to enable or disable energy- saving modes on each port. To d i s p l a y t h e Gree n Ethernet Co nfiguratio n page, click System → Green Ethernet → Green E therne t Configur ation in the navigation panel.
Conf igurin g Port Ch arac teristic s 493 Port Green Et hernet Stat istics Use the Gree n Ethernet Stat istics page to view info rmation ab out per -port ene rgy sav ings. To d i s p l a y t h e Green Ethern et Statistics page, click System → Green Ethernet → Green Eth ernet Statistics in th e navigation pa nel.
494 Confi gurin g Port Charac teri stics T o view a summary of ener gy savings fo r the switch and al l ports, click Summary . Figure 18-9. Green Ethernet Statistic s Summary T o view a ch art that show s the estim ated per-port energy savings, cl ick Chart .
Conf igurin g Port Ch arac teristic s 495 Port Green Et hernet LPI His tory Use the Gree n Ethernet LPI History page to view da ta about the amount of time the swit ch has spent in lo w-power idle (LP I) mode.
496 Confi gurin g Port Charac teri stics Configuring Port Ch aracteristics (CLI) This section provides information about the commands you use to configure port characteristics. F or more information about the commands, see t he Dell Networki ng N2000, N30 00, and N4000 Se ries Switches CLI Reference Guide at support.
Conf igurin g Port Ch arac teristic s 497 Configuri ng Link Dependen cies Beginning in P rivileged EXEC mode, use the following commands to configure ports that are dependent on the state of other ports.
498 Confi gurin g Port Charac teri stics Configuri ng Green Featu res Beginning in P rivileged EXEC mode, use the following commands to configure and monitor energy-saving features for the ports and the switch. link-depend ency group group_id Ente r the link-depe ndency mode to configure a li nk- dependen cy group.
Conf igurin g Port Ch arac teristic s 499 interface inte rface Ent er inte rface co nfigur ation mode for the speci fied interfac e. The inte rface vari able i nclud es the interf ace typ e and number , for example gigabite thernet 1/ 0/3 .
500 Confi gurin g Port Charac teri stics Port Configur ation Exampl es This section contains the following e xamples: • Configurin g P ort Se ttings • Confi guring a Link Dep endency Group s Confi.
Conf igurin g Port Ch arac teristic s 501 Configuri ng a Link Dependen cy Groups The commands in this e xample cr eate two link dependency groups. Group 1 has port 3 as a member p ort that is de pendent o n port 4. The gr oup uses t he d e f a u l t l i n k a c ti o n , wh i c h i s d o wn .
502 Confi gurin g Port Charac teri stics.
Conf iguring Port and S ystem Sec urity 503 19 Configuring Port and System Security This chapter de scribes how to configure p ort-based a nd system security features, which c ontrol access to the network through the switch ports, and the denial of service (DoS) feature.
504 Conf iguring Port and Sys tem Secur ity IEEE 802. 1X What is IEEE 802.1X? The IEEE 802.1X standar d provides a means of prev enting unautho rized access by supplicants (clie nts) to the s erv ices the switch offers, such as access to the LAN. The 802.
Conf iguring Port and S ystem Sec urity 505 authenti cation server ( a RA DIUS server). The r esult of the authentica tion process determines whether the supplicant is authorized to access servic es on that c ontro lled po rt.
506 Conf iguring Port and Sys tem Secur ity What is MAC-Based 802.1X Authentication? MAC-based auth entication a llows multi ple supplicant s connected to the same port t o each authenticate individually . F or exampl e, a 5-port hub might be connected to a single port on the switch.
Conf iguring Port and S ystem Sec urity 507 What is the Ro le of 802.1X in VLAN Assignment? Dell Networking seri es switches allow a port to be plac ed into a particula r VLAN bas ed on the result of the aut hentication or ty pe of 802.1X authenti cation a client u ses when i t accesses the sw itch.
508 Conf iguring Port and Sys tem Secur ity • T unnel-Med ium- T ype=802 • T unnel-P riv ate-Group -ID=VLANID VLANID is 12-bits a nd has a value be tween 1 a nd 4093.
Conf iguring Port and S ystem Sec urity 509 authentica tion server . If the cr edenti als are verified, the authenti cation server informs the sw itch to unblock the switch port and a llows the client unrestricted access to the network; i.e., the client is a member of an internal VLAN.
510 Conf iguring Port and Sys tem Secur ity Invalid F ilter -id P ort State: Deny P ort State: P ermit VLAN: Def ault PVI D of the port Bad R ADIUS pa ck et P ort State: Deny P ort State: P ermit VLAN.
Conf iguring Port and S ystem Sec urity 511 How Does the Authentication Server Assign DiffServ Filters? The Dell Networking series switches allow the external 802.1X Authenticator or RA DI U S se r ve r t o as s ig n Di f fS e rv p ol i ci e s t o u s er s th a t a u th e nt ic a t e t o th e switch.
512 Conf iguring Port and Sys tem Secur ity Configuring IEEE 802.1X (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring the IEEE 802.1X featur es and P ort Security on a Dell Net working N2000, N3000, and N4000 T able 19 -2.
Conf iguring Port and S ystem Sec urity 513 series sw itches. F or details about the fi elds on a page , click at the top of the p age. Dot1x A uthentica tion Use the Dot1 x Authentication page to conf igure the 802.1 X adminis trative mode on the switch and to configure general 802.
514 Conf iguring Port and Sys tem Secur ity 2 Click Show A ll to dis play th e Dot1 x A uth entic ati on Ta b l e page. 3 In the P orts list, select the check box in the Edit column for th e port to configure. 4 Select the desi red set tings to ch ange for al l ports t hat ar e selec ted for editing.
Conf iguring Port and S ystem Sec urity 515 5 T o re-a uthent icate immedia tely , check R eauthenticate Now for all p orts to be r e-authen ticate d. 6 Cli ck Apply . The authentication process is restarted on the specified ports (either immediat ely or pe riodical ly).
516 Conf iguring Port and Sys tem Secur ity Figure 19-4. Netwo rk Secu rity Authen ticated Users Port Access Co ntro l Confi gurati on Use the P ort Access Co ntrol Configurat ion pa g e t o g l ob a ll y en a bl e o r d i sa b le R ADIUS-assigned VLANs and to enable Monitor Mode to help troubleshoot 802.
Conf iguring Port and S ystem Sec urity 517 Port Access C ontrol History Lo g Summary Use the P o rt Access Control Histo ry Log Summ ary page to v iew log messages about 802 .1X client authentica tion attemp ts. The infor mation on this page can help you troubleshoot 802.
518 Conf iguring Port and Sys tem Secur ity Figure 19-7. Internal Authentica tion Serve r Users C onfiguratio n To a d d I A S u s e r s : 1 Open the Internal A uthent ication Ser ver Users Conf iguration page. 2 Click Add to displa y the Internal A uthentication Se r ver Users Add page.
Conf iguring Port and S ystem Sec urity 519 2 F rom the User menu , select the user to remove, select the user t o remove. 3 Sele ct the Rem ov e check box .
520 Conf iguring Port and Sys tem Secur ity Configuring IEEE 802.1X (CLI) This section provides information about commands you use to configur e 802.1X a nd P ort Security settings . F or additional information ab out the commands in this sect ion, see the Dell Networking N20 00, N3000, and N4000 Se ries Switches CLI Refer ence Guide at support.
Conf iguring Port and S ystem Sec urity 521 dot1x port-control { force-auth orized | for ce-un auth oriz ed | auto | ma c-based } Specify th e 802.1X mode for the port . NOTE: For s tanda rd 80 2.1X impleme ntation s in w hich one client is connec ted to o ne port , use the dot1x port- control auto co mmand to ena ble 802.
522 Conf iguring Port and Sys tem Secur ity Configu ring Additio nal 802.1X Int erface Setting s Beginning in P rivileged EXEC mode, use the following commands to configure 802.1X inte rface settings such as the reauthenticati on period and switch-to-cl ient retra nsmission time.
Conf iguring Port and S ystem Sec urity 523 Configuri ng 802.1X Se ttings for RADIUS-A ssigned VLANs Beginning in P rivileged EXEC mode, use the following commands to configure 80 2.
524 Conf iguring Port and Sys tem Secur ity dot1x d ynamic- vlan enable If the RADIUS ass igned VLA N does no t exist on the switch, allow the sw itch to dy namically create the assigned VLAN . interface inte rface Enter interf ace con figura tio n mode for th e speci fied inter face.
Conf iguring Port and S ystem Sec urity 525 Configuring Internal A uthentication Server Users Beginning in P rivileged EXEC mode, use the following commands to add users to the IAS databa se and to use the database f or 802.1X a uthentica tion. IEEE 802.
526 Conf iguring Port and Sys tem Secur ity The sw itch us es an authe nticat ion server with an IP address of 10.10.1 0.10 to authenticate clients. P o rt 7 is connect ed to a printer in the uns ecured ar ea. The printer is an 802.1X unaware c lient , so P ort 7 is configured t o use MAC- based authe ntication wi th MAB.
Conf iguring Port and S ystem Sec urity 527 Figure 19 -10. 802. 1X Exampl e The following example shows how to configure the e xample shown in Fi g u r e 1 9 - 1 0 . 1 Configure the RADIUS server IP address and shar ed secret ( secret ). console# configure console(config)# radius-server host 10.
528 Conf iguring Port and Sys tem Secur ity console(config-if)# dot1x port-control force- authorized console(config-if)# exit 4 Configur e P ort 7 to re quir e MA C-based au thentica tion w ith MAB.
Conf iguring Port and S ystem Sec urity 529 Filter Id...................................... VLAN Assigned.................................. 1 (Default) Interface...................................... Gi1/0/3 User Name..................................
530 Conf iguring Port and Sys tem Secur ity 10 View 802.1X information ab out P ort 8. console# show dot1x interface Gi1/0/8 Administrative Mode.......
Conf iguring Port and S ystem Sec urity 531 The commands in this e xample show how to configure the switch to control VLAN assign ment for the e xample ne twork.
532 Conf iguring Port and Sys tem Secur ity T o configure the switch: 1 Create the VLANs and configure the VLAN names. console(config)# vlan 100 console(config-vlan100)# name Authorized console(config.
Conf iguring Port and S ystem Sec urity 533 8 Enabl e peri odic r eauthen ti cation of th e client on the ports and s et the num ber of s econd s to wa it betw een reau thentic ation a ttemp ts to 30 0 seconds. Reauth entication is enabled to incr ease security .
534 Conf iguring Port and Sys tem Secur ity Allowin g Dynamic VLAN Creatio n of RADIUS-A ssigned VLANs The network in this example uses a RADIUS server to provide VLA N assignments to host that connect to the swit ch. In this e xample, the V LANs are not configured on the sw itch.
Conf iguring Port and S ystem Sec urity 535 5 Allo w the switc h to dynami cally cr eate VLAN s when a R A DIU S-assign ed VLAN does not exis t on the switch. console(config)# dot1x dynamic-vlan enable 6 Enter inte rface configuration m ode for the do wnlink ports.
536 Conf iguring Port and Sys tem Secur ity • The RADI US or 8 02.1X server must specify the policy to assign. F o r e xample, if the DiffS erv policy to assign is named intern et_access, include th e following attribute in the RADIUS or 802.
Conf iguring Port and S ystem Sec urity 537 T o configure the switch: 1 Configu re the DiffServ tr affic cl ass th at ma tches SS H traffic. console# configure console(config)# class-map match-all cl-.
538 Conf iguring Port and Sys tem Secur ity console(config)# aaa authentication dot1x default radius 8 Enter Interface Con figuration mode for ports 1–23 and en able MAC- bas ed authe ntica tion. console(config)# interface range Gi1/0/1-23 console(config-if)# dot1x port-control mac-based 9 Set the ports to an 802.
Conf iguring Port and S ystem Sec urity 539 Port Secu rity ( Port-MAC Locking) The P ort Security feature allows you to limit the number of source MAC addres ses that can be learned on a port. If a port reache s the configured limit , any other addr esses be yond that limit ar e not learned and the fram es are discarded.
540 Conf iguring Port and Sys tem Secur ity Port Securi ty Use the P ort Security page to enab le MA C locking on a per -port basis. Wh en a port is locked, y ou can limit the number of source MAC a ddresses that ar e allowed to t ransmit traf fic on the port.
Conf iguring Port and S ystem Sec urity 541 Figure 19-12 . Configure Port Secu rity Settings 5 Cli ck Apply ..
542 Conf iguring Port and Sys tem Secur ity Configuring Port Secur ity (CLI) Beginning in P rivileged EXEC mode, use the following commands to enable port secu rity on an inter face to limi t the number of source MAC addresses that can be learned. 19 Command Pu rpose configure Enter Glo bal Co nfigur atio n mode .
Conf iguring Port and S ystem Sec urity 543 Captive Portal This section describes how to configur e the Captive P ortal featur e. The topics covere d in this section include: • C aptive P ortal Ove .
544 Conf iguring Port and Sys tem Secur ity Figur e 19-13. Conn ecting to the Capt ive Port al The Captive P ortal feature blocks hosts connected to the switch from accessing the network until user verifi cation has been established. Y ou can configure Captive P ortal verification to allow access for both guest and authen tica ted use rs.
Conf iguring Port and S ystem Sec urity 545 Y ou can configure the switch to send SNMP trap messages to any enabled SNMP T rap Receivers for several Ca ptive P ortal events, such as when a Captive P o rtal user has an authentication failure or when a Captive P ortal user successfully connects to the network.
546 Conf iguring Port and Sys tem Secur ity Figure 19-14. Cus tomized C aptive Portal Welc ome Sc reen How Do es Captive Po rtal Work? When a port is enab led for Captive P ortal, all the traffic coming onto the port from the unverified clients are dropped e xcept for the ARP , DHCP , DNS and NETBIOS packets.
Conf iguring Port and S ystem Sec urity 547 • Logout P age — If the user lo gout mode is enabled, this page displays in a pop-up wi ndow after t he user succe ssfully authentica tes.
548 Conf iguring Port and Sys tem Secur ity Default Capt ive Portal Behav ior and Settings Captive P ortal is disable d by default. If you enable Captive P ortal, no interfaces are associated with the default Ca ptive P ortal.
Conf iguring Port and S ystem Sec urity 549 Authentica tion Timeout 30 0 seconds Configured Capt ive P ort als 1 Captive P ort al Name Default P rotocol Mode HTTP Ve r i f i c a t i o n M o d e G u e .
550 Conf iguring Port and Sys tem Secur ity Configuri ng the Captiv e Portal (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring Captive P ortal settings on a Del l Networki ng N2000, N300 0, and N40 00 series swit ches.
Conf iguring Port and S ystem Sec urity 551 To d i s p l a y t h e Captiv e P ortal Configuration pa ge, click System → Captive Po r t a l → Co nfigu ratio n. Figure 1 9-17. Captive Portal Configura tion Fr o m t h e Captive P ortal Configuration page, cli ck Add to create a new Captive P ortal instance.
552 Conf iguring Port and Sys tem Secur ity Fr o m t h e Captive P or tal Configuration page, click Summary to vie w summary information about th e Captive P ortal instances configur e d on the switch.
Conf iguring Port and S ystem Sec urity 553 Figure 19-20. Captiv e Portal Downlo ad Imag e Page 3 Make sure Downl oad is selected in the A vailable Im ages menu, and c lick Browse . 4 Browse to the d ir ectory wh er e the ima ge to be downloa ded is located and select the image.
554 Conf iguring Port and Sys tem Secur ity Figur e 19-21. Capti ve Portal Authent icatio n Page 7 Select the bran ding imag e to use and cus tomize ot her page c omponents such as th e font f or all text the p age di splay s, the p age t itle, an d the acceptan ce use poli cy .
Conf iguring Port and S ystem Sec urity 555 9 Cli ck t he Logou t P age link to con figure the p age tha t conta ins th e logout windo w . Figure 19 -22. Ca ptive Port al Logo ut Page 10 Customize the look and feel of the L ogout P age, such as the page title and logout instructions .
556 Conf iguring Port and Sys tem Secur ity 13 Customize the look an d feel of the L ogout P age, such as the background image and successfu l logout message. 14 Click Apply to s ave the settin gs to t he runnin g configur ation or cl ick Pr e v i e w to view w hat the user will see.
Conf iguring Port and S ystem Sec urity 557 Figure 19-24. Local U ser Configurati on Fr o m t h e Local Use r pa ge, click Add to add a ne w user to the loca l databas e.
558 Conf iguring Port and Sys tem Secur ity Fr o m t h e Local Us er pag e, click Show A ll to view summary informat ion about the local users configur ed in the local databas e. Figure 19 -26. Captive P ortal Local User Summar y T o delete a configured us er from the database, select the Remove check box associated with the user and click Apply .
Conf iguring Port and S ystem Sec urity 559 User Group Y ou can assi gn Local Users to User Groups that you create. If t he V erification Mode is Local or R ADIUS, you assign a Us er Group to a Captive P ortal Configuration. All users who belong to the group ar e permitted to access the network throug h this portal.
560 Conf iguring Port and Sys tem Secur ity Figure 19-27. User Group Fr o m t h e User Gro up page, click Add to configure a new user group. Figure 19 -28. Add User G roup Fr o m t h e User Gro up page, click Show All to view summary information about the user groups configured on the switch.
Conf iguring Port and S ystem Sec urity 561 T o delete a configured group, s elect the Remove check box associated with the gro up and click Apply . Interface Association Fr o m t h e In terface Association page, you can associate a configured cap tive portal with specific inte rfaces.
562 Conf iguring Port and Sys tem Secur ity Capti ve Po rtal G lobal Statu s The Captive P ortal Global Stat us page contains a variety of information about the Captiv e P ortal feature. F r om the Captive P ortal Global Stat us pag e, you can ac cess info rmat ion about the C apti ve P ort al acti vity and interfaces.
Conf iguring Port and S ystem Sec urity 563 Figure 19-32. Captive Portal Ac tivation a nd Activit y Status Interface Activation Status The Inte rface Activation Sta tus page shows information for every interface assigned to a captiv e portal instance.
564 Conf iguring Port and Sys tem Secur ity Figure 19-33. Interface Ac tivation S tatus Interface Capability Status The Inte rface Capa bility Status page cont ains info rmat ion abou t int erf aces that can hav e CP s as sociated with t hem. The page al so contains s tatus information for various capab ilities.
Conf iguring Port and S ystem Sec urity 565 Clie nt Summ ary Use the Cli ent Summary page to vie w sum mary infor mati on ab out al l authenticated clients that are connected through the captive p ortal. F rom this page, you can manually force the captive portal to disconnect one or more aut henticated clients.
566 Conf iguring Port and Sys tem Secur ity Figure 19-36. Clien t Detail Captive Portal Interface Client Status Use the Inte rface C lie nt Statu s page to view cl ients that ar e authenti cated to a specific int erface.
Conf iguring Port and S ystem Sec urity 567 Figure 1 9-38. Captive Po rtal - Client Statu s.
568 Conf iguring Port and Sys tem Secur ity Configuri ng Captive Porta l (CLI) This section provides information about the commands you use to cr eate and conf igure C aptiv e P o rtal se ttin gs. F or more inf ormat ion about t he commands, see the Dell Netw orking N2000, N3 000, and N4000 Series Switches CLI Refer ence Guide at support.
Conf iguring Port and S ystem Sec urity 569 Creati ng an d Confi gurin g a Capt ive Po rtal Beginning in P rivileged EX EC mode, us e the f ollowing co mmands to c reate a Captive P o rtal instance and configur e its setti ngs. CTRL + Z Exit to Privileg ed EXEC mode.
570 Conf iguring Port and Sys tem Secur ity user -logout (Optional) Ena ble user logout mode to allow an auth enticated client to deauthen ticate fro m the netw ork.
Conf iguring Port and S ystem Sec urity 571 Confi guring Captiv e Port al Grou ps and U sers Beginning in P rivileged EX EC mode, us e the f ollowing co mmands to c reate a Captive P ortal group. Y ou can use the default group, or you can create a new group.
572 Conf iguring Port and Sys tem Secur ity user group g roup-id [ name name ] Configure a group. Each Captive P ortal that requir es authentication has a group associated with it. Only the users who are members of that group can be auth enticate d if the y con nect to the C aptiv e P ortal.
Conf iguring Port and S ystem Sec urity 573 Managi ng Captiv e Portal Cli ents The commands in this section are all ex e cuted in Privileged EXEC mode.
574 Conf iguring Port and Sys tem Secur ity Captive Por tal Configurat ion Example The manager of a resort and conference center needs to provide wired Internet access to each guest room at the r esort and in each conference room. Due to legal reasons, visitors and guests must agree to the resort’s acceptable use policy to gain network access.
Conf iguring Port and S ystem Sec urity 575 4. Configure the Captive P ortal settings for each Captive P ortal , such as the verification m ode. 5. Associate interfaces with the C aptive P o rtal instances. 6. Download the brand ing images, such as the company logo , to the swi tch.
576 Conf iguring Port and Sys tem Secur ity console(config)# captive-portal console(config-CP)# user group 2 name Conference console(config-CP)# user group 3 name Employee console(config-CP)# exit 3.
Conf iguring Port and S ystem Sec urity 577 6. Use the web in terface to customize the Captive P ortal pages that are presented to users when they attem pt to connect to the network.
578 Conf iguring Port and Sys tem Secur ity Authentica tion Manager Overview The Authenticat ion Manager su pports th e hierarchical configuration of host authen tica tion metho ds on an inte rface. Del l swit ches sup port th e follo wing host auth entication met hods: • IEE E 802.
Conf iguring Port and S ystem Sec urity 579 When a client is con nected to a p ort, the sw itch tri es to authent icate the user/client using the methods in configuration order . If any authentication method time s out (an error) , then the next authentication method is tried.
580 Conf iguring Port and Sys tem Secur ity A uthenti catio n priori ty allow s a hig her -priority m ethod (n ot cur rent ly running) to interrupt an authentication in progress with a lower -p riority met hod.
Conf iguring Port and S ystem Sec urity 581 console(config-if-Te1/0/4)#dot1x reauthentication console(config-if-Te1/0/4)#dot1x port-control mac-based console(config-if-Te1/0/4)#dot1x mac-auth-bypass c.
582 Conf iguring Port and Sys tem Secur ity Denial of Service Denial of Service (DoS) refers to the exploitation of a variety of vul nerab ilit ies w hich w ould inter rupt th e ser vice of a hos t or ma ke a netw ork unst able. Use th e Denial of Service page t o configure settings to help prevent DoS att acks.
Configu ring Ac cess Con trol List s 583 20 Configuring Access Contro l Lists This chapter describ es how to conf igure Acce ss Cont rol List s (ACLs), including IPv4, IP v6, and MAC A CLs. Th is chapter also describes how to configure time ranges that can be applied to any of the A CL types.
584 Confi guring A ccess Con trol List s Depending on whether an ingres s or egr ess A CL is a pplied to a port, when the traffic enters (ingress) or leaves (egress) a port, the ACL compares the criteria configured in its rules, in list or der , to the fields in a packet or frame to check for matching conditions.
Configu ring Ac cess Con trol List s 585 MAC access list action s include CoS queue assignment, mirro ring, redir ection to another port, and logging, as well as the usual pe rmit and deny actions. What Are IP ACLs ? IP ACL s classify for Layers 3 and 4 on IPv4 or IPv 6 traffic.
586 Confi guring A ccess Con trol List s delivere d to the mirror interface while th e packet itself is forwar ded normally through the device. Y ou cannot configure a given ACL rule with both mirror and re direct attributes.
Configu ring Ac cess Con trol List s 587 A named time range can contain up to 10 configur ed time ranges. Only one absolute time range can be configured per time range. During the ACL configuration, you can as sociate a configured time range with the ACL to provide additional control over permitting or denying a user access t o network reso urce s.
588 Confi guring A ccess Con trol List s on less than 32 b its will be e xpanded in tern ally to matc h on 32 bits with a variable mask. This allows other A CLs using the same offset to utilize the same slice w ith potential ly differ ent masks a nd match values.
Configu ring Ac cess Con trol List s 589 Please no te the follo wing additiona l limitations o n ingr ess and egr ess A CLs: • Y ou can configure mirror or redir ect att ributes for a given ACL r ule, but not b oth.
590 Confi guring A ccess Con trol List s • The order of the rul es is important: wh en a packet matches mult iple rules, the first rule takes precedence. Once a packet has matched a rule, the corresp onding action is taken and no furt her at tempt s to m atch the packet ar e made.
Configu ring Ac cess Con trol List s 591 ACL Configuration D etails How Are ACLs Configu red? T o con figu r e AC Ls, f oll ow t hese step s: 1 Create a M A C ACL by specifying a name. 2 Create an IP ACL by specifying a number . 3 Add new rul es to the A CL.
592 Confi guring A ccess Con trol List s In general, any rule that specifies matching on an upper- layer protocol field should also include matching constraint s for as many of the lower -layer as where possible.
Configu ring Ac cess Con trol List s 593 Using IP and MAC Add ress Masks Mask s are use d wit h IP an d MAC addres ses to speci fy what shoul d be considered in the address for a match. Masks ar e expanded internally into a bit mask and are applied bit -wise in the hardwar e even th ough they are entered in decimal or hexadecimal form at.
594 Confi guring A ccess Con trol List s Policy Based Routing Overview In contemporary inter-networks, network administrators often need to implement packet routing accor ding to specific organizational polici es. P olicy Based Routing (PBR) exact ly fits this purpose.
Configu ring Ac cess Con trol List s 595 based routing. If the network administrator instead wants to drop a packet that does not ma tch the specified criteria, a set stat ement must be configured to route the packet to interfac e null0 as the last entry in the rou te-map.
596 Confi guring A ccess Con trol List s • List of default next ho p IP addresses — The set ip default n ext-hop command che cks the list of destination IP addresses in the routing table and, if t.
Configu ring Ac cess Con trol List s 597 Reso urce-Sh aring Bet ween ACL s and PBR ACLs ass ociated with a route-map and general AC Ls share the same har dwar e resources. If PBR consumes the maximum number of HW resources on an interface or system-wide, general purpose ACLs cannot be configur ed and vice versa.
598 Confi guring A ccess Con trol List s interface. Chang es to an ex isting route-map associated wi th an interfa ce (or to the ass ociated ACL s) do not tak e effe ct unti l the route- map is r eapplie d to the i nterface . ACL Reso urce Shar ing An ACL rule contains match and action attri butes.
Configu ring Ac cess Con trol List s 599 Configuring ACLs (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring A CLs on a Dell Networki ng N2000, N 3000, and N400 0 series sw itches.
600 Confi guring A ccess Con trol List s Figure 20-2. Add IP ACL 4 Click Apply . Removing IPv4 ACLs T o delete an IPv4 ACL : 1 Fr o m t h e IP ACL Name menu on the IP ACL Con figu ratio n page, select the A C L t o r emove. 2 Sele ct the Rem ov e checkbox.
Configu ring Ac cess Con trol List s 601 IP ACL Rule Confi guration Use the IP A CL Rul e Config uration page to define rules for IP -based ACLs. The access list definition includes rule s that specify whether tr affic matching the criteria is forwar ded normally or discar ded.
602 Confi guring A ccess Con trol List s Figure 20 -4. IP A CL - Rule Configuration Remo ving an IP ACL Rule T o delete an IP A CL rule: 1 Fr o m t h e Rul e ID me nu, select the ID o f the rule to delet e. 2 Sele ct the Rem ov e option n ear the bot tom of th e page.
Configu ring Ac cess Con trol List s 603 MAC ACL Configuratio n Use the MAC A CL Configuration page to define a MA C-based AC L. To d i s p l a y t h e MA C ACL Con figuration page, click Swit chi ng → Network Security → Access Control Lists → MAC Access Control Lists → Configuratio n in the navigation panel.
604 Confi guring A ccess Con trol List s Renaming or Removing MAC ACLs T o r ename or delete a MAC A CL: 1 Fr o m t h e MA C AC L Name menu o n the MAC A CL Configurat ion page, select the ACL to rename or remove. 2 T o re n a m e t he A CL , s e le c t th e Re na m e checkbox and enter a new n ame in the associated field.
Configu ring Ac cess Con trol List s 605 MAC ACL Rule Configur ation Use the MAC A CL Rule Confi guration p age to define rules for MAC-bas ed ACLs. The access list definit ion includes rules t hat specify wh ether traffic matching the criteria is forwar ded normally or discar ded.
606 Confi guring A ccess Con trol List s IPv6 ACL Con figuration Use the IPv6 ACL Co nfiguratio n page to add or r emove IP -based A CLs. T o display the IP A CL Configuration page, click Switching → Network Se curity → Access Control Lists → IPv6 Access Control Lists → IPv6 A CL Configur ation in the navi gation panel.
Configu ring Ac cess Con trol List s 607 Removing IPv6 ACLs T o delet e an IP v6 ACL : 1 Fr o m t h e IPv6 A CL Nam e menu on the IPv6 A CL Configurat ion page, select the A CL to r emove. 2 Sele ct the Rem ov e checkbox. 3 Cli ck Apply . Viewing IPv6 ACLs T o view configured A CLs, click Show All from the IPv6 ACL Con figura tion page.
608 Confi guring A ccess Con trol List s Figure 20-10. IPv6 ACL - Rule Con figuration Removing an IPv6 ACL Rule T o delete an IPv6 ACL rule: 1 Fr o m t h e Rul e ID me nu, select the ID o f the rule to delet e. 2 Sele ct the Rem ov e option n ear the bot tom of th e page.
Configu ring Ac cess Con trol List s 609 ACL Binding Conf igurati on When an A CL is bound to an interface , all the rules that have been defined are applied to the selected interface . Use the A CL Bi nding Conf igur ation page to as sign ACL lists to ACL P r iorities and Interfaces .
610 Confi guring A ccess Con trol List s T ime Range Entry Confi guration Use the T ime Range E ntry Configur ation page to define time ranges to associat e with A CL rules. To d i s p l a y t h e T ime Rang e Entry Config uratio n page, click System → Ti m e Synch ron izatio n → T ime Range Config uration in the navi gation panel .
Configu ring Ac cess Con trol List s 611 Figure 20-13. Add a Time Range 3 Cli ck Apply . 4 Cli ck Configuration to r eturn to th e T ime Ran ge Entry Co nfigur ation page. 5 In the Ti m e R a n g e N a m e field, select the name of the tim e range to configure.
612 Confi guring A ccess Con trol List s Configuring ACLs (CLI) This section provides information about the commands you use to cr eate and configure A CLs. F or more information about the commands, see the Dell Networki ng N2000, N30 00, and N4000 Se ries Switches CLI Reference Guide at support.
Configu ring Ac cess Con trol List s 613 { deny | permit } { every | {{ ipv4-protocol | 0-255 | ever y } { srcip srcm ask | any | host srcip } [{ range { portkey | startpo rt } { portkey | endpor t } .
614 Confi guring A ccess Con trol List s contin ued – Whe n “eq” is sp ecified, I P A CL rule matche s only if the lay er 4 po rt num ber is equal to the spe cified port num ber or p ort key .
Configu ring Ac cess Con trol List s 615 continue d • flag [+fin | -fin] [ +syn | -syn] [ +rst | - rst] [+ psh | - psh] [+ack | -ack] [+u rg | -ur g] [establ ished] — Specif ies th at the IP/ TC P/U DP A CL rule matc hes on the TCP f l a gs .
616 Confi guring A ccess Con trol List s contin ued •i g m p - t y p e igmp-t ype — Whe n igmp -type is spec ified, IP ACL rule matche s on th e specifi ed IGMP messa ge type (i. e., a numbe r from 0 to 25 5). • frag ments— Sp ecifies th e rule mat ches pa cke ts that ar e non- initial fr agm ents (fra gme nt bit as serted ).
