2. Computers & electronics
  3. Software
  4. Dell
  5. PowerSwitch S3048-ON
PowerSwitch S3048-ON

Dell PowerSwitch S3048-ON User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell PowerSwitch S3048-ON User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Dell EMC SmartFabric OS10 User Guide
Release 10.5.0
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks
may be trademarks of their respective owners.
2019 - 08
Rev. A00
Contents
1 Change history.............................................................................................................................................30
2 Getting Started............................................................................................................................................32
Switch with factory-installed OS10................................................................................................................................33
Log in .......................................................................................................................................................................... 33
Check OS10 version...................................................................................................................................................34
OS10 upgrade.............................................................................................................................................................34
Check OS10 license....................................................................................................................................................41
Re-install license ........................................................................................................................................................ 41
Switch without OS installed............................................................................................................................................ 41
Uninstall existing OS..................................................................................................................................................42
Download OS10 image...............................................................................................................................................43
Installation using ONIE...............................................................................................................................................43
Log in ..........................................................................................................................................................................46
Install OS10 license.....................................................................................................................................................47
Switch deployment options............................................................................................................................................ 49
Manual CLI conguration..........................................................................................................................................49
ZTD-automated switch deployment........................................................................................................................49
Ansible-automated switch provisioning...................................................................................................................50
Remote access.................................................................................................................................................................50
Congure Management IP address......................................................................................................................... 50
Congure Management route .................................................................................................................................50
Congure user name and password......................................................................................................................... 51
3 CLI Basics....................................................................................................................................................52
CONFIGURATION mode.................................................................................................................................................53
Check device status........................................................................................................................................................ 54
Command help.................................................................................................................................................................55
Candidate conguration..................................................................................................................................................56
Prevent conguration changes................................................................................................................................ 58
Copy running conguration ........................................................................................................................................... 58
Restore startup conguration ....................................................................................................................................... 58
Reload system image.......................................................................................................................................................59
Filter show commands.................................................................................................................................................... 59
Common OS10 commands.............................................................................................................................................60
boot............................................................................................................................................................................. 60
commit........................................................................................................................................................................ 60
congure......................................................................................................................................................................61
copy..............................................................................................................................................................................61
delete...........................................................................................................................................................................63
dir................................................................................................................................................................................. 63
discard......................................................................................................................................................................... 64
Contents
3
do................................................................................................................................................................................. 64
end...............................................................................................................................................................................65
exit...............................................................................................................................................................................65
hostname.................................................................................................................................................................... 66
license..........................................................................................................................................................................66
lock...............................................................................................................................................................................67
management route.....................................................................................................................................................67
move............................................................................................................................................................................68
no................................................................................................................................................................................. 68
ping..............................................................................................................................................................................69
ping6............................................................................................................................................................................70
reload........................................................................................................................................................................... 72
show boot................................................................................................................................................................... 73
show candidate-conguration..................................................................................................................................73
show environment......................................................................................................................................................75
show inventory........................................................................................................................................................... 76
show ip management-route......................................................................................................................................76
show ipv6 management-route..................................................................................................................................77
show license status....................................................................................................................................................77
show running-conguration......................................................................................................................................78
show startup-conguration......................................................................................................................................80
show system................................................................................................................................................................81
show version...............................................................................................................................................................83
start............................................................................................................................................................................. 83
system......................................................................................................................................................................... 84
system-cli disable.......................................................................................................................................................84
system-user linuxadmin disable................................................................................................................................84
system identier.........................................................................................................................................................85
terminal........................................................................................................................................................................85
traceroute................................................................................................................................................................... 85
unlock...........................................................................................................................................................................87
username password role............................................................................................................................................87
write.............................................................................................................................................................................88
4 Advanced CLI tasks..................................................................................................................................... 89
Command alias................................................................................................................................................................. 89
Multi-line alias.............................................................................................................................................................90
alias.............................................................................................................................................................................. 92
alias (multi-line).......................................................................................................................................................... 93
default (alias).............................................................................................................................................................. 94
description (alias).......................................................................................................................................................94
line (alias).................................................................................................................................................................... 94
show alias....................................................................................................................................................................95
Batch mode...................................................................................................................................................................... 96
batch............................................................................................................................................................................97
Linux shell commands......................................................................................................................................................97
4
Contents
Using OS9 commands.....................................................................................................................................................99
feature cong-os9-style........................................................................................................................................... 99
5 Zero-touch deployment..............................................................................................................................100
ZTD DHCP server conguration...................................................................................................................................102
ZTD provisioning script..................................................................................................................................................102
ZTD CLI batch le.......................................................................................................................................................... 103
Post-ZTD script.............................................................................................................................................................. 104
ZTD commands.............................................................................................................................................................. 104
reload ztd...................................................................................................................................................................104
show ztd-status........................................................................................................................................................104
