PowerSwitch S4148U-ON

Dell PowerSwitch S4148U-ON User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell PowerSwitch S4148U-ON User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Dell EMC SmartFabric OS10 User Guide
Release 10.5.2
06 2021
Rev. A05
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2020 -2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Other trademarks may be trademarks of their respective owners.
Chapter 1: About this guide......................................................................................................... 29
Conventions........................................................................................................................................................................29
Related Documents...........................................................................................................................................................29
Documentation Feedback................................................................................................................................................30
Chapter 2: Change history........................................................................................................... 31
Chapter 3: Getting Started with Dell EMC SmartFabric OS10...................................................... 38
Switch with factory-installed OS10.............................................................................................................................. 39
Log in .............................................................................................................................................................................40
Check OS10 version....................................................................................................................................................40
Install firmware upgrade............................................................................................................................................. 41
Upgrade OS10 automatically using ZTD................................................................................................................. 41
Upgrade OS10 manually from the CLI.................................................................................................................... 42
Upgrade OS10 on VLT nodes with minimal traffic loss...................................................................................... 44
Check OS10 license.....................................................................................................................................................49
Re-install license .........................................................................................................................................................49
Upgrade commands....................................................................................................................................................50
Baremetal switch with only ONIE installed................................................................................................................. 55
Uninstall existing OS...................................................................................................................................................55
Download OS10 image................................................................................................................................................56
Installation using ONIE............................................................................................................................................... 56
Log in .............................................................................................................................................................................59
Install OS10 license..................................................................................................................................................... 60
Downgrade to Release 10.5.0.0 or earlier releases................................................................................................... 63
Roll back from 10.5.2.0 or later release to 10.5.0.x or earlier release.............................................................64
Downgrade to Release 10.5.1.0 or later releases....................................................................................................... 65
Rollback from 10.5.2.0 or later release to 10.5.1.0 or later release................................................................. 66
Switch deployment options.............................................................................................................................................67
Manual CLI configuration...........................................................................................................................................67
ZTD-automated switch deployment....................................................................................................................... 67
Ansible-automated switch provisioning..................................................................................................................67
Feature limitation on the Z9100-ON and S5200-ON series switches............................................................68
Feature limitations on Z9332F-ON switch............................................................................................................68
Remote access...................................................................................................................................................................68
Configure Management IP address.........................................................................................................................68
Configure Management route .................................................................................................................................69
Configure username and password.........................................................................................................................69
Chapter 4: CLI Basics...................................................................................................................71
CONFIGURATION mode..................................................................................................................................................72
Check device status......................................................................................................................................................... 73
Related Videos..............................................................................................................................................................74
Command help....................................................................................................................................................................74
Contents
Contents 3
Candidate configuration...................................................................................................................................................75
Copy running configuration ............................................................................................................................................78
Restore startup configuration .......................................................................................................................................79
Reload system image........................................................................................................................................................80
Filter show commands..................................................................................................................................................... 80
Common OS10 commands............................................................................................................................................... 81
boot................................................................................................................................................................................. 81
commit............................................................................................................................................................................ 81
configure........................................................................................................................................................................ 81
copy................................................................................................................................................................................ 82
delete..............................................................................................................................................................................83
dir.................................................................................................................................................................................... 84
discard............................................................................................................................................................................85
do.................................................................................................................................................................................... 85
end.................................................................................................................................................................................. 86
exit.................................................................................................................................................................................. 86
hostname.......................................................................................................................................................................86
license.............................................................................................................................................................................87
lock.................................................................................................................................................................................. 87
management route...................................................................................................................................................... 87
move............................................................................................................................................................................... 88
no.....................................................................................................................................................................................88
ping................................................................................................................................................................................. 89
ping6................................................................................................................................................................................91
reload..............................................................................................................................................................................92
show boot......................................................................................................................................................................93
show candidate-configuration..................................................................................................................................93
show environment.......................................................................................................................................................96
show inventory.............................................................................................................................................................96
show ip management-route...................................................................................................................................... 97
show ipv6 management-route..................................................................................................................................97
show license status.....................................................................................................................................................98
show running-configuration......................................................................................................................................98
show startup-configuration..................................................................................................................................... 101
show system............................................................................................................................................................... 102
show version............................................................................................................................................................... 103
start...............................................................................................................................................................................104
system.......................................................................................................................................................................... 104
system-cli disable.......................................................................................................................................................105
system-user linuxadmin disable.............................................................................................................................. 105
system identifier.........................................................................................................................................................105
terminal.........................................................................................................................................................................106
traceroute....................................................................................................................................................................106
unlock............................................................................................................................................................................107
username password role...........................................................................................................................................107
write.............................................................................................................................................................................. 108
Chapter 5: Advanced CLI tasks...................................................................................................110
Command alias.................................................................................................................................................................. 110
Multi-line alias...............................................................................................................................................................111
4
Contents
alias................................................................................................................................................................................ 113
alias (multi-line)...........................................................................................................................................................114
default (alias)...............................................................................................................................................................115
description (alias)....................................................................................................................................................... 115
line (alias)..................................................................................................................................................................... 115
show alias..................................................................................................................................................................... 116
Batch mode........................................................................................................................................................................117
batch.............................................................................................................................................................................. 117
Linux shell commands......................................................................................................................................................118
Using OS9 commands.................................................................................................................................................... 120
feature config-os9-style.......................................................................................................................................... 120
Chapter 6: Dell EMC SmartFabric OS10 zero-touch deployment................................................. 121
ZTD DHCP server configuration.................................................................................................................................. 123
ZTD provisioning script.................................................................................................................................................. 123
ZTD CLI batch file............................................................................................................................................................124