Configu ring Ac cess Con trol List s 617 interface interfa ce (Optional ) Enter interface confi guration mode for the specified interfac e. The inter face variabl e includ es the interface type and number , for example tengig abitethernet 1/0/3 .
618 Confi guring A ccess Con trol List s Configuri ng a MAC ACL Beginning in P rivileged EXEC mode, use the following commands to create an MAC A CL, configure rules for the A CL, and bind the ACL to an interfa ce. Command Pu rpose configure Enter global configuration mode.
Configu ring Ac cess Con trol List s 619 continue d – Wh en “gt” is specified , IPv6 A CL rule matche s if the layer 4 dest ination port number i s greater than the specif ied por t number or portkey . It is equival ent to specify ing the r ange as <spe cified por t number + 1> to 65535 .
620 Confi guring A ccess Con trol List s contin ued – This option is visible only if the protocol is tcp. – Ack – Acknowled gement bit – Fi n – F inished bit – Ps h – push bit – Rst .
Configu ring Ac cess Con trol List s 621 continue d • rout ing—Spe cifies that IP A CL rule m atches on routed packets. Routed packets cont ain an IP v6 “routi ng” extension he ader .
622 Confi guring A ccess Con trol List s mac access-group name direction s eqnum Bind th e spe cified MA C A CL to a n inte rface. NOTE: T o ap ply this A CL to all i nterfa ces, issu e the com mand in G lobal Config uration mode. • nam e — Ac cess list nam e.
Configu ring Ac cess Con trol List s 623 Configuri ng an IPv6 ACL Beginning in P rivileged EXEC mode, use the following commands to create an IPv6 ACL, confi gur e rules for the ACL, and bind the ACL to an i nterface. Command Pu rpose configure Enter global configuration mode.
624 Confi guring A ccess Con trol List s { den y | perm it } { ipv6- protocol | number | every } { source-ipv6- pr efix/ pr efix- leng th | any | host source- ipv6- addr ess } [{ range { portkey | sta.
Configu ring Ac cess Con trol List s 625 (Conti nued) • desti nation ipv6 p ref ix — IPv6 pr efix in IPv 6 global addr ess form at. • flow label value — The value to match in th e Flow Label field of the IP v6 head er (Range 0 –1048575) .
626 Confi guring A ccess Con trol List s Configuri ng a T ime Range Beginning in P rivileged EXEC mode , us e the foll owing comm ands to create a time range and configure time-based entries for the time ran ge. CTRL + Z Exit to Privil eged EXEC mod e.
Configu ring Ac cess Con trol List s 627 periodic { days- of -the- week ti me } to {[ days- of - the-wee k ] time } Conf igur e a r ecurring time entr y for the nam ed ti me range. • days-of-the-w eek —The first occurrence indicat es the starting day(s) th e A CL goe s into effe ct.
628 Confi guring A ccess Con trol List s ACL Configuration Examples This section contains the following e xamples: •" B a s i c R u l e s " o n p a g e 6 2 8 •" I n t e r n a l S y .
Configu ring Ac cess Con trol List s 629 permit ip 10.0.46.0 0.0.1.255 any • Inbound rule al lowing access TO host s with IP addr esses rangi ng from 10.
630 Confi guring A ccess Con trol List s ip access-list Allow-10-1-1-x permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255 permit icmp 10.1.1.0 0.0.0.255 any permit ip 0.0.0.0 255.255.255.255 any permit udp any any eq domain exit interface gi1/0/1 mac access-group Allow-ARP in 10 ip access-group Allow-10-1-1-x in 20 exit Another list on the 192.
Configu ring Ac cess Con trol List s 631 following lis t has corr ected rul es that allow T e lnet and UDP packe ts only and rely on the implicit "deny all" after the end of t he last access group to deny other traffic. ip access-list Host10-1-1-23 ! Permit Telnet traffic from 192.
632 Confi guring A ccess Con trol List s ! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23 permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet ! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23 permit udp 192.168.0.
Configu ring Ac cess Con trol List s 633 Multiple acce ss lists can be configur ed on an interface. The p rocessing order is determin ed by the last parameter on the access-group command where the lowest s equence number is proc essed first, followed by the ne xt higher sequence number , etc.
634 Confi guring A ccess Con trol List s 5 Create an ACL name d web-limit that denies HTTP t raffic during the work-hours t ime range. console(config)#ip access-list web-limit console(config-ip-acl)#d.
Configu ring Ac cess Con trol List s 635 interface range gi1/0/24-48 ip access-list deny-ftp in exit Allow FTP T raffic Only to an FTP Se rver This ACL limit s traffic from a router to a directly connected FTP serv er (172.16.0. 5) on gi1/0/11. Notice tha t this is an “out” A CL.
636 Confi guring A ccess Con trol List s ip access-list no-ping deny icmp any any icmp-message echo deny icmp any any icmp-message echo-reply permit every exit interface gi1/0/1 ip access-group no-ping in exit Block RFC 191 8 Addresses This ACL may be useful on connections to ISP s to bloc k traffic fr om non- routable addr esses.
Configu ring Ac cess Con trol List s 637 periodic weekdays 07:30 to 18:00 exit ip access-list redirect-traffic permit ip any 172.16.1.0 255.255.255.0 redirect te1/0/1 time-range work-hours permit every exit ip access-group redirect-traffic in 30 Rate Limit WWW T raffic (Diffserv) This AC L creates a Diffserv policy to rate-limit WWW pack ets.
638 Confi guring A ccess Con trol List s interface te1/0/1 ip access-group rate-limit-www in exit Rate Limit In-Band Management T raffic The following is an e xample of rate limiting in-band management traffic on an L2 sw itch . The firs t two rul es rate limit T eln et and SSH (22) traf fic fo r established connections.
Configu ring Ac cess Con trol List s 639 A Con solid ated Do S Examp le This e xample includes some A CL rules to consider to r educe DoS attacks on the switch. It does not represent a complete D oS suite. A firewall with deep pack et ins pection capabil ities sh ould be used for t rue DoS p rotecti on.
640 Confi guring A ccess Con trol List s ! Further limit inbound traffic on in-band management ports. ! Allow only VLAN 99 SSH and TFTP, no telnet, HTTP, HTTPS, or SNMP. ! The management access list actions are performed by the switch ! firmware in addition to the access list actions performed by ! the switching silicon, e.
Configu ring Ac cess Con trol List s 641 Route-Map with Scheduled Redirection of RFC 1918 Addresses to a Different Next- Hop time-range work-hours periodic weekdays 07:30 to 18:00 exit ip access-list subnet-172-16 permit ip any 172.16.0.0 0.15.255.255 time-range work-hours exit ip access-list subnet-192-168 permit ip any 192.
642 Confi guring A ccess Con trol List s Figur e 20-14 . Policy B ased Rou ting on VLAN In terfaces Exampl e Create VLANs 10, 20, 30 an d 40 vlan 10,20,30,40 exit Add VL AN Member ship to Ph ysical P .
Configu ring Ac cess Con trol List s 643 interface gi 1/0/24 switchport mode trunk switchport trunk native vlan 40 switchport trunk allowed vlan remove 1 Ena ble Routi ng on Each VLAN Int erface interface vlan 10 ip address 1.1.1.1 255.255.255.0 exit interface vlan 20 ip address 2.
644 Confi guring A ccess Con trol List s PBR is to route non-ma tchi ng tra ffic or traffi c which is addressed to a non- connected inte rface n ormall y . 2 Creat e a rout e-map and add match/set rules to t he route-ma p: route-map Redirect_to_3_3_3_3 permit 100 match ip address Match-ip-1_1_1_2-to-2_2_2_2 set ip next-hop 3.
Confi gurin g VLAN s 645 21 Configuring VLANs This chapter describ es how to conf igure VLANs, i ncluding port-based VLANs, pr otocol-base d VLANs, doub le-tagged VLAN s, subnet-ba sed VLANs, and V oice VLANs.
646 Confi gurin g VLAN s priority over other traffic, such as data. Admini strators also use VL ANs to protect network resources. T raffic sent by authenticated clients might be assigned to one VLAN, while traffi c sent from unauthenticated clients might be assigned to a differ ent VLAN that allows limited network access.
Confi gurin g VLAN s 647 Figure 2 1-1. Simple VLAN T opology In this e xample, each port is manually configured s o that the end station attached to th e port is a member of the VLAN configured for the port. The VLAN membership for this network is port-ba sed or static.
648 Confi gurin g VLAN s T able 21-1 pro vides an overview of the types of VL ANs you can use to logically divide the network. Switchport Modes Y ou can configure each port on a Dell Net working N2000.
Confi gurin g VLAN s 649 trunk port are forwar ded on the native VLAN. P ackets r eceived on another interf ace belon ging to t he native VLAN ar e transmitte d untagg ed on a trunk p ort. • General — General ports can act like access or trunk ports or a hy brid of both.
650 Confi gurin g VLAN s T a g g i n g m a y b e re q u i r e d w h e n a s i n g l e p o r t s u pp o r ts m u l ti p le d e vi c e s t h a t a r e members of different VLANs. F or example, a single port might be con nected to an IP phone, a PC, and a printer (the PC and pri nter are connected vi a ports on the IP phone).
Confi gurin g VLAN s 651 Double-VLAN T agging F or trunk ports, which ar e ports that connect one switch to another switch, the Dell Networking series switches support doub le- VLAN tagging . This feature allows service providers t o cr eate Virtual Metropolit an Ar ea Networks (VM ANs) .
652 Confi gurin g VLAN s Figur e 21-2 . Doubl e VLA N T agg ing Ne twork Exam ple V oice VL AN The V oice VLAN fea ture enables switch ports to carry voice traffic with defined priority .
Confi gurin g VLAN s 653 Identifying V oice T raffic Some V oIP phones contain full supp ort for IEEE 802.1X. When these phones ar e connected to a port that uses 802.1X port-b ased authe ntication, t hese phones authenti cate and r eceive their VLAN information from LLDP -MED.
654 Confi gurin g VLAN s default PVID of the po rt, and th e voice tra ffic is r eceived tagged with the predefined VLA N. As a result, both kinds of tr affic are segregated in order to provide b etter service to the voice traffic.
Confi gurin g VLAN s 655 • Isolated VLA N —A secondary VLAN. It carries t raffic from isolat ed ports to promiscuous ports. On ly one isolat ed VLAN can be configured per private VLAN. • Community VLAN —A second ary VLAN. It forw ards traffic betw een ports wh ich bel ong t o the s ame comm un ity an d to t he pro miscu ous p orts .
656 Confi gurin g VLAN s F igure 21-3 sho ws an e xample P rivate VLAN scenario , in which five ho sts (H- A through H-E) are connected to a s tack of switches (SW1, SW2). The switch stack is connected to router R1. P ort refer ences shown are with reference to the st ack.
Confi gurin g VLAN s 657 Isola ted Por ts An endpoint connected to an isolated port is allowed to communicate with endpoints connected to promiscuous ports only .
658 Confi gurin g VLAN s T able 2 1-3. Forwarding Rules for T raffic in Primary V LAN T able 21 -4. Forwarding Rules for T raffic in Community 1 V LAN T able 2 1-5.
Confi gurin g VLAN s 659 Limitations and Recommendations • Onl y a si ngle isol ated VLAN can be asso ciated w ith a p rimar y VLA N. Multipl e communit y VLANs can be asso ciated with a prima ry VLAN. • T runk and ge neral mod es are not supported on p rivate VLAN port s.
660 Confi gurin g VLAN s • It is recommended that the priv ate VLAN IDs be removed from the tru nk ports conne cted to de vices that do n ot participat e in the priva te VLAN traffic. Priva te VLAN Conf igurat ion Exa mple See "Configuring a P ri vate VLAN" on pag e 711.
Confi gurin g VLAN s 661 Default VLAN Behavior One VLAN is configured on the Dell Networking series switches by default. The VLAN ID is 1, and all ports are included in the VLAN as access ports, which ar e untagged. This means when a device connects to any port on the switch, th e port for wards the packets without inser ting a VLAN tag.
662 Confi gurin g VLAN s T able 21-7 shows th e default values or maximum values for VLAN feat ures. T able 21-7. Addit ional VLAN De fault and Ma ximum Va lues Featur e V alue Default V LAN VLAN 1 VLAN Name No VL AN name is configu red e xcept for VLAN 1, whose name “d efault” ca nnot be change d.
Confi gurin g VLAN s 663 Configuring VLANs (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring VLANs on a Dell Networki ng N2000, N 3000, and N400 0 series sw itches. F or detail s about the fields on a page, click at the top of the page.
664 Confi gurin g VLAN s T o perform additional port config uratio n, such as making the port a trunk port, use the Po r t S e t t i n g s page . Figure 21-4. VLAN Members hip Addin g a VLAN To c r e a t e a V L A N : 1 Open the VLAN Membership page. 2 Click Add to displa y the Add VLA N pag e.
Confi gurin g VLAN s 665 Figure 21 -5. Add VLAN 4 Cli ck Apply . Confi guri ng Port s as VLAN Member s T o add member ports to a VLAN: 1 Open the VLAN Membership pag e. 2 Fr o m t h e Show VLAN m e n u , s e l e c t t h e V L A N t o w h i c h y o u w a n t t o a s s i g n ports.
666 Confi gurin g VLAN s Figure 21-6. Add Ports to VLAN 4 Click Apply . 5 V erify that the p orts hav e been adde d to th e VL AN..
Confi gurin g VLAN s 667 In F igure 21-7, the presence of the letter U in the Current row indicates that the port is an u ntagged member of th e VLAN. Figure 21-7.
668 Confi gurin g VLAN s VLAN Port Settings Use the VLAN P ort Settings page to add ports to an existing VLAN and t o configure settings for the port. If y ou select T runk or Access as the Po r t V L A N Mode , some of the fields ar e not configurable because of the r equirements for that m ode.
Confi gurin g VLAN s 669 Figure 21-9. VLAN Settings for All Ports VLAN LAG Settings Use the VL AN LAG Se tting s page to map a LAG to a VLAN and to configur e specific VLAN settings for the LAG. To d i s p l a y t h e LA G Settings page, clic k Switching → VLA N → LAG Sett ings in the navigation panel.
670 Confi gurin g VLAN s Fr o m t h e LAG Settings page, click Show All to see the curr ent VLAN se ttings for all LAGs. Y o u can change the setting s for one or more LAGs by clicking the Edit option for a port and selecting or entering new values. Figure 21-11.
Confi gurin g VLAN s 671 Bind MAC to VLAN Use the Bind MA C to VLAN p age to m ap a MA C add ress to a VL AN. After the source MAC address and the VLAN ID are specified, the MAC to VLAN configurations ar e shared across all ports o f the switch. The MAC to VLAN table s upports up to 128 entries .
672 Confi gurin g VLAN s Bind IP Subnet t o VLAN Use the Bind IP Subnet t o VLAN page to assign an I P Subnet to a VLAN . The IP Subnet to VLAN config urations ar e share d across all ports of the switch. There can be up to 6 4 entries configured in this table.
Confi gurin g VLAN s 673 GVRP Parameters Use the GVRP P a rameters page to enable GVRP globally a nd configure the port set tings. To d i s p l a y t h e GVRP P arameters page, click Switching → VLAN → GVRP P arameters in the navigation panel. Figure 21 -16.
674 Confi gurin g VLAN s Figure 21-17. GVRP Port Parame ters T able.
Confi gurin g VLAN s 675 Protocol Gr oup Use the Protocol Group page to configure which EtherT ypes go to which VLANs, and then enable certain ports to use these sett ings. P rotocol-based VLANs ar e most oft en used in situat ions where network segments contain hosts running multiple protocols.
676 Confi gurin g VLAN s Adding a Proto col Group T o add a protocol group: 1 Open the Protocol Group pa ge. 2 Click Add to displa y the Add P rotocol Group pag e. 3 Creat e a name for the group and associat e a VLAN with t he group. Figure 21 -19. Add P rotocol Gro up 4 Click Apply .
Confi gurin g VLAN s 677 Figure 2 1-20. Config ure Protoco l Group 8 Cli ck Apply . 9 Cli ck Show All to see the protocol-based VLANs and t heir members.
678 Confi gurin g VLAN s Double VLAN Global Configurat ion Use the Double VLAN Global Configuratio n page to specify the value of the EtherT ype field in the first EtherT ype/ta g pair of the double-tagge d frame.
Confi gurin g VLAN s 679 Double VLAN Inte rface Confi guration Use the Double VLAN Interface Configuration pag e to specif y the value of the EtherT ype field in the first EtherT ype /tag pair of the double-tagged frame.
680 Confi gurin g VLAN s Figure 21-24. Double VLAN Port Pa rameter T able.
Confi gurin g VLAN s 681 V oice VLAN Use the V oice VLAN Configur ation page to configure and view voice VLAN setti ngs that a pply to the enti re system an d to specifi c interf aces. T o display the page, cl ick Switching → VLAN → Vo i c e V L A N → Confi gur ation in the navigation panel .
682 Confi gurin g VLAN s Configuring VLANs (CLI) This section provides information about the commands you use to cr eate and configure VLANs. F or more information about the commands, see the Dell Networki ng N2000, N30 00, and N4000 Se ries Switches CLI Reference Guide at support.
Confi gurin g VLAN s 683 pack ets. Un tagge d pack ets ar e tr eated as belo nging to th e acce ss VL AN. P ackets re ceived wit h a VLAN ID other than the access VLAN ID are discarded. When y ou configure an interface as an a ccess mode port, the interface is automatically ma de a member of VLAN 1 and removed from all other VLAN memberships.
684 Confi gurin g VLAN s automatically configured as a member of all VLANs. Y ou can r emove them fr o m m e m be r sh ip i n sp ec i fi c V L AN s . By de f au l t, t he n at i ve VL A N fo r a t r un k port is VLAN 1. Command Pu rpose configure Enter global configuration mode.
Confi gurin g VLAN s 685 switchport trun k { allowed vlan vlan- list | native vla n vlan-id } Set the li st of al lowed V LANs that can r eceive and se nd traffic on th is interf ace in tagge d format when i n trunking mode.
686 Confi gurin g VLAN s Configuri ng a Port in General Mode Beginning in P rivileged EXEC mode, use the following commands to configure an interfa ce with full 802 .1q support and configur e the VLAN membership information for t he interfac e. Ex cept when noted as requir ed (for ex ample, when configuring MAB , V oice VLAN, or 802 .
Confi gurin g VLAN s 687 swit chp ort g eneral pvi d vlan-id (Optiona l) Set the po rt VLAN ID. U ntagged tra ffic that enters the switch t hrough this port is tagged w ith the PVID . vla n-id — PVID. The selected PVID assig nment must be to an e xisting VLAN.
688 Confi gurin g VLAN s Configuri ng VLAN Setting s for a LAG The VLAN mode and memberships setting s you configure for a port ar e also valid for a L AG (port-channel). Beginning in P rivileged EXEC mode, use the following commands to configure the VLAN mode for a LAG.
Confi gurin g VLAN s 689 Configuri ng Double VLAN T agging Beginning in P rivileged EXEC mode, use the following commands to configure an interfa ce to send and accept frames with double VLAN tagging. DV LAN uplink interfaces must be configured for tagging (trunk mode) for double tags to be observed on frames egr essing the interface.
690 Confi gurin g VLAN s dvla n-tunn el et hertyp e { 802.1Q | vman | custom < 0-65 535 >} [primary-tpid] Config ure the EtherT ype to use for uplink or a ccess inter faces . • 802. 1Q — Configures t he EtherT yp e as 0x8 100 (defaul t). • vman — Config ures the EtherT ype as 0 x88A8.
Confi gurin g VLAN s 691 Configuri ng MAC-Based VLANs Beginning in P rivileged EXEC mode, use the following commands to associate a MA C address with a config ured VL AN. The VLAN does not ne ed to be configured on the system to asso ciate a MA C address with it.
692 Confi gurin g VLAN s Configuri ng IP-Based VLA Ns Beginning in P rivileged EXEC mode, use the following commands to associate an IP subnet with a co nfigured VLAN. The VLAN does not need to be configured on the system to associate an IP subnet with it.
Confi gurin g VLAN s 693 Configuri ng a Protocol -Based VLAN Beginning in P rivileged EXEC mode, use the following commands to create and name a protocol group, and associa te VLANs with the protocol group. When you create a protocol group, the switch automatically assigns it a unique group ID number .
694 Confi gurin g VLAN s protocol vlan group all groupid (Optio nal) Ad d all p hysical interf aces t o the p rotocol - base d grou p iden tifi ed by groupid . Y ou can ad d indiv idual interfaces to the protocol-based grou p as shown in the next two command s.
Confi gurin g VLAN s 695 Configuri ng GVRP Beginning in P rivileged EXEC mode, use the following commands to enable GVRP on the switch and on an i nterface, and to configure var ious GVRP settings. Command Pu rpose configure Enter global configuration mode.
696 Confi gurin g VLAN s vlan mak estatic vlan-id (Opt ional) Chan ge a dynami cally created VLA N (one tha t is cr eate d by GV RP r egist ratio n) to a stati c VLAN (one that is permane ntly con figur ed an d defined ). vlan-id — V alid vlan ID. Range is 2- 4093.
Confi gurin g VLAN s 697 Configuri ng V oice VLANs Beginning in P rivileged EXEC mode, use the following commands to enable the V oice VLAN featur e on the switch and on an inte rface. Command Pu rpose configure Enter global configuration mode. voice vlan Enable t he vo ice V LAN cap abili ty on the swi tch.
698 Confi gurin g VLAN s VLAN Configuration Examples This section contains the following e xamples: • Configurin g VLANs Using Dell OpenM anage Administrato r • Configuring VL ANs Using the CLI .
Confi gurin g VLAN s 699 F igure 21-26 shows the network top ology for thi s example. As the fig ur e shows, ther e ar e two switche s, two file serv ers, and many hosts. One switch has an uplink port that connects it to a layer 3 device and the r est of the corporate network.
700 Confi gurin g VLAN s T able 21- 10 shows the port assignme nts on the s witches. T abl e 21-10. Switch Port Conn ections Port/LA G Functio n Swi tch 1 1 Connects to Sw itch 2 2–15 Host por ts fo.
Confi gurin g VLAN s 701 Configuri ng VLANs Using Dell OpenManage Adminis trator This example shows how to perform the configuration by using the web- based int erface. Confi gure th e VLANs and Ports on Switch 1 Use the following st eps to configure the VLANs and ports on Swit ch 1.
702 Confi gurin g VLAN s Figure 21-28. VLAN Me mbership - VLAN 200 3 Click Apply . 4 Assign ports 2–15 and LAG1 to th e P a yrol l VLAN. a Fr o m t h e Switching → VLAN → VLAN Membership page, select 400-P ayroll from the Sho w VLAN field.
Confi gurin g VLAN s 703 Figure 2 1-29. LAG Settings 6 Confi gure port 1 as a trunk p ort. a Fr o m t h e Switching → VLAN → Po r t S e t t i n g s pa ge, make sure po rt Gi1/0/ 1 i s selected. b Fr o m t h e Po r t V L A N M o d e field, select T runk.
704 Confi gurin g VLAN s Figure 21-31. T runk Port C onfiguration 8 Configure the MAC-based VLAN informa tion. a Go to the Switching → VLAN → Bind MAC to VLAN page. b In the MA C Add ress field, ent er a valid MAC address, for example 00:1C :23:55:E9 :8B.
Confi gurin g VLAN s 705 Configure the VLANs and Por ts on Swi tch 2 Use the fo llowing steps to configure the VLANs an d ports on Switch 2 . Many of the p rocedures in this section a r e the same as procedures used t o configure Switch 1. F or more information about sp ecific procedures, see the deta ils and figures in the pr evious section.
706 Confi gurin g VLAN s Configuri ng VLANs Using the CLI This example shows how to perform th e same configuration by using CLI commands. Confi gure t he VLAN s and Ports on Switc h 1 Use the following steps to co nfigure the VLANs and ports on Switch 1.
Confi gurin g VLAN s 707 4. Assign LAG1 to the P ayroll VLAN and specify that fram es will always be transmit ted tagge d with a VLAN ID of 400. By defaul t, all VLANs ar e members of a trun k port .
708 Confi gurin g VLAN s 8. View the VLAN settings. console#s how vlan 9. View the VLAN m embership inform ation for a port. console# show interfaces switchport te1/0/1 Port: Te1/0/1 VLAN Membership m.
Confi gurin g VLAN s 709 Confi gure th e VLANs and Ports on Switch 2 Use the fo llowing steps to configure the VLANs an d ports on Switch 2 . Many of the p rocedures in this section a r e the same as procedures used t o configure Switch 1. F or more information about sp ecific procedures, see the deta ils and figures in the pr evious section.
710 Confi gurin g VLAN s Configuri ng a V oice VLAN The commands in this example create a VLAN for voice traffic with a VLAN ID of 25. P ort 10 is set t o an 802.
Confi gurin g VLAN s 711 6 Disable authentication for the voice VLAN on the port . This step is requir ed only if the voice phone does not support port-based authen tication . console(config-if-Gi1/0/10)# voice vlan auth disable 7 Exit t o P rivileged E xec mode.
712 Confi gurin g VLAN s switch(config-vlan-100)# private-vlan association 101-102 switch(config-vlan-100)# exit This complet es the configura tion of the privat e VLAN.
Confi gurin g VLAN s 713 103 isolated console#show vlan private-vlan Primary VLAN Secondary VLAN Community ------------ -------------- ------------------- 100 102 101 console(config)#show vlan VLAN Na.
714 Confi gurin g VLAN s.
Conf iguring the Sp anning T ree Protoco l 715 22 Configur ing the Spanning T ree Protocol This chapter describes how to configur e the Spanning T ree P rotocol (STP) settin gs on the switch.
716 Conf iguring the Sp anning T ree Proto col transit ioning of th e port to F orwar ding). The differ ence betw een the RSTP and the traditional STP (IEEE 802.
Conf iguring the Sp anning T ree Protoco l 717 How Does MSTP Operate in t he Network? In the following diagram of a small 802 .1d b ridged netwo rk, STP is necessary to create an envi ronment with fu ll connectivit y and witho ut loops.
718 Conf iguring the Sp anning T ree Proto col F igure 22-2 shows the logica l single STP networ k topolog y . Figure 22-2. Single STP T opolo gy F or VLAN 10 thi s single STP to pology i s fine and presents no limitatio ns or inefficiencies. On the other hand, V LAN 20's traffic pattern i s inefficient.
Conf iguring the Sp anning T ree Protoco l 719 The logical representation of the MS TP environment for these t hr ee switches is shown in F igure 22-3.
720 Conf iguring the Sp anning T ree Proto col In order for MSTP to correctly establish the different MSTIs as above, some additional changes ar e requir ed.
Conf iguring the Sp anning T ree Protoco l 721 MSTP wit h Mult iple F orwar ding Paths Consider the phys ical topology shown in F igure 2 2-4. It might b e assumed that MSTI 2 and MSTI 3 would follow th e most dir ect path fo r VLANs 20 and 30. However , using the default path costs, t his is n ot the c ase.
722 Conf iguring the Sp anning T ree Proto col What are the Opti onal STP Featur es? The Dell Networki ng series switches support t he following optional STP features: • BPDU floodin g •P o r t F .
Conf iguring the Sp anning T ree Protoco l 723 Root Gu ard Root guard is another way of controlli ng the spanning-tr ee top ology other than sett ing the bridge p riority or pat h costs. Root gu ard ensur es tha t a port does not become a root port or a block ed port.
724 Conf iguring the Sp anning T ree Proto col BPDU Protection When the switch is used as an acces s la yer device, most ports function as ed ge ports that connect t o a device such as a de sktop computer or file serv er .
Conf iguring the Sp anning T ree Protoco l 725 The switch spanning tree confi guration is global in natur e. Enabling RSTP - PV disables other spanning tr ee mode s on the switch. The switch cannot operate with some po rts configured to operate in standard spanning tree mode and others to operate in RSTP -PV mode.
726 Conf iguring the Sp anning T ree Proto col T o accelerate conver gence time once DR C has switched over to a new root port, STP -PV transmits dummy pack ets out the new root port, with t he source MA C addres ses take n from its forwar ding table.
Conf iguring the Sp anning T ree Protoco l 727 Indirect Link Rapid Conv ergence Feat ure T o handle indire ct link failure, the STP st andard r e quir es that a switch pa ssivel y wa it fo r “max _ag e” sec ond s once a topo log y cha nge ha s bee n detected.
728 Conf iguring the Sp anning T ree Proto col on ports that should hav e a path to the root. The port wher e the switch receiv ed the inferior BPDU is e xcluded be cause it alr e ady fa iled; self -loo ped and designated ports are eliminated as they do not have a path to the root.
Conf iguring the Sp anning T ree Protoco l 729 Interope rability Bet ween STP-PV and RSTP-PV Modes STP -PV is derived from 802.1D and RSTP -PV is derived from 802.1w . The fallback mechanism i s the same as between a sta ndard 802.1D swit ch and a standar d 802.
730 Conf iguring the Sp anning T ree Proto col RSTP -PV region and th e MSTP regio n, the RSTP -PV switc h send s VLAN 1 BPDUs in IEEE standard format, so they can be interpr eted b y the MSTP peers. Similarly , the RSTP -PV switch proce sses incoming MSTP BPDUs as thoug h they w ere BPDUs f or the V LAN 1 RSTP -PV insta nce.
Conf iguring the Sp anning T ree Protoco l 731 Figure 22-7. RSTP-PV and R STP Interop erability SW3 sends IEEE STP BPDUs to the IEEE multicast MAC address as untagged frames. These BPD Us are processed by the VLAN 1 STP instance on the R STP -PV switch as part of the VL AN 1 STP inst ance.
732 Conf iguring the Sp anning T ree Proto col The VLAN 1 STP instance of SW1 and SW2 ar e joined wi th the STP instance running in SW3. VLA Ns 2 and 3 consider the path across SW3 as another segment link ing SW1 and SW2, and t heir SSTP information is multicast acr oss SW3.
Conf iguring the Sp anning T ree Protoco l 733 • The MSTP doma in contains the root bridge for ALL VLANs. T his implies that th e CIST Root B ridge ID is configu r ed t o be better than any RSTP - PV STP root Bridge ID.
734 Conf iguring the Sp anning T ree Proto col • The alte rnati ve is that the RSTP -PV domain cont ains th e root bridg es for ALL VLANs . This is only tru e if all RST P -PV root bri dges’ Bridge IDs for all VLANs are better than the MSTP C I ST Root Bridge ID.
Conf iguring the Sp anning T ree Protoco l 735 Default STP V alues Spanning tr ee is globally enabled on the swit ch and on all ports and LAGs. T able 22-1 s ummarizes the default values for STP .
736 Conf iguring the Sp anning T ree Proto col Configu ring Spann ing T ree (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring STP settings on a Dell Networki ng N2000, N3000, and N40 00 series s witches.
Conf iguring the Sp anning T ree Protoco l 737 Figur e 22-9. Spanning T ree Glob al Setting s.
738 Conf iguring the Sp anning T ree Proto col STP Port Settings Use the STP P ort Settings page to as sign STP prope rties to i ndividual po rts. To d i s p l a y t h e STP P ort Settings page, click Switching → Spanning T ree → STP P ort Settings in the navigation pane l.
Conf iguring the Sp anning T ree Protoco l 739 Configuring STP Settings for Multiple Ports T o configure STP se ttings for multiple port s: 1 Open the STP P ort Settings page.
740 Conf iguring the Sp anning T ree Proto col STP LAG Setting s Use the STP LAG Settings page to assign STP aggregating ports parameters . To d i s p l a y t h e STP LAG Sett ings page, click Switching → Spanning T ree → STP LAG Settings in the navigation panel.
