PowerSwitch S4148U-ON

Dell PowerSwitch S4148U-ON User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell PowerSwitch S4148U-ON User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Dell EMC SmartFabric OS10 User Guide
Release 10.5.0
06 2020
Rev. A06
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the
problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2020- 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other
trademarks may be trademarks of their respective owners.
Chapter 1: Change history..............................................................................................................28
Chapter 2: Getting Started with Dell EMC SmartFabric OS10............................................................ 31
Switch with factory-installed OS10...................................................................................................................................32
Log in ..............................................................................................................................................................................32
Check OS10 version...................................................................................................................................................... 33
OS10 upgrade.................................................................................................................................................................33
Check OS10 license........................................................................................................................................................41
Re-install license ........................................................................................................................................................... 42
Switch without OS installed...............................................................................................................................................42
Uninstall existing OS......................................................................................................................................................43
Download OS10 image.................................................................................................................................................. 43
Installation using ONIE.................................................................................................................................................. 44
Log in ..............................................................................................................................................................................46
Install OS10 license........................................................................................................................................................ 47
Switch deployment options................................................................................................................................................49
Manual CLI configuration..............................................................................................................................................49
ZTD-automated switch deployment...........................................................................................................................50
Ansible-automated switch provisioning......................................................................................................................50
MX7000 Feb 2020 Solution Update Instructions........................................................................................................... 50
Remote access.................................................................................................................................................................... 57
Configure Management IP address.............................................................................................................................57
Configure Management route .................................................................................................................................... 58
Configure username and password.............................................................................................................................58
Chapter 3: CLI Basics.................................................................................................................... 60
CONFIGURATION mode.....................................................................................................................................................61
Check device status............................................................................................................................................................ 61
Related Videos............................................................................................................................................................... 63
Command help.....................................................................................................................................................................63
Candidate configuration..................................................................................................................................................... 64
Copy running configuration ...............................................................................................................................................66
Restore startup configuration ...........................................................................................................................................66
Reload system image.......................................................................................................................................................... 67
Filter show commands........................................................................................................................................................67
Common OS10 commands.................................................................................................................................................68
boot................................................................................................................................................................................. 68
commit............................................................................................................................................................................ 68
configure.........................................................................................................................................................................68
copy.................................................................................................................................................................................69
delete...............................................................................................................................................................................70
dir......................................................................................................................................................................................71
discard.............................................................................................................................................................................72
do..................................................................................................................................................................................... 72
Contents
Contents 3
end................................................................................................................................................................................... 72
exit................................................................................................................................................................................... 73
hostname........................................................................................................................................................................ 73
license..............................................................................................................................................................................74
lock...................................................................................................................................................................................74
management route........................................................................................................................................................ 74
move................................................................................................................................................................................75
no..................................................................................................................................................................................... 75
ping.................................................................................................................................................................................. 76
ping6................................................................................................................................................................................ 77
reload...............................................................................................................................................................................79
show boot.......................................................................................................................................................................79
show candidate-configuration..................................................................................................................................... 80
show environment.........................................................................................................................................................82
show inventory...............................................................................................................................................................83
show ip management-route......................................................................................................................................... 83
show ipv6 management-route.....................................................................................................................................84
show license status....................................................................................................................................................... 84
show running-configuration......................................................................................................................................... 85
show startup-configuration..........................................................................................................................................87
show system.................................................................................................................................................................. 88
show version.................................................................................................................................................................. 90
start.................................................................................................................................................................................90
system..............................................................................................................................................................................91
system-cli disable........................................................................................................................................................... 91
system-user linuxadmin disable....................................................................................................................................92
system identifier.............................................................................................................................................................92
terminal........................................................................................................................................................................... 92
traceroute.......................................................................................................................................................................93
unlock..............................................................................................................................................................................94
username password role...............................................................................................................................................94
write................................................................................................................................................................................ 95
Chapter 4: Advanced CLI tasks.......................................................................................................96
Command alias.....................................................................................................................................................................96
Multi-line alias.................................................................................................................................................................97
alias..................................................................................................................................................................................99
alias (multi-line)............................................................................................................................................................ 100
default (alias).................................................................................................................................................................101
description (alias)..........................................................................................................................................................101
line (alias)....................................................................................................................................................................... 101
show alias......................................................................................................................................................................102
Batch mode........................................................................................................................................................................ 103
batch..............................................................................................................................................................................103
Linux shell commands........................................................................................................................................................104
Using OS9 commands.......................................................................................................................................................106
feature config-os9-style............................................................................................................................................. 106
Chapter 5: Dell EMC SmartFabric OS10 zero-touch deployment...................................................... 107
4
Contents
ZTD DHCP server configuration......................................................................................................................................109
ZTD provisioning script..................................................................................................................................................... 109
ZTD CLI batch file...............................................................................................................................................................110
Post-ZTD script.................................................................................................................................................................. 110
ZTD commands....................................................................................................................................................................111
reload ztd........................................................................................................................................................................111
show ztd-status.............................................................................................................................................................111
ztd cancel.......................................................................................................................................................................112
Chapter 6: Dell EMC SmartFabric OS10 provisioning....................................................................... 113
Using Ansible....................................................................................................................................................................... 113
Example: Configure an OS10 switch using Ansible.........................................................................................................114
Chapter 7: SmartFabric Services................................................................................................... 117
SmartFabric Services personalities...................................................................................................................................117
SmartFabric Services for leaf and spine.................................................................................................................... 117