ztd cancel..................................................................................................................................................................105
6 OS10 provisioning.......................................................................................................................................106
Using Ansible...................................................................................................................................................................106
Example: Congure an OS10 switch using Ansible.....................................................................................................107
7 System management...................................................................................................................................110
System banners...............................................................................................................................................................110
Login banner.............................................................................................................................................................. 110
MOTD banner.............................................................................................................................................................111
System banner commands....................................................................................................................................... 111
User session management.............................................................................................................................................112
User session management commands...................................................................................................................113
Telnet server.................................................................................................................................................................... 114
Telnet commands...................................................................................................................................................... 114
Simple Network Management Protocol....................................................................................................................... 115
SNMP security models and levels...........................................................................................................................116
MIBs............................................................................................................................................................................116
SNMPv3.....................................................................................................................................................................117
Congure SNMP....................................................................................................................................................... 118
SNMP commands..................................................................................................................................................... 121
Example: Congure SNMP......................................................................................................................................130
System clock....................................................................................................................................................................131
Conguration notes...................................................................................................................................................131
Congure system time and date..............................................................................................................................131
Time zones and UTC oset reference...................................................................................................................132
System Clock commands........................................................................................................................................ 148
Network Time Protocol................................................................................................................................................. 150
Enable NTP................................................................................................................................................................ 151
Broadcasts................................................................................................................................................................. 151
Source IP address.....................................................................................................................................................152
Authentication...........................................................................................................................................................152
Sample NTP conguration...................................................................................................................................... 153
NTP commands........................................................................................................................................................155
Dynamic Host Conguration Protocol.......................................................................................................................... 161
Contents
5
Packet format and options.......................................................................................................................................161
DHCP server.............................................................................................................................................................163
Automatic address allocation.................................................................................................................................. 163
Hostname resolution................................................................................................................................................ 164
Manual binding entries.............................................................................................................................................165
DHCP relay agent.....................................................................................................................................................166
View DHCP Information...........................................................................................................................................167
System domain name and list..................................................................................................................................167
DHCP snooping........................................................................................................................................................ 168
DHCP commands.....................................................................................................................................................186
DHCP snooping commands.................................................................................................................................... 192
DNS commands........................................................................................................................................................198
IPv4 DHCP limitations..............................................................................................................................................201
8 Interfaces.................................................................................................................................................. 202
Ethernet interfaces........................................................................................................................................................202
Unied port groups........................................................................................................................................................202
Z9264F-ON port-group proles...................................................................................................................................203
Port-groups on S5200F-ON switches........................................................................................................................205
L2 mode conguration...................................................................................................................................................213
L3 mode conguration...................................................................................................................................................213
Fibre Channel interfaces................................................................................................................................................ 214
Conguring wavelength...........................................................................................................................................215
Management interface ................................................................................................................................................. 216
Management interface ........................................................................................................................................... 216
VLAN interfaces............................................................................................................................................................. 216
User-congured default VLAN......................................................................................................................................217
VLAN scale prole.......................................................................................................................................................... 217
Loopback interfaces....................................................................................................................................................... 218
Port-channel interfaces................................................................................................................................................. 218
Create port-channel................................................................................................................................................. 219
Add port member..................................................................................................................................................... 219
Minimum links...........................................................................................................................................................220
Assign Port Channel IP Address............................................................................................................................ 220
Remove or disable port-channel............................................................................................................................220
Load balance trac..................................................................................................................................................221
Change hash algorithm............................................................................................................................................221
Congure interface ranges........................................................................................................................................... 222
Switch-port proles.......................................................................................................................................................222
S4148-ON Series port proles................................................................................................................................223
S4148U-ON port proles........................................................................................................................................ 224
Congure negotiation modes on interfaces............................................................................................................... 225
Congure breakout mode............................................................................................................................................. 227
Breakout auto-conguration.........................................................................................................................................227
Reset default conguration.......................................................................................................................................... 228
Forward error correction...............................................................................................................................................229
6
Contents
Energy-ecient Ethernet............................................................................................................................................. 230
Enable energy-ecient Ethernet............................................................................................................................231
Clear EEE counters...................................................................................................................................................231
View EEE status/statistics...................................................................................................................................... 231
EEE commands........................................................................................................................................................232
View interface conguration........................................................................................................................................ 235
Digital optical monitoring...............................................................................................................................................238
Enable DOM and DOM traps................................................................................................................................. 239
Interface commands......................................................................................................................................................240
channel-group.......................................................................................................................................................... 240
default interface.......................................................................................................................................................240
default vlan-id...........................................................................................................................................................243
description (Interface).............................................................................................................................................243
duplex........................................................................................................................................................................ 244
enable dom............................................................................................................................................................... 244
enable dom traps..................................................................................................................................................... 245
feature auto-breakout............................................................................................................................................. 245
fec..............................................................................................................................................................................245
interface breakout....................................................................................................................................................246
interface ethernet....................................................................................................................................................246
interface loopback....................................................................................................................................................247
interface mgmt.........................................................................................................................................................247
interface null............................................................................................................................................................. 247