Conf iguring the Sp anning T ree Protoco l 741 Figure 22 -13. Co nfigure STP LAG Settings 3 F or each LAG to configu re, sele ct the check box in the Edit column in the row associ ated wit h the LAG.
742 Conf iguring the Sp anning T ree Proto col T o view RSTP Settings for all interfaces, click the Show All link. The Rapid Spanning T ree T ab le displays.
Conf iguring the Sp anning T ree Protoco l 743 MSTP Settings The Multiple Spanning T ree Protocol (MSTP) supports multip le instances of Spanning T ree to efficiently channel VL AN t raffic over differ ent interfaces. MSTP is compatibl e with both RSTP and STP ; a MSTP bridge can be configured to behave entir ely as a RSTP bridge or a STP bridge.
744 Conf iguring the Sp anning T ree Proto col Viewing and Modifying the Instance ID for Multiple VLANs T o configur e MSTP settin gs for multiple VLANS : 1 Open the MSTP Setting s page. 2 Click Show A ll to dis play th e MSTP Set tings T abl e . Figure 22 -17.
Conf iguring the Sp anning T ree Protoco l 745 MSTP Interfac e Settings Use the MSTP Interface Se ttings page t o assign MSTP settin gs to specific interfaces. To d i s p l a y t h e MSTP I nterface Se ttings pa ge, click Swit ching → Span ning Tr e e → MSTP Interfa ce Settings in the navigation panel.
746 Conf iguring the Sp anning T ree Proto col Configuring Spanning T ree (CLI) This section provides information about the commands you use to configure STP settings on the switch. F or more informati on about the commands, see the Dell Net working N2000, N3000, and N40 00 Series Swit ches CLI Reference Guide at support.
Conf iguring the Sp anning T ree Protoco l 747 Configuri ng Optio nal STP F eatures Beginning in P rivileged EXEC mode, use the following commands to configure t he optional STP feat ures on the switch or on specific inte rfaces.
748 Conf iguring the Sp anning T ree Proto col Configuri ng STP I nterface Settings Beginning in P rivileged EXEC mode, use the following commands to configure t he STP sett ings for a sp ecific interface. span ning-tr ee tc nguard Prevent the port from propa gating topo logy change noti fication s.
Conf iguring the Sp anning T ree Protoco l 749 Configuri ng MSTP Switch Settings Beginning in P rivileged EXEC mode, use the following commands to configure MSTP settings for the switch.
750 Conf iguring the Sp anning T ree Proto col Configuri ng MSTP Interf ace Settings Beginning in P rivileged EXEC mode, use the following commands to configure MSTP settings for the switch. Comm and Pur pose configure Ente r global conf igurati on mode.
Conf iguring the Sp anning T ree Protoco l 751 STP Configuration Examples This section contains the following exa mples: • STP Configu ration Exa mple • MST P Co nfiguration Exampl e • RST P -PV Ac cess Switch C onfiguration E xample STP Configura tion Example This e xample shows a L AN with four switche s.
752 Conf iguring the Sp anning T ree Proto col Figur e 22-19. STP Ex ample Netwo rk Dia gram Of the four sw itches i n F igure 2 2-19, the adm inistrato r decides t hat Swit ch A is the mos t centrally locate d in the netw ork and is the leas t likely to be moved or redeployed.
Conf iguring the Sp anning T ree Protoco l 753 The administrator also configur es P ort F a st BPDU filtering and Loop Guard to e xtend STP’s capa bility t o pr even t networ k loops. F or all other ST P settin gs, the adminis trator uses the def ault STP va lues.
754 Conf iguring the Sp anning T ree Proto col Figure 22 -20. MSTP Conf igurat ion Examp le T o mak e multiple switches be part of the same MSTP r egion, make sur e the STP operational mode for all sw itches is MSTP . Also, make sur e the MST region name and re vision level are the same for all switches in the region.
Conf iguring the Sp anning T ree Protoco l 755 console(config-mst)# instance 10 add vlan 10 4 Create MST instan ces 20 and ass ociat e it to VL AN 20. console(config-mst)# instance 20 add vlan 20 5 Change the r egion name so that al l the bri dges tha t want to be p art of the same region can form the region.
756 Conf iguring the Sp anning T ree Proto col RSTP-PV Access Swit ch Configurati on Example In this configuration, all 1G ports are pr esumed to be connected to host machines, and the tw o 10G uplink ports are connecte d to an aggr egation- layer switch wi th a total L2 network diameter of 4.
Conf iguring the Sp anning T ree Protoco l 757 console(config-if)# exit console(config)# interface range gi1/0/1-12 console(config-if)# switchport access vlan 3 console(config-if)# exit console(config.
758 Conf iguring the Sp anning T ree Proto col RSTP- PV Aggreg ation La yer Swit ch Config uratio n Exampl e In this configur ation e xample, two aggr egation-laye r switches ar e configure d. P orts 1–4 ar e configur ed in a LAG connecting the two aggregation-layer switches .
Conf iguring the Sp anning T ree Protoco l 759 console(config)#spanning-tree vlan 1,3 root primary console(config)#spanning-tree vlan 2,4 root secondary 7 Config ure t wo uplink p orts per upl ink swi.
760 Conf iguring the Sp anning T ree Proto col.
Disc overing Net work Devic es 761 23 Discovering Network Devices This chapter de scribes the Indust ry Standard D iscovery P rotocol (ISDP) feature and the Link Layer Discovery P r otocol (LLDP) feature, including LLDP for Me dia En dpoint Devi ces (LLD P -MED).
762 Discoveri ng Network Devices LLDP is a one-way protocol; there are no r equest/response sequences. Information is advert ised by stations impl ementing the transmit function, and is r eceived and processe d by stations implem enting the rece ive function.
Disc overing Net work Devic es 763 Default IDSP and LLDP V alues ISDP and LL DP ar e globally enab led on the swit ch and enabled on all ports by default. By default, the switc h transmits and r eceives LLDP information on all ports. LL DP - MED is disabl ed on al l ports.
764 Discoveri ng Network Devices T able 23- 3 summarizes the defaul t values f or LLDP -MED. T able 23-3 . LLDP-ME D Defaults Parameter Defau lt V alue LLDP -MED Mode Disabled on all ports Conf ig Not.
Disc overing Net work Devic es 765 Configuring ISDP and LLDP (Web) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring IDSP and LLDP/LLDP - MED on a De ll Networking N2 000, N3000, and N4000 serie s switches.
766 Discoveri ng Network Devices ISDP Cache T able Fr o m t h e ISD P Neigh bor T abl e page, you can view information about other devices the switch has discov ered throug h the ISDP . T o access the ISDP N eighbo r T able page, click System → IS DP → Neighbor Ta b l e in the navigation pa nel.
Disc overing Net work Devic es 767 ISDP Int erface Co nfigurat ion Fr o m t h e ISDP Interface Configuration page, you can configure the ISDP settings for e ach interface. If ISDP is enabled on an interface, it must also be enabled globally in order for th e interface to tr ansmit I SDP pack ets.
768 Discoveri ng Network Devices ISDP Stat istics Fr o m t h e ISD P Statistics page, you can view information about the ISDP pack ets sent and receiv ed by the switch. T o access the ISDP St atistics page, click System → ISDP → Statistics in the navigation panel.
Disc overing Net work Devic es 769 LLDP Co nfiguration Use the LLDP Con figuration page to spec ify LLDP param eters. P arame ters that affect the entire system as well as those for a specific inte rface can be specified her e. To d i s p l a y t h e LLDP Conf iguration page, click Switching → LLDP → Confi gur ation in the navigation panel.
770 Discoveri ng Network Devices T o view the LLDP Interface Settings T able , cli ck Show A ll . F rom the LLDP Interface Sett ings T able page , you can view and edit informat ion about the LLD P settin gs fo r mult iple inter face s.
Disc overing Net work Devic es 771 LLDP Stat istics Use the LLDP Statis tics page to view LLPD -related stat istics. To d i s p l a y t h e LLDP Statistics page, cli ck Switching → LLDP → Statistics in the navigation panel.
772 Discoveri ng Network Devices LLDP Connec tions Use the LLDP Connection s page to view the list of ports with LLDP enabled. Basic connection det ails ar e displayed. To d i s p l a y t h e LLDP Connections page, click Switching → LLDP → Connections in the navigation panel.
Disc overing Net work Devic es 773 T o view additional informat ion about a device connected to a port that has been discove red through LLDP , click t he port number in the L ocal Interface table (i t is a hyperlin k), or c lick Details an d select the port with the connected device.
774 Discoveri ng Network Devices LLDP-MED Global Configurat ion Use the LLDP - MED Global Configuration page to change or view th e LLDP -M ED parameters that affect the entire s ystem. To d i s p l a y t h e LLDP -MED Glo bal Co nfig uratio n page, click Switching → LLDP → LLDP -MED → Global Configurat ion in the navigation panel.
Disc overing Net work Devic es 775 LLDP-MED In terface Config uration Use the LLD P - MED I nterfa ce Co nfigu ratio n page to speci fy LLD P -MED parameters t hat affect a specific inte rface.
776 Discoveri ng Network Devices LLDP -ME D Local D evice Inform ation Use the LLDP - MED L ocal Device Information page t o view the advert ised LLDP local data for each port. To d i s p l a y t h e LL DP -MED Loca l Dev ice Inf orma tio n page, click Switching → LLDP → LLD P - MED → L ocal Device Information in the navigation panel.
Disc overing Net work Devic es 777 Configuring ISDP and LLDP (CLI) This section provides information ab out the commands you use to manage and view the device discovery protocol features on the switch. F o r mor e information about these commands, see the Dell Networking N2000, N3000, and N4000 Series Switches CLI Reference Guide at support .
778 Discoveri ng Network Devices Enabling I SDP on a Port Beginning in P rivileged EXEC mode, use the following commands to enable ISDP on a port. V iewing and Cl earing I SDP Infor mation Beginning in P rivileged EXEC mode, use the following commands to view and clea r the conte nts of t he ISDP ta ble and to view and clear IS DP stat istics.
Disc overing Net work Devic es 779 Configuri ng Global LLDP Setti ngs Beginning in P rivileged EXEC mode, use the following commands to configure LLDP settings tha t affect the entire switch. Configuri ng Port-bas ed LLDP Settings Beginning in P rivileged EXEC mode, use the following commands to configure per -port LLDP settings.
780 Discoveri ng Network Devices V iewing and Cl earing L LDP Info rmation Beginning in P rivileged EXEC mode, use the following commands to view transmitted a nd receiv ed LLDP inform ation and t o view and clear LLDP statistics . lldp notification Ena ble remote data cha nge notif ications on the inte rface.
Disc overing Net work Devic es 781 Configuri ng LLDP-MED Sett ings Beginning in P rivileged EXEC mode, use the following commands to configure LLDP -MED set tings that affec t the entire switch. Command Purpo se configure Enter Global Configuration mode.
782 Discoveri ng Network Devices V iewing LLDP-MED Infor mation Beginning in P rivileged EXEC mode, use the following commands to view information about the LLDP -M ED P rotocol D ata Units (PDUs) that are sent and have been received.
Disc overing Net work Devic es 783 console# show isdp Timer....................................45 Hold Time................................60 Version 2 Advertisements.................Enabled Neighbors table time since last change...00 days 00:00:00 Device ID.
784 Discoveri ng Network Devices console(config-if-Te1/0/3)# description “ Test Lab Port” 6 Exit to P ri vileg ed EXEC mode . console(config-if-Te1/0/3)# <CTRL + Z> 7 View global LLDP settings on the switch. console# show lldp LLDP Global Configuration Transmit Interval.
Disc overing Net work Devic es 785 Port Description: Test Lab Port System Capabilities Supported: bridge, router System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.
786 Discoveri ng Network Devices.
Configu ring Port- Based T raffic Contr ol 787 24 Configuring Port-Based T raffic Control This chapter describes how to configur e features that provide traf fic control through filtering the type of traffic or limiting the speed or amount of traffic on a per -port basis.
788 Confi gurin g Port -Base d T raf fic Co ntro l The P riority Flow Control (PFC) featur e, which is avai lable on the N4000 switches only , provides a way to distingu ish which traffic on a p hysical link is paused when congestion occurs based on the pri ority of the traffic.
Configu ring Port- Based T raffic Contr ol 789 configured limit is 10%, this is converted t o ~25000 P PS, and this PP S limit is set in the har dware. Y ou get the approximate desir ed output when 512 byte s pack ets are used. What are Pro tected Ports? The switch supports up to th ree separate groups of protected po rts.
790 Confi gurin g Port -Base d T raf fic Co ntro l Access Control L ists (AC Ls) and LLPF can exist on the same interf ace. However , the ACL rules override the LLPF rules when there is a conflict. Similarly , DiffS erv and LLPF can both be enab led on an interface, but DiffServ rules override LLPF rules when there is a conflict.
Configu ring Port- Based T raffic Contr ol 791 Configuring Port-Based T raffic Control (W eb) This secti on provides information about the O penManage Switch Administrator pages to use t o control port-based traffic on a Dell Networking N2000, N30 00, and N4000 series switche s.
792 Confi gurin g Port -Base d T raf fic Co ntro l Storm Contro l Use the Storm Cont rol page to enable and configure the storm control feature. To d i s p l a y t h e Storm Control interface, click Switching → Po r t s → Storm Control in the navigation menu.
Configu ring Port- Based T raffic Contr ol 793 Figure 24-3. Storm Control 5 Cli ck Apply ..
794 Confi gurin g Port -Base d T raf fic Co ntro l Protected Port C onfigu ration Use the P rot ecte d P ort Conf igu rati on page to pr event ports in the same protected po rts group from being able to see each other ’s tra ffic.
Configu ring Port- Based T raffic Contr ol 795 Figur e 24-5 . Add Prote cted P orts G roup 5 Cli ck Apply . 6 Cli ck P r otec ted P ort Configurat ion to return to t he main page. 7 Sele ct the port to add to the group. 8 Select the protected port group ID.
796 Confi gurin g Port -Base d T raf fic Co ntro l Figure 24-7. View Protected Port Information 11 T o remove a port from a pro tected por t group, sel ect the Rem ov e check box associ ated wit h the port and click Apply .
Configu ring Port- Based T raffic Contr ol 797 Figure 24-8. LLPF Interface Config uration T o view the p rotocol type s that have been bl ocke d for an interface, click Show All .
798 Confi gurin g Port -Base d T raf fic Co ntro l Configuring Port-Based T raffic Contr ol (CLI) This section provides information about the commands you use to configure port-based traffic control settings. F or more information about the commands, see the Dell Netw orking N2000, N3 000, and N4000 Series Switches CLI Refer ence Guide at support.
Configu ring Port- Based T raffic Contr ol 799 Configuri ng Protecte d Ports Beginning in P rivileged EXEC mode, use the following commands to add a name to a protec ted port group a nd add port s to the g roup. CTRL + Z Exit to Privileg ed EXEC mode.
800 Confi gurin g Port -Base d T raf fic Co ntro l Configuri ng LLPF Beginning in P rivileged EXEC mode, use the following commands to configure LLPF settings. Command Pu rpose configure Enter global configuration mode. interface inter face Enter interf ace con figura tio n mode for th e spec ified inter face.
Configu ring Port- Based T raffic Contr ol 801 Port-Based T raffic Control Configuration Example The commands in this example configur e storm control, LLPF , and protected port settings for va rious interfa ces on the switch.
802 Confi gurin g Port -Base d T raf fic Co ntro l 5 V erify the config uration. console# show storm-control te1/0/1 Bcast Bcast Mcast Mcast Ucast Ucast Intf Mode Level Mode Level Mode Level ------ --.
Confi guring L2 Mu lticas t Features 803 25 Configuring L2 Multicast Features This chapter describ es the layer 2 mult icast features on the Dell Networking series switches.
804 Conf iguring L2 M ulticas t Feat ures desirable as it r educes the networ k load by sending p ackets only to other hosts/s witches/ router s that ha ve indica ted an i nter est in receiv ing the multicast. If L2 snooping i s not enabled, multicast packets are flooded in the ingress VLAN.
Confi guring L2 Mu lticas t Features 805 When a pack et with a b roadcast or multica st destinati on MAC addr ess is receiv ed, the switch will flood a copy into each of the r emaining network segments in accordance wi th the IEEE M A C Bri dge standard.
806 Conf iguring L2 M ulticas t Feat ures the switch sees a multica st router in the VLAN, it forwards the group to the multi cast ro uter and do es not f lood in the VLAN. Ther e is a u ser option to cause the switch to flood multica st so urces in the VLAN i f no multicast clients are present.
Confi guring L2 Mu lticas t Features 807 IGMP Snooping Querier When PIM a nd I GMP a re ena bled i n a n etwo rk wi th IP mul tica st ro uti ng, th e IP multicast router acts as the IGMP qu erier . However , if the IP -multicast traffic in a V LAN needs to be Layer 2 switched only , an IP -multicast router is not requir ed.
808 Conf iguring L2 M ulticas t Feat ures • PIMv2 he llo pack ets with dest inati on IP addr ess as FF02 ::D Dynamically l earned multicast routers ar e timed out aft er an adminstrator - configurable period of time.
Confi guring L2 Mu lticas t Features 809 There are two types of MVR ports : source and r eceiver . • Source p ort is the port w here multicast traffic is flowing to. It has to be the member of so ca lled multi cast VLAN. • Receiver port is the port where listening host is connected to the switch.
810 Conf iguring L2 M ulticas t Feat ures F or information about configuring De l l Network ing N2000, N300 0, and N4000 series s witches as a multicast router t hat also performs IGMP snooping, see "Conf iguring Multicast V LAN Routing W ith IGMP and PIM- SM" on page 1417.
Confi guring L2 Mu lticas t Features 811 GMRP is similar to IGMP snooping in its purpose, but IGMP snooping is more widely used. GMRP must be running on both the host and the switch to function properly and IGMP/MLD snoop ing must be disabled on the switch, as IGMP snooping and GMRP cannot si multaneously operate withi n the same VLAN.
812 Conf iguring L2 M ulticas t Feat ures Snooping Sw itch Restrictions Partial IGMPv3 an d MLDv2 Supp ort The IGMPv3 and MLDv2 prot ocols allow multicast listeners to spe cify the list of host s fro m whic h the y wan t to recei ve the tr affic . Ho wever th e De ll Networking snooping switch doe s not track this information .
Confi guring L2 Mu lticas t Features 813 T opologies Where t he Multicast Sour ce Is Not Direct ly Connecte d to the Querier If the mult icast s ource is not directly connected to a m ulticast q uerier , the multicast str eam is forwar ded to any router ports on th e switch (within the VLAN).
814 Conf iguring L2 M ulticas t Feat ures Default L2 Multicast V alues Detai ls abo ut the L2 mu lticas t are in T abl e 25-1 . T able 2 5-1. L2 Multi cast Defau lts Parameter Defaul t V alue IGMP Sno.
Confi guring L2 Mu lticas t Features 815 GMRP Disabled globally an d per -interface T able 25-1. L2 Multic ast Defaults (Continued ) Paramete r Default V alue.
816 Conf iguring L2 M ulticas t Feat ures Configuring L2 Multicas t Features (Web) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring L2 multicast feat ures on a Dell Netw orking N2000, N3000, and N40 00 series s witches.
Confi guring L2 Mu lticas t Features 817 Bridge Mul ticast Group Use the Bridge Multicast Group page to create new mu lticast serv ice groups or to modify ports and LA Gs assigned to ex isting multicast service groups .
818 Conf iguring L2 M ulticas t Feat ures Ta b l e 2 5 - 2 contains definitions for port/L AG IGMP management settings. Adding and Configu ring Bridge Multicast Address Groups T o configure a bridge multicast group: 1 Fr o m t h e Bridge Multicast Group pag e, c lic k Add .
Confi guring L2 Mu lticas t Features 819 4 In the Bridge Multicast Group tables, assign a set ting by clicking in the Static row for a specific port /LAG.
820 Conf iguring L2 M ulticas t Feat ures MRouter Stat us Use the MRoute r Status page to dis play the status of dy namically learned multicast router interfa ces. T o access this page, cl ick Switching → Multicast Support → MR outer Stat us in the navigation panel.
Confi guring L2 Mu lticas t Features 821 General I GMP Snooping Use the General IGMP snooping page to configur e IGMP snooping settings on speci fic ports and LA Gs. To d i s p l a y t h e Genera l IGMP snooping page, click Switching → Multicas t Support → IGMP S nooping → General in the navigation menu.
822 Conf iguring L2 M ulticas t Feat ures Figur e 25-6. Edit IG MP Snoo ping Sett ings 3 Edit the IGM P snooping fields as ne eded. 4 Click Apply . The IGM P snooping sett ings are modified , and the dev ice is up dated.
Confi guring L2 Mu lticas t Features 823 Figur e 25-7. Copy IG MP Sn ooping Setting s 5 Cli ck Apply . The IGM P snooping settin gs are modified, and t he device is up dated.
824 Conf iguring L2 M ulticas t Feat ures Global Qu erier Co nfiguration Use the Global Quer ier Configura tion pag e to co nfigu re IGM P snoo ping querier settings, such as the IP address to use as the source in periodic IGMP queries when no source address has been configur ed on the VLAN.
Confi guring L2 Mu lticas t Features 825 VLAN Querier Use the VLAN Qu erier pa ge to specif y the IGMP s nooping querier s ettings for individual VLANs. To d i s p l a y t h e VLAN Q uerier pa ge, clic k Switching → Multi cast Su pport → IGMP Sn ooping → VLAN Querier in the navigation menu.
826 Conf iguring L2 M ulticas t Feat ures 3 Retu rn to the VLAN Q uerier page and select the new VLAN from the VLAN I D menu. 4 Specify the VLAN querier sett ings.
Confi guring L2 Mu lticas t Features 827 VLAN Querier St atus Use the VLAN Qu erier Status pag e to vi ew the IGMP sn oopin g querie r settings for individual VLANs. To d i s p l a y t h e VLAN Querier Status page, c lick Switching → Multicas t Support → IGMP S nooping → VLAN Querier Status in the naviga tion menu.
828 Conf iguring L2 M ulticas t Feat ures MFDB IGMP Snooping T able Use the MFDB IGMP Sno oping T able page to vi ew th e mult icast f orwar ding database (MFDB) IGMP Snooping T able and F orbidden P orts settings for individual VLANs.
Confi guring L2 Mu lticas t Features 829 MLD Snooping Genera l Use the MLD S nooping General page to add MLD members. T o access this page, click Switching → Multicast Support → MLD Snooping → General in the nav igation panel .
830 Conf iguring L2 M ulticas t Feat ures Figure 25 -15. MLD Snoo ping T abl e 2 Sele ct the Edit checkbox for each VLAN to m odify . 3 Edit the ML D snooping fields a s needed. 4 Click Apply . The M LD snooping se ttings are modified , and th e device is upd ated.
Confi guring L2 Mu lticas t Features 831 Copying MLD Snooping Settings to VLANs T o copy MLD snooping settings: 1 Fr o m t h e General MLD snooping page, click Show All . The MLD Snooping T able dis plays . 2 Sele ct the Copy P a rameters F rom checkbox.
832 Conf iguring L2 M ulticas t Feat ures MLD Snooping VLAN Queri er Use the MLD S nooping VLAN Quer ier page to s pecify the MLD snoo ping querier setting s for individual VLANs. To d i s p l a y t h e MLD Snooping VLAN Querie r page , click Switching → Multic ast Support → MLD Snooping → VLAN Querier in t he n aviga tion menu.
Confi guring L2 Mu lticas t Features 833 2 Enter th e VLAN ID and, if de sir ed, an opti onal VLAN name. 3 Retur n to the VLAN Q uerier page and select the n ew VLA N from th e VLAN I D menu. 4 Specify th e VLAN querier sett ings. 5 Cli ck Apply . The VLAN Querier settin gs are modified, and t he device is up dated.
834 Conf iguring L2 M ulticas t Feat ures MLD Snooping VLAN Queri er Stat us Use the VLAN Qu erier Status page to view the MLD snoopi ng quer ier settings for indiv idual VLANs. To d i s p l a y t h e VLAN Querier Status page, click Switching → Multicast Support → MLD Snoopi ng → VLAN Querier Status in the n aviga tion menu.
Confi guring L2 Mu lticas t Features 835 MFDB MLD Snooping T able Use the MFDB MLD Snooping T able page to view t he MFDB MLD snooping table settings for indivi dual VLANs. To d i s p l a y t h e MFDB MLD Snooping T able page, cli ck Switching → Multicast Supp ort → MLD S noopin g → MFDB MLD Snoo ping T able in the navigation menu.
836 Conf iguring L2 M ulticas t Feat ures MVR Global Configur ation Use the MVR Global Config uration page to enable the MVR featur e and configure global parameters. T o display the MVR Global Config uration page, c lick Switching → MVR Conf iguration → Glo bal Co nfig uratio n in the navigation panel.
Confi guring L2 Mu lticas t Features 837 MVR Members Use t he M VR Me mber s pag e to vi ew an d co nfig ur e MVR grou p memb er s. T o display th e MVR Members pa ge, click Switching → MVR Co nfig uratio n → MVR Members in the navigation panel. Figure 25 -23.
838 Conf iguring L2 M ulticas t Feat ures MVR Inter face Conf iguration Use the MVR Interfa ce Configuration page to enable MVR on a port, configure its MVR settings, and add the port to an MVR group.
Confi guring L2 Mu lticas t Features 839 Figure 25-27. MVR - Add to Group 2 Sele ct the interfa ce to add to t he MV R gro up. 3 Specify th e MVR group IP mu lticast add r ess. 4 Cli ck Apply . Removi ng an I nterf ace fro m an M VR Group T o remove an interface from an MVR group: 1 Fr o m t h e MVR I nter face page, c lick Rem ov e .
840 Conf iguring L2 M ulticas t Feat ures MVR Stat istics Use the MVR Statistics pa ge t o v ie w MV R s t at i st i cs on th e sw i t ch . T o d i sp l ay the M VR Statistics page, click Switching → MVR C onf igur atio n → MVR Statistics in the navigation panel.
Confi guring L2 Mu lticas t Features 841 GARP T imers The Ti m e r s page contains fields for setting the GARP timers used by GVRP and GMRP on the switch. To d i s p l a y t h e Tim e r s page, click Switching → GAR P → Ti m e r s in the navigation panel.
842 Conf iguring L2 M ulticas t Feat ures Figure 25-31. Garp T imers T able 3 F or each port or LAG to configure, select the check box in the Edit column in the row associa ted with the port.
Confi guring L2 Mu lticas t Features 843 Copying GARP Time r Settings From One Port to Others T o copy GARP timer settings: 1 Sele ct the Copy P a rameters F rom check box, an d select t he port or LAG with th e settin gs to apply to other port s or LAGs.
844 Conf iguring L2 M ulticas t Feat ures Figur e 25-33 . GMRP Por t Conf igurat ion T able 3 F or each port or LAG to configure, select the check box in the Edit column in the row associa ted with the port. 4 Specify the desired timer values. 5 Click Apply .
Confi guring L2 Mu lticas t Features 845 Copying Settings From One Port or LAG to Others T o copy GMRP settings: 1 Sele ct the Copy P a rameters F rom check box, an d select t he port or LAG with th e settin gs to apply to other port s or LAGs.
846 Conf iguring L2 M ulticas t Feat ures Configuring L2 Multicast Features (CLI) This section provides information about the commands you use to configure L2 multi cast se ttings on the sw itch. F o r more inform ation abo ut the commands, see the Dell Netw orking N2000, N3 000, and N4000 Series Switches CLI Refer ence Guide at support.
Confi guring L2 Mu lticas t Features 847 Configuri ng IGMP Snooping on VLANs Beginning in P rivileged EXEC mode, use the following commands to configure IGMP snooping settings on VLANs.
848 Conf iguring L2 M ulticas t Feat ures Configuri ng IGMP Snooping Quer ier Beginning in P rivileged EXEC mode, use the following commands to configure IGMP snooping querier sett ings on the sw itch and on VLANs. ip igmp snooping vlan vlan-id mc rtexp ireti me second s Specif y the multicas t router time- out valu e for to associate with a VLAN.
Confi guring L2 Mu lticas t Features 849 Configuri ng MLD Snooping on VLANs Beginning in P rivileged EXEC mode, use the following commands to configure MLD snooping settings on VLANs.
850 Conf iguring L2 M ulticas t Feat ures Configuri ng MLD Snooping Quer ier Beginning in P rivileged EXEC mode, use the following commands to configure ML D snooping querier se ttings on the swit ch and on VLANs. ipv6 mld snooping vlan vlan-id immedi ate-leave Enables MLD snoopin g immediate-leave mode on the specified V LAN.
Confi guring L2 Mu lticas t Features 851 Configuri ng MVR Beginning in P rivileged EXEC mode, use the following commands to configure MVR featur es on the switch.
852 Conf iguring L2 M ulticas t Feat ures mvr quer ytime time Set the MV R query response time. The value for time is in units o f tenths of a se cond. mvr mod e {compa tible | dynamic } Spec ify t he MV R mo de o f ope rati on. mvr gro up mcast-add r ess [ groups ] Add an MVR membership grou p.
Confi guring L2 Mu lticas t Features 853 Configuri ng GARP T imers and GMRP Beginning in P rivileged EXEC mode, use the following commands to conf igure the GAR P timers and to co ntrol the adminis trati ve mode GMRP on the switch a nd per -interface.
854 Conf iguring L2 M ulticas t Feat ures Case Study on a Real-W orld Network T opology Multicast Snooping Case Stu dy F igure 25-35 shows the t opology that the s cenarios in this case st udy use.
Confi guring L2 Mu lticas t Features 855 • Mult icast Sou rces: Server A – 239.20.3 0.40, Server B – 239 .20.30.42 • Subn ets: VLAN 10 – 192 .
856 Conf iguring L2 M ulticas t Feat ures 3 A forwa r ding en try is created b y D3 for V LAN20, 239 .20.30.42 – 1/0/6, 1/0/20. 4 Client D will receive the multica st stream from Server B b ecause it is forward ed by D1 to D3 an d then to D4 be cause D4 is a mult icast rout er .
Confi guring L2 Mu lticas t Features 857 2 A mult icast forw arding entry is c reated on D 2 VLAN 20, 239.20 .30.40 – 1/0/ 20, P ortCha nnel1 . 3 The Clie nt F r eport messa ge is for war ded to D3-P ortChannel 1 (multic ast router attached port). 4 A mult icast forw arding entry is created on D 3 VLAN 20, 239.
858 Conf iguring L2 M ulticas t Feat ures Mult icast Sou rce and List ener co nnect ed to Multic ast Route r via in termedi ate snoo ping s witches and are par t of diffe rent r outing VLANs: Serv er B Clien t E Clients E, B, and C are on the same subnet VLAN10 – 192.
Configu ring Conn ectivi ty Fault Mana gemen t 859 26 Configuring Connectivity Fault Managemen t This chapter describes how to configure the Connectivity F ault Management feature , which is specifie d in IEEE 802.
860 Confi gurin g Connec tivity Fau lt Mana gemen t IEEE Std. 802.3 LAN, Dot1ag addr esse s fault diagnosis at the service layer across networks comprising multiple LANs, including LANs o ther th an 802.
Confi guring C onnectiv ity Faul t Managemen t 861 Higher levels have a b roader , but less detailed, view of the network. As a resu lt, a pro vide r c ould incl ude mul tip le o pera tors , pr ovid ed t hat the dom ains never intersect.