SmartFabric Services for PowerEdge MX................................................................................................................ 118
SmartFabric Services for leaf and spine..........................................................................................................................119
SmartFabric Services Components ................................................................................................................................120
SmartFabric Services logical entities................................................................................................................................121
Uplinks........................................................................................................................................................................... 122
Uplink bonding options................................................................................................................................................ 123
Spanning tree considerations..................................................................................................................................... 123
Dynamic onboarding for integrated devices.............................................................................................................123
Statically onboarded server........................................................................................................................................ 123
Static onboarding for nonintegrated devices........................................................................................................... 124
Backup and Restore of fabric state.................................................................................................................................124
Enable SmartFabric Services on the switches...............................................................................................................124
Enable SmartFabric Services using GUI....................................................................................................................125
SmartFabric Services Graphical User Interface.............................................................................................................125
Configure SmartFabric Services initial setup............................................................................................................126
Update Default Fabric, Switch Names, and Descriptions wizard...........................................................................127
Create Uplink for External Network Connectivity wizard.......................................................................................127
Breakout Switch Ports wizard....................................................................................................................................128
Configure Jump Host wizard......................................................................................................................................129
Update Network Configuration wizard..................................................................................................................... 129
Onboard a Server onto the Fabric wizard.................................................................................................................129
Edit Default Fabric Settings wizard........................................................................................................................... 129
Restore wizard............................................................................................................................................................. 130
Fabric operations and life cycle management................................................................................................................130
Configuring FEC using MSM............................................................................................................................................130
SFS Support for MSTP on Layer3 fabric........................................................................................................................130
SmartFabric commands.....................................................................................................................................................131
smartfabric l3fabric enable.......................................................................................................................................... 131
smartfabric vlti..............................................................................................................................................................132
show smartfabric cluster.............................................................................................................................................132
show smartfabric cluster member............................................................................................................................. 133
show smartfabric details............................................................................................................................................. 134
show smartfabric networks........................................................................................................................................ 135
Contents
5
show smartfabric nodes..............................................................................................................................................135
show smartfabric personality......................................................................................................................................136
show smartfabric uplinks.............................................................................................................................................137
show smartfabric validation-errors............................................................................................................................138
show smartfabric discovered-server.........................................................................................................................139
show smartfabric discovered-server discovered-server-interface.......................................................................140
show smartfabric configured-server......................................................................................................................... 140
show smartfabric configured-server configured-server-interface........................................................................ 141
Chapter 8: SmartFabric Director................................................................................................... 143
Enable SmartFabric Director mode on a switch.............................................................................................................143
Support for SmartFabric Director....................................................................................................................................143
gRPC Network Management Interface agent............................................................................................................... 143
Lifecycle Management using SmartFabric Director...................................................................................................... 146
SmartFabric Director commands..................................................................................................................................... 147
switch-operating-mode............................................................................................................................................... 147
gnmi-security-profile....................................................................................................................................................147
show switch-operating-mode.................................................................................................................................... 148
show sfd status............................................................................................................................................................ 148
Chapter 9: System management................................................................................................... 149
System banners..................................................................................................................................................................149
Login banner................................................................................................................................................................. 149
Message of the day banner........................................................................................................................................150
System banner commands......................................................................................................................................... 150
User session management.................................................................................................................................................151
User session management commands......................................................................................................................152
Telnet server.......................................................................................................................................................................153
Telnet commands.........................................................................................................................................................153
Simple Network Management Protocol..........................................................................................................................154
SNMP security models and levels..............................................................................................................................154
MIBs...............................................................................................................................................................................155
SNMPv3........................................................................................................................................................................156
Configure SNMP..........................................................................................................................................................156
SNMP commands........................................................................................................................................................160
Example: Configure SNMP......................................................................................................................................... 169
System clock...................................................................................................................................................................... 169
Time zones and UTC offset reference......................................................................................................................170
System Clock commands............................................................................................................................................187
Network Time Protocol.....................................................................................................................................................189
Enable NTP................................................................................................................................................................... 189
Broadcasts.................................................................................................................................................................... 190
Source IP address........................................................................................................................................................ 190
Authentication...............................................................................................................................................................191
Sample NTP configuration..........................................................................................................................................192
NTP commands............................................................................................................................................................194
Dynamic Host Configuration Protocol.............................................................................................................................199
Packet format and options........................................................................................................................................ 200
DHCP server.................................................................................................................................................................201
6
Contents
Automatic address allocation......................................................................................................................................201
Hostname resolution................................................................................................................................................... 202
Manual binding entries................................................................................................................................................203
View DHCP Information............................................................................................................................................. 204
DHCP relay agent........................................................................................................................................................205
DHCP snooping........................................................................................................................................................... 205
System domain name and list..................................................................................................................................... 221
DHCP commands........................................................................................................................................................ 222
DNS commands...........................................................................................................................................................233
Chapter 10: Interfaces................................................................................................................. 236
Ethernet interfaces........................................................................................................................................................... 236
Unified port groups........................................................................................................................................................... 236
Z9264F-ON port-group profiles......................................................................................................................................238
Port-groups on S5200F-ON switches........................................................................................................................... 239
L2 mode configuration......................................................................................................................................................246
L3 mode configuration......................................................................................................................................................247
Fibre Channel interfaces...................................................................................................................................................247
Configuring wavelength..............................................................................................................................................249
Management interface ....................................................................................................................................................250
Management interface .............................................................................................................................................. 250
VLAN interfaces................................................................................................................................................................250
User-configured default VLAN.........................................................................................................................................251
VLAN scale profile..............................................................................................................................................................251
Loopback interfaces......................................................................................................................................................... 252
Port-channel interfaces....................................................................................................................................................252
Create port-channel....................................................................................................................................................253
Add port member........................................................................................................................................................ 253
Minimum links...............................................................................................................................................................254
Assign Port Channel IP Address................................................................................................................................254
Remove or disable port-channel................................................................................................................................254
Load balance traffic.................................................................................................................................................... 255