Post-ZTD script............................................................................................................................................................... 125
ZTD commands................................................................................................................................................................ 125
reload ztd.....................................................................................................................................................................125
show ztd-status......................................................................................................................................................... 125
ztd cancel.................................................................................................................................................................... 126
ztd start....................................................................................................................................................................... 126
ztd stop........................................................................................................................................................................ 127
Chapter 7: Dell EMC SmartFabric OS10 provisioning.................................................................. 128
Using Ansible.....................................................................................................................................................................128
Example: Configure an OS10 switch using Ansible..................................................................................................129
Chapter 8: SmartFabric Director................................................................................................ 132
Enable SmartFabric Director mode on a switch.......................................................................................................132
Support for SmartFabric Director................................................................................................................................132
gRPC Network Management Interface agent.......................................................................................................... 132
Lifecycle Management using SmartFabric Director................................................................................................ 135
SmartFabric Director commands................................................................................................................................. 136
gnmi-security-profile.................................................................................................................................................136
show switch-operating-mode................................................................................................................................. 137
show sfd status.......................................................................................................................................................... 137
Chapter 9: System management................................................................................................ 138
System banners................................................................................................................................................................138
Login banner................................................................................................................................................................138
Message of the day banner.....................................................................................................................................139
System banner commands...................................................................................................................................... 139
User session management.............................................................................................................................................140
User session management commands...................................................................................................................141
Telnet server.....................................................................................................................................................................142
Telnet commands.......................................................................................................................................................143
Simple Network Management Protocol..................................................................................................................... 143
SNMP security models and levels..........................................................................................................................144
Contents
5
MIBs.............................................................................................................................................................................. 144
SNMPv3.......................................................................................................................................................................145
Configure SNMP........................................................................................................................................................146
SNMP commands...................................................................................................................................................... 150
Example: Configure SNMP......................................................................................................................................160
System clock.....................................................................................................................................................................160
Time zones and UTC offset reference..................................................................................................................161
System Clock commands......................................................................................................................................... 177
Network Time Protocol.................................................................................................................................................. 179
Enable NTP..................................................................................................................................................................180
Broadcasts....................................................................................................................................................................181
Source IP address.......................................................................................................................................................181
Authentication............................................................................................................................................................ 182
Sample NTP configuration.......................................................................................................................................183
NTP commands..........................................................................................................................................................185
Precision Time Protocol................................................................................................................................................. 190
Supported platforms................................................................................................................................................. 194
Standards compliance...............................................................................................................................................194
PTP installation scale and limits............................................................................................................................. 194
Configuration notes...................................................................................................................................................194
Hybrid clocking...........................................................................................................................................................195
Configure Precision Time Protocol........................................................................................................................195
View PTP information...............................................................................................................................................198
Example: Configure boundary clock with L2 transport method.................................................................... 200
Example: Configure boundary clock with IPv4 multicast transport method............................................... 201
Example: Configure boundary clock with IPv4 unicast transport method..................................................202
Example: Configure end-to-end transparent clock...........................................................................................203
Example: Configure boundary clock with IPv4 unicast transport method and L3 VLAN........................ 204
Example: Configure PTP in a multinode setup...................................................................................................205
PTP commands.......................................................................................................................................................... 213
Synchronous Ethernet (SyncE)...................................................................................................................................229
Supported platforms................................................................................................................................................ 229
Standards compliance..............................................................................................................................................229
Clock source selection ............................................................................................................................................230
Manage clock selection............................................................................................................................................ 231
Standby clock source states................................................................................................................................... 231
Restrictions and limitations..................................................................................................................................... 231
Sample configurations.............................................................................................................................................. 231
SyncE commands.......................................................................................................................................................241
Dynamic Host Configuration Protocol....................................................................................................................... 252
Packet format and options..................................................................................................................................... 253
DHCP server.............................................................................................................................................................. 254
Automatic address allocation................................................................................................................................. 255
Hostname resolution................................................................................................................................................ 256
Manual binding entries............................................................................................................................................. 257
View DHCP Information.......................................................................................................................................... 258
DHCP relay agent..................................................................................................................................................... 258
Enable or disable DHCP Option-82.......................................................................................................................260
DHCP relay agent options....................................................................................................................................... 261
DHCPv4 relay counters........................................................................................................................................... 275
6
Contents
DHCP relay without route leaking.........................................................................................................................276
VRRP Virtual IP as Server Override (sub option 11)......................................................................................... 277
DHCP snooping..........................................................................................................................................................279
System domain name and list.................................................................................................................................296
DHCP commands...................................................................................................................................................... 297
DNS commands......................................................................................................................................................... 329
Containers......................................................................................................................................................................... 331
Low Latency Modes....................................................................................................................................................... 334
Low Latency Modes CLI commands.....................................................................................................................336
Chapter 10: Interfaces............................................................................................................... 337
Ethernet interfaces.........................................................................................................................................................337
Unified port groups.........................................................................................................................................................338
Z9264F-ON port-group profiles..................................................................................................................................339
Port-groups on S5200F-ON switches.......................................................................................................................340
L2 mode configuration...................................................................................................................................................347
L3 mode configuration...................................................................................................................................................347
Fibre Channel interfaces............................................................................................................................................... 348
Configuring wavelength...........................................................................................................................................349
Management interface .................................................................................................................................................350
Management interface ........................................................................................................................................... 350
VLAN interfaces..............................................................................................................................................................350
User-configured default VLAN.....................................................................................................................................351
VLAN scale profile........................................................................................................................................................... 351
Loopback interfaces.......................................................................................................................................................352
Port-channel interfaces.................................................................................................................................................353
Create port-channel................................................................................................................................................. 353
Add port member...................................................................................................................................................... 353
Minimum links.............................................................................................................................................................354
Assign Port Channel IP Address............................................................................................................................355
Remove or disable port-channel........................................................................................................................... 355
Load balance traffic..................................................................................................................................................355