interface port-channel.............................................................................................................................................248
interface range......................................................................................................................................................... 248
interface vlan............................................................................................................................................................249
link-bundle-utilization...............................................................................................................................................249
mode......................................................................................................................................................................... 250
mode l3...................................................................................................................................................................... 251
mtu............................................................................................................................................................................. 251
negotiation................................................................................................................................................................252
port mode Eth..........................................................................................................................................................253
port-group................................................................................................................................................................ 254
prole.........................................................................................................................................................................254
scale-prole vlan......................................................................................................................................................255
show interface......................................................................................................................................................... 255
show interface transceiver “Tunable wavelength”...............................................................................................257
show inventory media..............................................................................................................................................257
show link-bundle-utilization....................................................................................................................................258
show port-channel summary..................................................................................................................................258
show port-group......................................................................................................................................................259
show switch-port-prole........................................................................................................................................ 260
show system............................................................................................................................................................ 260
show vlan...................................................................................................................................................................261
shutdown...................................................................................................................................................................261
Contents
7
speed (Fibre Channel).............................................................................................................................................262
speed (Management)..............................................................................................................................................262
switch-port-prole...................................................................................................................................................263
switchport access vlan........................................................................................................................................... 265
switchport mode......................................................................................................................................................265
switchport trunk allowed vlan................................................................................................................................266
wavelength............................................................................................................................................................... 266
9 Fibre Channel.............................................................................................................................................267
Fibre Channel over Ethernet........................................................................................................................................ 268
Congure FIP snooping...........................................................................................................................................268
Terminology.....................................................................................................................................................................270
Virtual fabric................................................................................................................................................................... 270
Fibre Channel zoning..................................................................................................................................................... 272
F_Port on Ethernet........................................................................................................................................................274
Pinning FCoE trac to a specic port of a port-channel......................................................................................... 274
Sample FSB conguration on VLT network..........................................................................................................277
Sample FC Switch conguration on VLT network...............................................................................................279
Sample FSB conguration on non-VLT network..................................................................................................280
Sample FC Switch conguration on non-VLT network.......................................................................................282
Multi-hop FIP-snooping bridge.................................................................................................................................... 283
Conguration notes................................................................................................................................................. 284
Congure multi-hop FSB........................................................................................................................................ 284
Verify multi-hop FSB conguration....................................................................................................................... 289
Sample Multi-hop FSB conguration....................................................................................................................290
Conguration guidelines................................................................................................................................................303
NPIV Proxy Gateway cascading.................................................................................................................................. 303
NPG1 switch conguration.....................................................................................................................................303
NPG2 switch conguration.................................................................................................................................... 304
F_Port commands.........................................................................................................................................................305
fc alias....................................................................................................................................................................... 305
fc zone...................................................................................................................................................................... 305
fc zoneset.................................................................................................................................................................306
feature fc.................................................................................................................................................................. 306
member (alias)..........................................................................................................................................................307
member (zone).........................................................................................................................................................307
member (zoneset)................................................................................................................................................... 307
show fc alias.............................................................................................................................................................308
show fc interface-area-id mapping....................................................................................................................... 308
show fc ns switch....................................................................................................................................................309
show fc zone............................................................................................................................................................309
show fc zoneset....................................................................................................................................................... 310
zone default-zone permit......................................................................................................................................... 311
zoneset activate........................................................................................................................................................ 311
NPG commands..............................................................................................................................................................312
fc port-mode F..........................................................................................................................................................312
8
Contents
feature fc npg............................................................................................................................................................312
show npg devices.....................................................................................................................................................313
F_Port and NPG commands.........................................................................................................................................313
clear fc statistics.......................................................................................................................................................313
fcoe ........................................................................................................................................................................... 314
name...........................................................................................................................................................................314
show fc statistics......................................................................................................................................................315
show fc switch..........................................................................................................................................................315
show running-cong vfabric................................................................................................................................... 316
show vfabric..............................................................................................................................................................316
vfabric........................................................................................................................................................................ 317
vfabric (interface).....................................................................................................................................................317
vlan.............................................................................................................................................................................318
FIP-snooping commands...............................................................................................................................................318
feature p-snooping.................................................................................................................................................318
p-snooping enable..................................................................................................................................................319
p-snooping fc-map.................................................................................................................................................319
p-snooping port-mode...........................................................................................................................................319
FCoE commands........................................................................................................................................................... 320
clear fcoe database................................................................................................................................................. 320
clear fcoe statistics.................................................................................................................................................. 321
fcoe-pinned-port ..................................................................................................................................................... 321
fcoe max-sessions-per-enodemac......................................................................................................................... 321
fcoe priority-bits.......................................................................................................................................................322
lldp tlv-select dcbxp-appln fcoe.............................................................................................................................322
show fcoe enode......................................................................................................................................................323
show fcoe fcf........................................................................................................................................................... 323
show fcoe pinned-port............................................................................................................................................323
show fcoe sessions..................................................................................................................................................324
show fcoe statistics.................................................................................................................................................324
show fcoe system....................................................................................................................................................325
show fcoe vlan......................................................................................................................................................... 325
10 Layer 2..................................................................................................................................................... 327