Change hash algorithm...............................................................................................................................................255
Configure interface ranges.............................................................................................................................................. 255
Switch-port profiles..........................................................................................................................................................256
S4148-ON Series port profiles................................................................................................................................... 257
S4148U-ON port profiles............................................................................................................................................258
Configure negotiation modes on interfaces...................................................................................................................259
Configure breakout mode................................................................................................................................................ 260
Breakout auto-configuration............................................................................................................................................ 261
Reset default configuration..............................................................................................................................................262
Forward error correction..................................................................................................................................................263
Energy-efficient Ethernet................................................................................................................................................ 264
Enable energy-efficient Ethernet..............................................................................................................................264
Clear EEE counters..................................................................................................................................................... 265
View EEE status/statistics........................................................................................................................................ 265
EEE commands............................................................................................................................................................266
View interface configuration............................................................................................................................................268
Digital optical monitoring...................................................................................................................................................271
Enable DOM and DOM traps..................................................................................................................................... 272
Contents
7
Default MTU Configuration..............................................................................................................................................273
Interface commands......................................................................................................................................................... 274
channel-group.............................................................................................................................................................. 274
default interface...........................................................................................................................................................274
default vlan-id.............................................................................................................................................................. 276
description (Interface)................................................................................................................................................ 277
duplex............................................................................................................................................................................278
enable dom................................................................................................................................................................... 278
enable dom traps......................................................................................................................................................... 278
feature auto-breakout.................................................................................................................................................279
fec..................................................................................................................................................................................279
interface breakout.......................................................................................................................................................280
interface ethernet....................................................................................................................................................... 280
interface loopback.......................................................................................................................................................280
interface mgmt.............................................................................................................................................................281
interface null................................................................................................................................................................. 281
interface port-channel.................................................................................................................................................281
interface range.............................................................................................................................................................282
interface vlan............................................................................................................................................................... 282
link-bundle-utilization.................................................................................................................................................. 283
mode............................................................................................................................................................................. 283
mode l3......................................................................................................................................................................... 284
mtu................................................................................................................................................................................ 284
negotiation....................................................................................................................................................................285
port mode Eth..............................................................................................................................................................286
port-group.................................................................................................................................................................... 287
profile............................................................................................................................................................................ 287
scale-profile vlan..........................................................................................................................................................288
show discovered-expanders...................................................................................................................................... 288
show interface............................................................................................................................................................. 289
show interface transceiver “Tunable wavelength”.................................................................................................290
show inventory media..................................................................................................................................................291
show link-bundle-utilization........................................................................................................................................292
show port-channel summary..................................................................................................................................... 292
show port-group..........................................................................................................................................................293
show switch-port-profile............................................................................................................................................294
show system................................................................................................................................................................ 294
show unit-provision.....................................................................................................................................................295
show vlan......................................................................................................................................................................296
shutdown......................................................................................................................................................................296
speed (Fibre Channel)................................................................................................................................................ 296
speed (Management)................................................................................................................................................. 297
switch-port-profile...................................................................................................................................................... 297
switchport access vlan............................................................................................................................................... 299
switchport mode......................................................................................................................................................... 299
switchport trunk allowed vlan....................................................................................................................................300
unit-provision............................................................................................................................................................... 300
wavelength....................................................................................................................................................................301
default mtu....................................................................................................................................................................301
show default mtu.........................................................................................................................................................302
8
Contents
Chapter 11: PowerEdge MX Ethernet I/O modules..........................................................................303
Operating modes...............................................................................................................................................................303
Changing operating modes..............................................................................................................................................305
Restrictions........................................................................................................................................................................305
Port groups on I/O modules............................................................................................................................................305
Double-density QSFP28 interfaces................................................................................................................................ 305
Virtual ports........................................................................................................................................................................307
Single-density QSFP28 interfaces...................................................................................................................................310
Server-facing interfaces................................................................................................................................................... 312
Replace MX Ethernet I/O modules................................................................................................................................. 313
Deployment instructions..............................................................................................................................................313
Replace an IOM in Full-Switch VLT........................................................................................................................... 313
Replace an IOM in SmartFabric..................................................................................................................................313
View SmartFabric Services configuration.......................................................................................................................316
Chapter 12: Fibre Channel.............................................................................................................317
Fibre Channel over Ethernet............................................................................................................................................ 318
Configure FIP snooping............................................................................................................................................... 318
Terminology........................................................................................................................................................................320
Virtual fabric.......................................................................................................................................................................320
Fibre Channel zoning........................................................................................................................................................ 322
F_Port on Ethernet...........................................................................................................................................................324
Pinning FCoE traffic to a specific port of a port-channel............................................................................................324
Sample FSB configuration on VLT network.............................................................................................................326
Sample FC Switch configuration on VLT network..................................................................................................328
Sample FSB configuration on non-VLT network.................................................................................................... 330
Sample FC Switch configuration on non-VLT network..........................................................................................332
Multi-hop FIP-snooping bridge........................................................................................................................................333
Configuration notes.....................................................................................................................................................333
Configure multi-hop FSB............................................................................................................................................334
Verify multi-hop FSB configuration...........................................................................................................................340
Sample Multi-hop FSB configuration.........................................................................................................................341
Configuration guidelines................................................................................................................................................... 354
NPIV Proxy Gateway cascading......................................................................................................................................354
Support for untagged VLAN in FCoE............................................................................................................................. 357
Rebalance FC sessions (NPG)........................................................................................................................................ 357
Load balancing after system reboot............................................................................................................................... 357
NPG rebalance topology.............................................................................................................................................357
NPG switch configurations........................................................................................................................................ 358
Example: Manual rebalance trigger...........................................................................................................................360
Equivalent RESTCONF request for the rebalancing CLIs......................................................................................362