Change hash algorithm............................................................................................................................................356
Configure interface ranges...........................................................................................................................................356
Switch-port profiles........................................................................................................................................................357
S4148-ON Series port profiles............................................................................................................................... 358
S4148U-ON port profiles.........................................................................................................................................358
Configure negotiation modes on interfaces............................................................................................................. 360
Configure breakout mode..............................................................................................................................................361
Breakout auto-configuration........................................................................................................................................ 363
Reset default configuration..........................................................................................................................................363
Forward error correction.............................................................................................................................................. 365
Energy-efficient Ethernet.............................................................................................................................................366
Enable energy-efficient Ethernet..........................................................................................................................366
Clear EEE counters...................................................................................................................................................366
View EEE status/statistics..................................................................................................................................... 367
EEE commands..........................................................................................................................................................368
View interface configuration........................................................................................................................................ 370
Viewing journal logs........................................................................................................................................................ 373
High-power optical modules.........................................................................................................................................375
Contents
7
High-power optical module commands................................................................................................................376
Digital optical monitoring...............................................................................................................................................377
Enable DOM and DOM traps.................................................................................................................................. 378
Default MTU Configuration.......................................................................................................................................... 379
Configure polling interval for Ethernet interface counters...................................................................................380
Interface commands.......................................................................................................................................................380
channel-group............................................................................................................................................................380
default interface.........................................................................................................................................................381
default vlan-id............................................................................................................................................................ 383
description (Interface).............................................................................................................................................383
duplex...........................................................................................................................................................................384
enable dom..................................................................................................................................................................384
enable dom traps.......................................................................................................................................................385
feature auto-breakout..............................................................................................................................................385
fec.................................................................................................................................................................................386
interface breakout.................................................................................................................................................... 386
interface ethernet..................................................................................................................................................... 387
interface loopback.....................................................................................................................................................387
interface mgmt.......................................................................................................................................................... 387
interface null...............................................................................................................................................................388
interface port-channel............................................................................................................................................. 388
interface range.......................................................................................................................................................... 388
interface vlan............................................................................................................................................................. 389
link-bundle-utilization...............................................................................................................................................389
link-bundle-monitor.................................................................................................................................................. 390
mode............................................................................................................................................................................ 390
mode l3......................................................................................................................................................................... 391
mtu................................................................................................................................................................................ 391
negotiation.................................................................................................................................................................. 392
port mode Eth............................................................................................................................................................393
port-group...................................................................................................................................................................394
profile........................................................................................................................................................................... 394
scale-profile vlan....................................................................................................................................................... 395
show interface........................................................................................................................................................... 395
show interface description......................................................................................................................................397
show interface phy-eth........................................................................................................................................... 397
show interface switchport......................................................................................................................................398
show inventory media.............................................................................................................................................. 398
show inventory media details.................................................................................................................................399
show link-bundle-utilization....................................................................................................................................400
show port-channel summary..................................................................................................................................400
show port-group........................................................................................................................................................ 401
show switch-port-profile......................................................................................................................................... 401
show system...............................................................................................................................................................402
show vlan.................................................................................................................................................................... 403
shutdown.................................................................................................................................................................... 403
speed (Fibre Channel)............................................................................................................................................. 403
speed (Management)...............................................................................................................................................404
stats-monitor............................................................................................................................................................. 404
switch-port-profile................................................................................................................................................... 405
8
Contents
switchport access vlan............................................................................................................................................ 407
switchport mode....................................................................................................................................................... 407
switchport trunk allowed vlan................................................................................................................................407
wavelength................................................................................................................................................................. 408
default mtu................................................................................................................................................................. 408
show default mtu...................................................................................................................................................... 409
Chapter 11: Fibre Channel.......................................................................................................... 410
Fibre Channel over Ethernet..........................................................................................................................................411
Configure FIP snooping.............................................................................................................................................411
Terminology.......................................................................................................................................................................413
Virtual fabric......................................................................................................................................................................413
Fibre Channel zoning...................................................................................................................................................... 415
F_Port on Ethernet......................................................................................................................................................... 417
Pinning FCoE traffic to a specific port of a port-channel..................................................................................... 417
Sample FSB configuration on VLT network........................................................................................................ 419
Sample FC Switch configuration on VLT network.............................................................................................421
Sample FSB configuration on non-VLT network...............................................................................................423
Sample FC Switch configuration on non-VLT network................................................................................... 425
Multiswitch fabric (E Port)...........................................................................................................................................426
Configure multiswitch fabric (E Port)..................................................................................................................428
Verify multiswitch fabric (E Port) configuration................................................................................................431
Multiswitch fabric (E Port) CLI commands........................................................................................................ 436
Multi-hop FIP-snooping bridge.....................................................................................................................................451
Configuration notes...................................................................................................................................................451
Configure multi-hop FSB.........................................................................................................................................452
Verify multi-hop FSB configuration...................................................................................................................... 457
Sample Multi-hop FSB configuration................................................................................................................... 459
Configuration guidelines................................................................................................................................................ 472
NPIV Proxy Gateway cascading.................................................................................................................................. 473
Support for untagged VLAN in FCoE.........................................................................................................................475
Single FCF per vFabric.................................................................................................................................................. 475
Usecase 1 - NPG fabric is connected to an FCF switch through multiple links.........................................476
Use case 2 - NPG fabric is connected to multiple upstream switches belonging to the same SAN
fabric........................................................................................................................................................................ 479
Use case 3 - Multiple NPG Fabrics connected to upstream switches belonging to different SAN
fabrics...................................................................................................................................................................... 479
F_Port commands.......................................................................................................................................................... 479
fc alias.......................................................................................................................................................................... 479
fc zone......................................................................................................................................................................... 479
fc zoneset................................................................................................................................................................... 480
feature fc.................................................................................................................................................................... 480