802.1X.............................................................................................................................................................................. 327
Port authentication..................................................................................................................................................328
EAP over RADIUS....................................................................................................................................................329
Congure 802.1X......................................................................................................................................................329
Enable 802.1X........................................................................................................................................................... 330
Identity retransmissions........................................................................................................................................... 331
Failure quiet period.................................................................................................................................................. 332
Port control mode....................................................................................................................................................332
Reauthenticate port................................................................................................................................................ 333
Congure timeouts..................................................................................................................................................334
802.1X commands....................................................................................................................................................335
Far-end failure detection...............................................................................................................................................339
Contents
9
Enable FEFD globally................................................................................................................................................341
Enable FEFD on interface.......................................................................................................................................342
Reset FEFD err-disabled interface.........................................................................................................................342
Display FEFD information........................................................................................................................................342
FEFD Commands.....................................................................................................................................................343
Link Aggregation Control Protocol...............................................................................................................................346
Modes....................................................................................................................................................................... 346
Conguration............................................................................................................................................................347
Interfaces.................................................................................................................................................................. 347
Rates......................................................................................................................................................................... 348
Sample conguration...............................................................................................................................................348
LACP fallback...........................................................................................................................................................352
LACP commands.....................................................................................................................................................354
Link Layer Discovery Protocol.......................................................................................................................................361
Protocol data units...................................................................................................................................................362
Optional TLVs........................................................................................................................................................... 363
Organizationally-specic TLVs............................................................................................................................... 363
Media endpoint discovery.......................................................................................................................................366
Network connectivity device................................................................................................................................. 366
LLDP-MED capabilities TLV....................................................................................................................................367
Network policies TLVs.............................................................................................................................................367
Dene network policies...........................................................................................................................................368
Packet timer values.................................................................................................................................................369
Disable and re-enable LLDP .................................................................................................................................. 369
Disable and re-enable LLDP on management ports............................................................................................ 370
Advertise TLVs.......................................................................................................................................................... 371
Network policy advertisement................................................................................................................................374
Fast start repeat count............................................................................................................................................374
View LLDP conguration........................................................................................................................................ 375
Adjacent agent advertisements............................................................................................................................. 376
Time to live................................................................................................................................................................377
LLDP commands......................................................................................................................................................377
Media Access Control................................................................................................................................................... 390
Static MAC Address................................................................................................................................................390
MAC Address Table..................................................................................................................................................391
Clear MAC Address Table........................................................................................................................................391
MAC Commands......................................................................................................................................................392
Spanning-tree protocol................................................................................................................................................. 394
EdgePort...................................................................................................................................................................394
Spanning-tree extensions.......................................................................................................................................395
Recover from BPDU guard violations....................................................................................................................397
MAC ush optimization...........................................................................................................................................397
Debug congurations.............................................................................................................................................. 399
Setting spanning-tree link type for rapid state transitions................................................................................. 399
Common STP commands.......................................................................................................................................399
10
Contents
Rapid per-VLAN spanning-tree plus...................................................................................................................... 407
Rapid Spanning-Tree Protocol.................................................................................................................................415
Multiple Spanning-Tree............................................................................................................................................423
Virtual LANs................................................................................................................................................................... 435
Default VLAN........................................................................................................................................................... 435
Create or remove VLANs........................................................................................................................................435
Access mode............................................................................................................................................................ 437
Trunk mode............................................................................................................................................................... 437
Assign IP address.....................................................................................................................................................438
View VLAN conguration....................................................................................................................................... 439
VLAN commands.....................................................................................................................................................440
Port monitoring...............................................................................................................................................................441
Local port monitoring.............................................................................................................................................. 442
Remote port monitoring..........................................................................................................................................442
Encapsulated remote port monitoring...................................................................................................................444
Flow-based monitoring............................................................................................................................................446
Remote port monitoring on VLT............................................................................................................................ 446
Port monitoring commands....................................................................................................................................448
11 Layer 3......................................................................................................................................................453
Virtual routing and forwarding......................................................................................................................................453
Congure management VRF..................................................................................................................................453
Congure non-default VRF instances...................................................................................................................455
VRF conguration....................................................................................................................................................458
View VRF instance information..............................................................................................................................462
Static route leaking..................................................................................................................................................463
VRF commands....................................................................................................................................................... 466
Bidirectional Forwarding Detection.............................................................................................................................. 474
BFD session states.................................................................................................................................................. 475
BFD three-way handshake..................................................................................................................................... 476
BFD conguration.................................................................................................................................................... 477
Congure BFD globally............................................................................................................................................ 477
BFD for BGP.............................................................................................................................................................478
BFD for OSPF.......................................................................................................................................................... 482
BFD for Static route.................................................................................................................................................487
BFD commands........................................................................................................................................................489
Border Gateway Protocol............................................................................................................................................. 496
Sessions and peers.................................................................................................................................................. 497
Route reectors........................................................................................................................................................497
Multiprotocol BGP...................................................................................................................................................498
Attributes..................................................................................................................................................................498
Selection criteria...................................................................................................................................................... 499
Weight and local preference...................................................................................................................................500
Multiexit discriminators...........................................................................................................................................500
Origin..........................................................................................................................................................................501