F_Port commands............................................................................................................................................................ 362
fc alias........................................................................................................................................................................... 362
fc zone..........................................................................................................................................................................363
fc zoneset.....................................................................................................................................................................363
feature fc......................................................................................................................................................................363
member (alias).............................................................................................................................................................364
member (zone)............................................................................................................................................................364
Contents
9
member (zoneset)...................................................................................................................................................... 365
show fc alias.................................................................................................................................................................365
show fc interface-area-id mapping...........................................................................................................................365
show fc ns switch....................................................................................................................................................... 366
show fc zone................................................................................................................................................................366
show fc zoneset.......................................................................................................................................................... 367
zone default-zone permit...........................................................................................................................................368
zoneset activate..........................................................................................................................................................368
NPG commands................................................................................................................................................................ 369
fc port-mode F............................................................................................................................................................ 369
feature fc npg..............................................................................................................................................................369
show npg devices........................................................................................................................................................370
F_Port and NPG commands............................................................................................................................................370
clear fc statistics..........................................................................................................................................................370
fcoe ............................................................................................................................................................................... 371
fcoe delay fcf-adv........................................................................................................................................................ 371
name...............................................................................................................................................................................371
Re-balance the FC sessions.......................................................................................................................................372
show npg uplink-interface.......................................................................................................................................... 374
show npg node-interface........................................................................................................................................... 375
show fc statistics.........................................................................................................................................................376
show fc switch.............................................................................................................................................................377
show running-config vfabric.......................................................................................................................................377
show vfabric.................................................................................................................................................................378
vfabric........................................................................................................................................................................... 378
vfabric (interface)....................................................................................................................................................... 379
vlan................................................................................................................................................................................ 379
FIP-snooping commands..................................................................................................................................................379
feature fip-snooping....................................................................................................................................................380
fip-snooping enable.....................................................................................................................................................380
fip-snooping fc-map....................................................................................................................................................380
fip-snooping port-mode.............................................................................................................................................. 381
FCoE commands................................................................................................................................................................381
clear fcoe database......................................................................................................................................................381
clear fcoe statistics..................................................................................................................................................... 382
fcoe-pinned-port ........................................................................................................................................................ 382
fcoe max-sessions-per-enodemac............................................................................................................................382
fcoe priority-bits.......................................................................................................................................................... 383
lldp tlv-select dcbxp-appln fcoe................................................................................................................................ 383
show fcoe enode......................................................................................................................................................... 384
show fcoe fcf...............................................................................................................................................................384
show fcoe pinned-port............................................................................................................................................... 385
show fcoe sessions..................................................................................................................................................... 385
show fcoe statistics.................................................................................................................................................... 386
show fcoe system....................................................................................................................................................... 386
show fcoe vlan.............................................................................................................................................................387
Chapter 13: Layer 2..................................................................................................................... 388
802.1X.................................................................................................................................................................................388
Port authentication..................................................................................................................................................... 389
10
Contents
EAP over RADIUS....................................................................................................................................................... 390
Configure 802.1X.........................................................................................................................................................390
Enable 802.1X............................................................................................................................................................... 391
Identity retransmissions..............................................................................................................................................392
Failure quiet period......................................................................................................................................................392
Port control mode....................................................................................................................................................... 393
Reauthenticate port....................................................................................................................................................394
Configure timeouts..................................................................................................................................................... 395
802.1X commands.......................................................................................................................................................396
Far-end failure detection..................................................................................................................................................400
Enable FEFD globally...................................................................................................................................................402
Enable FEFD on interface...........................................................................................................................................402
Reset FEFD err-disabled interface............................................................................................................................402
Display FEFD information........................................................................................................................................... 403
FEFD Commands.........................................................................................................................................................403
Link Aggregation Control Protocol................................................................................................................................. 406
Modes...........................................................................................................................................................................406
Configuration............................................................................................................................................................... 406
Interfaces......................................................................................................................................................................407
Rates.............................................................................................................................................................................408
Sample configuration.................................................................................................................................................. 408
LACP fallback................................................................................................................................................................412
LACP commands..........................................................................................................................................................414
Link Layer Discovery Protocol.........................................................................................................................................420
Mandatory TLVs...........................................................................................................................................................421
Optional TLVs...............................................................................................................................................................422
Configure LLDP........................................................................................................................................................... 425
Example: Advertise TLVs configuration.................................................................................................................... 431
View LLDP configuration.............................................................................................................................................431
View LLDP neighbor advertisements........................................................................................................................432
LLDP-MED................................................................................................................................................................... 433
LLDP commands..........................................................................................................................................................437
Media Access Control.......................................................................................................................................................449
Static MAC Address....................................................................................................................................................449
MAC Address Table.................................................................................................................................................... 449
Clear MAC Address Table.......................................................................................................................................... 450
MAC Commands......................................................................................................................................................... 450
Spanning-tree protocol.....................................................................................................................................................452
Introduction to STP.....................................................................................................................................................453
Common STP commands.......................................................................................................................................... 459
Rapid per-VLAN spanning-tree................................................................................................................................. 465
Rapid Spanning-Tree Protocol...................................................................................................................................473
Multiple Spanning-Tree.............................................................................................................................................. 480
Virtual LANs....................................................................................................................................................................... 492
Default VLAN............................................................................................................................................................... 492
Create or remove VLANs........................................................................................................................................... 493
Access mode................................................................................................................................................................494
Trunk mode..................................................................................................................................................................495
Assign IP address........................................................................................................................................................ 495
View VLAN configuration...........................................................................................................................................496
Contents
11
VLAN Scaling............................................................................................................................................................... 497