member (alias)...........................................................................................................................................................480
member (zone)...........................................................................................................................................................481
member (zoneset)..................................................................................................................................................... 481
show fc alias...............................................................................................................................................................482
show fc interface-area-id mapping.......................................................................................................................482
show fc ns switch..................................................................................................................................................... 482
show fc zone..............................................................................................................................................................483
show fc zoneset........................................................................................................................................................ 484
Contents
9
zone default-zone permit........................................................................................................................................485
zoneset activate........................................................................................................................................................485
NPG commands...............................................................................................................................................................485
fc port-mode F.......................................................................................................................................................... 486
feature fc npg............................................................................................................................................................ 486
show npg devices......................................................................................................................................................486
show npg uplink-interface.......................................................................................................................................487
F_Port and NPG commands........................................................................................................................................ 489
clear fc statistics.......................................................................................................................................................489
fcoe ............................................................................................................................................................................. 489
fcoe delay fcf-adv.....................................................................................................................................................490
name.............................................................................................................................................................................490
rebalance fc npg sessions....................................................................................................................................... 490
show npg uplink-interface.......................................................................................................................................492
show npg node-interface........................................................................................................................................ 494
show fc statistics......................................................................................................................................................495
show fc switch.......................................................................................................................................................... 495
show running-config vfabric.................................................................................................................................. 496
show vfabric...............................................................................................................................................................496
vfabric.......................................................................................................................................................................... 497
vfabric (interface).....................................................................................................................................................497
vlan............................................................................................................................................................................... 497
FIP-snooping commands...............................................................................................................................................498
feature fip-snooping with-cvl................................................................................................................................ 498
fip-snooping enable.................................................................................................................................................. 498
fip-snooping fc-map.................................................................................................................................................499
fip-snooping port-mode...........................................................................................................................................499
FCoE commands.............................................................................................................................................................500
clear fcoe database.................................................................................................................................................. 500
clear fcoe statistics.................................................................................................................................................. 500
fcoe delay fcf-adv.................................................................................................................................................... 500
fcoe-pinned-port ...................................................................................................................................................... 501
fcoe max-sessions-per-enodemac........................................................................................................................ 501
fcoe priority-bits........................................................................................................................................................ 501
lldp tlv-select dcbxp-appln fcoe............................................................................................................................502
re-balance fc npg sessions vfabric....................................................................................................................... 502
show fcoe enode.......................................................................................................................................................504
show fcoe fcf.............................................................................................................................................................504
show fcoe pinned-port............................................................................................................................................ 505
show fcoe sessions...................................................................................................................................................506
show fcoe statistics................................................................................................................................................. 506
show fcoe system..................................................................................................................................................... 507
show fcoe vlan...........................................................................................................................................................507
show npg node-interface........................................................................................................................................ 507
show npg uplink-interface...................................................................................................................................... 508
Debug FC commands......................................................................................................................................................510
debug fc....................................................................................................................................................................... 510
show debug fc.............................................................................................................................................................511
Chapter 12: Layer 2.................................................................................................................... 513
10
Contents
802.1X.................................................................................................................................................................................513
Port authentication................................................................................................................................................... 514
EAP over RADIUS......................................................................................................................................................515
Configure 802.1X....................................................................................................................................................... 515
Enable 802.1X............................................................................................................................................................. 516
Identity retransmissions............................................................................................................................................517
Failure quiet period.................................................................................................................................................... 517
Port control mode......................................................................................................................................................518
Reauthenticate a port...............................................................................................................................................519
Configure timeouts...................................................................................................................................................520
Configure RADIUS server........................................................................................................................................ 521
802.1X commands......................................................................................................................................................521
RADIUS server commands......................................................................................................................................526
Far-end failure detection.............................................................................................................................................. 528
Enable FEFD globally................................................................................................................................................530
Enable FEFD on interface........................................................................................................................................ 531
Reset FEFD err-disabled interface........................................................................................................................ 531
Display FEFD information.........................................................................................................................................531
FEFD Commands.......................................................................................................................................................532
Link Aggregation Control Protocol............................................................................................................................. 535
Modes.......................................................................................................................................................................... 535
Configuration............................................................................................................................................................. 535
Interfaces....................................................................................................................................................................536
Rates............................................................................................................................................................................ 536
Sample configuration................................................................................................................................................537
LACP fallback.............................................................................................................................................................540
LACP commands.......................................................................................................................................................543
Link Layer Discovery Protocol.....................................................................................................................................550
Mandatory TLVs.........................................................................................................................................................551
Optional TLVs............................................................................................................................................................. 551
Configure LLDP......................................................................................................................................................... 554
Example: Advertise TLVs configuration.............................................................................................................. 560
View LLDP configuration......................................................................................................................................... 561
View LLDP neighbor advertisements................................................................................................................... 562
LLDP-MED..................................................................................................................................................................563
LLDP commands........................................................................................................................................................567
Media Access Control.................................................................................................................................................... 579
Static MAC Address.................................................................................................................................................580
MAC Address Table..................................................................................................................................................580
Clear MAC Address Table........................................................................................................................................581
MAC Commands........................................................................................................................................................ 581
Spanning-tree protocol................................................................................................................................................. 584
Introduction to STP..................................................................................................................................................584
Common STP commands.........................................................................................................................................591
Rapid per-VLAN spanning-tree..............................................................................................................................597
Rapid Spanning-Tree Protocol...............................................................................................................................609
Multiple Spanning-Tree............................................................................................................................................ 616
Virtual LANs..................................................................................................................................................................... 630
Default VLAN............................................................................................................................................................. 630
Default Management VLAN.....................................................................................................................................631
Contents
11
Create or remove VLANs.........................................................................................................................................631