862 Confi gurin g Connec tivity Fau lt Mana gemen t F i gure 2 6-2 depicts two MEP s and the MIP s that connect them in a maintenance domain. Figure 26-2. Maintenan ce En dpoints and Intermediat e Points Mai ntenanc e Assoc iatio ns An MA is a logical connection between one or more MEP s that enabl es monitoring a particular servi ce instance.
Confi guring C onnectiv ity Faul t Managemen t 863 Figure 26-3. Provider View for Service Level OAM Wha t is t he Adm inis trator’ s Role ? On the switch, the administra tor config ures the customer.
864 Confi gurin g Connec tivity Fau lt Mana gemen t T roubleshoo ting T asks In the event of a connecti vity loss between MEP s, the adm inistrator c an perform path discov ery , sim ilar to tra ceroute, from one MEP to any MEP or MIP in a mainte nance domain using Link T race Messages (L TMs).
Confi guring C onnectiv ity Faul t Managemen t 865 Configuring Do t1ag (We b) This secti on provides information about the O penManage Switch Administrator pages for configuring an d monitoring Dot1ag featur es on a Dell Networking N2000 , N3000, and N4000 series switches.
866 Confi gurin g Connec tivity Fau lt Mana gemen t Figur e 26-5. Dot 1ag MD Configu ratio n Dot1ag MA Configurat ion Use the MA Config uration page to associ ate a maintenance domain level with one o.
Confi guring C onnectiv ity Faul t Managemen t 867 T o add an MA, click the Add link at the top of the page. Dot1ag MEP Config uration Use the MEP Conf iguration pa ge to define switch ports as Ma nagement End Po i n t s . M E Ps a r e c o n f i g u r e d p e r d o m a i n a n d p e r V L A N .
868 Confi gurin g Connec tivity Fau lt Mana gemen t To a d d a M E P , c l i c k t h e Add link at the t op of the page. A VLAN must be associated with the s elected domain before you configure a MEP to be used within an MA (see the MA Config uration page).
Confi guring C onnectiv ity Faul t Managemen t 869 Dot1ag RMEP Summary Use the RMEP Summary p a g e t o vi e w i n fo rm a ti o n on re mo t e M E P s th at t he switch has learned through CFM PDU e xchanges with MEP s on the switch. To d i s p l a y t h e page, c lick Switching → Dot1ag → RMEP Summary in the tree view .
870 Confi gurin g Connec tivity Fau lt Mana gemen t Dot1ag L 2 Ping Use the L2 Ping page to generate a l oopback message from a speci fied MEP . The MEP can be identifi ed by the MEP ID or by its MAC address. To d i s p l a y t h e page, c lick Switching → Dot1ag → L2 Ping in the tree vi ew .
Confi guring C onnectiv ity Faul t Managemen t 871 Figure 26-11. Dot1ag L2 T raceroute Dot1ag L2 T racerou te Cache Use the L2 T racerout e Cache page to vie w link traces retained in the l ink trace databa se. To d i s p l a y t h e page, c lick Switching → Dot1ag → L2 T racero ute Cache in the tree view .
872 Confi gurin g Connec tivity Fau lt Mana gemen t Dot1ag St atisti cs Use the Statistics page to view Dot1ag informatio n for a selected domain and VLAN ID. To d i s p l a y t h e page, c lick Switching → Dot1ag → Sta tist ics in th e tree view .
Confi guring C onnectiv ity Faul t Managemen t 873 Configuring Do t1ag (CLI) This section provides information about the commands you use to configure Dot1a g setting s on the swit ch. F o r more informa tion abou t the comma nds, see the Dell Netw orking N20 00, N3000, and N4000 Ser ies Switches C LI Refe r ence G uide at support.
874 Confi gurin g Connec tivity Fau lt Mana gemen t Configuri ng MEP Informat ion Beginning in P rivileged Exec mode, use the following commands to configur e the mode and view related settings. CLI Command Desc ription configure Enter global configuration mode.
Confi guring C onnectiv ity Faul t Managemen t 875 Dot1ag Ping and T racerout e Beginning in P rivileged Exec mode, use the following commands to help identify and troubleshoot Ethernet CFM setting s. CLI Command Des cription ping ethe rnet cfm mac mac- addr Generate a loopback message from t he MEP with the sp ecified MAC address.
876 Confi gurin g Connec tivity Fau lt Mana gemen t Dot1ag Configur ation Example In the following e xample, the switch at the customer site is part of a Metro Ethernet network that is bridged to r emote sites through a provider network. A service VLAN (SVID 200) i dentifies a p articular set of customer traffi c on the provid er network.
Confi guring C onnectiv ity Faul t Managemen t 877 2 Configure port 1/0/ 5 as an MEP for se rvice VL AN 2 00 so that the po rt can ex change CFM PDUs with its counterpart MEP s on the customer n e tw o r k . T h e p o rt i s fi r s t c o n fi g u re d a s a ME P w it h M E P I D 2 0 o n d o m a i n level 6 for VLAN 20 0.
878 Confi gurin g Connec tivity Fau lt Mana gemen t.
Snoo ping a nd Ins pecti ng T raf fic 879 27 Snooping and Inspecting T raffic This chapter de scribes Dynamic Ho st Configurati on P rotocol (DHC P) Snooping, IP Source Guar d (IPSG), and Dynamic ARP .
880 Snoopi ng a nd Inspe cting T raff ic What Is DHCP Snooping ? Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP s .
Snoo ping a nd Ins pecti ng T raf fic 881 How Is the DHCP Snooping Bindings Datab ase Populated ? The DHCP snooping application uses D HCP messages to build a nd maintain the bin ding’s d atabas e. DHCP sn ooping create s a tentat ive bin ding fro m DHCP DISCO VER and REQUEST messages.
882 Snoopi ng a nd Inspe cting T raff ic DHCP Sn ooping an d VLAN s DHCP snooping forwards valid DHCP client messages r eceived on non- routing VLANs. The message is forwar ded on all trusted interface s in the VLAN. DHCP snooping can be configured on switching VLANs and routing VLANs.
Snoo ping a nd Ins pecti ng T raf fic 883 What Is IP Source Gua rd? IPSG is a securi ty feature that filters IP packets based on source ID. This featur e helps pro tect the network from attack s that use IP addr ess spoofi ng to compromise or overwhelm t he network.
884 Snoopi ng a nd Inspe cting T raff ic What is Dynamic ARP In spection? Dynamic ARP Insp ection (D AI) is a securit y feature that re jects invalid a nd malicious ARP packets.
Snoo ping a nd Ins pecti ng T raf fic 885 re-enable the port. D AI rate limiti ng cannot be enable d on trust ed interface s. Use the no i p arp in spection li mit command to disable diagnostic disabli ng of untrused ports due to D AI.
886 Snoopi ng a nd Inspe cting T raff ic Static DHCP bindings None co nfigured IPSG mode Disabled on all inte rfaces IPSG port security Disabled on all inter faces Static IPSG bi ndings None configure.
Snoo ping a nd Ins pecti ng T raf fic 887 Configuring T raffic S nooping and Inspection (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring an d monitoring DHCP snooping, IP SG, and DA I feature s on a Dell Networking N2 000, N3000, and N4 000 series switche s.
888 Snoopi ng a nd Inspe cting T raff ic DHCP Snooping Int erface Conf iguratio n Use the DHCP Snooping Interface Configuratio n page to configure the DHCP Snooping settings on ind ividual ports and LAGs.
Snoo ping a nd Ins pecti ng T raf fic 889 T o view a summary of the DHCP snooping configuration for all interfaces, click Show All . Figur e 27-4. DHCP S noopin g Interf ace Confi gurati on Summary.
890 Snoopi ng a nd Inspe cting T raff ic DHCP Snooping VLAN Conf iguration Use the DHCP Snooping VLAN Configurati on page to control the DHCP snooping mode on each VLAN . T o access the DHCP Snooping VLAN Confi guration page, click Switching → DHCP Snooping → VLAN Configuration in the navigation panel.
Snoo ping a nd Ins pecti ng T raf fic 891 DHCP Snooping Persistent Conf igurati on Use the DHCP Snooping P ersistent Config uration page to co nfigure the persis tent loca tion of the DHC P snooping database . The bindin gs databas e can be stor ed locally on the switch or on a remote system somewher e else in the networ k.
892 Snoopi ng a nd Inspe cting T raff ic DHCP Snooping Static Bindings Configurat ion Use the DHCP Snooping Static Bin dings Configurat ion page to add static DHCP bindi ngs to the bindi ng databas e.
Snoo ping a nd Ins pecti ng T raf fic 893 DHCP Snooping Dynami c Bindings Summar y The DHCP Snoo ping Dynamic Bindings Sum mary lists a ll the DHCP snooping dynamic binding entries learned on the switch ports.
894 Snoopi ng a nd Inspe cting T raff ic DHCP Snooping Statistics The DHCP S nooping Sta tistics page dis plays DH CP snooping i nterface statistics . T o access the DHCP Snooping Statistics page , clic k Switching → DHCP Snooping → Statistic s in th e navigati on panel.
Snoo ping a nd Ins pecti ng T raf fic 895 IPSG I nterface Configurat ion Use the IPSG Inter face Config uration pa ge to configure IPSG on an interface. T o access the IPSG In terfac e Conf igurati on page, click Switching → IP Source Guard → IPSG Inte rface Con figuration in the navigation pane l.
896 Snoopi ng a nd Inspe cting T raff ic IPSG Bindi ng Summary The IPSG Binding Summ ary page dis plays the IPSG Stat ic binding list and IPSG dynamic binding lis t (the static bindings configur ed in Bi nding configuration page).
Snoo ping a nd Ins pecti ng T raf fic 897 DAI Global Conf iguration Use the DA I C o n f ig u ra t i on page to configure global DAI settings. To d i s p l a y t h e D AI Conf iguration page , click Switching → Dynamic A RP Inspec tion → Global Co nfiguratio n in the navigation panel.
898 Snoopi ng a nd Inspe cting T raff ic DAI Int erface Con figuration Use the D AI Interf ace Config urati on page to selec t the D AI Interf ace for which information is to be displayed or configured.
Snoo ping a nd Ins pecti ng T raf fic 899 Figur e 27-17. DAI In terfac e Config uratio n Summary.
900 Snoopi ng a nd Inspe cting T raff ic DAI VLAN Co nfigurat ion Use the DAI VLA N Co nfigu ratio n page to s elect the VLANs for which information is to be displayed or configur ed. To d i s p l a y t h e D A I VLAN C onfig urat ion page, clic k Switching → Dyna mic ARP Insp ection → VLAN Configurat ion in the navi gation panel .
Snoo ping a nd Ins pecti ng T raf fic 901 DAI ACL Configur ation Use the D AI AC L Co n f i gu r a t io n page to add or remove ARP ACLs. To d i s p l a y t h e D A I ACL Configur ation page, click Switching → Dynamic ARP In specti on → A CL Configuratio n in the navigation panel.
902 Snoopi ng a nd Inspe cting T raff ic Figure 27-22. Dyna mic ARP Inspec tion Rule Co nfigurat ion T o view a summary of the ARP ACL rules that have been created, cli ck Show All . Figure 27 -23. Dynamic AR P Inspecti on ACL Ru le Summary T o r emove an ARP ACL rule, select the Re mo v e checkbox associated with the rule and click App ly .
Snoo ping a nd Ins pecti ng T raf fic 903 Figure 27-2 4. Dynamic ARP Inspec tion Statistic s.
904 Snoopi ng a nd Inspe cting T raff ic Configuring T raffic Snoopi ng and Inspection (CLI) This section provides information about the commands you use to configure DHCP snooping, IPSG, and D AI settings on th e switch.
Snoo ping a nd Ins pecti ng T raf fic 905 ip dhcp snooping databa se write-dela y second s Configure the in terval, in seconds , at which the DHCP Snooping database will be stored in pe rsistent storage. The number of se conds can range from 15–864 00.
906 Snoopi ng a nd Inspe cting T raff ic Configuri ng IP Source Guar d Beginning in P rivileged EXEC mode, use the following commands to configure I PSG settings on the switch. clear ip dhcp snooping statistics Rese t the DHCP snoop ing statist ics to zero.
Snoo ping a nd Ins pecti ng T raf fic 907 Configuri ng Dynamic ARP Inspe ction Beginning in P rivileged EXEC mode, use the following commands to configure D AI setti ngs on the switch. exit Exit to P rivileged EX EC mode. show ip verify in terface interfa ce View IPSG parameters for a specific port or LAG.
908 Snoopi ng a nd Inspe cting T raff ic arp access-list acl-name Create an AR P ACL with the s pecified n ame (1–3 1 characters) and enter ARP Access-list Configuration mode for the ACL. permit ip host send er -ip mac hos t sender-mac Configur e a ru le for a valid IP address and MAC addr ess combination used in ARP packet validation.
Snoo ping a nd Ins pecti ng T raf fic 909 show ip arp inspection vlan [ vlan-range ] View the Dynamic ARP I nspection confi guration on the spec ified V LAN(s). This command also di splays the global configuration values for s ource MAC va lidation, d estination MAC val idation and inv alid I P valida tion .
910 Snoopi ng a nd Inspe cting T raff ic T raffic Snooping and In spection Configuration Examples This section contains the following e xamples: • Configuring DH CP Snooping • Configuring IPSG Configuri ng DHCP Snooping In this e xample, DH CP snooping is en abled on VLAN 100.
Snoo ping a nd Ins pecti ng T raf fic 911 T o configure the switch: 1 Enable DHCP snoo ping on VLAN 10 0. console# config console(config)# ip dhcp snooping vlan 100 2 Configure LAG 1, which includes ports 21-24, as a trusted port. All other interfaces are untrusted by defau lt.
912 Snoopi ng a nd Inspe cting T raff ic Configuri ng IPSG This example builds on the previous example and use s the same topology shown in F igure 27-25. In this configur ation example, IP s ource guard is enabled on ports 1- 20. DHCP snoop ing must also be enabled on thes e ports.
Conf iguring Li nk Aggr egation 913 28 Configuring Lin k Aggregation This chapter describ es how to cr eate and configure link aggr egation groups (LAGs), which ar e also known as port-channels.
914 Confi gurin g Link Aggr egatio n Figure 2 8-1. LAG Configura tion LAGs can be co nfigured on s tand-alone or st acked swit ches. In a stack of switches, the LAG can consist of ports on a single unit or across multiple stack members.
Conf iguring Li nk Aggr egation 915 This provides a more r esilient L AG. Best practices sug gest using dynamic l ink aggre gation instead o f static link aggre gation.When a port is added to a LAG as a stat ic member , it neither transmits nor r ece ives L ACP PDUs.
916 Confi gurin g Link Aggr egatio n How Do LAGs Intera ct with Other Featu res? F rom a system perspective, a LAG is tr eated just as a physical port, with the same configuration parameters for admi nistrative enable/disabl e, spanning tree port p riori ty , path cos t as may be for an y other ph ysica l port.
Conf iguring Li nk Aggr egation 917 • The p ort cannot be a mirrored port The following are the interface restrictions • The confi gur ed speed of a LAG member cannot b e changed. • An interface can be a member of only one LAG. Default Li nk Aggregati on V alues The LAGs on the switch are created by default, but no ports are members.
918 Confi gurin g Link Aggr egatio n Configuri ng Link Aggregati on (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring LAGs on a Dell Networki ng N2000, N3000, and N40 00 series s witches.
Conf iguring Li nk Aggr egation 919 T o view or edit settings for multipl e LAGs, click Show All . LACP Parameters Dynamic link a ggregation i s initiated and maintained by the p eriodic ex changes of LACP P DUs. Use the LACP P aramet ers page to configur e LA CP LAGs.
920 Confi gurin g Link Aggr egatio n Figure 28-3. LACP Parameters Configu ring LACP Pa rameters for Multip le Ports T o configur e LACP settings: 1 Open the LACP P aram eters page.
Conf iguring Li nk Aggr egation 921 Figure 28-4. L ACP Parameters T able 3 Sele ct the Edit check box associated wit h each port t o configur e. 4 Specify th e LACP port priority and LACP timeout for each p ort. 5 Cli ck Apply . LAG Membership Y our switch supports 4 8 LAGs per system, and eight ports per LAG.
922 Confi gurin g Link Aggr egatio n Figure 28-5. LAG Membe rship Adding a Por t to a S tatic LAG T o add a static LAG member : 1 Open the LA G Membe rsh ip page. 2 Click in the LA G row to togg le the port to the desir ed LAG. The LAG number d isplays for that port.
Conf iguring Li nk Aggr egation 923 LAG Hash Configuration Use the LAG has h algori thm to set the t raffi c distri buti on mode on the LA G. Y ou can set the hash type for each LAG. To d i s p l a y t h e LA G Hash Config uration page, cli ck Switching → Link Aggregat ion → LAG Ha sh Configurat ion in the navigation panel.
924 Confi gurin g Link Aggr egatio n Figure 28-7. LAG Hash Summ ary.
Conf iguring Li nk Aggr egation 925 Configuri ng Link Aggreg ation (CLI) This section provides information about the commands you use to configure link aggregation settin gs on the sw itch. F or more information about the commands, see the Dell Networking N2000 , N3000, and N4 000 Series Switches CLI Reference Guide at supp ort .
926 Confi gurin g Link Aggr egatio n Confi guri ng Link Aggr egatio n Grou ps Beginning in P rivileged EXEC mode, use the following commands to add ports as LAG members and to confi gur e the LAG hashing mo de. Command Pu rpose configure Enter global configuration mode.
Conf iguring Li nk Aggr egation 927 Configuring LACP Pa rameters Beginning in P rivileged EXEC mode, use the following commands to configure system and p er- port LACP para meters. hashing-mo de mode Set th e hashi ng algo rithm o n the LAG. The mode value is a number from 1 to 7.
928 Confi gurin g Link Aggr egatio n interface port-chann el number Enter inte rface conf igurat ion mo de f or th e spec ified LAG. Y ou can also sp ecify a ran ge of LAG s to config ur e with the int erfa ce ran ge port-channel command, for example, interface r ange port-channel 1-3, 10 c onfig ures LAGs 1 , 2, 3, and 10.
Conf iguring Li nk Aggr egation 929 Link Aggregat ion Config uration Examples This section contains the following exa mples: • Configurin g Dynamic LAGs • Configu ring Static L AGs Configuring Dynamic LAGs The commands in this exampl e show how to configur e a static LAG on a switch.
930 Confi gurin g Link Aggr egatio n 3 View informa tion about L AG 1. console# show interfaces po1 Configuring Static LAG s The commands in this example show how to configur e a static LAG on a switch. The LAG number is 2, and the member ports ar e 10, 11, 14, and 17.
Conf iguring Li nk Aggr egation 931 3 View information abou t LAG 2. console# show interfaces po2 Channel Ports Ch-Type Hash Type Min-links Local Prf ------- ------------- ------- --------- --------- .
932 Confi gurin g Link Aggr egatio n Multi-Switch LAG (MLAG) Overview In a typical L2 network, the Spa nning T ree Protocol (STP) is deployed to avoid pack et storms due to loops in the network. T o perform this function, STP sets p orts into eith er a forwar ding state or a blocking state .
Conf iguring Li nk Aggr egation 933 Deployment Sce narios MLAG is intended t o support higher bandwidth utilization in scenarios where a r edundant L2 netwo rk is desir ed.
934 Confi gurin g Link Aggr egatio n Figure 28-9. MLAG in an L2 Net work SW2 SW1 Traffic flows on all av ailable link s. MLAG Peer Link SW4 SW3.
Conf iguring Li nk Aggr egation 935 Definiti ons Refer to Figure 28-10 for the definitions that follow . Figure 28 -10. MLA G Compo nents MLAG sw itches : MLAG awar e switches running Dell Networking OS switch firmwar e. No more than two MLAG a ware switches can p air to form one end of the LAG.
936 Confi gurin g Link Aggr egatio n MLAG m ember ports : P orts on the peer MLAG switches th at are part of the MLAG interface (P 1 on SW1 and S1 o n SW2). Non-redunda nt ports : P orts on ei ther of the peer swit ches that are not part of the MLAG (ports P4 and S4).
Conf iguring Li nk Aggr egation 937 2 STP The defa ult STP m ode for Dell N etworking switches is RST P . VLAN s cann ot be conf igured to c ontai n bot h MLA G port s and non- MLAG (no n- redundant) ports. Only RSTP or MSTP are supported with MLAG. STP - PV an d RSTP-PV are not supp orte d with ML AG.
938 Confi gurin g Link Aggr egatio n The ad ministrat or should also e nsure that th e following a r e identica l before enabling MLAG: –F D B e n t r y a g i n g t i m e r s – Sta tic MAC en tries.
Conf iguring Li nk Aggr egation 939 Operation in the Network Below is a sample ML AG topology and discussion: Figure 28-11. Examp le MLA G T opo logy In F igure 28- 11: 1 VLAN 10 spans the MLAG network. 2 P and S ar e MLAG -awar e pee r devices . P stands for primary a nd S stands for secondary .
940 Confi gurin g Link Aggr egatio n Supported topologies and the way traffic is handled in these to pologies is explained in the following sections. The MLAG component uses the k eep-alive p rotocol to select a p rimary and a secondary devi ce. The primary switch owns the M LAG member ports on the secondary device.
Conf iguring Li nk Aggr egation 941 The MLAG component in ternally configures filters so that traffic ingressing a peer -link is blocked from egress on the peer MLAG switch. The filters are modified when there is a failure of all the MLAG memb er interfaces on an MLAG switch and t raffic must egr ess through se lected ports on the MLAG peer .
942 Confi gurin g Link Aggr egatio n DCPDP an d Peer Lin k Failu res DCPDP i s intended to provide a secondary layer of protection against peer link failures. If the peer -link goes down but t he DCPDP protoco l is enabled and remains up, the MLAG links on the MLAG s econdary peer are disabled.
Conf iguring Li nk Aggr egation 943 b Configu re the timeout in terval, if de sir ed. vpc domain 1 role 10 exit Modifica tions to priority and time out in terval a r e effective on ly before the keep-ali ve protocol is enabled. Once enabled, MLAG switches contest in an election to select the primary and secondary sw itch.
944 Confi gurin g Link Aggr egatio n When the peer-lin k is configured, the MLAG component disables learning on the port-channel configured as the peer -link. 4 Configure DCPD P (optional): a Configur e a VLAN rou ting i nterface and as sign a local IP a ddre ss (different from the peer address).
Conf iguring Li nk Aggr egation 945 to the pr imary sw itch for han dling. FDB entries learne d on M LAG interfaces are synced between the two devices.
946 Confi gurin g Link Aggr egatio n 2 On the MLAG standby swit ch, sh ut down t he MLAG peer-link. 3 Copy the new f irmwar e to the standby swi tch, act ivate it , and r eboot the switch. 4 Re-enable the peer-link, if disabled, and ensure that it is up.
Conf iguring Li nk Aggr egation 947 MLAG doma in for the MLA G feature to autom atically ut ilize the pee r -link t o forward pack ets around failur es.
948 Confi gurin g Link Aggr egatio n Alt ernativ e Reco mmended L3 C onnect ivity The loop-free topology shown in F igure 28-13 uses the MLAG switches as L2 switches in a n EOR role. The single V LAN traverses the MLAG topo logy from the top router t o the bottom storage and servers .
Conf iguring Li nk Aggr egation 949 L3 V LAN T er mina tion on MLA G No t Sup porte d In the “two-armed” fully routed scenari o shown in F igure 28-14, both the routed network and the switched network are in the MLAG.
950 Confi gurin g Link Aggr egatio n In the scenario s hown in F igure 28-15 (similar to the pr evious sc enario), the downstream router is not configur ed with port-channel and uses ECMP or some other load sharing scheme to send pa ckets to routed MLA G peers.
Conf iguring Li nk Aggr egation 951 the case where a link from the router to one of the MLAG pe ers fails. Static routes must be added to the primar y and seco ndary MLAG peers to route traffic addressed to the connected router across the backup rout ed link in the case of a failur e of an MLAG link to the router .
952 Confi gurin g Link Aggr egatio n Virtual Rout er Redu ndancy Pro tocol If VRRP is en abled on a VLAN that has an MLAG port as its member , both VRRP routers become VRRP masters op erationally in th e VLAN. This is to allow load balancing of the northbound L3 traffic on the MLAG.
Conf iguring Li nk Aggr egation 953 transmitted wi th the source MAC address as the physical M A C address and not the virtual MAC address. In the exa mple i n F igure 28-17, if the virtua l MAC address is used as the source MAC address in the ARP from P to A, the n S will consume the packet, as it is operationally a VRRP master too .
954 Confi gurin g Link Aggr egatio n such as ECMP and r edundant router pairs, will allow a L3 routed network to utilize bandwidth efficiently . L3 routin g is capable of routin g pack ets aro und failed links and failed routers. Spanning tree (and LACP) PDUs are proxied from the secondary MLAG p eer to the MLAG p rimary switch.
Conf iguring Li nk Aggr egation 955 • Shutti ng down a MLAG por t-chan nel on th e secondary MLAG peer has no effec t. The opera tor can shut dow n the indi vidual links inst ead. • The spanning tree status is only show n corr ectly on the primary MLAG peer .
956 Confi gurin g Link Aggr egatio n • An N /A entry indi cates th at state synch ronization is no t required (usually for a link local protocol ) and the feat ure can b e config ured on a n MLA G VLAN or MLAG -associated l inks.
Conf iguring Li nk Aggr egation 957 MFDB No IGMP/MLD Snooping No DOT1Qbb No DOT1S Y e s Loop G uar d No FDB Y e s MACLOCK No DVLAN No DOT1AB No IP Subnet-based VLANs N/A MACVLAN N/A Pr o t e ct ed Po r t N o DHCP Snooping No IP Source Gu ard No Dynamic A RP Inspec tion No Auto-Neg otiation N/A L2-Rela y No MRP No MMRP No DOT1AS No 802.
958 Confi gurin g Link Aggr egatio n VO IP N o iSCSI No DOT1AD No DOT3AH No DCBX N/A ETS N/A FIP Snooping No MVRP No Management ACL No UDL D N/A Pr i va t e V L A N N o LLPF No Po r t A g g r e g a t .
Conf iguring Li nk Aggr egation 959 Basic Config uration Exa mple This e xample shows the configuration of t he two MLAG peer s and a single MLAG partner in the simplest possib le configuration. No MLAG pe er priorities are configured, nor is UDLD ena bled on the peer -link.
960 Confi gurin g Link Aggr egatio n exit snmp-server engineid local 800002a203001ec9dec52b snmp-server agent boot count 2 feature vpc vpc domain 1 peer-keepalive enable exit exit MLAG Peer B !Current Configuration: !System Description "Dell Networking N3024F, 6.
Conf iguring Li nk Aggr egation 961 vpc 1 exit snmp-server engineid local 800002a203001ec9dec513 snmp-server agent boot count 3 feature vpc vpc domain 1 peer-keepalive enable exit exit MLAG Partner !Current Configuration: !System Description "Dell Networking N2048, 6.
962 Confi gurin g Link Aggr egatio n Status Reporting The status outputs of the various VP C commands are self -explanat ory . Both the configured and operational status is shown in the outputs. Additional commands ar e shown belo w that may b e useful in troubleshooting MLAG configuration or operationa l issues.
Conf iguring Li nk Aggr egation 963 LAG-SW(config)#show vpc role Self ---- Keep-alive admin status........................ Disabled Keep-alive operational status.................. Disabled Priority....................................... 100 System MAC address.
964 Confi gurin g Link Aggr egatio n MLAG-Peer-A(config)#show interfaces status po2 Port Description Channel ------- ------------------------------ Po2 Operational State.............................. Up Admin Mode..................................... Enabled Port Channel Flap Count.
Conf iguring Li nk Aggr egation 965 VPC role....................................... Secondary System MAC address............................. 001E.C9dE.C513 MLAG-Peer-B#show vpc statistics peer-link Peer link control messages transmitted......... 95 Peer link control messages Tx errors.
966 Confi gurin g Link Aggr egatio n A Complete Exampl e The following example configures ei ght VLANs (10– 17) across two VPCs. VPC 1 is co nnected to an N2048 over two links (gi 1/0/23-24) ov er port- channel 2 on each MLAG peer . In terfaces T e1/ 0/1-2 on each MLA G peer connect to each other on port-channel 1 utilizing LACP .
Conf iguring Li nk Aggr egation 967 interface Gi1/0/1 channel-group 3 mode active description "Old-Iron-Partner-Link" exit ! interface Gi1/0/8 switchport access vlan 100 exit ! interface Gi1.
968 Confi gurin g Link Aggr egatio n ! interface port-channel 3 description "Old-Iron-Partner-Link" switchport mode trunk switchport trunk allowed vlan 1-99,101-4093 vpc 2 exit snmp-server engineid local 800002a203001ec9dec52b snmp-server agent boot count 2 feature vpc vpc domain 1 peer-keepalive enable peer-keepalive destination 192.
Conf iguring Li nk Aggr egation 969 description "Old-Iron-Partner-Link" exit ! interface Gi1/0/8 switchport access vlan 100 exit ! interface Gi1/0/23 channel-group 2 mode active description .
970 Confi gurin g Link Aggr egatio n description "Old-Iron-Partner-Link" switchport mode trunk switchport trunk allowed vlan 1-99,101-4093 vpc 2 exit snmp-server engineid local 800002a203001ec9dec513 snmp-server agent boot count 3 feature vpc vpc domain 1 peer-keepalive enable peer-keepalive destination 192.
Conf iguring Li nk Aggr egation 971 channel-group 1 mode active exit ! interface Gi1/0/4 channel-group 1 mode active exit ! interface port-channel 1 switchport mode trunk exit snmp-server engineid local 800002a203001ec9deb777 snmp-server agent boot count 3 exit Cisco 3750 MLAG Partner Configuration Current configuration : 1913 bytes ! version 12.
972 Confi gurin g Link Aggr egatio n ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interfac.
Conf iguring Li nk Aggr egation 973 interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0.
974 Confi gurin g Link Aggr egatio n Status Reporting The following shows the status of various components of the switches in the above configurat ion. The switch prompts i dentify the switch on which t he status is show n. T o obtain accurate stat us, the commands below ar e run on the primary MLAG switch unless noted otherwise.
Conf iguring Li nk Aggr egation 975 LAG-SW#show spanning-tree Spanning tree Enabled BPDU flooding Disabled Portfast BPDU filtering Disabled mode mst CST Regional Root: 80:00:00:1E:C9:DE:B7:77 Regional Root Path Cost: 0 ###### MST 0 Vlan Mapped: 1 ROOT ID Priority 32768 Address 0013.
976 Confi gurin g Link Aggr egatio n Gi1/0/23 Enabled 128.23 0 DIS Disb No Gi1/0/24 Enabled 128.24 0 DIS Disb No Gi1/0/25 Enabled 128.25 0 DIS Disb No Gi1/0/26 Enabled 128.26 0 DIS Disb No Gi1/0/27 Enabled 128.27 0 DIS Disb No Gi1/0/28 Enabled 128.28 0 DIS Disb No Gi1/0/29 Enabled 128.
Conf iguring Li nk Aggr egation 977 Po17 Enabled 96.666 0 DIS Disb No Po18 Enabled 96.667 0 DIS Disb No Po19 Enabled 96.668 0 DIS Disb No Po20 Enabled 96.669 0 DIS Disb No Po21 Enabled 96.670 0 DIS Disb No Po22 Enabled 96.671 0 DIS Disb No Po23 Enabled 96.
978 Confi gurin g Link Aggr egatio n Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Name State Prio.Nbr Cost Sts Role RestrictedPort --------- -------- --------- --------- ---- ----- -------------- Gi1/0/1 Enabled 128.1 0 DIS Disb No Gi1/0/2 Enabled 128.