VLAN commands.........................................................................................................................................................498
Port monitoring..................................................................................................................................................................499
Local port monitoring..................................................................................................................................................499
Remote port monitoring.............................................................................................................................................500
Encapsulated remote port monitoring......................................................................................................................502
Flow-based monitoring...............................................................................................................................................503
Remote port monitoring on VLT............................................................................................................................... 504
Port monitoring commands....................................................................................................................................... 506
Chapter 14: Layer 3...................................................................................................................... 511
Virtual routing and forwarding.......................................................................................................................................... 511
Configure management VRF.......................................................................................................................................511
Configure non-default VRF instances....................................................................................................................... 513
VRF configuration........................................................................................................................................................515
View VRF instance information..................................................................................................................................519
Static route leaking..................................................................................................................................................... 520
VRF commands........................................................................................................................................................... 526
Bidirectional Forwarding Detection.................................................................................................................................533
BFD session states......................................................................................................................................................534
BFD three-way handshake.........................................................................................................................................534
BFD configuration....................................................................................................................................................... 535
Configure BFD globally............................................................................................................................................... 536
BFD for BGP................................................................................................................................................................ 536
BFD for OSPF..............................................................................................................................................................540
BFD for Static routes..................................................................................................................................................544
BFD commands........................................................................................................................................................... 546
Border Gateway Protocol................................................................................................................................................ 552
Sessions and peers......................................................................................................................................................553
Martian addresses.......................................................................................................................................................554
Route reflectors...........................................................................................................................................................554
Multiprotocol BGP.......................................................................................................................................................554
Attributes..................................................................................................................................................................... 555
Disable announcement of ASN values......................................................................................................................555
Selection criteria..........................................................................................................................................................555
Weight and local preference......................................................................................................................................556
Multiexit discriminators...............................................................................................................................................556
Origin.............................................................................................................................................................................557
AS path and next-hop.................................................................................................................................................557
Best path selection..................................................................................................................................................... 558
More path support......................................................................................................................................................558
Advertise cost..............................................................................................................................................................558
4-Byte AS numbers.....................................................................................................................................................559
AS number migration.................................................................................................................................................. 559
Graceful restart........................................................................................................................................................... 560
Configure Border Gateway Protocol........................................................................................................................ 560
Enable BGP..................................................................................................................................................................560
Configure Dual Stack..................................................................................................................................................563
Configure administrative distance.............................................................................................................................563
Peer templates............................................................................................................................................................ 564
12
Contents
Neighbor fall-over........................................................................................................................................................567
Configure password....................................................................................................................................................568
Fast external fallover...................................................................................................................................................570
Passive peering.............................................................................................................................................................571
Local AS........................................................................................................................................................................572
AS number limit............................................................................................................................................................572
Redistribute routes......................................................................................................................................................573
Additional paths........................................................................................................................................................... 574
MED attributes............................................................................................................................................................ 574
Local preference attribute..........................................................................................................................................575
Weight attribute.......................................................................................................................................................... 576
Enable multipath.......................................................................................................................................................... 576
Route-map filters.........................................................................................................................................................576
Route reflector clusters.............................................................................................................................................. 577
Aggregate routes.........................................................................................................................................................578
Confederations............................................................................................................................................................ 578
Route dampening........................................................................................................................................................ 579
Timers........................................................................................................................................................................... 580
Neighbor soft-reconfiguration....................................................................................................................................581
Redistribute iBGP route to OSPF............................................................................................................................. 582
Example - BGP in a VLT topology.............................................................................................................................584
Example - Three-tier CLOS topology with eBGP................................................................................................... 589
Debug BGP.................................................................................................................................................................. 594
BGP commands...........................................................................................................................................................595
Equal cost multi-path........................................................................................................................................................628
Load balancing............................................................................................................................................................. 628
Maximum ECMP groups and paths...........................................................................................................................631
ECMP commands........................................................................................................................................................632
IPv4 routing........................................................................................................................................................................636
Assign interface IP address........................................................................................................................................636
Configure static routing..............................................................................................................................................637
Address Resolution Protocol......................................................................................................................................638
IPv4 routing commands..............................................................................................................................................638
IPv6 routing........................................................................................................................................................................643
Enable or disable IPv6.................................................................................................................................................643
IPv6 addresses.............................................................................................................................................................644
Stateless autoconfiguration....................................................................................................................................... 645
Neighbor Discovery.....................................................................................................................................................646
Duplicate address discovery.......................................................................................................................................647
Static IPv6 routing...................................................................................................................................................... 648
IPv6 destination unreachable.....................................................................................................................................648
IPv6 hop-by-hop options............................................................................................................................................648
View IPv6 information.................................................................................................................................................648
IPv6 commands...........................................................................................................................................................649
Open shortest path first...................................................................................................................................................660
Autonomous system areas.........................................................................................................................................660
Areas, networks, and neighbors.................................................................................................................................661
Router types................................................................................................................................................................. 661
Designated and backup designated routers.............................................................................................................662
Link-state advertisements......................................................................................................................................... 663
Contents
13
Router priority..............................................................................................................................................................663
Shortest path first throttling......................................................................................................................................664
OSPFv2........................................................................................................................................................................ 665
OSPFv3........................................................................................................................................................................ 696
Object tracking manager...................................................................................................................................................716
Interface tracking......................................................................................................................................................... 717
Host tracking.................................................................................................................................................................718
Set tracking delays.......................................................................................................................................................719
Object tracking............................................................................................................................................................. 719
View tracked objects................................................................................................................................................... 719