Access mode.............................................................................................................................................................. 632
Trunk mode.................................................................................................................................................................633
Assign IP address...................................................................................................................................................... 634
View VLAN configuration........................................................................................................................................635
VLAN Scaling............................................................................................................................................................. 636
Anycast IP Gateway for VLANs.............................................................................................................................637
VLAN commands.......................................................................................................................................................648
Private VLANs.................................................................................................................................................................. 651
PVLAN components................................................................................................................................................. 652
Limitations.................................................................................................................................................................. 653
Configuration notes..................................................................................................................................................653
Configure a PVLAN domain....................................................................................................................................654
Extend PVLAN domain to another switch.......................................................................................................... 655
Configure PVLAN ports in a regular VLAN.........................................................................................................656
Configure an IPv4 address and local proxy ARP on a PVLAN interface..................................................... 658
Convert a secondary or promiscuous port to a regular L2 port....................................................................658
Delete the primary and secondary VLANs.......................................................................................................... 659
View PVLAN information........................................................................................................................................ 660
Interaction with other features............................................................................................................................. 662
PVLAN commands.................................................................................................................................................... 664
Example: PVLAN deployment with L2-L3 boundary at the spine layer....................................................... 670
Example: PVLAN deployment with L2-L3 boundary at the leaf layer.......................................................... 683
Port monitoring............................................................................................................................................................... 696
Local port monitoring............................................................................................................................................... 697
Remote port monitoring.......................................................................................................................................... 698
Encapsulated remote port monitoring..................................................................................................................702
Flow-based monitoring............................................................................................................................................ 703
Remote port monitoring on VLT............................................................................................................................704
Port monitoring commands.................................................................................................................................... 708
Chapter 13: Layer 3.................................................................................................................... 713
Virtual routing and forwarding......................................................................................................................................713
Configure management VRF................................................................................................................................... 713
Configure non-default VRF instances...................................................................................................................715
VRF configuration...................................................................................................................................................... 718
View VRF instance information..............................................................................................................................722
Static route leaking...................................................................................................................................................723
Route leaking..............................................................................................................................................................726
Administrative distance for leaked routes...........................................................................................................745
VRF commands..........................................................................................................................................................746
Bidirectional Forwarding Detection.............................................................................................................................757
BFD session states....................................................................................................................................................758
BFD three-way handshake......................................................................................................................................759
BFD configuration..................................................................................................................................................... 760
Configure BFD globally............................................................................................................................................ 760
BFD for BGP................................................................................................................................................................761
BFD for OSPF............................................................................................................................................................ 765
BFD for Static routes............................................................................................................................................... 769
BFD commands.......................................................................................................................................................... 772
12
Contents
Border Gateway Protocol..............................................................................................................................................779
Sessions and peers................................................................................................................................................... 780
Martian addresses.....................................................................................................................................................780
Route reflectors......................................................................................................................................................... 781
Multiprotocol BGP..................................................................................................................................................... 781
Attributes.................................................................................................................................................................... 782
Disable announcement of ASN values..................................................................................................................782
Selection criteria........................................................................................................................................................782
Weight and local preference...................................................................................................................................783
Multiexit discriminators............................................................................................................................................783
Origin............................................................................................................................................................................ 784
AS path and next-hop.............................................................................................................................................. 784
Best path selection................................................................................................................................................... 785
More path support....................................................................................................................................................785
Advertise cost............................................................................................................................................................ 786
4-Byte AS numbers...................................................................................................................................................786
AS number migration................................................................................................................................................786
Graceful restart..........................................................................................................................................................787
Configure Border Gateway Protocol.................................................................................................................... 787
Enable BGP.................................................................................................................................................................788
BGP over unnumbered interfaces.........................................................................................................................790
Auto-unnumbered interfaces for BGP................................................................................................................. 792
Configure Dual Stack................................................................................................................................................796
Configure administrative distance........................................................................................................................ 796
Peer templates...........................................................................................................................................................797
Neighbor fall-over......................................................................................................................................................801
Configure password................................................................................................................................................. 802
Fast external fallover................................................................................................................................................804
Passive peering..........................................................................................................................................................805
Local AS...................................................................................................................................................................... 806
AS number limit..........................................................................................................................................................807
Redistribute routes................................................................................................................................................... 808
Additional paths.........................................................................................................................................................809
MED attributes.......................................................................................................................................................... 809
Local preference attribute.......................................................................................................................................810
Weight attribute..........................................................................................................................................................811
Enable multipath......................................................................................................................................................... 811
Route-map filters.......................................................................................................................................................812
Route reflector clusters........................................................................................................................................... 812
Aggregate routes....................................................................................................................................................... 813
Confederations........................................................................................................................................................... 814
Route dampening....................................................................................................................................................... 814
Timers...........................................................................................................................................................................816
Neighbor soft-reconfiguration................................................................................................................................816
Redistribute iBGP route to OSPF.......................................................................................................................... 817
View BGP routes information................................................................................................................................. 818
Example - BGP in a VLT topology..........................................................................................................................819
Example - Three-tier CLOS topology with eBGP..............................................................................................824
Debug BGP................................................................................................................................................................. 829
Configuring BGP template......................................................................................................................................829
Contents
13
BGP commands......................................................................................................................................................... 830
Equal cost multi-path..................................................................................................................................................... 878
Load balancing........................................................................................................................................................... 878
Maximum ECMP groups and paths...................................................................................................................... 882
ECMP commands......................................................................................................................................................883
IPv4 routing...................................................................................................................................................................... 887
Assign interface IP address.................................................................................................................................... 887
Configure static routing.......................................................................................................................................... 888
Address Resolution Protocol.................................................................................................................................. 889
IPv4 routing commands...........................................................................................................................................890
IPv6 routing......................................................................................................................................................................895