AS path and next-hop..............................................................................................................................................501
Contents
11
Best path selection.................................................................................................................................................. 501
More path support.................................................................................................................................................. 502
Advertise cost..........................................................................................................................................................503
4-Byte AS numbers.................................................................................................................................................503
AS number migration...............................................................................................................................................503
Graceful restart........................................................................................................................................................504
Congure Border Gateway Protocol.....................................................................................................................505
Enable BGP.............................................................................................................................................................. 505
Congure Dual Stack.............................................................................................................................................. 508
Congure administrative distance.........................................................................................................................508
Peer templates.........................................................................................................................................................509
Neighbor fall-over.....................................................................................................................................................512
Congure password................................................................................................................................................. 514
Fast external fallover................................................................................................................................................515
Passive peering......................................................................................................................................................... 517
Local AS..................................................................................................................................................................... 517
AS number limit.........................................................................................................................................................518
Redistribute routes................................................................................................................................................... 519
Additional paths........................................................................................................................................................ 519
MED attributes.........................................................................................................................................................520
Local preference attribute...................................................................................................................................... 520
Weight attribute........................................................................................................................................................521
Enable multipath...................................................................................................................................................... 522
Route-map lters.....................................................................................................................................................522
Route reector clusters...........................................................................................................................................522
Aggregate routes..................................................................................................................................................... 523
Confederations.........................................................................................................................................................524
Route dampening.....................................................................................................................................................525
Timers....................................................................................................................................................................... 526
Neighbor soft-reconguration................................................................................................................................526
Redistribute iBGP route to OSPF.......................................................................................................................... 527
Debug BGP...............................................................................................................................................................529
BGP commands.......................................................................................................................................................530
Equal cost multi-path....................................................................................................................................................564
Load balancing......................................................................................................................................................... 564
Maximum ECMP groups and paths...................................................................................................................... 568
ECMP commands....................................................................................................................................................568
IPv4 routing.................................................................................................................................................................... 573
Assign interface IP address.....................................................................................................................................573
Congure static routing...........................................................................................................................................574
Address Resolution Protocol.................................................................................................................................. 575
IPv4 routing commands.......................................................................................................................................... 575
IPv6 routing....................................................................................................................................................................580
Enable or disable IPv6..............................................................................................................................................581
IPv6 addresses..........................................................................................................................................................581
12
Contents
Stateless autoconguration....................................................................................................................................583
Neighbor Discovery.................................................................................................................................................584
Duplicate address discovery...................................................................................................................................585
Static IPv6 routing...................................................................................................................................................586
IPv6 destination unreachable.................................................................................................................................586
IPv6 hop-by-hop options........................................................................................................................................586
View IPv6 information............................................................................................................................................. 587
IPv6 commands....................................................................................................................................................... 587
Open shortest path rst............................................................................................................................................... 599
Autonomous system areas..................................................................................................................................... 600
Areas, networks, and neighbors.............................................................................................................................600
Router types............................................................................................................................................................. 601
Designated and backup designated routers......................................................................................................... 602
Link-state advertisements...................................................................................................................................... 602
Router priority.......................................................................................................................................................... 603
Shortest path rst throttling..................................................................................................................................604
OSPFv2.................................................................................................................................................................... 605
OSPFv3.....................................................................................................................................................................638
Object tracking manager.............................................................................................................................................. 659
Interface tracking.................................................................................................................................................... 660
Host tracking............................................................................................................................................................ 661
Set tracking delays.................................................................................................................................................. 662
Object tracking.........................................................................................................................................................662
View tracked objects...............................................................................................................................................662
OTM commands......................................................................................................................................................663
Policy-based routing......................................................................................................................................................666
Policy-based route-maps........................................................................................................................................666
Access-list to match route-map............................................................................................................................ 666
Set address to match route-map...........................................................................................................................666
Assign route-map to interface................................................................................................................................667
View PBR information............................................................................................................................................. 667
Policy-based routing per VRF................................................................................................................................ 668
Conguring PBR per VRF.......................................................................................................................................668
Sample conguration.............................................................................................................................................. 669
Track route reachability...........................................................................................................................................669
Use PBR to permit and block specic trac....................................................................................................... 670
View PBR conguration...........................................................................................................................................671
PBR commands........................................................................................................................................................ 671
Virtual Router Redundancy Protocol...........................................................................................................................675
Conguration............................................................................................................................................................675
Create virtual router.................................................................................................................................................676
Group version........................................................................................................................................................... 677
Virtual IP addresses................................................................................................................................................. 677
Congure virtual IP address....................................................................................................................................678
Congure virtual IP address in a VRF....................................................................................................................679
Contents
13
Set group priority.....................................................................................................................................................680
Authentication..........................................................................................................................................................680
Disable preempt........................................................................................................................................................681
Advertisement interval.............................................................................................................................................681
Interface/object tracking........................................................................................................................................ 682
Congure tracking...................................................................................................................................................683
VRRP commands.....................................................................................................................................................684
12 Multicast..................................................................................................................................................690
Important notes............................................................................................................................................................. 690