OTM commands..........................................................................................................................................................720
Policy-based routing..........................................................................................................................................................722
Access-list to match route-map................................................................................................................................722
Set address to match route-map.............................................................................................................................. 723
Assign route-map to interface................................................................................................................................... 723
View PBR information.................................................................................................................................................723
Policy-based routing per VRF.................................................................................................................................... 724
Configuring PBR per VRF...........................................................................................................................................724
PBR and VLT................................................................................................................................................................725
Sample configuration.................................................................................................................................................. 728
Track route reachability.............................................................................................................................................. 729
Use PBR to permit and block specific traffic...........................................................................................................730
View PBR configuration...............................................................................................................................................731
PBR commands............................................................................................................................................................ 731
Virtual Router Redundancy Protocol.............................................................................................................................. 734
Configuration................................................................................................................................................................734
Create virtual router....................................................................................................................................................735
Group version...............................................................................................................................................................736
Virtual IP addresses.....................................................................................................................................................736
Configure virtual IP address....................................................................................................................................... 736
Configure virtual IP address in a VRF....................................................................................................................... 738
Set group priority.........................................................................................................................................................738
Authentication..............................................................................................................................................................739
Disable preempt...........................................................................................................................................................739
Advertisement interval................................................................................................................................................740
Interface/object tracking............................................................................................................................................ 741
Configure tracking........................................................................................................................................................741
VRRP commands.........................................................................................................................................................742
Chapter 15: Multicast.................................................................................................................. 748
Important notes................................................................................................................................................................. 748
Configure multicast routing..............................................................................................................................................748
Unknown multicast flood control.................................................................................................................................... 749
Enable multicast flood control................................................................................................................................... 750
Multicast Commands........................................................................................................................................................750
multicast snooping flood-restrict.............................................................................................................................. 750
Internet Group Management Protocol............................................................................................................................751
Standards compliance..................................................................................................................................................751
Important notes............................................................................................................................................................751
Supported IGMP versions.......................................................................................................................................... 752
14
Contents
Query interval...............................................................................................................................................................752
Last member query interval........................................................................................................................................752
Maximum response time.............................................................................................................................................752
IGMP immediate leave................................................................................................................................................752
Select an IGMP version.............................................................................................................................................. 753
View IGMP-enabled interfaces and groups............................................................................................................. 753
IGMP snooping............................................................................................................................................................ 754
IGMP commands.........................................................................................................................................................755
Multicast Listener Discovery Protocol............................................................................................................................765
MLD snooping..............................................................................................................................................................766
MLD snooping commands..........................................................................................................................................767
Protocol Independent Multicast...................................................................................................................................... 773
PIM terminology...........................................................................................................................................................774
Standards compliance.................................................................................................................................................774
PIM-SM.........................................................................................................................................................................774
PIM-SSM...................................................................................................................................................................... 775
Configure expiry timers for S, G entries................................................................................................................... 775
Configure static rendezvous point............................................................................................................................ 776
Configure dynamic RP using the BSR mechanism..................................................................................................776
Configure designated router priority......................................................................................................................... 779
PIM commands............................................................................................................................................................ 779
PIM-SM sample configuration...................................................................................................................................790
PIM-SSM sample configuration.................................................................................................................................794
Multicast VRF sample configuration...............................................................................................................................798
VLT multicast routing....................................................................................................................................................... 807
Multicast routing table synchronization....................................................................................................................807
IGMP message synchronization................................................................................................................................ 807
Egress mask................................................................................................................................................................. 807
Spanned VLAN.............................................................................................................................................................807
Deployment considerations........................................................................................................................................807
Example: Spanned L3 VLAN IIF.................................................................................................................................808
Example: Active-active PIM in a square VLT topology........................................................................................... 815
VLT multicast routing commands............................................................................................................................. 845
Chapter 16: VXLAN ..................................................................................................................... 847
VXLAN concepts...............................................................................................................................................................847
VXLAN as NVO solution...................................................................................................................................................848
Configure VXLAN..............................................................................................................................................................848
Configure source IP address on VTEP..................................................................................................................... 849
Configure a VXLAN virtual network..........................................................................................................................849
Configure VLAN-tagged access ports..................................................................................................................... 850
Configure untagged access ports..............................................................................................................................851
Enable overlay routing between virtual networks....................................................................................................851
Advertise VXLAN source IP address ....................................................................................................................... 853
Configure VLT..............................................................................................................................................................854
L3 VXLAN route scaling .................................................................................................................................................. 854
DHCP relay on VTEPs .....................................................................................................................................................856
View VXLAN configuration.............................................................................................................................................. 856
VXLAN MAC addresses................................................................................................................................................... 858
VXLAN commands............................................................................................................................................................860
Contents
15
hardware overlay-routing-profile.............................................................................................................................. 860
interface virtual-network............................................................................................................................................ 861
ip virtual-router address.............................................................................................................................................. 861
ip virtual-router mac-address.................................................................................................................................... 862
ipv6 virtual-router address.........................................................................................................................................862
member-interface........................................................................................................................................................863
nve.................................................................................................................................................................................863
remote-vtep.................................................................................................................................................................864
show hardware overlay-routing-profile mode......................................................................................................... 864
show interface virtual-network................................................................................................................................. 865
show nve remote-vtep...............................................................................................................................................865
show nve remote-vtep counters...............................................................................................................................866
show nve vxlan-vni..................................................................................................................................................... 866
show virtual-network.................................................................................................................................................. 867
show virtual-network counters..................................................................................................................................867
show virtual-network interface counters.................................................................................................................867
show virtual-network interface................................................................................................................................. 868
show virtual-network vlan..........................................................................................................................................868
show vlan (virtual network).......................................................................................................................................869
source-interface loopback......................................................................................................................................... 869
virtual-network............................................................................................................................................................ 870