Enable or disable IPv6..............................................................................................................................................895
IPv6 addresses.......................................................................................................................................................... 896
Stateless autoconfiguration....................................................................................................................................898
Neighbor Discovery.................................................................................................................................................. 898
Duplicate address discovery...................................................................................................................................899
Static IPv6 routing....................................................................................................................................................900
IPv6 destination unreachable.................................................................................................................................900
IPv6 hop-by-hop options......................................................................................................................................... 901
IPv6 Routing Header Type 0...................................................................................................................................901
View IPv6 information.............................................................................................................................................. 901
IPv6 RA Guard........................................................................................................................................................... 902
IPv6 commands...........................................................................................................................................................911
Open shortest path first................................................................................................................................................923
Autonomous system areas......................................................................................................................................923
Areas, networks, and neighbors............................................................................................................................ 924
Router types...............................................................................................................................................................924
Designated and backup designated routers....................................................................................................... 925
Link-state advertisements...................................................................................................................................... 926
Router priority............................................................................................................................................................926
Shortest path first throttling..................................................................................................................................927
Redistribute routes................................................................................................................................................... 928
OSPFv2....................................................................................................................................................................... 929
OSPFv3....................................................................................................................................................................... 962
Object tracking manager...............................................................................................................................................984
Interface tracking......................................................................................................................................................985
Host tracking..............................................................................................................................................................985
Set tracking delays................................................................................................................................................... 986
Object tracking.......................................................................................................................................................... 986
View tracked objects................................................................................................................................................987
OTM commands........................................................................................................................................................ 987
Policy-based routing...................................................................................................................................................... 990
Access-list to match route-map............................................................................................................................990
Set address to match route-map...........................................................................................................................991
Assign route-map to interface................................................................................................................................991
View PBR information...............................................................................................................................................991
Policy-based routing per VRF................................................................................................................................ 992
Configuring PBR per VRF....................................................................................................................................... 992
PBR and VLT..............................................................................................................................................................993
Sample configuration............................................................................................................................................... 996
14
Contents
Track route reachability...........................................................................................................................................997
Use PBR to permit and block specific traffic.....................................................................................................997
View PBR configuration.......................................................................................................................................... 998
PBR commands......................................................................................................................................................... 999
Virtual Router Redundancy Protocol........................................................................................................................1002
Configuration............................................................................................................................................................1002
Create virtual router............................................................................................................................................... 1003
Group version........................................................................................................................................................... 1004
Virtual IP addresses................................................................................................................................................ 1004
Configure virtual IP address................................................................................................................................. 1004
Configure virtual IP address in a VRF................................................................................................................ 1006
Set group priority.................................................................................................................................................... 1006
Authentication..........................................................................................................................................................1007
Disable preempt....................................................................................................................................................... 1007
Advertisement interval...........................................................................................................................................1008
Interface/object tracking...................................................................................................................................... 1009
Configure tracking.................................................................................................................................................. 1009
VRRP commands......................................................................................................................................................1010
Chapter 14: Multicast............................................................................................................... 1016
Important notes..............................................................................................................................................................1016
Configure multicast routing......................................................................................................................................... 1017
Unknown multicast flood control............................................................................................................................... 1017
Enable multicast flood control.............................................................................................................................. 1019
Multicast Commands....................................................................................................................................................1020
multicast snooping flood-restrict........................................................................................................................ 1020
Internet Group Management Protocol.....................................................................................................................1020
Standards compliance............................................................................................................................................. 1021
Important notes........................................................................................................................................................ 1021
Supported IGMP versions...................................................................................................................................... 1021
Query interval............................................................................................................................................................1021
Last member query interval................................................................................................................................... 1021
Maximum response time.........................................................................................................................................1021
IGMP immediate leave............................................................................................................................................1022
Select an IGMP version..........................................................................................................................................1022
IGMP snooping.........................................................................................................................................................1022
IGMP commands..................................................................................................................................................... 1024
Multicast Listener Discovery Protocol..................................................................................................................... 1037
MLD snooping...........................................................................................................................................................1037
MLD snooping commands..................................................................................................................................... 1039
Multicast snooping on VLANs.................................................................................................................................... 1047
Layer 3 multicast: Protocol Independent Multicast.............................................................................................. 1048
PIM terminology.......................................................................................................................................................1049
Standards compliance............................................................................................................................................ 1049
PIM-SM......................................................................................................................................................................1049
PIM-SSM...................................................................................................................................................................1056
Configure expiry timers for S, G entries.............................................................................................................1061
Configure static rendezvous point.......................................................................................................................1061
Configure dynamic RP using the BSR mechanism.......................................................................................... 1062
Configure designated router priority.................................................................................................................. 1064
Contents
15
Update RP mapping cache with new RP configuration.................................................................................1064
PIM join filters.......................................................................................................................................................... 1065
PIM neighbor filters................................................................................................................................................ 1066
PIM register filters.................................................................................................................................................. 1066
PIM commands.........................................................................................................................................................1067
Anycast RP using PIM.................................................................................................................................................. 1081
Configure PIM Anycast RP.................................................................................................................................... 1081
View mismatch of PIM Anycast RP on VLT nodes......................................................................................... 1082
PIM Anycast RP commands..................................................................................................................................1082
Sample configuration: Multicast VRF using PIM-SM........................................................................................... 1084
VLT multicast routing...................................................................................................................................................1092
Multicast routing table synchronization.............................................................................................................1092
IGMP message synchronization...........................................................................................................................1093
Egress mask..............................................................................................................................................................1093
Spanned VLAN.........................................................................................................................................................1093
VLT multicast peer routing timer.........................................................................................................................1093
Deployment considerations...................................................................................................................................1093
Example: Spanned L3 VLAN IIF using PIM-SM................................................................................................1094
VLT multicast routing commands......................................................................................................................... 1101
Chapter 15: VXLAN .................................................................................................................. 1104
VXLAN concepts............................................................................................................................................................1105
VXLAN as NVO solution............................................................................................................................................... 1106
Configure VXLAN...........................................................................................................................................................1106