Conf iguring Li nk Aggr egation 979 Self Role...................................... Primary Peer Role...................................... Secondary Peer detection................................. Pe er detected, VPC Operational Peer-Link details ----------------- Interface.
980 Confi gurin g Link Aggr egatio n MLAG-Peer-A#show vpc 1 VPC id# 1 ----------------- Config mode.................................... Enabled Operational mode.
Conf iguring Li nk Aggr egation 981 MLAG-Peer-A#show vpc statistics peer-keepalive Total transmitted.............................. 20908 Tx successful.................................. 20908 Tx errors...................................... 0 Total received.
982 Confi gurin g Link Aggr egatio n.
Confi gurin g Data Ce nter Bridging Features 983 29 Configuring Data Center B ridging Featur es This chapter describ es how to manage th e featur es developed for use in data center environments but ofte n used in a variety of 10G applications.
984 Confi gurin g Data Cent er Bri dging Fea tures Default DCB V alues T able 2 9-2 list s the default values for the DC B features that th is chap ter describes. DCBx Allo ws DCB de vices to ex chang e configu ration in formatio n, using type-len gth-value ( TL V) informatio n elements ov er LLDP , with directly connect ed peers.
Confi gurin g Data Ce nter Bridging Features 985 Priority Flow Control Or dinarily , when flow contr ol is enab led on a physi cal link, it applies to all traffic on the link. When congesti on occurs, the hardware sends pause frames that temporarily suspend t raffic flow to help prevent buffer overflow and dropped frames.
986 Confi gurin g Data Cent er Bri dging Fea tures Operator configuration of PFC is used only when the port is configured in a manual role. When interoperating with other equipment in a manual role, the peer equipme nt must be configured with identical PFC pri orities and VLAN assignments.
Confi gurin g Data Ce nter Bridging Features 987 PFC Co nfigur ation Page Use the PFC Configuration page to enable priority flow control on one o r more int erfaces and to configur e which priorities are subje ct to being pause d to preven t data loss .
988 Confi gurin g Data Cent er Bri dging Fea tures Figure 29-2. PFC Stati stics Configuri ng PFC Us ing the CL I Beginning in P rivileged EXEC mode, use the following commands to configure PFC.
Confi gurin g Data Ce nter Bridging Features 989 interface interfa ce Ent er inte rface co nfigur ation mode for the speci fied interfac e. The inte rface vari able i nclud es the interf ace typ e and number , for example tengigabit ethernet 1/0/3 .
990 Confi gurin g Data Cent er Bri dging Fea tures PFC Configur ation Example The network in this example handles both data and voice traffic. Because the voice traffic is time sensit ive, it r equir es a higher p riority than standar d data traffic. The voice traffic use s VLAN 100 and has an 802 .
Confi gurin g Data Ce nter Bridging Features 991 console(config-dcb)# exit 4 Ena ble V LAN ta ggin g on th e por ts so the 802.1p priorit y is identified.
992 Confi gurin g Data Cent er Bri dging Fea tures DCB Capability Exchange The Data Center Bridging Ex change P rotocol (DCBx) is used by DCB devices to ex change configuration information with di r ectly conn ected peers.
Confi gurin g Data Ce nter Bridging Features 993 Inte ropera bility with IEE E DCBx T o be int eroperabl e with legacy industry im plementa tions of the DC Bx protocol, The Dell Netw orking N4000 switches use a hybrid model to support both the IEEE versio n of DCBx (IEEE 802.
994 Confi gurin g Data Cent er Bri dging Fea tures explicitly by the operat or . These port s advertise their configura tion to their pee r if DC Bx is enabl ed o n that p ort. Inco mpat ible peer config urat ion s are logged and counted with an error cou nter .
Confi gurin g Data Ce nter Bridging Features 995 the willing parameter is dis abled on auto-downs tr eam . By default, auto- downstr eam ports hav e the re commend ation TL V parameter enabled.
996 Confi gurin g Data Cent er Bri dging Fea tures • The port role is auto-upstream. • The po rt is ena bled with l ink up an d DCBx enabl ed. • The por t has negot iated a DCBx re lati onship with t he partn er .
Confi gurin g Data Ce nter Bridging Features 997 no lldp tlv-select dcbxp ets-recommend no lldp tlv-select dcbxp pfc These commands elimi nate only the DCBX TL Vs from use by LLDP . They do not othe rwise affect any manually conf igured D CBX capa bilities or the normal operation of LLDP .
998 Confi gurin g Data Cent er Bri dging Fea tures lldp tlv-sel ect dcbxp [pfc | application- priority] Override the gl obal configuration for th e LLDP DCBx TL Vs on this in terf ace. Ent ering th e comm and wi th no parameters enables transmission of all TL Vs.
Confi gurin g Data Ce nter Bridging Features 999 Enhanced T ransmission Sele ction Networks classify and priorit ize traffic to provide differ ent service characteristics to end user traffic flows .
1000 Confi gurin g Data Cent er Bri dging Fea tures ETS provides a second level of sc heduling for packets s elected for transmissio n by the CoS sche duler . ETS operates at the traffic cla ss group (TCG) level and supp orts sharing of bandwidth across TCGs, ba ndwidth assignment for each TCG, and queue discipline (drop behavior) for each TCG.
Confi gurin g Data Ce nter Bridging Features 1001 The minimum bandwidth setting can be us ed to override the strict priority and weighted sett ings. The highest numbered strict priority queue w ill receive no mor e bandwidth than 100 percent minus the sum of the minimum bandwidth percenta ges assigned to the other que ues.
1002 Confi gurin g Data Cent er Bri dging Fea tures Commands This section provides information about the commands you use to manually configure and monitor ETS. F o r mor e information about the commands, see the Dell Net working N2000, N3000, and N40 00 Series Swit ches CLI Reference Guide at support.
Confi gurin g Data Ce nter Bridging Features 1003 ETS Configur ation Example This e xample configures four cl asses of traffic: 1. Ena ble T r us t Mode on an I nterface The following command enables the use of the dot1p priority of the incoming pack et.
1004 Confi gurin g Data Cent er Bri dging Fea tures console(config-if-Te1/0/2)#classofservice dot1p-mapping 0 0 console(config-if-Te1/0/2)#classofservice dot1p-mapping 1 0 console(config-if-Te1/0/2)#c.
Confi gurin g Data Ce nter Bridging Features 1005 CAUTION: Sharin g of bandw idth amo ng CoS Queues is disabled if the sum of the minimum ba ndwidt h setting s equals 100%.
1006 Confi gurin g Data Cent er Bri dging Fea tures priority traffic (typically control plane or low bandwidth, low latency traffi c) is assigned the highes t numbered T CG. It is recommended that WDR R queues be assigned to TCG0. The mapping may be configured on a single interface, a range of inte rfaces, or all the inte rfaces.
Confi gurin g Data Ce nter Bridging Features 1007 It is r ecommended that the sum of minimum bandwidth percentages configured on the CoS queues mapped to any T CG be less than or equal t o that of the weig ht percentage configured for the TCG, so that packets are not dropped due to the conge stion in the TC G.
1008 Confi gurin g Data Cent er Bri dging Fea tures It is recommended that the maximum b andwidth be configured to be greater than the minim um bandwidth or the weight or be configured to 0 (unlimited burst size ). console(config-if-Te1/0/1 )#traffic-class-group max-bandwidth 50 90 20 9.
Confi gurin g Data Ce nter Bridging Features 1009 ETS Theory of Oper ation First Level of Scheduling T o understand the first level of scheduli ng, consider T able 29-1. Ass ume that we have eight ingress ports, each one receiving line rate traffic with one dot 1p priority each.
1010 Confi gurin g Data Cent er Bri dging Fea tures Seco nd Le vel o f Sche dulin g T o consolidate differ ent traffic classes within different traffic types in a typical DCB environment , ETS provides an operational model for prior itiza tion an d bandw idth all ocati on for traff ic.
Confi gurin g Data Ce nter Bridging Features 1011 At t ime t2, a bu rst of L AN tr affi c is i ncom ing a t the rate of 4 G bps, this b urst is allowed to borrow the unused 0.5 Gbps bandwidth from SAN TC G and transm itted s ince the o ffer ed load of SAN is on ly 3 Gbps .
1012 Confi gurin g Data Cent er Bri dging Fea tures T raffic is passe d across stacking li nks using WDRR fo r all CoS queues. This will affect t he observed be havior of ETS on egress ports scheduling traffi c from over -subscribed stacking link s.
Confi gurin g Data Ce nter Bridging Features 1013 console(config-if-Te1/0/1)#classofservice traffic-class-group 2 2 console(config-if-Te1/0/1)#traffic-class-group weight 30 70 0 console(config-if-Te1/.
1014 Confi gurin g Data Cent er Bri dging Fea tures processing strict priority traffic is skewed to be the band width of th e indi vidual TCG divide d by the su m of t he wei ghts of all W DR R configured TCGs. The administrator may configur e other parameters to work in conjunction with the r eceived DCBX configurat io n, e.
Managi ng the MA C Address T ab le 1015 30 Managing the MAC Address T able This chapter describes the L2 MAC addr ess table the switch uses to forward data betw een ports.
1016 Managi ng the MA C Address T able What Informat ion Is in the MAC Address T able? Each entry in the address table, whether it is static or dyn amic, includes the MAC addr e ss, the VLAN ID as sociated with the MAC addres s, and the interface on which the address was learned or configured.
Managi ng the MA C Address T ab le 1017 Manag ing the M AC Addres s T a ble (W eb) This secti on provides information about the O penManage Switch Administrator page s to use to manage the MAC address table on a Dell Networki ng N2000, N 3000, and N400 0 series sw itches.
1018 Managi ng the MA C Address T able Figure 30-2. Addin g Static MAC Addr ess 3 Select the interfac e to associate with the static address. 4 Specif y the MAC add ress and an associat ed VLAN ID. 5 Click Apply . The new st atic ad dres s is added to t he Static MAC Address T able , and th e device is update d.
Managi ng the MA C Address T ab le 1019 Global Ad dress T able The Global Address T able p age contains fields for querying information in the dynamic address table, including the i nterface type, MAC addresses, VLAN, and ta ble sorting k ey . P ackets forwar ded to an addres s store d in the address tabl e are forwar ded directly to those ports.
1020 Managi ng the MA C Address T able Manag ing the MAC Address T able ( CLI) This section provides information about the commands you use to manage the MAC address table on the switch. F o r more information about the commands, see the Dell Netw orking N2000, N3 000, and N4000 Series Switches CLI Refer ence Guide at support.
Conf iguri ng Rou ting Interf aces 1021 31 Configuring Routing Interfaces This cha pter descri bes the routi ng (layer 3) interfa ces the Dell Networki ng series switches supp ort, which includ es VLAN routing int erfaces, loopback interfaces, and tunnel interfaces.
1022 Confi gurin g Routi ng Inte rfac es F or each VLAN rout ing interface you can a ssign a static IP addr ess, or you can allow a net work DHCP serve r to assign a dy namic IP addr ess.
Conf iguri ng Rou ting Interf aces 1023 What Are T unnel Interfaces? T unnels are a mechanism for tra nsporting a pack e t across a network so that it can be evaluated at a remote lo cation or tunnel endpo int . The t unnel, effectively , hi des the packet from the netwo rk used to transport t he packet to the endpoi nt.
1024 Confi gurin g Routi ng Inte rfac es Why Are Routing I nterfaces Needed? The ro uting in terfaces this ch apter de sc ribes have very differ ent a pplications and uses, as thi s section describe s. If you use the switch as a layer 2 device that handles switching only , routing in terface configuration is not r equired.
Conf iguri ng Rou ting Interf aces 1025 Loopba ck Int erfaces When packets are sent to the loop back IP address, the network sho uld be able to deliver t he packe ts as long as any ph ysical interfa ce on the switch is up. There ar e many cases wher e you need to se nd traffic to a sw itch, such as in switch management.
1026 Confi gurin g Routi ng Inte rfac es Default Routing Interface V alues By default, no routing interfaces ar e configur ed. When you create a VLAN, no IP address is configur ed, and DHCP is disabled.
Conf iguri ng Rou ting Interf aces 1027 Configuring Routing Interface s (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring VLAN routing interfaces, loopback interfaces, and tunnels on a Dell Networking N2000, N3000, and N4000 series switches.
1028 Confi gurin g Routi ng Inte rfac es DHCP Lease Paramet ers Use the DHCP L ease P aram eters page to vi ew information a bout the network i nformation auto matically a ssigned to an int erface by the DHCP server . T o display the page, click Rout ing → IP → DHCP L ease P arame ters in t he navigation panel.
Conf iguri ng Rou ting Interf aces 1029 Figure 31 -4. VLAN Routing Sum mary T unnel Configura tion Use the T u nnels Config uration page to create, configure, or delete a tunnel. T o display the page, cl ick Rout ing → Tu n n e l s → Configur ation in the navigation panel.
1030 Confi gurin g Routi ng Inte rfac es T unnels Summary Use the T unnel s Summary page to display a summary of configur ed tunnels. T o display the page, click Rout ing → Tu n n e l s → Summary in the navigation panel.
Conf iguri ng Rou ting Interf aces 1031 Loopback s Configura tion Use the Loo p ba cks Co nf i g ur at io n page to create, confi gure, or remove loopback i nterfaces.
1032 Confi gurin g Routi ng Inte rfac es Loopbacks Summar y Use the L oopbacks Summary page to displ ay a summary of config ured loopback interfaces on the switch. T o display the page, click Rout ing → Loopb ack I nte rfac es → L oopback Interfaces Summa ry in the nav igation panel .
Conf iguri ng Rou ting Interf aces 1033 Configuring Routing Interface s (CLI) This section provides information about the commands you use to configure VLAN routing interfaces, loopbacks, and tunnels on the switch.
1034 Confi gurin g Routi ng Inte rfac es ip local-proxy-a rp Enable l ocal pr oxy ARP on th e inter face to allow the swi tch to re spond to ARP re quests for hosts o n the same subnet as the ARP so urce. bandw idth size Set the co nfigured bandwi dth on this interfac e to comm unic ate the speed o f th e inte rface t o high er lev el protocols.
Conf iguri ng Rou ting Interf aces 1035 Configuri ng Loopback Int erfaces Beginning in P rivileged EXEC mode, use the following commands to configure a loopback interface.
1036 Confi gurin g Routi ng Inte rfac es Configuri ng T unnels Beginning in P rivileged EXEC mode, use the following commands to configure a loopback interface. NOTE: For informat ion about configu ring the I Pv6 int erface ch aracter istics f or a tunne l, see "Conf igurin g IPv6 Ro uting" on page 1241.
Conf iguri ng DHCP Se rver and R elay Set tings 1037 32 Configuring DHCP Server and Relay Settings This chapter describes how to configur e the switch to dynamically assign network information to hosts by using the Dynamic Host Configuration P rotocol (DH CP).
1038 Confi gurin g DHCP Server and Rela y Settin gs How Does DHCP W ork? When a host connects to the network, the host’s DHCP client broadcasts a message r equesting informat ion from any DHCP server that r eceives the broadcast. One or more DHCP serve rs r espond to the request.
Configu ring DHCP Server and Relay Se ttings 1039 discover r equests typically include options for the IP addr ess (option 50), subn et mask (optio n 1), de fault ga teway ( optio n 3), and DNS ser ver (opt ion 6).
1040 Confi gurin g DHCP Server and Rela y Settin gs The administrator is using a Micros oft DHCP server . Microsoft DHCP servers do not have native support for DHCP Option 82, but it can be added using the Dhcp ServerCall outEntry AP I to retrie ve the information vi a the DhcpHandle OptionsHook configured on the switches.
Configu ring DHCP Server and Relay Se ttings 1041 option subnet-mask 255.255.254.0; option domain-name-servers 10.1.218.3, 10.1.219.3; range dynamic-bootp 10.1.222.3 10.1.222.254; range dynamic-bootp 10.1.223.3 10.1.223.254; default-lease-time 21600; max-lease-time 43200; } } subnet 10.
1042 Confi gurin g DHCP Server and Rela y Settin gs The DHCP Layer 2 Relay feature permits Layer 3 Relay agent functionality in Layer 2 switched network s. The switch supports L2 DHCP r elay configuration on individual ports, link aggregation groups (LAGs) and VLANs.
Configu ring DHCP Server and Relay Se ttings 1043 Configuring the DHCP Server (We b) This secti on provides information about the O penManage Switch Administrator pages for configuring an d monitoring the DHCP server on a Dell Networking N2000 , N3000, and N4000 series switches.
1044 Confi gurin g DHCP Server and Rela y Settin gs Addin g Exclude d Address es T o e xclude an addr ess: 1 Open the Netwo rk P r operties page. 2 Click Add Excluded Addresses to displ ay the Add Excluded Addresses page. 3 In the From field, enter the first IP address to ex clude from any configu red addr ess pool.
Configu ring DHCP Server and Relay Se ttings 1045 Deleti ng Excl uded Add resses T o r emove an ex cluded addr ess: 1 Open the Netwo rk P r operties page. 2 Cli ck Delete Excluded Addresses to displa y the Delete Excluded Addresses page. 3 Select the check box n ext to th e addr ess or addr ess range to del ete.
1046 Confi gurin g DHCP Server and Rela y Settin gs Figure 32-5. Address Pool Addin g a Network Poo l T o create and configur e a network pool: 1 Open the Address P ool page. 2 Click Add Network P ool to dis play the Add Net work P ool page. 3 Assign a name to the pool and complete the d esired fi elds.
Configu ring DHCP Server and Relay Se ttings 1047 Figur e 32-6. Add Ne twork Pool The En gineering pool also configures clients to use 192.168.5.1 a s the defau lt gate way IP addr ess and 192.168 .1.5 and 192.168 .2.5 as the primar y and second ary DNS ser vers.
1048 Confi gurin g DHCP Server and Rela y Settin gs In F igure 32-7, th e Static pool nam e is Lab, an d the name of the client in the pool is LabHost1. The clien t’s MA C address is mapped to the IP address 192. 168.11.54 , the defa ult gatewa y is 192.
Configu ring DHCP Server and Relay Se ttings 1049 Address Po ol Opti ons Use the Address P ool Options p ag e t o vi e w m an u al l y c on f ig u red o pt i on s. Y o u can define opt ions when yo u cr eate an a ddr ess pool, or y ou can add options to an exi sting address p ool.
1050 Confi gurin g DHCP Server and Rela y Settin gs Figure 32-9. Add DHCP Option 5 Click Apply . 6 T o v erify that the option h as been added to the address pool, open the Address P ool Options page.
Configu ring DHCP Server and Relay Se ttings 1051 Figur e 32-10. V iew Addre ss Pool Opt ions DHCP Bindings Use the DHCP Bindings page to v iew inf ormati on about the cli ents th at have leased IP addresses from the DHCP server .
1052 Confi gurin g DHCP Server and Rela y Settin gs DHCP Server Reset Configuratio n Use the Reset C onf igur atio n page to cle ar the clie nt bind ings for o ne or mor e clients. Y ou can also r eset bindings for clients that hav e leased an IP addr ess that is alre ady i n use o n the ne twor k.
Configu ring DHCP Server and Relay Se ttings 1053 DHCP Server Stat istics Use the Ser ver S tatisti cs page to view general DHCP server statistics, messages received from DHCP clients, and messages sent t o DHCP clients.
1054 Confi gurin g DHCP Server and Rela y Settin gs Configuring the DHCP Server (CLI) This section provides information about the commands you use to configure and monitor the DHCP server and address pools. F o r mor e information about the commands, see the Dell Ne tworking N20 00, N3000, a nd N4000 Series Switches CLI Refer ence Guide at support.
Configu ring DHCP Server and Relay Se ttings 1055 Configuri ng a Dynamic Addres s Pool Beginning in P rivileged EXEC mode, use the following commands to create an addre ss pool with net work information that is dynamically assigned to hosts with DHCP clients that request the information.
1056 Confi gurin g DHCP Server and Rela y Settin gs Configuri ng a Static Address Pool Beginning in P rivileged EXEC mode , us e the foll owing comm ands to create a static addr ess pool and s pecify the network information for the pool.
Configu ring DHCP Server and Relay Se ttings 1057 Monitorin g DHCP Se rver Info rmation Beginning in P rivileged EXEC mode, use the following commands to view bindings, conflicts, and st atistics, and to clear t he information. defau lt-router addr ess1 [ addr ess2.
1058 Confi gurin g DHCP Server and Rela y Settin gs DHCP Server Co nfiguration Exa mples This section contains the following e xamples: • Configurin g a Dynam ic Address P ool • Configurin g a Sta.
Configu ring DHCP Server and Relay Se ttings 1059 6 In Global Configura tion mode, a dd the addr esses to ex clude from the pool. Clients will not be assigned these IP ad dr esses. console(config)# ip dhcp excluded-address 192.168.5.1 192.168.5.20 console(config)# ip dhcp excluded-address 192.
1060 Confi gurin g DHCP Server and Rela y Settin gs Configuri ng a Static Address Pool The commands in this example create an address pool that assigns the addr ess 192.
Configu ring DHCP Server and Relay Se ttings 1061 console(config-dhcp-pool)# exit 8 View information about th e static address pool. console#s how ip dhcp pool configuration "Tyler PC" Pool: Tyler PC Pool Type..........................Static Client Name.
1062 Confi gurin g DHCP Server and Rela y Settin gs.
Confi gurin g IP Ro uting 1063 33 Configuring IP Routing This chapter describes how to configur e routing on the switch, including global routing settings, Address Resolution Protocol (ARP), router discovery , and static route s.
1064 Confi gurin g IP Routi ng ICMP Router Di scovery P rotocol (IRDP) Hos ts can us e IRDP to iden tify o perat ional router s on t he subn et. Rou ters periodi call y adver tise their IP addres ses. H osts list en for these ad verti sements and disc over the IP addr esses o f neighbor ing routers.
Confi gurin g IP Ro uting 1065 Default IP Routing V alues T able 33-2 shows t he default values for the IP routing featur es this chapter desc ribe s. T able 33 -2.
1066 Confi gurin g IP Routi ng ARP T able The router mai ntains an ARP t able that as sociates a MA C addr ess and outgoing port with an IP addr e ss and VLAN. The ARP table is dynami cally updated with the host MAC addr ess and outgoing port information.
Confi gurin g IP Ro uting 1067 Configuring IP Routing Feature s (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring IPv4 routing features on a Dell Netw orking N2000, N300 0, and N4000 s eries switche s.
1068 Confi gurin g IP Routi ng IP St atistics The IP statistics r eported on the Statistics page ar e as spec ified in RF C 1213. To d i s p l a y t h e p a g e , c l i c k Rou t in g → IP → Statistics in the naviga tion panel .
Confi gurin g IP Ro uting 1069 ARP Create Use the Create page to add a static AR P entry to the A ddr ess Res olution P rotocol ta ble. T o display the page, click Routin g → ARP → Create in the navigation panel.
1070 Confi gurin g IP Routi ng ARP T able Configura tion Use the T able Configurat ion page to change the configuration parameters for the Address Resolution Protocol T a ble. Y ou can also use t his screen to display the con tent s of the table. T o display the page, click Rout ing → ARP → T ab le C onfig urat ion in the navigation panel.
Confi gurin g IP Ro uting 1071 Router Di scovery Configura tion Use the Co nfig urat ion page to enter or change router discovery paramete rs. T o display the page, cl ick Rout ing → Router Discovery → Conf igur atio n in the navigation panel. Figur e 33-5.
1072 Confi gurin g IP Routi ng Router Di scovery Status Use the Status page to display rou ter discovery data for each interface. T o display the page, click Rout ing → Router Discovery → Status in t he navigation panel.
Confi gurin g IP Ro uting 1073 Route T able Use the Rou te T a ble page to disp lay the content s of the routing ta ble. To d i s p l a y t h e p a g e , c l i c k Ro u t in g → Ro u te r → Route T a ble in the navig ation panel.
1074 Confi gurin g IP Routi ng Best Routes T able Use the Best Ro utes T able page to display the best routes from the routing table . T o display the page, click Rout ing → Ro ut e r → Best Routes T able in the navigation panel.
Confi gurin g IP Ro uting 1075 Route Entry Configurat ion Use the Route Entry Configuration page to add new and configure router routes. T o display the page, cl ick Rout ing → Rout er → R oute Entr y Confi gu ratio n in the navigation panel. Figure 33-9 .
1076 Confi gurin g IP Routi ng Figure 33-10. Rou ter Rout e Entr y and Pre feren ce Config uration 2 Nex t to Rou te T yp e, use the dr op-down box to a dd a Default, Sta tic, or Static R eject route. The fields to configu re ar e different for each route type.
Confi gurin g IP Ro uting 1077 Configure d Routes Use the Configured Routes page to display t he routes that have be en manually configur ed. T o display the page, cl ick Rout ing → Rout er → Configured Routes in t he navigation panel. Figure 33 -11.
1078 Confi gurin g IP Routi ng Route Prefer ences Confi guration Use the Route P references Confi guration page to configure the default prefer ence for each protocol (for example 60 for static routes). These values are arbitrary values that range from 1 to 25 5, and are independent of route metric s.
Confi gurin g IP Ro uting 1079 Configuring IP Routing Feature s (CLI) This section provides information about the commands you use to configure IPv4 routing on t he switch. F or more information about t he commands, see the Dell Ne tworking N2000, N300 0, and N4000 S eries Sw itches CLI Refe r ence G uide at support.
1080 Confi gurin g IP Routi ng Adding Stati c ARP Entries an d Configuring ARP T able Settings Beginning in P rivileged EXEC mode, use the following commands to configure s tatic ARP entri es in the ARP cache and to specify the settings for the ARP cache.
Confi gurin g IP Ro uting 1081 Configuri ng Router Disc overy (IRDP) Beginning in P rivileged EXEC mode, use the following commands to configure IRDP settings. Comman d Purpose configure En ter global conf iguration mode. interface inte rface Enter interf ace con figura tio n mode for th e spec ified VLAN rout ing interf ace.
1082 Confi gurin g IP Routi ng Configuri ng Route T able Entries and Route Preference s Beginning in P rivileged EXEC mode, use the following commands to configure IRDP settings. Command Purp ose configure En ter g lobal c onfigur ation m ode. ip route default nextHopRt r [ preference ] Config ure the defaul t route.
Confi gurin g IP Ro uting 1083 show ip route [ ip-address [ mas k | prefix-length ] [ long er -prefi xes ] | protocol ] View the rout ing table. • ip-add re ss — Specif ies the networ k for wh ich th e rout e is to be disp layed and d isplays the best m atching best- rout e for t he add res s.
1084 Confi gurin g IP Routi ng IP Routing Con figuration Example In this e xample, the Dell Netw orking switches ar e L3 switches with VLAN routing interfaces. VLAN routing is co nfigured on Dell Networking Switch A and Dell Networking Switch B. This allows the host in VLAN 1 0 to communicate with the server in VLAN 30.
Confi gurin g IP Ro uting 1085 Configuri ng Dell Network ing Switch A T o configur e Switch A. 1 Enable routing on t he switch. console# configure console(config)# ip routing 2 Assign an IP add ress to VLAN 1 0. This c omma nd also en ables IP r outing on the VLAN.
1086 Confi gurin g IP Routi ng Configuri ng Dell Networking Switch B T o configur e Switch B: 1 Enable routing on th e switch. console# configure console(config)# ip routing 2 Assign an IP addr ess to VLAN 20. This comman d also enables IP routi ng on the VLAN.
Confi guring L2 and L3 Rel ay Featur es 1087 34 Configuring L2 and L3 Relay Featur es This chapter describes how to configur e the L2 DHCP Relay , L3 DHCP Relay , and IP He lper features on Dell Netw orking series switches.
1088 Configu ring L2 an d L3 Relay Feat ures fields in the DHCP request. If the number of hops is greater than the configured number , the agent discards the packet. If the giaddr field is zero , the agent must fill in this field with the I P addr ess of the inte rface on which the r equest was re ceiv ed.
Confi guring L2 and L3 Rel ay Featur es 1089 Enabling L2 Relay on VLANs Y o u c a n e n a b l e L 2 D H C P r e l a y on a p a r t i c u l ar V L A N .
1090 Configu ring L2 an d L3 Relay Feat ures T able 34 -1. Default Ports - UDP Port Nu mbers Implie d By Wildc ard The syste m limits the total numb er of relay entries to four times the maximum number of routing int erfaces (512 r elay entrie s).
Confi guring L2 and L3 Rel ay Featur es 1091 configuration for the destination UDP port. If so , the r elay agent unicasts the packet to the configured server IP addr esses.
1092 Configu ring L2 an d L3 Relay Feat ures T able 34-2 shows the most common protoco ls and their UDP port numbers and names that ar e relayed. T able 3 4-2.
Confi guring L2 and L3 Rel ay Featur es 1093 Default L2/L3 Relay V alues By default L2 DHCP r elay is disabled. L3 relay (U DP) i s ena bled , but n o UDP destinatio n ports or serv er addres ses are defined on the switch or on any interfaces. T able 34-3 .
1094 Configu ring L2 an d L3 Relay Feat ures Configuring L2 and L3 Re lay Features (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring L2 and L3 r elay features on a Del l Networki ng N2000, N300 0, and N40 00 series swit ches.
Confi guring L2 and L3 Rel ay Featur es 1095 DHCP Relay Inter face Config uration Use this page to enable L2 DHCP r elay on individual ports . T o access this page, cli ck Switching → DHCP R elay → Inter face Configuratio n in the navigation panel.
1096 Configu ring L2 an d L3 Relay Feat ures Figure 34-3. DHCP Relay Inte rface Summary.
Confi guring L2 and L3 Rel ay Featur es 1097 DHCP Relay Inter face Stati stics Use this page to displ ay statistics on D HCP Relay r equests received on a selected port. T o access this page, click Switching → DHCP Relay → Interface Sta tistics in the navigation panel.
1098 Configu ring L2 an d L3 Relay Feat ures DHCP Relay VLAN Confi guration Use this page to enable and config ure DH CP Relay on specif ic VLANs. T o access this page, click Switching → DHCP Relay → VLAN Configur ation in the navi gation panel. Figure 34-5.
Confi guring L2 and L3 Rel ay Featur es 1099 T o display the page, cl ick Rout ing → BOOTP/DHC P Relay Agent → Confi gur ation in the navigation panel.
1100 Configu ring L2 an d L3 Relay Feat ures IP Helper Glo bal Configur ation Use the Global Config uration page to add, show , or delet e UDP Relay and Helper IP configuration T o display the page, click Rout ing → IP H elper → Glob al Co nfigur atio n in the navigation panel.
Confi guring L2 and L3 Rel ay Featur es 1101 Figur e 34-9. Add Help er IP Address 3. Select a U DP Des tination port name from t he menu or en ter the UD P Destin ation P ort ID. Select the Defau l t Set to c onfigure for the relay entry for the default set of prot ocols.
1102 Configu ring L2 an d L3 Relay Feat ures IP Helper Int erface Conf iguration Use the Interfa ce Configurat ion page to add, show , or delete UDP Relay and Helper IP configuration for a s pecific interface. T o display the page, click Rout ing → IP H elper → Inte rface Confi gurat ion in the navigation panel.
Confi guring L2 and L3 Rel ay Featur es 1103 Figure 34 -11. Ad d Helper I P Addre ss 3. Select the in terface to use for the relay . 4. Select a U DP Des tination port name from t he menu or en ter the UD P Destin ation P ort ID. Select the Defau l t Set to c onfigure for the relay entry for the default set of prot ocols.