virtual-network untagged-vlan.................................................................................................................................. 870
vxlan-vni........................................................................................................................................................................870
VXLAN MAC commands...................................................................................................................................................871
clear mac address-table dynamic nve remote-vtep................................................................................................ 871
clear mac address-table dynamic virtual-network................................................................................................... 871
show mac address-table count extended................................................................................................................ 872
show mac address-table count nve.......................................................................................................................... 872
show mac address-table count virtual-network......................................................................................................873
show mac address-table extended........................................................................................................................... 873
show mac address-table nve..................................................................................................................................... 874
show mac address-table virtual-network.................................................................................................................875
Example: VXLAN with static VTEP.................................................................................................................................876
BGP EVPN for VXLAN.....................................................................................................................................................888
BGP EVPN compared to static VXLAN................................................................................................................... 888
VXLAN BGP EVPN operation....................................................................................................................................889
Configure BGP EVPN for VXLAN..............................................................................................................................891
VXLAN BGP EVPN routing........................................................................................................................................895
BGP EVPN with VLT.................................................................................................................................................. 895
VXLAN BGP commands.............................................................................................................................................897
VXLAN EVPN commands.......................................................................................................................................... 899
Example: VXLAN with BGP EVPN............................................................................................................................905
Example: VXLAN BGP EVPN — Multiple AS topology ........................................................................................ 926
Example: VXLAN BGP EVPN — Centralized L3 gateway.....................................................................................947
Example: VXLAN BGP EVPN — Border leaf gateway with asymmetric IRB..................................................... 949
Controller-provisioned VXLAN........................................................................................................................................ 952
Configure controller-provisioned VXLAN.................................................................................................................953
Configure and control VXLAN from VMware vCenter.......................................................................................... 956
Example: VXLAN with a controller configuration....................................................................................................959
VXLAN Controller commands....................................................................................................................................963
16
Contents
Chapter 17: UFT modes................................................................................................................969
Configure UFT modes.......................................................................................................................................................970
IPv6 extended prefix routes........................................................................................................................................971
UFT commands.................................................................................................................................................................. 971
hardware forwarding-table mode...............................................................................................................................971
hardware l3 ipv6-extended-prefix ............................................................................................................................972
show hardware forwarding-table mode................................................................................................................... 972
show hardware forwarding-table mode all...............................................................................................................973
show hardware l3........................................................................................................................................................ 973
Chapter 18: Security....................................................................................................................974
User configuration.............................................................................................................................................................974
Role-based access control......................................................................................................................................... 974
Unknown user role.......................................................................................................................................................975
Enable user lockout..................................................................................................................................................... 975
Linuxadmin user configuration...................................................................................................................................976
Simple password check.............................................................................................................................................. 976
Password strength...................................................................................................................................................... 977
Obscure passwords.....................................................................................................................................................978
Privilege levels .............................................................................................................................................................978
User configuration commands...................................................................................................................................980
AAA..................................................................................................................................................................................... 988
AAA authentication..................................................................................................................................................... 988
AAA with RADIUS authentication............................................................................................................................. 990
AAA with TACACS+ authentication..........................................................................................................................992
Enable AAA accounting.............................................................................................................................................. 993
AAA commands........................................................................................................................................................... 993
SSH server....................................................................................................................................................................... 1000
SSH commands.......................................................................................................................................................... 1001
Limit concurrent login sessions......................................................................................................................................1008
Limit concurrent login session commands..............................................................................................................1009
Virtual terminal line ACLs................................................................................................................................................1009
VTY commands...........................................................................................................................................................1010
Enable login statistics........................................................................................................................................................1011
Login statistics commands.........................................................................................................................................1011
Audit log.............................................................................................................................................................................1012
Audit log commands...................................................................................................................................................1013
Restrict SNMP access.....................................................................................................................................................1014
Bootloader protection......................................................................................................................................................1015
Boot protect commands............................................................................................................................................1015
X.509v3 certificates.........................................................................................................................................................1016
X.509v3 concepts...................................................................................................................................................... 1017
Public key infrastructure............................................................................................................................................1017
Manage CA certificates............................................................................................................................................. 1018
Certificate revocation................................................................................................................................................1020
Request and install host certificates........................................................................................................................ 1021
Self-signed certificates ............................................................................................................................................ 1024
Security profiles......................................................................................................................................................... 1026
Contents
17
Cluster security.......................................................................................................................................................... 1027
X.509v3 commands...................................................................................................................................................1028
Example: Configure RADIUS over TLS with X.509v3 certificates......................................................................1039
Chapter 19: OpenFlow.................................................................................................................1041
OpenFlow logical switch instance..................................................................................................................................1042
OpenFlow controller........................................................................................................................................................1042
OpenFlow version 1.3...................................................................................................................................................... 1042
Ports............................................................................................................................................................................ 1042
Flow table....................................................................................................................................................................1042
Group table................................................................................................................................................................. 1043
Meter table................................................................................................................................................................. 1043
Instructions................................................................................................................................................................. 1043
Action set....................................................................................................................................................................1043
Action types................................................................................................................................................................1044
Counters......................................................................................................................................................................1044
OpenFlow protocol.................................................................................................................................................... 1046
OpenFlow use cases....................................................................................................................................................... 1058
Configure OpenFlow....................................................................................................................................................... 1059
Establish TLS connection......................................................................................................................................... 1060
OpenFlow commands...................................................................................................................................................... 1061
controller......................................................................................................................................................................1061
dpid-mac-address......................................................................................................................................................1062
in-band-mgmt............................................................................................................................................................ 1062
max-backoff............................................................................................................................................................... 1063
mode openflow-only..................................................................................................................................................1063
openflow..................................................................................................................................................................... 1063
probe-interval.............................................................................................................................................................1064
protocol-version.........................................................................................................................................................1064
rate-limit packet_in................................................................................................................................................... 1065
show openflow...........................................................................................................................................................1066
show openflow flows................................................................................................................................................ 1066
show openflow ports.................................................................................................................................................1067
show openflow switch.............................................................................................................................................. 1068
show openflow switch controllers...........................................................................................................................1069
switch..........................................................................................................................................................................1069