Congure multicast routing..........................................................................................................................................690
Unknown multicast ood control................................................................................................................................. 691
Enable multicast ood control................................................................................................................................692
Multicast Commands.................................................................................................................................................... 692
multicast snooping ood-restrict...........................................................................................................................692
Internet Group Management Protocol........................................................................................................................693
Standards compliance.............................................................................................................................................693
Important notes....................................................................................................................................................... 694
Supported IGMP versions...................................................................................................................................... 694
Query interval...........................................................................................................................................................694
Last member query interval....................................................................................................................................694
Maximum response time.........................................................................................................................................694
IGMP immediate leave............................................................................................................................................695
Select an IGMP version.......................................................................................................................................... 695
View IGMP-enabled interfaces and groups..........................................................................................................695
IGMP snooping........................................................................................................................................................ 696
IGMP commands.....................................................................................................................................................698
Multicast Listener Discovery Protocol........................................................................................................................ 708
MLD snooping.......................................................................................................................................................... 709
MLD snooping commands.......................................................................................................................................710
Protocol Independent Multicast....................................................................................................................................717
PIM terminology........................................................................................................................................................717
Standards compliance..............................................................................................................................................718
PIM-SM..................................................................................................................................................................... 718
PIM-SSM...................................................................................................................................................................718
Congure expiry timers for S, G entries................................................................................................................ 719
Congure static rendezvous point..........................................................................................................................719
Congure dynamic RP using the BSR mechanism..............................................................................................720
Congure designated router priority......................................................................................................................723
PIM commands........................................................................................................................................................ 723
PIM-SM sample conguration............................................................................................................................... 735
PIM-SSM sample conguration............................................................................................................................. 740
Multicast VRF sample conguration............................................................................................................................744
VLT multicast routing.................................................................................................................................................... 753
Multicast routing table synchronization................................................................................................................ 753
IGMP message synchronization.............................................................................................................................753
14
Contents
Egress mask..............................................................................................................................................................753
Spanned VLAN.........................................................................................................................................................753
Deployment considerations.................................................................................................................................... 754
Example: Spanned L3 VLAN IIF............................................................................................................................. 754
Example: Active-active PIM in a square VLT topology........................................................................................762
VLT multicast routing show commands.................................................................................................................791
13 VXLAN .....................................................................................................................................................793
VXLAN concepts........................................................................................................................................................... 793
VXLAN as NVO solution............................................................................................................................................... 794
Congure VXLAN.......................................................................................................................................................... 795
Congure source IP address on VTEP..................................................................................................................795
Congure a VXLAN virtual network......................................................................................................................796
Congure VLAN-tagged access ports..................................................................................................................796
Congure untagged access ports.......................................................................................................................... 797
Enable overlay routing between virtual networks................................................................................................798
Advertise VXLAN source IP address ....................................................................................................................800
Congure VLT.......................................................................................................................................................... 800
L3 VXLAN route scaling ............................................................................................................................................... 801
DHCP relay on VTEPs ..................................................................................................................................................802
View VXLAN conguration...........................................................................................................................................803
VXLAN MAC addresses................................................................................................................................................805
VXLAN commands........................................................................................................................................................ 807
hardware overlay-routing-prole............................................................................................................................807
interface virtual-network........................................................................................................................................ 808
ip virtual-router address..........................................................................................................................................809
ip virtual-router mac-address.................................................................................................................................809
member-interface....................................................................................................................................................809
nve..............................................................................................................................................................................810
remote-vtep.............................................................................................................................................................. 810
show hardware overlay-routing-prole mode........................................................................................................811
show interface virtual-network............................................................................................................................... 811
show nve remote-vtep.............................................................................................................................................812
show nve remote-vtep counters............................................................................................................................ 813
show nve vxlan-vni...................................................................................................................................................813
show virtual-network............................................................................................................................................... 813
show virtual-network counters...............................................................................................................................814
show virtual-network interface counters.............................................................................................................. 814
show virtual-network interface...............................................................................................................................815
show virtual-network vlan.......................................................................................................................................816
show vlan (virtual network).................................................................................................................................... 816
source-interface loopback.......................................................................................................................................816
virtual-network..........................................................................................................................................................817
virtual-network untagged-vlan................................................................................................................................817
vxlan-vni.................................................................................................................................................................... 818
VXLAN MAC commands...............................................................................................................................................818
Contents
15
clear mac address-table dynamic nve remote-vtep.............................................................................................818
clear mac address-table dynamic virtual-network............................................................................................... 819
show mac address-table count extended............................................................................................................. 819
show mac address-table count nve...................................................................................................................... 820
show mac address-table count virtual-network...................................................................................................821
show mac address-table extended.........................................................................................................................821
show mac address-table nve..................................................................................................................................822
show mac address-table virtual-network............................................................................................................. 823
Example: VXLAN with static VTEP............................................................................................................................. 824
VTEP 1 Leaf Switch.................................................................................................................................................825
VTEP 2 Leaf Switch.................................................................................................................................................827
VTEP 3 Leaf Switch................................................................................................................................................830
VTEP 4 Leaf Switch................................................................................................................................................ 832
Spine Switch 1..........................................................................................................................................................835
Spine Switch 2......................................................................................................................................................... 836
BGP EVPN for VXLAN................................................................................................................................................. 836
BGP EVPN compared to static VXLAN................................................................................................................ 837
VXLAN BGP EVPN operation................................................................................................................................ 837
Congure BGP EVPN for VXLAN......................................................................................................................... 840
VXLAN BGP EVPN routing.................................................................................................................................... 843
BGP EVPN with VLT...............................................................................................................................................844
VXLAN BGP commands.........................................................................................................................................845
VXLAN EVPN commands...................................................................................................................................... 848