Configure source IP address on VTEP................................................................................................................1106
Configure a VXLAN virtual network.....................................................................................................................1107
Configure VLAN-tagged access ports................................................................................................................ 1107
Configure untagged access ports........................................................................................................................ 1108
Enable overlay routing between virtual networks............................................................................................ 1109
Advertise VXLAN source IP address ....................................................................................................................1111
Configure VLT.............................................................................................................................................................1111
L3 VXLAN route scaling ............................................................................................................................................... 1112
DHCP relay on VTEPs .................................................................................................................................................. 1114
View VXLAN configuration........................................................................................................................................... 1114
VXLAN MAC addresses.................................................................................................................................................1117
VXLAN commands..........................................................................................................................................................1119
hardware overlay-routing-profile.......................................................................................................................... 1119
interface virtual-network........................................................................................................................................1120
ip virtual-router address......................................................................................................................................... 1120
ip virtual-router mac-address................................................................................................................................1120
member-interface..................................................................................................................................................... 1121
nve................................................................................................................................................................................ 1121
remote-vtep...............................................................................................................................................................1122
show hardware overlay-routing-profile mode................................................................................................... 1122
show interface virtual-network.............................................................................................................................1123
show nve remote-vtep............................................................................................................................................1123
show nve remote-vtep counters.......................................................................................................................... 1124
show nve vxlan-vni.................................................................................................................................................. 1124
show virtual-network.............................................................................................................................................. 1124
show virtual-network counters.............................................................................................................................1125
16
Contents
show virtual-network interface counters...........................................................................................................1125
show virtual-network interface.............................................................................................................................1126
show virtual-network vlan......................................................................................................................................1126
show vlan (virtual network)................................................................................................................................... 1127
source-interface loopback......................................................................................................................................1127
virtual-network......................................................................................................................................................... 1128
virtual-network untagged-vlan............................................................................................................................. 1128
vxlan-vni..................................................................................................................................................................... 1128
VXLAN MAC commands...............................................................................................................................................1129
clear mac address-table dynamic nve remote-vtep........................................................................................ 1129
clear mac address-table dynamic virtual-network........................................................................................... 1129
show mac address-table count extended.......................................................................................................... 1130
show mac address-table count nve.....................................................................................................................1130
show mac address-table count virtual-network................................................................................................1131
show mac address-table extended...................................................................................................................... 1132
show mac address-table nve.................................................................................................................................1133
show mac address-table virtual-network...........................................................................................................1133
Example: VXLAN with static VTEP............................................................................................................................1134
BGP EVPN for VXLAN..................................................................................................................................................1147
BGP EVPN compared to static VXLAN.............................................................................................................. 1147
VXLAN BGP EVPN operation................................................................................................................................ 1147
Configure BGP EVPN for VXLAN........................................................................................................................ 1149
VXLAN BGP EVPN routing.................................................................................................................................... 1153
BGP EVPN with VLT............................................................................................................................................... 1157
VXLAN BGP commands......................................................................................................................................... 1158
VXLAN EVPN commands.......................................................................................................................................1163
Example: VXLAN with BGP EVPN with asymmetric IRB................................................................................1173
Example: VXLAN BGP EVPN — Multiple AS topology with asymmetric IRB........................................... 1194
Example: VXLAN BGP EVPN — Centralized L3 gateway with asymmetric IRB......................................1215
Example: VXLAN BGP EVPN — Border leaf gateway with asymmetric IRB............................................ 1217
Example: VXLAN BGP EVPN—Symmetric IRB................................................................................................ 1221
Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering........................................1244
Example: Migrating from Asymmetric IRB to Symmetric IRB...................................................................... 1258
Example - Route leaking across VRFs in a VXLAN BGP EVPN symmetric IRB topology.......................1261
Controller-provisioned VXLAN...................................................................................................................................1269
Configure controller-provisioned VXLAN.......................................................................................................... 1270
Configure and control VXLAN from VMware vCenter................................................................................... 1273
Example: VXLAN with a controller configuration.............................................................................................1276
VXLAN Controller commands...............................................................................................................................1280
Chapter 16: UFT modes............................................................................................................ 1287
Configure UFT modes.................................................................................................................................................. 1288
IPv6 extended prefix routes................................................................................................................................. 1289
UFT commands..............................................................................................................................................................1289
hardware forwarding-table mode........................................................................................................................ 1289
hardware l3 ipv6-extended-prefix ......................................................................................................................1290
show hardware forwarding-table mode.............................................................................................................1290
show hardware forwarding-table mode all.........................................................................................................1291
show hardware l3..................................................................................................................................................... 1291
Contents
17
Chapter 17: Security................................................................................................................ 1292
Switch security.............................................................................................................................................................. 1292
User management................................................................................................................................................... 1292
AAA............................................................................................................................................................................. 1306
Boot security............................................................................................................................................................ 1320
Switch management access................................................................................................................................. 1332
Switch management statistics............................................................................................................................. 1346
X.509v3 certificates............................................................................................................................................... 1350
Network security........................................................................................................................................................... 1379
Access control lists................................................................................................................................................. 1379
DHCP snooping........................................................................................................................................................ 1379
802.1X port access control .................................................................................................................................. 1379
Port security............................................................................................................................................................. 1380
Chapter 18: OpenFlow.............................................................................................................. 1396
OpenFlow logical switch instance............................................................................................................................. 1397
OpenFlow controller......................................................................................................................................................1397
OpenFlow version 1.3....................................................................................................................................................1397
Ports........................................................................................................................................................................... 1397
Flow table.................................................................................................................................................................. 1398
Group table............................................................................................................................................................... 1398
Meter table................................................................................................................................................................1398
Instructions............................................................................................................................................................... 1398
Action set.................................................................................................................................................................. 1398
Action types..............................................................................................................................................................1399
Counters.................................................................................................................................................................... 1399
OpenFlow protocol...................................................................................................................................................1401
OpenFlow use cases......................................................................................................................................................1413
Configure OpenFlow......................................................................................................................................................1414
Establish TLS connection.......................................................................................................................................1415
OpenFlow commands....................................................................................................................................................1416
controller.................................................................................................................................................................... 1416
dpid-mac-address.....................................................................................................................................................1417
in-band-mgmt............................................................................................................................................................1417
max-backoff.............................................................................................................................................................. 1418
mode openflow-only................................................................................................................................................ 1418
openflow.....................................................................................................................................................................1419
probe-interval............................................................................................................................................................1419
protocol-version....................................................................................................................................................... 1419
rate-limit packet_in.................................................................................................................................................1420