1104 Configu ring L2 an d L3 Relay Feat ures IP He lper Stat istic s Use the Statistics pa ge to view UDP Rela y Statis tics for the swit ch. To d i s p l a y t h e p a g e , c l i c k Ro ut i ng → IP Helper → Statistics in the navi gation panel. Figure 3 4-12.
Confi guring L2 and L3 Rel ay Featur es 1105 Configuring L2 and L3 Relay Fea tures (CLI) This section provides information about the commands you use to configure L2 and L3 re lay features on the sw itch. F or more information about the commands, see the Dell Networking N2000 , N3000, and N4 000 Series Switches CLI Reference Guide at supp ort .
1106 Configu ring L2 an d L3 Relay Feat ures dhc p l2r ela y remote-id remo te Id vlan vlan-range Enabl e settin g the DHCP Option 82 Remote ID for a VLAN.
Confi guring L2 and L3 Rel ay Featur es 1107 Configuri ng L3 R elay (IP Helpe r) Settin gs Beginning in P rivileged EXEC mode, use the following commands to configure switch and interface L3 DHCP r elay and IP helper settings. Command Pu rpose configure Enter global configuration mode.
1108 Configu ring L2 an d L3 Relay Feat ures ip helper-address { serve r -addr ess | disc ard } [ dest- udp-por t | dhcp | domain | isakmp | mob ile-ip | nameser ver | netbios- dgm | netb ios-ns | ntp | pim-auto-rp | rip | tacacs | tf tp | time ] Config ure the relay of ce rtain UDP broadca st packets rec eived on th e VLAN routin g int erface( s).
Confi guring L2 and L3 Rel ay Featur es 1109 Relay Agent Configur ation Example The example in this section shows how to configure the L3 relay agent (IP helper) to relay and discar d various protocols.
1110 Configu ring L2 an d L3 Relay Feat ures 2 Relay D NS pac kets received on VL AN 10 to 192.168.4 0.43 console(config-if-vlan10)# ip helper-address 192.168.40.35 domain console(config-if-vlan10)# exit 3 Relay S NMP t raps (p ort 162) received on VL AN 20 t o 192.
Confi guring O SPF and OSP Fv3 1111 35 Configuring OSPF and OSPFv3 This chapter describes how to configur e Open Shortest P a th F irst (OS PF) and OSPFv3. OSPF is a dynamic routing protocol for IPv4 networks, and OSPFv3 is used to route traffic in IPv6 networks.
1112 Confi gurin g OSPF and OS PFv3 OSPF Overview OSPF is an Interior Gateway P rotocol (IGP) that performs dynamic routing within a network. Del l Network ing series swi tches supp ort two dyn amic routing protocols: OSPF and Routing Information P rotocol (RIP).
Confi guring O SPF and OSP Fv3 1113 What Are OSPF Router s and LSAs? When a Dell Networking switch is configur ed to use OSPF for dynamic routing, it is considered to be an OS PF router . O SPF route rs keep track of t he state of the variou s links they send data to .
1114 Confi gurin g OSPF and OS PFv3 OSPF Feature De tails This sect ion pro vide s deta ils on th e foll owing OSPF f eatures : •M a x M e t r i c • Sta tic Area R ange C ost •L S A P a c i n g •L S A P a c i n g Max Metric RFC 3137 introduced stub router behavior to OSPFv2.
Confi guring O SPF and OSP Fv3 1115 mode. OSPF does not begin in stub ro uter mode when OSPF is globally enabled. If the operator w ants to avoid ro uting transients when he enabl es or configures OSPF , he can manually set OSPF in stub router mode.
1116 Confi gurin g OSPF and OS PFv3 Static Are a Range Cost This feature allows a network operator to configure a fix ed OSPF cost that is always advert ised when an area range is ac tive. Thi s feature applie s to both OSPFv 2 and OSP Fv3. An OSPF domain can be divided into a reas to limit the processing r e quir ed on each router .
Confi guring O SPF and OSP Fv3 1117 LSA Pacing OSPF refreshes each self -o riginated LSA every 30 minutes . Because a router tends to originate many LSAs a t the same time, either at st artup or when adjacencies are formed or when routes ar e first learned, LSA refres hes tend to be grouped.
1118 Confi gurin g OSPF and OS PFv3 Flood Blocki ng OSPF is a link state routing protocol. Routers describe their local environment in Link Sta te Advertisements (LSA s), which are distributed throughout an area or OSPF domain.
Confi guring O SPF and OSP Fv3 1119 Flood blocking ca nnot be enabled on virtual interfaces. While the featu r e could be allowed on virtual interfaces, it is less lik ely to be used on a vir tual interface, si nce virtual interfaces are created sp ecifically to allow flooding between two b ackbone routers.
1120 Confi gurin g OSPF and OS PFv3 Default OSPF V alues O S P F i s g l o b a l l y e n a b l e d b y d e f a u l t . T o m a ke i t o pe r at io n al o n t h e r o u t e r , y o u must configur e a router ID and e nable OSPF on a t least one i nterface.
Confi guring O SPF and OSP Fv3 1121 T able 35 -2 shows the per -interf ace default va lues for OS PF and OSP Fv3. T abl e 35-2. OSPF Per-Inte rface Default s Paramete r Defaul t V alue Admin Mod e Dis.
1122 Confi gurin g OSPF and OS PFv3 Configuring OSPF Fe atures (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring OSPF features on a Dell Networki ng N2000, N3000, and N40 00 series s witches.
Confi guring O SPF and OSP Fv3 1123 OSPF Area Config uration The Area Config uration page lets you create a S tub area configuration and NSSA once you’ve enabled OSPF on an interface through Ro ut i n g → OSP F → Inter face Config uration . At least one router must have OSPF enabled for this web page to disp lay .
1124 Confi gurin g OSPF and OS PFv3 Configuring an OSPF Stub Area T o configure the ar ea as an OSPF stub ar ea, click Create Stub Area . T he pages r efr eshes, and display s additional fields t hat ar e specific to the stub ar ea. Figure 35-3. OSP F Stub Area Configuratio n Use the Dele te Stu b Ar ea button to remove the s tub area.
Confi guring O SPF and OSP Fv3 1125 Configuring an OSPF Not-So-Stubby Area T o configure the area as an OSPF not-s o-stubby ar ea (NSSA), click NSSA Create . The pages refr eshes, and displays additional fields that are specific to the NSSA. Figure 3 5-4.
1126 Confi gurin g OSPF and OS PFv3 OSPF Stub Area Summary The Stub Are a Summary page disp lays OSPF st ub area d etail . T o display the page, click Rout ing → OSPF → Stub Area Summary in t he navigation panel.
Confi guring O SPF and OSP Fv3 1127 OSPF Area Range Confi guratio n Use the Area Ra nge Configuration page to configure and disp lay an area range for a specified NSSA. T o display the page, click Routi ng → OSP F → Area Range C onfiguration in the navigation panel.
1128 Confi gurin g OSPF and OS PFv3 OSPF Interf ace Statist ics Use the Inte rface Statistics page t o disp lay st atist ics f or the s electe d interface. The informat ion is displayed onl y if OSPF is enab led. T o display the page, click Rout ing → OSPF → Inte rface Sta tisti cs in the navigation panel.
Confi guring O SPF and OSP Fv3 1129 OSPF Interf ace Configur ation Use the Interfa ce Configurat ion page to confi gure an OSPF interface. T o display the page, cl ick Rout ing → OSPF → Inter face Config urat ion in the navigation panel. Figure 35-8.
1130 Confi gurin g OSPF and OS PFv3 OSPF Neighbor T able Use the Neighbor T able page to displa y the O SPF neig hbor ta ble list . Whe n a particular ne ighbor ID is spec ified, detailed information ab out a neighbor is given. The information below is only displayed if OSPF is enabled.
Confi guring O SPF and OSP Fv3 1131 OSPF Neighbor Conf igurati on Use the Neighbor Co nfigurat ion page to display the OSPF neighbor configuration for a selected neighbor ID. When a particular neighbor ID is specified, deta iled information about a neighbor is given.
1132 Confi gurin g OSPF and OS PFv3 OSPF Link State D atabase Use the Link Stat e Databa se page to display OSPF link state, external LSDB table, and AS opaque LSDB tabl e information. T o display the page, click Rout ing → OSPF → Link State Database in th e navigation panel.
Confi guring O SPF and OSP Fv3 1133 Figure 35-12. OSPF Virtual Link Creation After you cr eate a virtual link, additional fields di splay , as the F igur e 35-13 shows.
1134 Confi gurin g OSPF and OS PFv3 OSPF V irtual Link Su mmary Use the Vi r t u a l L i n k S u m m a r y page to display all of the configur ed virtual links. T o display the page, click Rout ing → OSPF → Vi r t u a l L i n k S u m m a r y in the navigation panel.
Confi guring O SPF and OSP Fv3 1135 OSPF Route Redist ribution Conf igurati on Use the Rout e Redi stri buti on Conf igu ratio n page to co nfigure redistribu tion in OSPF for routes learned through various protocols. Y ou can choose to redistribute routes learned from all available protocols or from selected ones.
1136 Confi gurin g OSPF and OS PFv3 OSPF Route Redis tribution Summar y Use the Ro ute R edistri buti on S ummary page to display OSPF R oute Redistribution configurations. T o display the page, click Rout ing → OSPF → Rout e Red ist rib uti on Summary in the navigation panel.
Confi guring O SPF and OSP Fv3 1137 NSF OSPF Configur ation Use the NS F OSP F Conf igur ation page to configure the non-stop forwar ding (NSF) support mode and to view NSF summar y information for the OSPF featur e. NSF is a feat ure used in sw itch stacks to maint ain switching and routing functions in the event of a stack unit failur e.
1138 Confi gurin g OSPF and OS PFv3 Configuring OSPFv3 Features (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring OSPFv3 featur es on a Dell Networ king N2000, N3000, and N400 0 series switches.
Confi guring O SPF and OSP Fv3 1139 OSPFv3 Area C onfiguratio n Use the Area Config uration page to creat e and configure an OSPFv3 a rea. T o display the page, cl ick IPv6 → OSPFv3 → Area Con figuration in t he navigation panel.
1140 Confi gurin g OSPF and OS PFv3 Confi guring an OSPFv3 Stub Area T o configure the ar ea as an OSPFv3 st ub area, click Creat e St ub A rea . The pages r efr eshes, and display s additional fields t hat ar e specific to the stub ar ea. Figure 35-20.
Confi guring O SPF and OSP Fv3 1141 Configuring an OSPFv 3 Not-So-Stubby Area T o configure the ar ea as an OSPFv3 not-s o-stubby ar ea (NSSA), cl ick Create NSSA . The pages refreshes, and displays additional fields that are specific to the NSSA. Figure 35 -21.
1142 Confi gurin g OSPF and OS PFv3 OSPFv3 Stub Area Summary Use the Stub Ar ea Summary page to dis play OSPFv3 stub area detail. T o display the page, click IPv6 → OSPFv3 → Stub Area Summary in the navigation panel.
Confi guring O SPF and OSP Fv3 1143 OSPFv3 Area Range Con figurati on Use the Area Ra nge Configuration page to configure OSPFv3 ar ea ranges. T o display the page, cl ick IPv6 → OSPFv3 → Area Range Configuration in the navigation panel. Figure 35 -23.
1144 Confi gurin g OSPF and OS PFv3 OSPFv3 Inter face Config uration Use the Interfac e Configurat ion page to create and configur e OSPFv3 interfaces. To d i s p l a y t h e p a g e , c l i c k IPv6 → OSPFv3 → Inte rface Confi guration in t he navigation panel.
Confi guring O SPF and OSP Fv3 1145 OSPFv3 Inter face Stati stics Use the Interface Statistics page to dis play OSPF v3 interface st atistics. Information is onl y displayed if OSP F is enabled. T o display the page, cl ick IPv6 → OSPFv3 → Interface Statistics in the navigation panel.
1146 Confi gurin g OSPF and OS PFv3 OSPFv3 Neighbor s Use the Neigh bors page to display the OSPF neighbor configuration for a selected neighb or ID. When a pa rticular neighbor I D is specified, det ailed information about th at neighbor is given. Neighbor information o nly displays if OSPF is en abled and the inte rface has a neighbor .
Confi guring O SPF and OSP Fv3 1147 OSPFv3 Neighbor T able Use the Neighbor T able page t o display the OS PF neig hbor tab le list. When a particular neig hbor ID is specifie d, detailed information ab out a neighbor is given. The neighbor t able is onl y displayed if OSP F is enabled.
1148 Confi gurin g OSPF and OS PFv3 OSPFv3 Link St ate Database Use the Link State Database page to displ ay the li nk state and e xternal LSA database s. The OSPFv3 Link State Database page has been updated to display extern al LSDB ta ble info rmatio n in addition to OS PFv3 link s tate information.
Confi guring O SPF and OSP Fv3 1149 OSPFv3 V irtual Li nk Configura tion Use the V irtual Link Configura tion page to define a new or configure an exis ting virtual link. T o display t his page, a val id OSPFv3 area mus t be defined through the OSPFv 3 Ar ea Configuration page.
1150 Confi gurin g OSPF and OS PFv3 After you create a virtual link, additional fields display , as the F igure 35-30 shows. Figure 35-30. OSPFv3 Virtual Link Configurati on.
Confi guring O SPF and OSP Fv3 1151 OSPFv3 V irtual Li nk Summary Use the Vi r t u a l L i n k S u m m a r y page to display virtual link data b y Area ID and Neighbor Router ID. T o display the page, cl ick IPv6 → OSPFv3 → Vi r t u a l L i n k S u m m a r y in the navigation panel.
1152 Confi gurin g OSPF and OS PFv3 OSPFv3 Route Redi stributio n Configurat ion Use the Route Redist ribut ion Co nfig urat ion page to configure route redi stri buti on. T o display the page, click IPv6 → OSPFv3 → Route Redis tr ibut io n Configur ation in the navigation panel.
Confi guring O SPF and OSP Fv3 1153 OSPFv3 Route Redi stributio n Summary Use the Route Redistribution Summary page to display route redis tribution settings by source. T o display the page, cl ick IPv6 → OSPFv3 → Rout e Re dist rib ut ion Summary in the navigation panel.
1154 Confi gurin g OSPF and OS PFv3 NSF OSPFv3 Confi guration Use the NSF OS PFv3 C onfig urat ion page to configure the non-stop forwarding (NSF) support mode and to view NSF summary information for the OSPFv3 feature. NSF is a featur e used in swit ch stacks to maintain switching and routing functions in the even t of a stack unit fail ure.
Confi guring O SPF and OSP Fv3 1155 Configuring OSPF Features (CLI) This section provides information about the commands you use to configure and view OSPF sett ings on the sw itch .
1156 Confi gurin g OSPF and OS PFv3 default-information originate [ al ways ] [ metri c metric -value ] [ metri c-type type-value ] Control the advert isement of default route s.
Confi guring O SPF and OSP Fv3 1157 passive-interface default Config ure OSPF in terfa ces as passive by de faul t. This command overrides any inter face-level passive mode sett ings.O SPF d oes not form adjace ncies on pa ssive interf aces but does a dvertise attach ed net works as stub networ ks.
1158 Confi gurin g OSPF and OS PFv3 Configuri ng OSPF I nterface Settin gs Beginning in P rivileged EXEC mode, use the following commands to configure pe r -i nterfac e OSPF se ttings. Command Purpose configure Enter global configuration mode. interface vlan vla n-id Ente r Inte rface C onfig urati on mo de for t he spe cified VLAN.
Confi guring O SPF and OSP Fv3 1159 ip ospf dead-inter val second s Set the O SPF dead inte rval for the inte rface. The seco nds varia ble indica tes th e numb er of s econds a route r wait s to see a neigh bor ro uter's H ello pac ke ts befor e decla ring tha t the router is down ( Range: 1– 65535) .
1160 Confi gurin g OSPF and OS PFv3 Configuri ng Stub Areas and NSSAs Beginning in P rivileged EXEC mode, use the following commands to configure OSPF stub ar eas and NSSAs. exit Exit to Globa l Configu ration Mode router ospf Ent er OSPF configura tion mode.
Confi guring O SPF and OSP Fv3 1161 area ar ea-id default-c ost inte ger Confi gure the m etric value (d efault cost ) for the typ e 3 summa ry LSA sent int o the st ub ar ea. Ra nge: 1–1677 7215 ) area ar ea-id nssa Create an NS SA for the speci fied area ID.
1162 Confi gurin g OSPF and OS PFv3 Configuri ng Vir tual Links Beginning in P rivileged EXEC mode, use the following commands to configure OSPF V irtual Links. Command Purp ose configure En ter g lobal c onfigur ation m ode. router ospf Enter O SPF co nfiguratio n mode.
Confi guring O SPF and OSP Fv3 1163 area ar ea-id virtual-li nk neighb or -id hello-inter val second s Set the O SPF hello in terval for the v irtual link. The seco nds varia ble in dicate s the numbe r of sec onds t o wait b efor e send ing He llo pac ket s from t he virt ual inter face.
1164 Confi gurin g OSPF and OS PFv3 Configuri ng OSPF Area Range Setti ngs Beginning in P rivileged EXEC mode, use the following commands to configure an OSPF ar ea range. Configuri ng OSPF R oute Redis tribution Setting s Beginning in P rivileged EXEC mode, use the following commands to configure OSPF route r edistribution settings.
Confi guring O SPF and OSP Fv3 1165 distri bute-l ist access listna me out { rip | static | connec ted } Specify t he acce ss list t o filter rou tes r eceived f rom the source protocol.
1166 Confi gurin g OSPF and OS PFv3 Configuri ng NSF Setting s for OSPF Beginning in P rivileged EXEC mode, use the following commands to configure the non-stop forwarding settings for OSPF . Command Purp ose configure En ter g lobal c onfigur ation m ode.
Confi guring O SPF and OSP Fv3 1167 Configuring OSPFv3 Features (CLI) This section provides information about the commands you use to configure OSPF v3 setting s on the sw itch.
1168 Confi gurin g OSPF and OS PFv3 distan ce ospf { external | inter -area | intra-area } dist ance Set t he preference values o f OSPFv3 ro ute types in t he rout er . The range for the dist ance vari able i s 1–25 5. Lower ro ute preference valu es are preferred when determi ning the bes t rout e.
Confi guring O SPF and OSP Fv3 1169 Configuri ng OSPFv3 Inte rface Settings Beginning in P rivileged EXEC mode, use the following commands to configure per -interface OSPFv3 settings. Comman d Purpose configure E nter globa l confi guration mod e. interface vlan vla n-id Ente r Inte rface Conf igura tion mo de fo r the specif ied VLAN.
1170 Confi gurin g OSPF and OS PFv3 ipv6 ospf dead-inter val second s Set the O SPFv3 dead int erval for the in terface. The secon ds varia ble indic ates th e number of seconds a rout er wait s to see a nei ghbor r outer' s Hell o pack ets befor e decla ring tha t the rout er is down ( Range: 1–65 535).
Confi guring O SPF and OSP Fv3 1171 Configuri ng Stub Areas and NSSAs Beginning in P rivileged EXEC mode, use the following commands to configure OSPFv3 stub ar eas and NSSAs.
1172 Confi gurin g OSPF and OS PFv3 area area-id nssa [no- redistribution] [default- information-originate [metric metric-value ] [metric-type metric-type - value ]] [no-summary ] [translator-role role ] [translator -stab-intv inter val ] Create and con figure an NSSA for the speci fied area ID.
Confi guring O SPF and OSP Fv3 1173 Configuri ng Vir tual Links Beginning in P rivileged EXEC mode, use the following commands to configure OSPFv3 Vi rtual Links. Comman d Purpose configure En ter global conf iguration mode. ipv6 router ospf En ter OSPFv3 conf igurati on mode.
1174 Confi gurin g OSPF and OS PFv3 Configuri ng an OSP Fv3 Area Range Beginning in P rivileged EXEC mode, use the following commands to configure an OSPFv3 ar ea range. Command Purp ose configure En ter g lobal c onfigur ation m ode. ipv6 router ospf Ente r OSPFv 3 con figura tion m ode.
Confi guring O SPF and OSP Fv3 1175 Configuri ng OSPFv3 Route Red istributi on Settings Beginning in P rivileged EXEC mode, use the following commands to configure OSPFv3 route redistribution settings. Comman d Purpose configure En ter global conf iguration mode.
1176 Confi gurin g OSPF and OS PFv3 Configuri ng NSF Setting s for OSPFv3 Beginning in P rivileged EXEC mode, use the following commands to configure the non-stop forwarding se ttings for OSPFv3. Command Purp ose configure En ter g lobal c onfigur ation m ode.
Confi guring O SPF and OSP Fv3 1177 OSPF Configuration Examples This section contains the following exa mples: • Configurin g an OSPF Border Router and Set ting Interface Costs • Config uring Stu .
1178 Confi gurin g OSPF and OS PFv3 T o Configure Bor der Router A: 1 Enable routing on th e switch. console# configure console(config)# ip routing 2 Create VLA NS 70, 8 0, and 9 0 and a ssign th em to int erfaces.
Confi guring O SPF and OSP Fv3 1179 5 Configure the OSPF ar ea ID, p riority , and cost for each in terface. console(config)# interface vlan 70 console(config-if-vlan70)# ip ospf area 0.
1180 Confi gurin g OSPF and OS PFv3 Configuri ng Stub and NSSA Areas for OSPF and OSPFv3 In this e xample, Ar ea 0 connects dir ectly to two other areas: Area 1 is defined as a stub area and Ar ea 2 is defined as an NSSA a rea. F igure 35-36 il lustrates this e xample OSPF configuration.
Confi guring O SPF and OSP Fv3 1181 Switch A is a backbone router . It link s to an ASBR (not defined here) tha t routes traffic outside th e AS. T o configur e Switch A: 1 Glob ally en able IP v6 and.
1182 Confi gurin g OSPF and OS PFv3 console(config-if-vlan12)# exit 7 Define the O SPF and OSPFv3 router IDs for the switch: console(config)# ipv6 router ospf console(config-rtr)# router-id 3.3.3.3 console(config-rtr)# exit console(config)# router ospf console(config-router)# router-id 3.
Confi guring O SPF and OSP Fv3 1183 console(config)# interface vlan 5 console(config-if-vlan5)# ip address 10.2.3.2 255.255.255.0 console(config-if-vlan5)# ipv6 address 3000:2:3::/64 eui64 console(con.
1184 Confi gurin g OSPF and OS PFv3 console(config-router)# network 10.2.4.0 0.0.0.255 area 0.0.0.2 6 F or IPv4: Configure a metric cost to associate with static routes when they ar e r edistr ibuted v ia OSPF : console(config-router)# redistribute static metric 1 subnets console(config-router)# exit 7 F or IPv6: Def ine an OSPF r outer .
Confi guring O SPF and OSP Fv3 1185 Figure 35-37. OSPF Conf iguration— V irtual Link Switch B is an AB R that dir ectly connects Area 0 to Area 1. Note that in the previous exampl e, Switch B connected to a stub a rea and an NSS A. Virtual links cannot be cr eated across stub ar eas or NSSAs.
1186 Confi gurin g OSPF and OS PFv3 S w i t c h C i s a A B R t h a t e n a b l e s a v i r t u a l l i n k f r o m t h e re m o t e A r e a 2 i n t h e A S to Area 0. The follow ing commands define a virtual link that travers es Ar ea 1 to Switch B (2.
Confi guring O SPF and OSP Fv3 1187 Intercon necting an IPv4 Backbone and Local IPv6 Network In F igure 35- 38, two De ll Networking L 3 switches are connected as shown in the diagram. The V LAN 15 routing i nterface on both s witches connects to an IPv4 bac kbone ne twork where OSPF is used as the dynamic routing protocol to ex change IPv4 routes.
1188 Confi gurin g OSPF and OS PFv3 4 Set the OS PFv3 router ID. console(config)# ipv6 router ospf console(config-rtr)# router-id 1.1.1.1 console(config-rtr)# exit 5 Configur e the IPv4 addr e ss an d OSPF area for VLAN 15. console(config)#i nterface vlan 15 console(config-if-vlan15)#ip address 20.
Confi guring O SPF and OSP Fv3 1189 T o configur e Switch B: 1 Create the VLA Ns. console(config)# vlan 2,15 console(config-vlan70,80,90)# interface te1/0/1 console(config-if-Te1/0/1)# switchport mode.
1190 Confi gurin g OSPF and OS PFv3 8 Configure the loopback interface. The switch uses the loopback IP address as the OSPF and OSPFv3 router I D. console(config)# interface loopback 0 console(config-if-loopback0)# ip address 2.
Confi guring O SPF and OSP Fv3 1191 network 172.20.0.0 0.0.255.255 area 0 network 172.21.0.0 0.0.255.255 area 1 area 1 range 172.21.0.0 255.255.0.0 summarylink timers spf 3 5 exit interface vlan 101 ip address 172.
1192 Confi gurin g OSPF and OS PFv3 ip routing router ospf router-id 1.1.1.1 network 172.21.0.0 0.0.255.255 area 1 timers spf 3 5 exit interface vlan 101 ip address 172.
Confi guring O SPF and OSP Fv3 1193 ip address 172.21.2.2 255.255.255.0 routing ip ospf hello-interval 1 ip ospf dead-interval 4 ip ospf network point-to-point exit interface te1/0/21 switchport mode trunk exit interface vlan 104 ip address 172.21.3.2 255.
1194 Confi gurin g OSPF and OS PFv3 switchport mode trunk exit interface loopback 0 ip address 172.21.254.2 255.255.255.255 exit exit Discussion W i th no area range cost specifie d, the range uses auto cost: (ABR-R0) #show ip ospf ra nge 1 Prefix Sub net Mask Type Action Cost Active 172.
Confi guring O SPF and OSP Fv3 1195 LS Age: 49 LS options: (E-Bit) LS Type: Network Summary LS A LS Id: 172.21.0.0 (network prefix) Advertising Router: 10.10.10.10 LS Seq Number: 0x80000003 Checksum: 0x78f8 Length: 28 Network Mask: 255.255.0.0 Metric: 0 The cost can be set to the maxi mum value, 16,777,215 , which is LSInfinity .
1196 Confi gurin g OSPF and OS PFv3 exec-timeout 0 exit vlan 101-103 exit ip routing router ospf router-id 10.10.10.10 network 172.20.0.0 0.0.255.255 area 0 network 172.21.0.0 0.0.255.255 area 0 timers spf 3 5 exit interface vlan 101 ip address 172.21.
Confi guring O SPF and OSP Fv3 1197 config hostname R1 line console exec-timeout 0 exit vlan 101,104 exit ip routing router ospf router-id 1.1.1.1 network 172.21.0.0 0.0.255.255 area 0 timers spf 3 5 exit interface vlan 101 ip address 172.21.1.1 255.255.
1198 Confi gurin g OSPF and OS PFv3 router ospf router-id 2.2.2.2 network 172.21.0.0 0.0.255.255 area 0 timers spf 3 5 exit vlan 102,104 exit interface vlan 102 ip address 172.
Confi guring O SPF and OSP Fv3 1199 exit interface vlan 103 ip address 172.21.1.1 255.255.255.0 routing ip ospf hello-interval 1 ip ospf dead-interval 4 ip ospf network point-to-point exit interface te1/0/21 switchport mode trunk exit interface loopback 0 ip address 172.
1200 Confi gurin g OSPF and OS PFv3.
Confi guring RIP 1201 36 Configuring RIP This chapter describes how to configur e Rou ting Info rma tio n P rot oco l (RI P) on the switch. RIP is a dynamic routing protocol for IPv4 networks.
1202 Confi gurin g RIP What Is Spli t Hor izon? RIP uses a technique called split hori zon to avoid problems caused by including routes in updates sent to the router from which the route was originally learned. W ith simple split horizon, a route is not included in updates sent on the interface on which it was learned.
Confi guring RIP 1203 Default RIP V a lues RIP is globally enabled by default. T o make it operational on the router , you configure and enable RIP for par t icular VLAN routing inte rfaces. T able 36-1 shows the gl obal default v alues for RI P . T able 36 -2 shows the per -interf ace default val ues for RIP .
1204 Confi gurin g RIP Configuring RIP Features (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring RIP featur es on a Dell Networki ng N2000, N3000, and N40 00 series s witches. F or details abo ut the fields on a page, click at the top of the page.
Confi guring RIP 1205 RIP Int erface Con figurati on Use the Interfa ce Configurat ion page to enable and configur e or to disable RIP on a speci fic interface. T o display the page, cl ick Rout ing → RIP → Inter face Co nfiguratio n in the navigation panel.
1206 Confi gurin g RIP RIP Int erface Su mmary Use the Inte rface Summary page to display RIP configuration status on an interface. T o display the page, click Rout ing → RIP → Interface Summa ry in the navigation panel.
Confi guring RIP 1207 RIP Ro ute Redistr ibution Configura tion Use the Route R edistribution Configuration page to configure the RIP Route Redistribution parameters. The allowable values for e ach fields are displayed next to the field. If any invalid values are entered, an alert message is displaye d with the lis t of all the val id values.
1208 Confi gurin g RIP RIP Route Redistr ibution Summar y Use the Route Redistributi on Summary page to di splay Route Redis trib ution configurations. To d i s p l a y t h e p a g e , c l i c k Rou ting → RIP → R oute Redistribution Summary in the navigation panel.
Confi guring RIP 1209 Configuring RIP Features (CLI) This section provides information about the commands you use to configure RIP se ttings on the swit ch. F or m ore informatio n about the com mands, s ee the Dell Ne tworking N2000, N300 0, and N4000 S eries Sw itches CLI Refe r ence G uide at support.
1210 Confi gurin g RIP Configuri ng RIP Interfac e Settings Beginning in P rivileged EXEC mode, use the following commands to configure per -inte rface RIP settings. Command Purpose configure Enter global configuration mode. interface vlan vla n-id Ente r Inte rface C onfig urati on mo de for t he spe cified VLAN.
Confi guring RIP 1211 Configuri ng Route Redist ribution Set tings Beginning in P rivileged EXEC mode, use the following commands to configure an OSPF ar ea range and to configur e route redistribution settings. Comman d Purpose configure En ter global conf iguration mode.
1212 Confi gurin g RIP redi stri bute ospf [met ric met ric ] [match [int ernal] [external 1] [externa l 2] [nssa-external 1] [nssa- external 2] ] Configure RIP to allow re distribution of routes from the OSPF . • ospf — Specifies OSPF as the source protocol.
Confi guring RIP 1213 RIP Configuration E xample This e xample includes four Dell Networking switches that use RIP to determine network topology and route inf ormation. The commands in this example configur e Switch A shown in F igu r e 36-6. Figure 36-6.
1214 Confi gurin g RIP console(config-if-vlan10)# ip address 192. 168.10.1 255.255.255.0 console(config-if-vlan10)# ip rip console(config-if-vlan10)# ip rip receive version both console(config-if-vlan10)# ip rip send version rip2 console(config-if-vlan10)# exit console(config)# interface vlan 20 console(config-if-vlan20)# ip address 192.
Confi guring RIP 1215 Vl10 192.168.10.1 RIP-2 Both Enable Down Vl20 192.168.10.1 RIP-2 Both Enable Down Vl30 192.168.10.1 RIP-2 Both Disable Down.
1216 Confi gurin g RIP.
Conf iguring VRRP 1217 37 Configuring VRRP This chapter describ es how to conf igure V irtual Routing Redundancy P rotocol (VRRP) on the switch. VRRP can help cr eate redundancy on networks in which end-stations ar e st atically configured with the default gateway IP address.
1218 Confi gurin g VRRP be config ured . A given port m ay appear as more than one virtual router to the network, also , mor e than one port on a switch may be config ured as a virtual router . W ith VRRP , a virtual router is associated w ith one or mor e IP addr esses th at serv e as defa ult g atew ays.