Example: VXLAN with BGP EVPN........................................................................................................................855
Example: VXLAN with BGP EVPN — Multi-AS Topology..................................................................................877
Example: Centralized Layer3 gateway routing..................................................................................................... 898
Example: Border Leaf Gateway.............................................................................................................................. 901
Controller-provisioned VXLAN.....................................................................................................................................905
Congure controller-provisioned VXLAN............................................................................................................. 906
Congure and control VXLAN from VMware vCenter........................................................................................910
Example: VXLAN with a controller conguration................................................................................................. 913
VXLAN Controller commands.................................................................................................................................917
14 UFT modes...............................................................................................................................................924
Congure UFT modes...................................................................................................................................................926
IPv6 extended prex routes................................................................................................................................... 926
UFT commands..............................................................................................................................................................927
hardware forwarding-table mode...........................................................................................................................927
hardware l3 ipv6-extended-prex .........................................................................................................................927
show hardware forwarding-table mode................................................................................................................ 928
show hardware forwarding-table mode all............................................................................................................928
show hardware l3.....................................................................................................................................................928
15 Security................................................................................................................................................... 930
User re-authentication...................................................................................................................................................931
Password strength......................................................................................................................................................... 931
16
Contents
Simple password check.................................................................................................................................................932
Obscure passwords....................................................................................................................................................... 932
Role-based access control............................................................................................................................................933
Assign user role.............................................................................................................................................................. 933
Bootloader protection................................................................................................................................................... 934
Linuxadmin user conguration..................................................................................................................................... 934
RADIUS authentication.................................................................................................................................................935
RADIUS over TLS authentication................................................................................................................................ 936
TACACS+ authentication..............................................................................................................................................937
Unknown user role.........................................................................................................................................................938
SSH server..................................................................................................................................................................... 938
Virtual terminal line ACLs..............................................................................................................................................939
Restrict SNMP access..................................................................................................................................................940
Enable AAA accounting................................................................................................................................................ 940
Enable user lockout........................................................................................................................................................941
Limit concurrent login sessions.....................................................................................................................................941
Enable login statistics....................................................................................................................................................942
Privilege levels ...............................................................................................................................................................942
Congure privilege levels........................................................................................................................................ 943
Congure enable password.................................................................................................................................... 944
Audit log..........................................................................................................................................................................944
Security commands.......................................................................................................................................................945
aaa accounting.........................................................................................................................................................946
aaa authentication login..........................................................................................................................................946
aaa re-authenticate enable..................................................................................................................................... 947
boot protect disable username...............................................................................................................................947
boot protect enable username password............................................................................................................. 948
clear logging audit....................................................................................................................................................948
crypto ssh-key generate......................................................................................................................................... 948
disable....................................................................................................................................................................... 949
enable........................................................................................................................................................................949
enable password priv-lvl......................................................................................................................................... 950
ip access-class.........................................................................................................................................................950
ip radius source-interface........................................................................................................................................ 951
ip tacacs source-interface.......................................................................................................................................951
ipv6 access-class.....................................................................................................................................................952
ip ssh server challenge-response-authentication................................................................................................952
ip ssh server cipher................................................................................................................................................. 952
ip ssh server enable.................................................................................................................................................953
ip ssh server hostbased-authentication................................................................................................................954
ip ssh server kex...................................................................................................................................................... 954
ip ssh server mac.....................................................................................................................................................955
ip ssh server password-authentication.................................................................................................................956
ip ssh server port.....................................................................................................................................................956
ip ssh server pubkey-authentication..................................................................................................................... 956
Contents
17
ip ssh server vrf....................................................................................................................................................... 957
line vty.......................................................................................................................................................................957
logging audit enable.................................................................................................................................................957
login concurrent-session limit.................................................................................................................................958
login-statistics enable..............................................................................................................................................958
password-attributes................................................................................................................................................958
password-attributes max-retry lockout-period....................................................................................................959
privilege.....................................................................................................................................................................960
radius-server host.................................................................................................................................................... 961
radius-server host tls............................................................................................................................................... 961
radius-server retransmit..........................................................................................................................................962
radius-server timeout..............................................................................................................................................962
radius-server vrf...................................................................................................................................................... 963
service obscure-password......................................................................................................................................963
service simple-password.........................................................................................................................................964
show boot protect...................................................................................................................................................964
show crypto ssh-key...............................................................................................................................................964
show ip ssh...............................................................................................................................................................965
show logging audit...................................................................................................................................................966
show login-statistics................................................................................................................................................966
show privilege...........................................................................................................................................................967
show running-conguration privilege.................................................................................................................... 967
show users................................................................................................................................................................968
system-user linuxadmin disable..............................................................................................................................968
system-user linuxadmin password.........................................................................................................................969
tacacs-server host.................................................................................................................................................. 969
tacacs-server timeout.............................................................................................................................................970
tacacs-server vrf..................................................................................................................................................... 970
username password role.......................................................................................................................................... 971
username sshkey......................................................................................................................................................972
username sshkey lename......................................................................................................................................973
userrole inherit..........................................................................................................................................................973
X.509v3 certicates.......................................................................................................................................................974
X.509v3 concepts....................................................................................................................................................975
Public key infrastructure......................................................................................................................................... 975