show openflow..........................................................................................................................................................1421
show openflow flows...............................................................................................................................................1421
show openflow ports.............................................................................................................................................. 1422
show openflow switch............................................................................................................................................1423
show openflow switch controllers.......................................................................................................................1424
switch......................................................................................................................................................................... 1425
OpenFlow-only mode commands.............................................................................................................................. 1425
18
Contents
Chapter 19: Access Control Lists..............................................................................................1428
IP ACLs............................................................................................................................................................................ 1428
MAC ACLs.......................................................................................................................................................................1429
Control-plane ACLs.......................................................................................................................................................1429
Control-plane ACL qualifiers.................................................................................................................................1430
IP fragment handling.................................................................................................................................................... 1430
L3 ACL rules.................................................................................................................................................................... 1431
Assign sequence number to filter..............................................................................................................................1432
Delete ACL rule.............................................................................................................................................................. 1432
L2 and L3 ACLs..............................................................................................................................................................1433
Assign and apply ACL filters....................................................................................................................................... 1433
Ingress ACL filters.........................................................................................................................................................1434
Egress ACL filters..........................................................................................................................................................1435
VTY ACLs........................................................................................................................................................................ 1436
SNMP ACLs.................................................................................................................................................................... 1436
Clear access-list counters...........................................................................................................................................1436
IP prefix-lists.................................................................................................................................................................. 1436
Route-maps.....................................................................................................................................................................1437
Match routes.................................................................................................................................................................. 1438
Set conditions................................................................................................................................................................ 1439
Continue clause..............................................................................................................................................................1439
ACL flow-based monitoring........................................................................................................................................ 1440
Enable flow-based monitoring....................................................................................................................................1440
View ACL table utilization report................................................................................................................................1441
Known behavior....................................................................................................................................................... 1443
ACL logging.....................................................................................................................................................................1443
Important notes....................................................................................................................................................... 1443
IP ACL logging..........................................................................................................................................................1443
Control-plane management ACL logging........................................................................................................... 1444
ACL commands.............................................................................................................................................................. 1444
clear ip access-list counters................................................................................................................................. 1444
clear ipv6 access-list counters.............................................................................................................................1444
clear mac access-list counters.............................................................................................................................1445
deny............................................................................................................................................................................ 1445
deny (IPv6)............................................................................................................................................................... 1446
deny (MAC).............................................................................................................................................................. 1446
deny icmp...................................................................................................................................................................1447
deny icmp (IPv6)..................................................................................................................................................... 1447
deny ip........................................................................................................................................................................ 1448
deny ipv6................................................................................................................................................................... 1448
deny tcp..................................................................................................................................................................... 1449
deny tcp (IPv6)........................................................................................................................................................1450
deny udp.................................................................................................................................................................... 1450
deny udp (IPv6)........................................................................................................................................................1451
description.................................................................................................................................................................1452
ip access-group........................................................................................................................................................1452
ip access-list............................................................................................................................................................. 1453
ip as-path access-list..............................................................................................................................................1453
ip community-list standard deny..........................................................................................................................1454
Contents
19
ip community–list standard permit..................................................................................................................... 1455
ip extcommunity-list standard deny....................................................................................................................1455
ip extcommunity-list standard permit.................................................................................................................1456
ip prefix-list description......................................................................................................................................... 1456
ip prefix-list deny.....................................................................................................................................................1456
ip prefix-list permit..................................................................................................................................................1457
ip prefix-list seq deny............................................................................................................................................. 1457
ip prefix-list seq permit.......................................................................................................................................... 1458
ipv6 access-group...................................................................................................................................................1458
ipv6 access-list........................................................................................................................................................ 1458
ipv6 prefix-list deny................................................................................................................................................ 1459
ipv6 prefix-list description.....................................................................................................................................1459
ipv6 prefix-list permit............................................................................................................................................. 1460
ipv6 prefix-list seq deny.........................................................................................................................................1460
ipv6 prefix-list seq permit..................................................................................................................................... 1460
logging access-list mgmt burst ............................................................................................................................1461
logging access-list mgmt rate ..............................................................................................................................1461
mac access-group....................................................................................................................................................1461
mac access-list.........................................................................................................................................................1462
permit......................................................................................................................................................................... 1462
permit (IPv6)............................................................................................................................................................ 1463
permit (MAC)........................................................................................................................................................... 1464
permit icmp............................................................................................................................................................... 1464
permit icmp (IPv6)..................................................................................................................................................1465
permit ip.....................................................................................................................................................................1465
permit ipv6................................................................................................................................................................ 1466
permit tcp..................................................................................................................................................................1466
permit tcp (IPv6).....................................................................................................................................................1467
permit udp................................................................................................................................................................. 1468
permit udp (IPv6)....................................................................................................................................................1468
remark........................................................................................................................................................................ 1469
seq deny.....................................................................................................................................................................1470
seq deny (IPv6)........................................................................................................................................................1470
seq deny (MAC)........................................................................................................................................................1471
seq deny icmp...........................................................................................................................................................1472
seq deny icmp (IPv6)..............................................................................................................................................1472
seq deny ip................................................................................................................................................................ 1473
seq deny ipv6............................................................................................................................................................1473
seq deny tcp..............................................................................................................................................................1474
seq deny tcp (IPv6)................................................................................................................................................ 1475
seq deny udp.............................................................................................................................................................1476
seq deny udp (IPv6)................................................................................................................................................1477
seq permit..................................................................................................................................................................1477
seq permit (IPv6).....................................................................................................................................................1478
seq permit (MAC)....................................................................................................................................................1479
seq permit icmp........................................................................................................................................................1479
seq permit icmp (IPv6).......................................................................................................................................... 1480
seq permit ip............................................................................................................................................................. 1480
seq permit ipv6......................................................................................................................................................... 1481
seq permit tcp.......................................................................................................................................................... 1482
20
Contents
/