Conf iguring VRRP 1219 What Is VRRP Accept Mode? The accep t mode allows the switch to respond to pings (ICMP Echo Requests ) sent to the VRRP virtual IP address. The VR RP specifi cation (RF C 3768) indicat es that a rout er may accept IP packets sent to the virtual router IP addr ess only if the router is the address owner .
1220 Confi gurin g VRRP W i th standard VRRP , the backup router takes over only if the router goes down. W ith VRRP interface t racking, if a track ed interface goes down on the VRRP master , the priority decrement value is subtra cted from the router priority .
Conf iguring VRRP 1221 Default VRRP V a lues T able 37-1 shows the global default v alues for VR RP . T able 37 -1. VRRP Def aults Paramete r Defaul t V alue Admin Mod e Disabled Vi rtual R outer ID (.
1222 Confi gurin g VRRP Configuring VRRP Features (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring VRRP features on a Dell Networki ng N2000, N3000, and N40 00 series s witches. F or details abo ut the fields on a page, click at the top of the page.
Conf iguring VRRP 1223 VRRP V irtual Router Status Use the Router Stat us page to display virtual router sta tus. T o display the page, cl ick Rout ing → VRRP → Router Status in the navigation panel.
1224 Confi gurin g VRRP VRRP V irtual Router Statisti cs Use the Router Statistics page to dis play statis tics for a specif ied virtual router . T o display the page, click Rout ing → VRRP → Router Statistics in the navigation panel. Figur e 37-3.
Conf iguring VRRP 1225 VRRP Router Confi guration Use the Co nfig urat ion page to configure a vi rtual router . T o display the page, cl ick Rout ing → VRRP → Router Configuration → Confi gur ation in the navigation panel.
1226 Confi gurin g VRRP VRRP Route T racking Conf iguration Use the Rou te T ra cki ng Conf igur ation page to vi ew routes that are tracked by VRRP and to add new tracked routes. T o display the page, click Rout ing → VRRP → Router Conf igur atio n → Route T rack ing Configurat ion in the navigation panel.
Conf iguring VRRP 1227 Figu re 37-6. Add Route T racking 2 Select the virt ual route r ID and VLAN routi ng inter face that will tr ack the route. 3 Specify the d estination network address (track route pr efix) for the rou te to trac k. Use dot ted decim al format , for example 19 2.
1228 Confi gurin g VRRP VRRP Interf ace T racking Configura tion Use the Inte rface T racki ng Confi guratio n page to view i nterfaces tha t are tracked by VRRP and to add new tracked interfaces. T o display the page, click Rout ing → VRRP → Router Conf igur atio n → Interfac e T rack ing Configurat ion in the navigation panel.
Conf iguring VRRP 1229 Figur e 37-8. VRRP In terfac e T rac king Conf igurat ion 2 Select the virt ual route r ID and VLAN routi ng inter face that will tr ack the interface.
1230 Confi gurin g VRRP Configuring VRRP Features (CLI) This section provides information about the commands you use to configure VRRP se ttings on the swi tch. F o r more informat ion about th e commands, see the Dell Net working N2000, N3000, and N40 00 Series Swit ches CLI Reference Guide at support.
Conf iguring VRRP 1231 vrrp vr-id time rs {learn | advertise second s } Co nfigur e th e VRR P time r set tings . Use th e keyword learn to enable VRRP to lea rn the adve rtisem ent ti mer interva l of t he mas ter ro uter .
1232 Confi gurin g VRRP VRRP Configuration Example This section contains the following VRRP e xamples: • VRRP wit h Load Sharing • VRRP wit h Route and I nterface T racking VRRP with Load Shari ng In F igure 37-9, t wo L3 Dell Networking switches are performing the routing for network clients.
Conf iguring VRRP 1233 This e xample configures two VRRP groups on each router . Router A is the V R R P m a s t e r f o r t h e V R R P g r o u p w i t h V R I D 1 0 a n d t h e b a c k u p f o r V R I D 2 0 . Router B is t he VRRP master for VRID 20 and the backup for VRID 10 .
1234 Confi gurin g VRRP 9 Configure an optiona l description t o help identify the VRRP group. console(config-if-vlan10)# vrrp 20 description backup 10 Enable the VRRP groups on the interface.
Conf iguring VRRP 1235 8 Specify th e IP address that the virtual rout er function will use. The router is the v irtual IP addr ess owner of this addres s, so the priority value is 2 55 by defa ult. console(config-if-vlan10)# vrrp 20 ip 192.168.10.2 9 Configure an opt ional descript ion to help iden tify the VR RP group.
1236 Confi gurin g VRRP VRRP with Route and I nterface T racking In F igure 37-10, the VRRP priorities are configured so that Router A is the VRRP master , and Ro uter B is the VRRP ba ckup. Router A forwards IP traffic from cli ents to the external network throu gh the VLAN 25 routing int erface.
Conf iguring VRRP 1237 T o configure Router A: 1 Enable routing for th e switch. console# config console(config)# ip routing 2 Cr eate and configur e the VLAN routin g inter face to use as th e defaul t gatewa y for network clien ts.
1238 Confi gurin g VRRP console(config-if-vlan10)# vrrp 10 track ip route 192.168.200.0/24 console(config-if-vlan10)# exit Router B is the back up router for VRID 10.
Conf iguring VRRP 1239 8 Enable the VRRP groups on the interface. console(config-if-vlan10)# vrrp 10 mode console(config-if-vlan10)# exit console(config)# exit.
1240 Confi gurin g VRRP.
Configu ring IPv6 R outing 1241 38 Configuring IPv6 Routing This chapter describes how to configur e general IPv6 routing information on the switch, including global rout ing setti ngs and IPv6 static route s.
1242 Confi gurin g IPv6 Routin g How Does IPv6 Compare with IPv4? There ar e many con ceptual similarities between IPv4 and IPv6 network operation. Addr esses still have a ne t work pref ix portion (network) a nd a device in terface sp ecific portion ( host).
Configu ring IPv6 R outing 1243 While optional in IPv4, router advert is eme nt is ma ndato ry in I Pv6. Route r advertisements specify the network pr efix(es) on a link which can be used by receiv ing hosts, in conjunction with an EUI-64 identifier , to autoconfigure a host’s address.
1244 Confi gurin g IPv6 Routin g T able 3 8-2 shows the de fault IPv6 int erface va lues after a V LAN routing interface has been created. IPv6 Rou ter Route Preferences L ocal —0 Static—1 OSPFv3 Intra—110 OSPFv3 Inter—110 OSPFv3 External—110 T abl e 38-2.
Configu ring IPv6 R outing 1245 Configuring IPv6 Routin g Features (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring an d monitoring IPv6 unicast routing featur es on a Dell Ne tworking N2000 , N3000, and N4 000 series switches.
1246 Confi gurin g IPv6 Routin g Interfa ce Configura tion Use the Interf ace Config uration page to configure IPv6 interface parameters. This page has been updated to include the IPv6 Destination Unre achables field. T o display the page, click Rou tin g → IPv6 → Interfa ce Configur ation in the navigation panel.
Configu ring IPv6 R outing 1247 Interfa ce Summary Use the Int erface Summ ary page to display set tings for all IPv6 interfaces . T o display the page, cl ick Rout ing → IPv6 → Inter face Summary in the navigation panel.
1248 Confi gurin g IPv6 Routin g IPv6 Stat istics Use the IPv6 Statistics page to display I Pv6 traffic statistics for one or all interfaces. To d i s p l a y t h e p a g e , c l i c k Rou tin g → IPv6 → IPv6 Statistics in the navigation panel. Figure 38-4.
Configu ring IPv6 R outing 1249 IPv6 Neighbor T able Use the IPv6 Nei ghbor T a ble page to disp lay IPv6 neig hbor details for a specified int erface.
1250 Confi gurin g IPv6 Routin g DHCPv6 Client Parameters Use the DHCPv6 Client P arameters page to vie w in form atio n abo ut th e network i nformation auto matically a ssigned to an int erface by the DHCPv6 server . This page displays informat ion only if the DHCPv6 client has been enabled on an IPv 6 routing interface.
Configu ring IPv6 R outing 1251 DHCPv6 Cli ent Stat istics Use the DHCPv6 Client Statistics page to view information about DH CPv6 pack ets re ceived and tra nsmitted on a DHCPv6 client interfa ce. To d i s p l a y t h e p a g e , c l i c k Rou tin g → IPv 6 → DH CPv6 Client > Stati stics in the navigation panel.
1252 Confi gurin g IPv6 Routin g IPv6 Router Entry Confi guration Use the IPv6 Route Entry Configuration page to configur e information for IPv6 routes. T o display the page, click Rout ing → IPv6 → IPv6 R outes → IPv6 Route Entr y Confi gur ation in the navigation panel.
Configu ring IPv6 R outing 1253 IPv6 Route T able Use the IPv6 R oute T abl e page to dis play all active I Pv6 routes and their settings. T o display the page, cl ick Rout ing → IPv6 → IPv6 Routes → IPv6 Rou te Ta b l e in the navigation panel.
1254 Confi gurin g IPv6 Routin g IPv6 Route Pr eferences Use the IPv6 Route Preferences page to configure the default preference for each protocol. These values are arbitrary values in the range of 1 to 255 an d are independent of route metrics.
Configu ring IPv6 R outing 1255 Configure d IPv6 Routes Use the Configured IPv6 R outes page to display s elected IPv6 routes. T o display the page, cl ick Rout ing → IPv6 → IPv6 Routes → Configured IPv6 R o utes in the navigation panel. Figure 38 -11.
1256 Confi gurin g IPv6 Routin g Configuring IPv6 Routin g Features (CLI) This section provides information about the commands you use to configure IPv6 routing on t he switch. F or more informat ion about the commands, see the Dell Net working N2000, N3000, and N40 00 Series Swit ches CLI Reference Guide at support.
Configu ring IPv6 R outing 1257 Configuri ng IPv6 Inte rface Setti ngs Beginning in P rivileged EXEC mode, use the following commands to configure IPv6 settings for VLAN, tunnel, or loopback interfaces. Command Purpo se configure Enter G lobal Config uratio n mod e.
1258 Confi gurin g IPv6 Routin g Configuri ng IPv6 Neighb or Discovery Use the following commands to configure IPv6 Neighbor Discovery settings. Comm and Pur pose ipv6 nd prefix pr efix/ pr efix- leng.
Configu ring IPv6 R outing 1259 ipv6 nd ns-inter val milli second s Set the in terval between rout er advertisemen ts for advertised neigh bor solic itatio ns. The range is 10 00 to 42949 67295 milli second s. ipv6 nd other -config- flag Set the other st ateful configurat ion flag in router adve rtise ments sent from t he in terfa ce.
1260 Confi gurin g IPv6 Routin g Configuri ng IPv6 Route T able Entries and Rout e Preferences Beginning in P rivileged EXEC mode, use the following commands to configure IPv6 Static Routes. Command Purp ose configure En ter g lobal c onfigur ation m ode.
Configu ring IPv6 R outing 1261 ipv6 route dist ance inte ger Set the defau lt distance (preference) for stati c IPv6 route s. Lo wer rout e preference valu es are preferred when deter mining the b est ro ute. T he defau lt di stance (p refe renc e) f or s tat ic rou tes is 1.
1262 Confi gurin g IPv6 Routin g IPv6 Show Commands Use the following commands in P rivileged EXEC mode to view IPv6 configuration status and related data. Command Purp ose show sdm prefer Show th e curr ently acti ve SDM te mplat e. show sdm prefer dual- ipv4-and-ipv6 defau lt Show pa rame ters fo r the SDM temp lat e.
Configu ring IPv6 R outing 1263 IPv6 Static Reject a nd Discard Route s A static configured route with a ne xt-hop of “null” causes any pack et matching the route to disappear or vanish from the network .
1264 Confi gurin g IPv6 Routin g • ipv6 rou te 2001:: /16 null 2 54 ipv6 rou te 2002:: /16 null 2 54 These address ranges are res erved and not reachable in the Internet. If for some reason you have local networks in this rang e, a more specific route will have precedence.
Configu ring DHC Pv6 Server and Relay Set tings 1265 39 Configuring DHCPv6 Server and Relay Settings This chapter describes how to configur e the switch to dynamically assign network information to IPv6 hosts by using the Dynamic Host Configuration P rotocol for IPv6 (DHCPv6).
1266 Confi gurin g DHCPv6 Se rver and R elay Sett ings What Is a DHCPv6 Pool? DHCPv6 pools ar e used to s pecify information for DHCPv6 s erver to distribute t o DHCPv6 clients. These pools a re shar ed between multip le interfaces ov er which DHCPv6 server capabiliti es ar e configured.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1267 Figur e 39- 1. D HCPv 6 Prefi x Dele gatio n Scen ario In Figure 39- 1, th e Del l Ne two rki ng ac ts a s the Pr efi x De lega tion (PD ) se rve.
1268 Confi gurin g DHCPv6 Se rver and R elay Sett ings Configuring the DHCPv6 Server a nd Relay (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring the DHCPv6 server on a Dell Networ king N2000, N3000, and N400 0 series switches.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1269 DHCPv6 Pool Configur ation Use the P ool Configurat ion page to s et u p a p ool o f DH CPv6 para mete rs fo r DHCPv6 clients. The pool is identified with a pool name and contains IPv6 addr esses and domain names o f DNS servers.
1270 Confi gurin g DHCPv6 Se rver and R elay Sett ings Figure 39-4. Pool Configur ation 4 Fr o m t h e DNS Server Ad dress menu, selec t an e xist ing DNS Se rver Addr ess to associat e with this pool, or select Add and spec ify a new ser ver to add.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1271 Prefix Dele gation Confi guration Use the P refix Deleg ation Configur ation page to configure a delegated pr efix for a pool. At least one p ool must be created using DHCPv6 P ool Configuration before a delegated prefix can be configured.
1272 Confi gurin g DHCPv6 Se rver and R elay Sett ings DHCPv6 Pool Summary Use the Po o l S u m m a r y page to display settings for al l DHCPv6 P ools . At leas t one pool must be created using DHCPv6 P ool Configura tion before the P ool Summary displays.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1273 DHCPv6 Int erface C onfiguratio n Use the DHCPv6 Interface Configu ration page to configure a DHCPv6 interface. T o display the page, cl ick Rout ing → IPv6 → DHCPv6 → Int erface Confi gur ation in the naviga tion panel.
1274 Confi gurin g DHCPv6 Se rver and R elay Sett ings F igure 39-8 show s the scr een when the sele cted interfac e mode is Server . Figure 39-8. DHCPv6 Interface C onfiguration - Server M ode F igure 39-9 show s the scr een when the sele cted interface mode is Relay .
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1275 DHCPv6 Server Bi ndings Summary Use the Ser ver Bindings Summary pag e to disp lay all DHCP v6 ser ver bindin gs. T o display the page, cl ick Rout ing → IPv6 → DHCPv6 → Bi nding s Summary in the navigation panel.
1276 Confi gurin g DHCPv6 Se rver and R elay Sett ings DHCPv6 Stati stics Use the DHCPv6 Statistics page to displ ay DHCPv6 statis tics f or one or all interfaces. T o display the page, click Rout ing → IPv6 → DHCP v6 → Statistics in t he navigation panel.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1277 Configuring the DHCPv6 Server and Relay (CLI) This section provides information about the commands you use to configure and monitor the DHCP server and address pools.
1278 Confi gurin g DHCPv6 Se rver and R elay Sett ings Configuri ng a DHCPv6 Pool for Speci fic Hosts Beginning in P rivileged EXEC mode , us e the foll owing comm ands to create a pool and/or configure pool parameters for specific DHCPv6 clients.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1279 Configuri ng DHCPv6 Inter face Inform ation Beginning in P rivileged EXEC mode, use the following commands to configure an interface as a DHCPv6 serv er or a DHCPv6 r elay agent. The server an d relay funct ionality ar e mutually e xclusive.
1280 Confi gurin g DHCPv6 Se rver and R elay Sett ings Monitorin g DHCPv6 Informati on Beginning in P rivileged EXEC mode, use the following commands to view bind ing s, an d stat isti cs, an d to clear the in fo rmat ion.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1281 DHCPv6 Configur ation Examples This section contains the following exa mples: • Configu ring a DH CPv6 Stateless Server • Configu ring the DH.
1282 Confi gurin g DHCPv6 Se rver and R elay Sett ings 4 Configure the DHCPv6 server function alit y on VLAN 1 00. Cli ents ca n use the preference value to determin e which DHCPv6 serv er to use when multip le servers exist.
Confi gurin g DHCPv6 Se rver and R elay Sett ings 1283 console(config-dhcp6s-pool)# prefix-delegation 2001:DB8:1002::/32 00:01:00:09:f8:79:4e:00:04:76:73:43:76 valid- lifetime 600 preferred-lifetime 400 console(config-dhcp6s-pool)# exit 3 Configu re the DHCPv6 serv er functiona lity on VLA N 200 and specify the pool to us e for DHCPv6 clients.
1284 Confi gurin g DHCPv6 Se rver and R elay Sett ings Relay Interface Number.....................Vl100 Relay Remote ID............................ Option Flags.
Config uring Di fferentia ted Serv ices 1285 40 Configuring Differentiated Services This chapter describes how to configur e the Differentiated Services (DiffServ) featur e. DiffServ enables traffic to be clas sified into str eams and given certain QoS tr eatment in accord anc e with d efined pe r -hop be havior s.
1286 Confi gurin g Differ enti ated Serv ices How Does DiffSer v Functional ity V ary Based on the Role of the Swit ch? How you configure DiffServ support in Dell Networking N2000, N30 00, and N4000 s.
Config uring Di fferentia ted Serv ices 1287 Dell Netw orking N2000, N3 000, and N4000 series swit ches softwar e supports the T raffic Conditioning P olicy type w hich is associat ed wi th an inbound.
1288 Confi gurin g Differ enti ated Serv ices Configuring DiffSer v (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring DiffServ featur es on a Dell Networ king N2000, N3000, and N400 0 series switches.
Config uring Di fferentia ted Serv ices 1289 Class Confi guration Use the DiffServ Class Configuratio n page to add a new DiffServ class name, or to rename or delete an existing cla ss. To d i s p l a y t h e page, c lick Qualit y of Service → Differentiated Ser vices → Class Config uration in the navigation panel.
1290 Confi gurin g Differ enti ated Serv ices 2 Enter a name for the clas s and select the prot ocol to use for class match criteria. 3 Click Apply to add the new class. 4 T o view a summary of the classes configured on the switch, click Show All . Figure 40-4.
Config uring Di fferentia ted Serv ices 1291 Figure 40-5. DiffServ Cla ss Criteria.
1292 Confi gurin g Differ enti ated Serv ices Policy Conf iguratio n Use the Dif fSer v Policy Config urat ion page to associate a colle ction of classes with one or more polic y statements. To d i s p l a y t h e page, c lick Qual ity of Ser vice → Differentiated Services → P olicy Configur ation in the navi gation panel.
Config uring Di fferentia ted Serv ices 1293 Figure 40-7. Add DiffSe rv Policy 2 Enter the new Po l i c y N a m e . 3 Cli ck Apply to save t he new poli cy . 4 T o view a summa ry of the policies configured on the switch, click Show All . Figure 40-8.
1294 Confi gurin g Differ enti ated Serv ices Policy Clas s Definition Use the DiffServ P olicy Class Definition page to as sociate a class to a policy , and to define at tributes for that policy-class i nstance.
Config uring Di fferentia ted Serv ices 1295 Figure 40-10. Policy C lass Defin ition Packet Marking T raffic Condition F ollow thes e steps to have packets that match the class criteria for this polic.
1296 Confi gurin g Differ enti ated Serv ices Policing T raffic Condition F ollow thes e steps to perform policing on the packets that match this policy class: 1 Sele ct Po l i c i n g from the T raffic Condit ioning drop-do wn menu on the DiffServ P olicy Class Definition page to display t he DiffServ P olicy - Po l i c i n g page.
Config uring Di fferentia ted Serv ices 1297 Service Conf iguration Use the DiffSer v Service Configuration page to activat e a policy on a port . To d i s p l a y t h e page, c lick Qualit y of Service → Differentiated Ser vices → Service Configuration in the navigation panel.
1298 Confi gurin g Differ enti ated Serv ices Serv ice De taile d Sta tisti cs Use the DiffServ Ser vice Detailed Statistics page to display pack et details for a particular port and class. To d i s p l a y t h e page, c lick Qual ity of Ser vice → Differentiated Services → Service Detailed Stat istics in the navigation panel.
Config uring Di fferentia ted Serv ices 1299 Flow-Based Mir roring Use the Flow-Based Mirroring p a g e t o c re a t e a m i r r o r i n g s e s s i o n i n w h i c h t h e traffic that matches t he specified policy and member class is mirrored t o a destination port.
1300 Confi gurin g Differ enti ated Serv ices Configuring DiffSer v (CLI) This section provides information about the commands you use to configure DiffServ s ettings on the switch. F or more information about the commands, see the Dell Net working N2000, N3000, and N40 00 Series Swit ches CLI Reference Guide at support.
Config uring Di fferentia ted Serv ices 1301 match cos Add to the specif ied c lass def initi on a ma tch cond ition f or th e Class of Se rvice va lue. match destination-address mac Add to th e spe cified class defini tion a match condi tion based on the dest ination MAC address of a packet.
1302 Confi gurin g Differ enti ated Serv ices DiffServ Class Config uration for IPv6 Beginning in P rivileged Exec mode, use the following commands to configur e DiffServ class es for IPv6 and view r elated informat ion. match s rcip Add to t he specifie d class de finitio n a match condi tion ba sed on the source IP addr ess o f a packet.
Config uring Di fferentia ted Serv ices 1303 DiffServ Policy Creation Beginning in P rivileged Exec mode, us e the following commands to configure Di ffSer v po lici es an d vie w rela ted info rmat ion .
1304 Confi gurin g Differ enti ated Serv ices DiffServ Policy Attr ibutes Conf iguratio n Beginning in P rivilege Exec mode, use the following commands to configur e pol icy at tribu tes and v iew rel ated in fo rmati on. CLI Command Desc ription configure Enter g lobal confi gurat ion mo de.
Config uring Di fferentia ted Serv ices 1305 conform-color class-map-name [exceed-color class-map-name ] Specify the col or class for color -aware policing . The action for th e policy-class-map inst ance must be set to pol ice-simple befo re is suing the conform- color command .
1306 Confi gurin g Differ enti ated Serv ices DiffServ Service Configur ation Beginning Privilege Exec mode, use the following commands to associate a policy wit h an interface and view rela ted information. CLI Command Description configure Enter Global Configuration mode.
Config uring Di fferentia ted Serv ices 1307 DiffServ Configuration Examples This section contains the following exa mples: • P roviding Subnets Equal Access to External Network • DiffSe rv for V .
1308 Confi gurin g Differ enti ated Serv ices The following commands show how to configure the DiffServ example depicted in F igur e 40-17. 1 Enable DiffS erv operation for the switch. console# config console(config)# diffserv 2 Create a DiffSer v class of typ e all for each of the depa rtments, and nam e them.
Config uring Di fferentia ted Serv ices 1309 console(config-policy-map)# class development_dept console(config-policy-classmap)# assign-queue 4 console(config-policy-classmap)# exit console(config-pol.
1310 Confi gurin g Differ enti ated Serv ices DiffS erv for VoIP One of the most valuable uses of DiffServ is to support V oice over IP (V oIP ). V oIP traffi c is inhe ren tly ti me-sens itive: f or a ne twork to prov ide accep table service, a gu aranteed tr ansmission rate is vital.
Config uring Di fferentia ted Serv ices 1311 The following commands show how to configure the DiffServ example depicted in F igur e 40-18. 1 Set queue 6 on all ports to use strict priority mo de. This queue shall b e used for all V oIP packets. Ac tivate DiffServ for t he switch.
1312 Confi gurin g Differ enti ated Serv ices console(config-policy-classmap)# exit console(config-policy-map)# exit 5 Attach the define d policy to an inbound s ervice int erface.
Conf iguring Class -of-Se rvice 1313 41 Configuring Class-o f-Service This chapter describes how to configur e the Class-of -Service (CoS) feature. The CoS queueing feature lets you direct ly configure certa in aspects of switch queueing.
1314 Confi gurin g Class-of -Servi ce Each ingress port on th e switch has a de fault p riority value (set by configuring VLAN P ort P riority in t he Switching sub-me nu) that determine s the egr ess queue its tra ffic ge ts forwa rded to .
Conf iguring Class -of-Se rvice 1315 How Are T raffic Queues Defined? F or each queu e, you can specify : • Minimu m bandwidth gu arantee—A percentage of the port ’s maximum negotiated bandwid th reserved for the queue. Unreserved bandwidth can be utilized by lower -priority queues.
1316 Confi gurin g Class-of -Servi ce • W eighted R andom Early D etection (WRED)—D rops packets queued for transmission selectively based their d rop precedence level.
Conf iguring Class -of-Se rvice 1317 IP DSCP value to queue mapping IP DSC P Q ueue 0–7, 24– 31 1 8–23 0 32–47 2 48–63 3 Interface Shaping Rate 0 Kbps Minimum Bandwidth 0% Scheduler T ype W .
1318 Confi gurin g Class-of -Servi ce Configuring CoS (Web) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring CoS features on a Dell Networki ng N2000, N3000, and N40 00 series s witches.
Conf iguring Class -of-Se rvice 1319 To d i s p l a y t h e Queue Mapping T able for the se lected T rust Mode, click the Show All link at the top of the page. The followi ng figure shows the queue mapping tab le when CoS (802.1p) is s elected as the T rust Mode.
1320 Confi gurin g Class-of -Servi ce Interfa ce Configura tion Use the Interface Configuratio n page to define the i nterface shap ing rate for egress pack ets on an interface and the decay exponent for WRED queues defined on the interface. Each interface CoS parameter can be configured globally or per-port.
Conf iguring Class -of-Se rvice 1321 Interfa ce Queue Configur ation Use the Interface Queue Configuration page to configure egress queues on interfaces. The settings you configure control the amount of bandwidth the queue uses, the sche duling method, and the queue manageme nt method.
1322 Confi gurin g Class-of -Servi ce T o access the Inte rfac e Queu e Statu s page , click the Show All link at the top of the page. Interfa ce Queue Drop Preced ence Configur ation Use the Interfac.
Conf iguring Class -of-Se rvice 1323 Figur e 41-5. Inter face Qu eue Drop Precedenc e Confi gurati on T o access the Interface Queue Drop Precedence Status page, click the Show All link at the top of the page.
1324 Confi gurin g Class-of -Servi ce Configuring CoS (CLI) This section provides information about the commands you use to configure CoS settings on the switch. F or more informati on about the commands, see the Dell Net working N2000, N3000, and N40 00 Series Swit ches CLI Reference Guide at support.
Conf iguring Class -of-Se rvice 1325 CoS Interfa ce Configura tion Commands Beginning in P rivileged Exec mode, use the following commands in to configure the traffic shaping an d WRED exponent values for an interface.
1326 Confi gurin g Class-of -Servi ce cos-que ue min-b andwidth bw Spec ify th e min imum tr ansmi ssion b andw idth (r ange: 0-10 0% in 1% inc r em ents) for ea ch inter face que ue. cos-queue strict queue-i d Activate t he strict priority sche duler mode for each spec ified qu eue.
Conf iguring Class -of-Se rvice 1327 Configuri ng Interf ace Queue Drop Proba bility Beginning in P rivileged Exec mode, use the following commands in to configure characteristics of the drop probabilit y and view r elated settings. The drop probabilit y supports config uratio n in the range of 0 to 10%, and the discrete values 25%, 50%, and 75%.
1328 Confi gurin g Class-of -Servi ce CoS Configuration Example F igure 41-6 illustr ates the ne twork ope ration as it r ela tes to CoS mapp ing and queue configuration. F our pack ets arrive at the ingr ess po rt te1/0/ 10 in the order A, B , C, and D.
Conf iguring Class -of-Se rvice 1329 Continuing this example, the egr ess po rt te1/0/8 is confi gured for strict priority on queue 6, and a weighted scheduling scheme is confi gured for queues 5-0.
1330 Confi gurin g Class-of -Servi ce mapping from t he switch defa ults to su pport lossle ss 1 transp ort of fra mes on CoS queue 4, with a 50% minimum bandwidth guarantee. Lossless traffi c classes generally use the default WRR sc heduling mode as oppose d to strict prior ity , to a void s tarving other traffi c.
Confi gurin g Auto VoIP 1331 42 Configuring Auto V o IP V oice over Internet Protocol (V oIP) a llows you to make telephone calls using a computer netw ork over a data network like the Internet.
1332 Confi gurin g Auto VoIP A uto- V oIP is limite d to 16 s essions and mak es us e of the switc h CP U to classify traffic. It is preferable to use the V o ice VLAN feature in larger enterprise environment s as it uses the switching silicon to cla ssify voice traffic onto a VLAN.
Confi gurin g Auto VoIP 1333 Configuring Auto V oIP (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring A uto V oIP featur es on a Dell Networking N2000 , N3000, and N4000 series switches.
1334 Confi gurin g Auto VoIP Figur e 42-2. Aut o V oIP Interfac e Conf iguration T o display summary A uto V oIP configuration information for all interfaces, click the Show All link at th e top of the pa ge.
Confi gurin g Auto VoIP 1335 Configuring Auto V oIP (CLI) This section provides information about the commands you use to configure Auto V oIP setting s on the switch . F or more information about the commands, see the Dell Networking N2000 , N3000, and N4 000 Series Switches CLI Reference Guide at supp ort .
1336 Confi gurin g Auto VoIP.
Manag ing IPv4 an d IPv6 Mul ticast 1337 43 Managing IPv4 and IPv6 Multicast This chapter describes how to configur e and monitor layer 3 multicast feature s for IPv4 and IPv6, including glob al IP and IPv6 multicast feat ures as well as multica st protocols, including IGMP , DVMR P , and PIM for IPv4 and MLD and PIM for IPv6.
1338 Managi ng IPv4 an d IPv6 Mult icast recipient host. The IP rout ing protocols can route multicas t traffic, but the IP multi cast p rotoc ols ha ndle th e mult icast t raffi c mor e eff icien tly wi th be tter use of network bandwidth.
Manag ing IPv4 an d IPv6 Mul ticast 1339 What Multicast Protocols Does the Switc h Support? Multicast protocols are used to deliver multicast packets from one source to multiple r eceivers. T able 43-1 summarizes the multicast p rotocols that the switch supp orts.
1340 Managi ng IPv4 an d IPv6 Mult icast When Is L 3 Multic ast Requi red on t he Switch ? Use the IPv4/I Pv6 multicast featu r e on Dell Networki ng series switches to route m ulticas t traff ic betw een VLANs on the swit ch.
Manag ing IPv4 an d IPv6 Mul ticast 1341 F or more information about when to use PIM-DM, see "Using PIM-DM as the Multicast Routing P rotocol" on page 1 352. F or more informa tion about when to use P IM-SM, see "Using PI M-SM as the Multic ast Routing Protocol" on page 1343.
1342 Managi ng IPv4 an d IPv6 Mult icast D VMR P , PIM -DM, an d PIM-SM) and have a tree-l ik e top ology , as there is no support for featur es like r e verse pa th fo rwarding (RPF) to cor rect pack et route loops. The proxy contains many downstr eam interfaces and a unique upstr eam interface e xplicitl y configured.
Manag ing IPv4 an d IPv6 Mul ticast 1343 Wha t Is P IM? The P rotocol Indepe ndent Multicast protocol is a simple, protocol- independent multicast rout ing protocol. PIM uses an exi sting unicast routing table and a Join/P rune/Graft mechanism to build a tr e e.