Manage CA certicates...........................................................................................................................................976
Certicate revocation..............................................................................................................................................978
Request and install host certicates..................................................................................................................... 979
Self-signed certicates .......................................................................................................................................... 982
Security proles....................................................................................................................................................... 985
Cluster security........................................................................................................................................................986
X.509v3 commands.................................................................................................................................................987
Example: Congure RADIUS over TLS with X.509v3 certicates.................................................................... 999
16 OpenFlow................................................................................................................................................1001
OpenFlow logical switch instance..............................................................................................................................1002
18
Contents
OpenFlow controller.....................................................................................................................................................1002
OpenFlow version 1.3...................................................................................................................................................1002
Ports........................................................................................................................................................................ 1002
Flow table................................................................................................................................................................1003
Group table............................................................................................................................................................. 1003
Meter table..............................................................................................................................................................1003
Instructions............................................................................................................................................................. 1003
Action set................................................................................................................................................................1004
Action types............................................................................................................................................................1004
Counters..................................................................................................................................................................1005
OpenFlow protocol.................................................................................................................................................1006
OpenFlow use cases....................................................................................................................................................1020
Congure OpenFlow....................................................................................................................................................1020
Establish TLS connection.......................................................................................................................................1021
OpenFlow commands..................................................................................................................................................1022
controller................................................................................................................................................................. 1022
dpid-mac-address.................................................................................................................................................. 1023
in-band-mgmt.........................................................................................................................................................1024
max-backo............................................................................................................................................................ 1024
mode openow-only.............................................................................................................................................. 1025
openow..................................................................................................................................................................1025
probe-interval..........................................................................................................................................................1026
protocol-version......................................................................................................................................................1026
rate-limit packet_in................................................................................................................................................ 1027
show openow........................................................................................................................................................1027
show openow ows.............................................................................................................................................1028
show openow ports............................................................................................................................................. 1029
show openow switch...........................................................................................................................................1030
show openow switch controllers.........................................................................................................................1031
switch...................................................................................................................................................................... 1032
OpenFlow-only mode commands...............................................................................................................................1032
17 Access Control Lists................................................................................................................................1035
IP ACLs..........................................................................................................................................................................1035
MAC ACLs.....................................................................................................................................................................1036
Control-plane ACLs......................................................................................................................................................1036
Control-plane ACL qualiers..................................................................................................................................1037
IP fragment handling....................................................................................................................................................1037
IP fragments ACL................................................................................................................................................... 1037
L3 ACL rules..................................................................................................................................................................1038
Permit ACL with L3 information only...................................................................................................................1038
Deny ACL with L3 information only..................................................................................................................... 1038
Permit all packets from host.................................................................................................................................1038
Permit only rst fragments and non-fragmented packets from host..............................................................1038
Assign sequence number to lter...............................................................................................................................1039
User-provided sequence number.........................................................................................................................1039
Contents
19
Auto-generated sequence number...................................................................................................................... 1039
Delete ACL rule.............................................................................................................................................................1039
L2 and L3 ACLs............................................................................................................................................................1040
Assign and apply ACL lters....................................................................................................................................... 1040
Ingress ACL lters.........................................................................................................................................................1041
Egress ACL lters.........................................................................................................................................................1042
VTY ACLs......................................................................................................................................................................1042
SNMP ACLs..................................................................................................................................................................1042
Clear access-list counters...........................................................................................................................................1042
IP prex-lists................................................................................................................................................................. 1043
Route-maps.................................................................................................................................................................. 1043
Match routes................................................................................................................................................................ 1045
Set conditions...............................................................................................................................................................1045
Continue clause............................................................................................................................................................1045
ACL ow-based monitoring........................................................................................................................................ 1046
Flow-based mirroring.............................................................................................................................................1046
Enable ow-based monitoring.................................................................................................................................... 1047
View ACL table utilization report................................................................................................................................ 1047
Known behavior......................................................................................................................................................1049
ACL logging...................................................................................................................................................................1049
Important notes......................................................................................................................................................1050
ACL commands............................................................................................................................................................1050
clear ip access-list counters................................................................................................................................. 1050
clear ipv6 access-list counters..............................................................................................................................1051
clear mac access-list counters..............................................................................................................................1051
deny.......................................................................................................................................................................... 1051
deny (IPv6)............................................................................................................................................................. 1052
deny (MAC)............................................................................................................................................................ 1053
deny icmp................................................................................................................................................................1053
deny icmp (IPv6)....................................................................................................................................................1054
deny ip.....................................................................................................................................................................1055
deny ipv6.................................................................................................................................................................1055
deny tcp.................................................................................................................................................................. 1056
deny tcp (IPv6).......................................................................................................................................................1057
deny udp..................................................................................................................................................................1057
deny udp (IPv6)..................................................................................................................................................... 1058
description.............................................................................................................................................................. 1059
ip access-group......................................................................................................................................................1060
ip access-list........................................................................................................................................................... 1060
ip as-path access-list.............................................................................................................................................1060
ip community-list standard deny...........................................................................................................................1061
ip community–list standard permit...................................................................................................................... 1062
ip extcommunity-list standard deny.....................................................................................................................1062
ip extcommunity-list standard permit..................................................................................................................1063
ip prex-list description......................................................................................................................................... 1063
20
Contents
/