1344 Managi ng IPv4 an d IPv6 Mult icast candidate RP s to all the PIM routers in the net work. Each PIM router then runs the RP se lection algori thm to determi ne an RP for the gi ven group range. All the interested PIMSM routers then ini tiate re-r eception of traffic through this new RP , an d the multicast traffic is rerouted via the new RP .
Manag ing IPv4 an d IPv6 Mul ticast 1345 • This (*, G ) Join travels hop-by -hop to the RP , building a branch of the Shared T ree that extends from the R P to the last-hop router d irect ly connected to the r eceiver . • At this poin t, group “G” traffic can flow do wn the Sha r ed T ree to th e rec eiv er .
1346 Managi ng IPv4 an d IPv6 Mult icast – The RP sends a sou rce group (S, G) Join back toward s the source to crea te a bran ch of an (S, G) Sh ortest-P ath T r ee (SPT). This resu lts in the (S, G) state bein g cr eated in the entire rou ter pat h along the SPT , including t he RP .
Manag ing IPv4 an d IPv6 Mul ticast 1347 Phas e 3: Short est Path T ree Figure 43-4. PIM-SM SPT—Part 1 • PIM-SM has the capability for last-hop rout ers (i.e., routers wit h dir ectly connected group memb ers) to switch to the Shortest-P ath T ree and bypass the RP .
1348 Managi ng IPv4 an d IPv6 Mult icast Figure 43-5. PIM-SM SPT—Part 2 • F inally , special (S, G) RP -bit Prune messages ar e sent up the Shared T ree to prune off t his (S, G) tr affic from the Sh ared T ree.
Manag ing IPv4 an d IPv6 Mul ticast 1349 Figure 43-6. PIM-SM SPT—Part 3 • At this poin t, (S, G) traffic is now fl owing directly from th e first -hop router to the last-hop router and from there to the receiver .
1350 Managi ng IPv4 an d IPv6 Mult icast • At th is point, th e RP no lon ger needs th e flow of (S, G) traffic since all branches of the Shared T ree (in this case there is only one) have pruned off the flow of (S, G) traffic.
Manag ing IPv4 an d IPv6 Mul ticast 1351 creates a performance problem in that it limits the numb er of packets that can be processed and places a high load on the CP Us in the first hop and RP routers, which can then adversely affect other router functions.
1352 Managi ng IPv4 an d IPv6 Mult icast sending the encapsulated Regist er messages. This removes the load from the CPU of the first-hop router a nd the RP , as they no longer need to encaps ulate and de-enca psulate reg ister mes sages with multi cast da ta.
Manag ing IPv4 an d IPv6 Mul ticast 1353 router on its RPF interface, the S tate Refresh message causes an existing prune state to be refreshed. State Refresh messages are generate d periodically by the router dir ectly attached to the source.
1354 Managi ng IPv4 an d IPv6 Mult icast Using DVMRP as the Multicast Ro uting Protocol D VMRP is used to communicate multic ast information between L3 switches or routers .
Manag ing IPv4 an d IPv6 Mul ticast 1355 Default L3 Multicast V alues IP and IPv6 multi cast is disa bled by def ault. T able 4 3-2 shows th e defau lt values for L 3 multicas t and th e mult icast pr otocols .
1356 Managi ng IPv4 an d IPv6 Mult icast MLD Query Interval 12 5 second s MLD Query Max Response Time 10,0 00 milliseconds MLD Last Member Query Interval 1000 millisec onds MLD Last Member Query Count.
Manag ing IPv4 an d IPv6 Mul ticast 1357 Configuring General IPv4 Multicast Featur es (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring th e L3 multic ast features that ar e not pro tocol-specifi c on a Del l Networki ng N2000, N3000, and N4000 series switches.
1358 Managi ng IPv4 an d IPv6 Mult icast Multicast Interfac e Configurat ion Use the Interfac e Configurat ion page to confi gure the TTL threshold of a multicast interface. At least one VLAN routing interface must be configur ed on the switch befor e fields display on this page.
Manag ing IPv4 an d IPv6 Mul ticast 1359 Multicast Route T able Use the Rou te T a ble page to view in formation about the multicast r outes in the I Pv4 mult icast rou ting ta ble. T o display the page, cl ick IPv4 Mult icast → Multi cas t → Multica st Rout e Ta b l e Multica st Rout e T able Figure 43-11.
1360 Managi ng IPv4 an d IPv6 Mult icast Multicast Admin Boundary Conf igurati on The definition of an administratively scoped boundary is a way to stop the ingres s and egr ess of multicast traffic for a g iven range of multicas t address es on a given routing interface.
Manag ing IPv4 an d IPv6 Mul ticast 1361 Multicast Admin Boundary Summar y Use the Admin Boundary Summary page to display e xisting administratively scoped boundaries. T o display the page, cl ick IPv4 Mult icast → Multi cas t → Adm in Bou ndar y Summary in the navigation panel.
1362 Managi ng IPv4 an d IPv6 Mult icast Multic ast Static MRoute Summary Use the Stat ic MRoute Summar y page to disp lay static rout es and their configurations. T o display the page, click IPv4 Mu lticast → Multicast → Stat ic MRoute Summary in the navigation panel.
Manag ing IPv4 an d IPv6 Mul ticast 1363 Configuring IPv6 Multicast Featur es (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring the IPv6 multicast features t hat are not p rotocol-specific on a Dell Networking N2 000, N3000, and N400 0 serie s switches .
1364 Managi ng IPv4 an d IPv6 Mult icast Configuring IGMP and IGMP Proxy (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring the IGMP and IGMP proxy feat ures on a Dell Networking N2 000, N3000, and N4 000 series switche s.
Manag ing IPv4 an d IPv6 Mul ticast 1365 IGMP Inter face Config uration Use the Interfa ce Configurat ion page to configure and/or display router interface par ameters. Y ou must config ure at leas t one valid routing int erface before you can ac cess this page and configure IP Multicast IGMP .
1366 Managi ng IPv4 an d IPv6 Mult icast IGMP Inte rface Summary Use the Inte rface Summary page to disp lay IGMP routing par ameters and data. Y ou must configure at least one IG MP router i nterface to access th is page . T o display the page, click IPv4 Mu lticast → IGMP → Routi ng Inter fac e → Interf ace Summary in the nav igation panel.
Manag ing IPv4 an d IPv6 Mul ticast 1367 Figure 43-20. IGMP Ca che Infor mation.
1368 Managi ng IPv4 an d IPv6 Mult icast IGMP Inte rface Source Li st Infor mation Use the Source List Infor mation page to display detailed membership information for an interfac e. Group membership r eports must have been receiv ed on the selected interface for data to d isp lay information.
Manag ing IPv4 an d IPv6 Mul ticast 1369 IGMP Proxy Inte rface Confi guration The IGMP Proxy is used by IGMP Router (IPv4 system) to enab le the system to issue IGM P host messages on behalf of hos ts that the sy stem discover ed through standard IGMP router interfaces .
1370 Managi ng IPv4 an d IPv6 Mult icast IGMP Proxy Con figuration Summar y Use the Con figur ation Summa ry page to di splay proxy in terface configurations by interface. Y ou must have configur ed at least one VLAN rout ing inter face conf igured b efore d ata di spla ys on th is pa ge.
Manag ing IPv4 an d IPv6 Mul ticast 1371 IGMP Proxy Inte rface Membershi p Info Use the Inter fac e Mem bers hip I nfo page to dis play i nterface member ship data for a specif ic IP multicast group a ddress.
1372 Managi ng IPv4 an d IPv6 Mult icast Detailed IGMP Proxy Interf ace Membersh ip Info rmation Use the Interface Membership Info Detailed page to display detailed interface membership data.
Manag ing IPv4 an d IPv6 Mul ticast 1373 Configuring MLD and MLD Pro xy (W eb) This secti on provides information about the O penManage Switch Administrator pages for configuring and monitoring the MLD and MLD proxy features on a Dell Networking N2000, N3000, and N4 000 series switche s.
1374 Managi ng IPv4 an d IPv6 Mult icast MLD Routin g Inter face Configur ation Use the Interface C onfiguration page to enable selected IPv6 router interfaces to di scover the presence of multicas t listeners, the nodes who wish to receive the mu lticas t data packets, on its directly at tached inter faces.
Manag ing IPv4 an d IPv6 Mul ticast 1375 MLD Routing Interf ace Summary Use the Int erface Summ ary page to displ ay informati on and statistics on a selected MLD-e nabled interface. Y ou must configure at least one IGMP VLAN routing interfa ce to access this page.
1376 Managi ng IPv4 an d IPv6 Mult icast re ceive d on the select ed inte rfac e in or der f or data to b e displa yed her e. T o access this page, click IP v6 Multica st → MLD → Rou t in g I nt e r fa ce → Cache Informatio n in the navigation panel.
Manag ing IPv4 an d IPv6 Mul ticast 1377 MLD T raffic The MLD T r affic pa ge disp lays summ ary st atis tics o n the ML D mes sage s sent to and f rom the route r . T o access this page, cli ck IPv 6 Mul ticast → MLD → Routi ng In terf ace → MLD T r affic in the naviga tion panel.
1378 Managi ng IPv4 an d IPv6 Mult icast MLD Proxy Config uration When you configure an interface in MLD proxy mode, it ac ts as a proxy multicast ho st that se nds MLD membership r eports on one VL AN interface for MLD Membership r eports r eceived on all other MLD-enabled VLAN rou ting int erfa ces.
Manag ing IPv4 an d IPv6 Mul ticast 1379 MLD Proxy Config uration Summar y Use the Configuration Summ ary page to vie w configuration and stat istics on MLD proxy-enabled interfaces. T o display this pa ge, click IPv6 Multicas t → MLD → Pr o x y I n t e r f a c e → Configuration Summary i n the naviga tion panel.
1380 Managi ng IPv4 an d IPv6 Mult icast MLD Proxy Inte rface Memb ersh ip In format ion The Inte rface Member ship Informati on page list s eac h IP mu ltic ast g roup for which the MLD proxy interface has r eceived membershi p reports.
Manag ing IPv4 an d IPv6 Mul ticast 1381 Detailed MLD Pro xy Interf ace Membership Infor mation The Interface Membership Inform ation Detailed page provides additional information about the IP multicas t groups f or which the MLD pr oxy interface has received me mbership r eports.
1382 Managi ng IPv4 an d IPv6 Mult icast Configuring PIM for IPv4 and IPv6 (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring PI M-SM and PI M-DM for IPv4 and IPv6 multicas t routing on a Del l Networking N2000, N3 000, and N4000 series switches .
Manag ing IPv4 an d IPv6 Mul ticast 1383 PIM Global Stat us Use the Global Status page to vi ew the administrativ e status of PIM-D M or PIM-SM on the sw itch. T o display the page, cl ick IPv4 Mult icast → PIM → Glob al Stat us or IPv6 Multicast → PIM → Global St atus in the navi gation panel.
1384 Managi ng IPv4 an d IPv6 Mult icast PIM Interf ace Configura tion Use the Interfac e Configurat ion page to configur e specific VLAN routing interfa ces with PIM. To d i s p l a y t h e p a g e , c l i c k IPv4 Multicast → PIM → Interfa ce C onfig urat ion or IPv6 M ulticast → PIM → Interfa ce Configur ation in the nav igati on panel.
Manag ing IPv4 an d IPv6 Mul ticast 1385 PIM Inter face Summary Use the Int erface Summ ary page to dis play a PIM-en abled VLAN routin g interface int erface and its se ttings. T o display the page, cl ick IPv4 Mult icast → PIM → Interface Summary or IPv6 M ulticast → PIM → Interf ace Summ ary in the navigation panel.
1386 Managi ng IPv4 an d IPv6 Mult icast Candidate RP Conf iguration The Candidate RP is configur ed on the Add Candidate RP page . Use the Candidate RP Co nfiguration page to display and delete the configured rendezvous points (RP s) for each port using PIM.
Manag ing IPv4 an d IPv6 Mul ticast 1387 Figure 43-41. Add Can didate RP 3 Select th e VLAN interface for w hich th e Cand idate RP is to be configured.
1388 Managi ng IPv4 an d IPv6 Mult icast Static RP Conf iguration Use the St atic RP Con figu ration page to display or remove the configur ed RP . The page also allows adding new static R P s by clicking the Add button. Only one RP addr ess can be used at a t ime within a PIM domain.
Manag ing IPv4 an d IPv6 Mul ticast 1389 Figure 43-43. Add Stat ic RP 3 Enter the IP add r ess of the RP for the grou p range. 4 Enter th e group addr ess of the RP . 5 Enter th e group mask of the RP . 6 Check the Override option to conf igur e the stat ic RP to over ride the dynamic (candida te) RP s learne d for same grou p ranges.
1390 Managi ng IPv4 an d IPv6 Mult icast SSM Range Configurat ion Use this page to display or remove the Sour ce Specific Multicast (SSM) group IP address a nd group mask for the PIM router . T o display the page, click IPv4 Mu lticast → PIM → SSM Range Configur ation or IPv6 M ulti cast → PIM → SSM Range C onfiguration .
Manag ing IPv4 an d IPv6 Mul ticast 1391 Figure 43 -45. Add SSM Ran ge 3 Click the A dd Default SSM R ange check box to a dd the default SSM Range. The defau lt SSM R ange is 232. 0.0.0/8 fo r IPv4 multic ast and ff3x::/32 for IPv6 multicast. 4 Enter the SSM Group IP Address.
1392 Managi ng IPv4 an d IPv6 Mult icast BSR Candidate Con figuration Use this pag e to configur e information to be used if the interface is selected as a boot strap router . T o display the page, click IPv4 Mu lticast → PIM → BSR Candidat e Configur ation or IPv6 M ulti cast → PIM → BSR Candidat e Configuration .
Manag ing IPv4 an d IPv6 Mul ticast 1393 BSR Candidate Summar y Use this page to display infor mation about the configured BSR ca ndidates. T o display this page, click IPv4 Mult icast → PIM → BSR Candi date S umma ry or IPv6 M ulticast → PIM → BSR Elected Summary .
1394 Managi ng IPv4 an d IPv6 Mult icast Configuring DVMRP (W eb) This section provides information about the OpenManag e Switch Administrator pages for configuring and monitoring D VMRP on a Dell Networki ng N2000, N3000, and N40 00 series s witches.
Manag ing IPv4 an d IPv6 Mul ticast 1395 DVMRP Interfac e Configuratio n Use the Interfa ce Configurat ion page to configure a D VMRP VLAN routing interface.
1396 Managi ng IPv4 an d IPv6 Mult icast DVMRP Configurat ion Summary Use the Con figur ation Summa ry page to display the DVMRP configuration and data for a selected interface. Y o u must configure at least one VLAN routing interface befor e you can display dat a for a DV MRP interface.
Manag ing IPv4 an d IPv6 Mul ticast 1397 DVMRP Next Hop Summary Use the Nex t Hop Su mmary page to display the next hop summary by Source IP . To d i s p l a y t h e p a g e , c l i c k IPv 4 Mul ticas t → DVM R P → Ne xt Hop Summa ry in the navigation panel.
1398 Managi ng IPv4 an d IPv6 Mult icast DVMRP Prune Summary Use the Pr u ne S u m ma r y page to display t he prune summary by Group IP . T o display the page, click IPv4 Mu lticast → DV MR P → Pr u n e S u m m a r y in the navigation panel. Figure 43-52.
Manag ing IPv4 an d IPv6 Mul ticast 1399 Configuring L3 Multicast Features (CLI) This section provides information about the commands you use to configure general IPv4 multicas t settings on the sw itch. F or more in formation abou t the commands, see the Dell Networking N2000 , N3000, and N4 000 Series Switches CLI Reference Guide at supp ort .
1400 Managi ng IPv4 an d IPv6 Mult icast exit Exit to Global Config mode. exit Exit to P rivileged EXEC mode. show ip multicast Vie w syst em-wid e mult icas t infor mati on. show ip mcast boundary { vlan vla n-id | al l } View all the conf igured admi nistrativ e scoped multicas t boun dari es.
Manag ing IPv4 an d IPv6 Mul ticast 1401 Configuri ng and V iewing IPv6 Multicast Route In formation Beginning in P rivileged EXEC mode, use the following commands to configure st atic IPv6 multicas t routes on the switch and to v iew IPv6 mult icas t table infor mat ion.
1402 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and V iewin g IGMP Beginning in P rivileged EXEC mode, use the following commands to configure IGMP on the switch and on VLAN rout ing interfaces and to v iew IGMP information. Comm and Pur pose configure Enter g lobal confi gurat ion mo de.
Manag ing IPv4 an d IPv6 Mul ticast 1403 ip igmp startup- query- count count Set the number of queries sent ou t on startup —at interva ls equal to t he start up query interv al for the interfa ce.
1404 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and V iewin g IGMP Prox y Beginning in P rivileged EXEC mode, use the following commands to configure the upstr eam VLAN routing in ter face as an I GMP p roxy . T he IGMP proxy is sues host messa ges on behalf of the hosts that have been discover ed on IGMP -enabled interfaces.
Manag ing IPv4 an d IPv6 Mul ticast 1405 Configuri ng and V iewing MLD Beginning in P rivileged EXEC mode, use the following commands to configure MLD on the switch and on VL AN routing interfaces and to vie w IGMP information. Comman d Purpose configure E nter glo bal confi guration mode.
1406 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and V iewin g MLD Proxy Beginning in P rivileged EXEC mode, use the following commands to configure the upstr eam VLAN routing interface as an ML D proxy . The MLD proxy issue s host messages on behalf of the hosts that have been discover e d on the down stream ML D-enabled interface s.
Manag ing IPv4 an d IPv6 Mul ticast 1407 Configuri ng and Vi ewing PIM-DM for IPv 4 Multicast Routing Beginning in P rivileged EXEC mode, use the following commands to configure P IM-DM for IPv4 multicast routing on the switch and on V LAN routing interfaces and to view PIM-DM information.
1408 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and Vi ewing PIM-DM for IPv 6 Multicast Routing Beginning in P rivileged EXEC mode, use the following commands to configure PIM-DM for IPv6 multicas t routing on the switch and on VLAN routing interfaces and t o view PIM-DM information.
Manag ing IPv4 an d IPv6 Mul ticast 1409 show ipv6 pim interface vlan vlan-id View the PIM informati on for the speci fied inter face. show ipv6 pim neighbor [ interface vlan vlan-id | al l ] View a summary or all the details of the mu lticast tabl e.
1410 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and Vi ewing PIM-SM for IPv 4 Multicast Routing Beginning in P rivileged EXEC mode, use the following commands to configure PIM-SM for IPv4 multicast routing on the switch and on VLAN routing interfaces and t o view PIM-SM information.
Manag ing IPv4 an d IPv6 Mul ticast 1411 ip pim rp-ca ndidate vla n vlan-id group-address g roup- mask [ interval interv al ] Config ure the router to adverti se itsel f to the BSR route r as a PIM candida te Rendezvo us P oi nt (RP) for a s pecific mu lticast g roup rang e.
1412 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and Vi ewing PIM-SM for IPv 6 Multicast Routing Beginning in P rivileged EXEC mode, use the following commands to configure PIM-SM for IPv6 multicast routing on the switch and on VLAN routing interfaces and t o view PIM-SM information.
Manag ing IPv4 an d IPv6 Mul ticast 1413 ipv6 pim bsr-candidate vlan vlan-id hash-mask-l ength [ pri orit y ] [ interval interval ] Conf igure the swi tch to annou nce its ca ndidacy as a bootstrap router (BSR) • vlan-id — A valid VLAN ID.
1414 Managi ng IPv4 an d IPv6 Mult icast ipv6 pim ssm { default | group-address/prefix-len gth } Define th e Source Specifi c Multicast (SSM) ran ge of IPv6 multic ast addr esses. • defa ult — Defines the SSM range access list to FF3x:: /32. • group-a ddress/prefix- length — defi nes the SSM ran ge.
Manag ing IPv4 an d IPv6 Mul ticast 1415 show ipv6 pim rp-hash groupaddr View the RP rou ter being selec ted for the spe cified multicast group addr ess from the set of active RP route rs. The RP router fo r the group is selected by using a hash algori thm.
1416 Managi ng IPv4 an d IPv6 Mult icast Configuri ng and V iewing DVMRP I nformation Beginning in P rivileged EXEC mode, use the following commands to configure D VMRP on the switch and on VLAN routing interfaces and t o view DV M R P in f o r m a t i on .
Manag ing IPv4 an d IPv6 Mul ticast 1417 L3 Multicast Configuration Examples This section contains the follo wing configuration examp les: • Configu ring Multicast VLAN Routing W it h IGMP and PIM-S.
1418 Managi ng IPv4 an d IPv6 Mult icast Figure 43 -54. IPv4 Multicast VLAN Rou ting In addition to multicast configuratio n, this examp le includes commands to configure STP and OSPF on L 3 Switch A. STP is configured on the ports that connects the switch to other switches.
Manag ing IPv4 an d IPv6 Mul ticast 1419 console# configure console(config)# no ip igmp snooping console(config)# no ipv6 mld snooping console(config)# vlan 10,20 console(config-vlan10,20)# exit 2 Configu re port 23 and 24 as trunk ports.
1420 Managi ng IPv4 an d IPv6 Mult icast console(config-if-vlan20)# exit 8 Globa lly enabl e IP mul ticast, IG MP , and PI M-SM o n the sw itch. console(config)# ip multicast console(config)# ip igmp console(config)# ip pim sparse 9 Configure VLAN 10 as the R P and sp ecify the range of m ulticast group s for PIM-S M to control .
Manag ing IPv4 an d IPv6 Mul ticast 1421 Configuri ng DVMRP The foll owing example configures two DVMRP inte rfaces on th e switc h to enab le in ter- VL AN mul tica st rou ting . T o configure the switch: 1 Global ly enab le IP rout ing and I P multic ast.
1422 Managi ng IPv4 an d IPv6 Mult icast.
Featu re Limitati ons and Pl atform C onstants 1423 A Feature Limitatio ns and Platfo rm Constants • T ab le A-1 lis ts the feat ure limitation s and T able A-2 lis ts the pla tform consta nts for the Dell Networ king s witches.
1424 Featur e Limi tations and P latfor m Cons tants IP Helper Ma x entri es 6 4 512 51 2 Metr o Etherne t features Dot1ag Max number of domai ns Max n umber of MA's per doma in Max n umber of MA.
Featu re Limitati ons and Pl atform C onstants 1425 Authentica tion HT TP li sts Max Count Max m ethod s per list Max name lengt h 1 6 15 1 6 15 1 6 15 Authentica tion HT TPS li sts Max Count Max m et.
1426 Featur e Limi tations and P latfor m Cons tants Lo gi n H is to ry 50 50 50 QoS f eature s iSCSI Max Mon ito red TCP P ort s/ IP Addresses Max Se ssi ons Max Connections 16 1024 1024 16 1024 1024.
Featu re Limitati ons and Pl atform C onstants 1427 T abl e A-2. Platfor m Const ants Feature N2000 Series N3000 Se ries N4000 Series MA C addr esses a ssigne d per s ystem 4 4 4 Reference CP U ARM Corte x A9 ARM Cortex A9 NetL ogic XLP3 08L Referenc e CPU speed 1 GHz 1 GHz 1.
1428 Featur e Limi tations and P latfor m Cons tants Static filter en tries Unicast M AC and source port Mult ic ast MAC and sou rc e por t Mult ic ast MAC and des ti nat ion por t (only) 1 1 1024 1 1.
Featu re Limitati ons and Pl atform C onstants 1429 Po r t M A C l o c k i n g Dyn amic ad dresse s per port Static addresses per port 600 100 600 100 600 100 sFlo w Number of samp lers Num ber of pol.
1430 Featur e Limi tations and P latfor m Cons tants Tu n n e l s Number of co nfigured v6 -over-v4 tunnel s Number of a utomatic ( 6to4) t unnels Number 6t o4 next hops N/A N/A N/A 8 1 16 8 1 16 DHCP.
Featu re Limitati ons and Pl atform C onstants 1431 IP Multicast Number o f IPv4 /IPv 6 Multi cast Fo r w a r d i n g E n t r i e s IGMP G roup Membe rs hip s pe r sy st em DV MR P N e i g h b o r s P.
1432 Featur e Limi tations and P latfor m Cons tants CoS Device Characteristics Configurable Queues per port (stacki ng/nons tacking) Con figurable Drop P re ceden ce levels 7/8 3 7/8 3 7/8 3 DiffServ.
Syste m Proc ess De finitio ns 1433 B System Process Definit ions The following proce ss/thr ead definitions are intended to assist the e nd user in troublesho oting switch issues . Only the most ofte n seen thr eads/process es ar e listed here. Other processes or threads may be seen occasionally but are not a cause for concern.
1434 System P rocess Defi nitions bcmXG S3AsyncT ask BCM system task: SDK XGX3 hw task BootP Boot Loader boxs Req Box Servic es Request (temperature, power , fan ) boxs Resp Box Services Respon se (te.
Syste m Proc ess De finitio ns 1435 Dot1s tr anspo rt task dot1s _helper _task dot1 s_tas k dot1 s_tim er_tas k Spanni ng T ree ta sks dot1xT ask dot1x TimerT ask 802.
1436 System P rocess Defi nitions hapiBpduT xT as k hapiL2A syncT as k hapiL2F lushT a sk hapiL3A syncT as k hap iLinkS tatus T ask hapiMcAsy ncT ask hapiRxT ask hapiTxT ask High Level AP I - SD K Int egrat ion La yer hpcBroadRpcT ask SDK Re mote messaging task.
Syste m Proc ess De finitio ns 1437 mcastMapT ask mgmdMapT ask Multicast Mappi ng T asks mvrT ask MV R Message Handler nim_t Network I nterface Manager osapiMonT ask System T ask Monitor osapiTimer Ap.
1438 System P rocess Defi nitions simPts_tas k System Interface Manage r (time zone, sys tem name, service po rt config, file transf ers, ...) SNMPCTT ask SNMPSaveCfgT as k SNMPT ask SNMPT r apT ask S.
Syste m Proc ess De finitio ns 1439 tJobT as k VxW or ks T ask tL7Timer0 Syste m Timer tL ogT ask System LOG proc essing tNet0 VxW orks Netw ork dri ver T ransferT ask TFTP P rocess ing t r a p Ta s k.
1440 System P rocess Defi nitions.
Index 1441 Index Numerics 10GBase- T co pper uplink mod ule, 1 19 802.1p see CoS queui ng A AAA, 207 access lines, 239 access profiles, 63 accounting, 214 ACLs A u t o - V o i p u s a g e , 1332 bindi.
1442 Index CL I con figur atio n, 4 0 2 d e f a u l t s , 400 d e f i n e d , 389 D H C P , 405 configuration file, 3 9 5 i m a g e , 395 IP address, obtaining , 3 9 4 e x a m p l e , 403 files setup .
Index 1443 localization, 5 4 7 u n d e r s t a n d i n g , 543, 546 user logout mode, 5 4 7 users, R ADIUS server , 5 5 8 web -bas ed c onf igu rati on, 5 5 0 cards configuration, 3 0 1 supported, 3 0.
1444 Index D DAI d e f a u l t s , 885 optional features, 8 8 4 p u r p o s e , 885 understanding, 8 8 4 data center and DHCP sn ooping, 9 1 0 and NSF , 1 9 9 SDM temp late, 2 8 1 data center bridg in.
Index 1445 e x a m p l e s , 1281 pool, 1 2 6 6 p r e f i x d e l e g a t i o n , 1266 r e l a y a g e n t , c o n f i g u r i n g , 1283 r e l a y a g e n t , u n d e r s t a n d i n g , 1266 sta tel.
1446 Index log messages, 2 7 2 enable authentication, 211 energy dete ct mode, 69, 478 Ener gy Effi cient Ethe rnet , 69 energy saving s, port, 47 8 enhanced tran smission selection, 75, 999 EqualL og.
Index 1447 VLAN guest, 5 3 3 GVRP , 650 statistics, 42 1 H Har dware descriptio n, 91, 102, 115 head of line b locking prevention, 71 health, system, 251 help, accessing web-b ased, 139 hierarchical a.
1448 Index IGMP snooping, 87 d e f a u l t s , 814 querier , 8 8 querier , d efined, 8 0 7 understanding, 8 0 5 image activati ng, 3 7 5 auto configuration, 3 9 5 auto install, 3 9 2 considerations, 3.
Index 1449 tunnel, 8 4 IPv6 ACL configuration, 606 IPv6 interface c o n f i g u r i n g , 1242 IPv 6 ma nage ment, 58 IPv6 multicast web -bas ed c onf igu rati on, 1 3 6 3 IPv6 routing CLI configurati.
1450 Index LED 100/100 0/10000Ba se- T port, 9 7 , 109, 121 p o r t , 119 S F P p or t , 97, 109, 121 s y s t e m , 98, 110, 122 link aggregation g roup.
Index 1451 d e f a u l t s , 1016 d e f i n e d , 1015 d y n a m i c , 1019 m a n a g i n g , C L I , 1020 popul ating, 10 1 5 s t a c k i n g , 1016 w e b - b a s e d m a n a g e m e n t , 1017 MAC multic ast support, 87 MAC port lo cking, 540 MAC-bas ed 802.
1452 Index configuring (web), 8 1 6 d e f a u l t s , 814 understanding, 8 0 3 when to use, 8 0 9 layer 3, 8 9 CL I con figur atio n, 1 3 9 9 d e f a u l t s , 1355 e x a m p l e s , 1417 u n d e r s .
Index 1453 d e f a u l t s , 1120 difference from OSPFv3, 1 1 1 3 e x a m p l e s , 1177 f l o o d b l o c k i n g , 1118, 1195 L S A p a c i n g , 1117 NSSA, 1 1 8 0 s t a t i c a r e a r a n g e c o.
1454 Index P ort LEDs, 97, 109, 121 port mirroring configuring, 4 3 7 mode, enabling, 4 1 2 understanding, 4 1 1 port security configuring, 5 4 2 MA C-based, 6 6 understanding, 5 3 9 port-based flow c.
Index 1455 RMON, 60 CLI man age ment , 4 3 9 d e f a u l t s , 414 e x a m p l e , 449 understanding, 4 1 0 web -bas ed c onf igu rati on, 4 1 4 router discovery , 1081 router dis covery pr otocol, 83.
1456 Index SFP port LEDs, 97 , 109, 121 SFP+ module, 118 SFTP , managing files, 380 slots, 284 SNMP CL I con figur atio n, 3 4 5 d e f a u l t s , 325 e x a m p l e s , 354 M I B , 323 p u r p o s e ,.
Index 1457 d e f a u l t , 790, 984 e x a m p l e , 801 understanding, 7 8 8 STP and LAGs, 9 1 6 classic, 7 1 5 CLI configuration, 7 4 6 d e f a u l t s , 735 d e f i n e d , 715 e x a m p l e s , 751.
1458 Index traps O S P F , 341 trunk port and 802 .1X authenti cation, 5 3 3 , 535 trunking, 683 tunnel, 84 tunnel interfaces, 1023 U UDP r elay , 83, 1089 uploading files, 372 USB auto configuration .
Index 1459 VLANs dynamically cr eated, 5 3 4 R A D I U S - a s s i g n e d, 534 voice traffic, identifying, 653 voice VLAN, 653 and LLDP -MED, 6 5 4 e x a m p l e , 710 understanding, 6 5 2 Vo I P , 8.
Index 1460.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Dell N4000 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Dell N4000 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Dell N4000 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Dell N4000 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Dell N4000, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Dell N4000.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Dell N4000. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Dell N4000 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.