OpenFlow-only mode commands..................................................................................................................................1070
Chapter 20: Access Control Lists.................................................................................................1073
IP ACLs..............................................................................................................................................................................1073
MAC ACLs........................................................................................................................................................................ 1073
Control-plane ACLs......................................................................................................................................................... 1074
Control-plane ACL qualifiers.....................................................................................................................................1074
IP fragment handling....................................................................................................................................................... 1075
L3 ACL rules..................................................................................................................................................................... 1075
Assign sequence number to filter.................................................................................................................................. 1076
Delete ACL rule.................................................................................................................................................................1077
L2 and L3 ACLs................................................................................................................................................................1077
Assign and apply ACL filters........................................................................................................................................... 1078
18
Contents
Ingress ACL filters............................................................................................................................................................1079
Egress ACL filters............................................................................................................................................................ 1079
VTY ACLs......................................................................................................................................................................... 1080
SNMP ACLs..................................................................................................................................................................... 1080
Clear access-list counters.............................................................................................................................................. 1080
IP prefix-lists.....................................................................................................................................................................1080
Route-maps.......................................................................................................................................................................1081
Match routes....................................................................................................................................................................1082
Set conditions.................................................................................................................................................................. 1082
Continue clause................................................................................................................................................................1083
ACL flow-based monitoring............................................................................................................................................1083
Enable flow-based monitoring........................................................................................................................................1084
View ACL table utilization report...................................................................................................................................1085
Known behavior......................................................................................................................................................... 1086
ACL logging...................................................................................................................................................................... 1086
Important notes..........................................................................................................................................................1087
ACL commands................................................................................................................................................................1087
clear ip access-list counters..................................................................................................................................... 1087
clear ipv6 access-list counters.................................................................................................................................1087
clear mac access-list counters.................................................................................................................................1088
deny............................................................................................................................................................................. 1088
deny (IPv6).................................................................................................................................................................1089
deny (MAC)................................................................................................................................................................1089
deny icmp....................................................................................................................................................................1090
deny icmp (IPv6)........................................................................................................................................................ 1091
deny ip..........................................................................................................................................................................1091
deny ipv6.....................................................................................................................................................................1092
deny tcp...................................................................................................................................................................... 1092
deny tcp (IPv6)..........................................................................................................................................................1093
deny udp..................................................................................................................................................................... 1094
deny udp (IPv6)......................................................................................................................................................... 1094
description.................................................................................................................................................................. 1095
ip access-group..........................................................................................................................................................1095
ip access-list...............................................................................................................................................................1096
ip as-path access-list.................................................................................................................................................1096
ip community-list standard deny..............................................................................................................................1097
ip community–list standard permit.......................................................................................................................... 1097
ip extcommunity-list standard deny........................................................................................................................ 1098
ip extcommunity-list standard permit..................................................................................................................... 1098
ip prefix-list description.............................................................................................................................................1098
ip prefix-list deny........................................................................................................................................................1099
ip prefix-list permit.....................................................................................................................................................1099
ip prefix-list seq deny................................................................................................................................................ 1099
ip prefix-list seq permit.............................................................................................................................................. 1100
ipv6 access-group...................................................................................................................................................... 1100
ipv6 access-list............................................................................................................................................................ 1101
ipv6 prefix-list deny.....................................................................................................................................................1101
ipv6 prefix-list description..........................................................................................................................................1101
ipv6 prefix-list permit................................................................................................................................................. 1102
ipv6 prefix-list seq deny.............................................................................................................................................1102
Contents
19
ipv6 prefix-list seq permit..........................................................................................................................................1102
mac access-group...................................................................................................................................................... 1103
mac access-list............................................................................................................................................................1103
permit........................................................................................................................................................................... 1104
permit (IPv6)...............................................................................................................................................................1104
permit (MAC)..............................................................................................................................................................1105
permit icmp..................................................................................................................................................................1106
permit icmp (IPv6)..................................................................................................................................................... 1106
permit ip....................................................................................................................................................................... 1107
permit ipv6...................................................................................................................................................................1107
permit tcp.................................................................................................................................................................... 1108
permit tcp (IPv6)........................................................................................................................................................1108
permit udp................................................................................................................................................................... 1109
permit udp (IPv6)........................................................................................................................................................1110
remark............................................................................................................................................................................1111
seq deny........................................................................................................................................................................ 1111
seq deny (IPv6)........................................................................................................................................................... 1112
seq deny (MAC).......................................................................................................................................................... 1112
seq deny icmp.............................................................................................................................................................. 1113
seq deny icmp (IPv6)..................................................................................................................................................1113
seq deny ip....................................................................................................................................................................1114
seq deny ipv6...............................................................................................................................................................1115
seq deny tcp.................................................................................................................................................................1115
seq deny tcp (IPv6).................................................................................................................................................... 1116
seq deny udp................................................................................................................................................................ 1117
seq deny udp (IPv6)....................................................................................................................................................1118
seq permit.....................................................................................................................................................................1119
seq permit (IPv6)........................................................................................................................................................ 1119
seq permit (MAC).......................................................................................................................................................1120
seq permit icmp.......................................................................................................................................................... 1120
seq permit icmp (IPv6)............................................................................................................................................... 1121
seq permit ip................................................................................................................................................................1122
seq permit ipv6............................................................................................................................................................1122
seq permit tcp............................................................................................................................................................. 1123
seq permit tcp (IPv6).................................................................................................................................................1124
seq permit udp............................................................................................................................................................ 1124
seq permit udp (IPv6)................................................................................................................................................1125
show access-group.................................................................................................................................................... 1126
show access-lists........................................................................................................................................................1127
show acl-table-usage detail.......................................................................................................................................1129
show ip as-path-access-list ......................................................................................................................................1132
show ip community-list.............................................................................................................................................. 1132
show ip extcommunity-list.........................................................................................................................................1132
show ip prefix-list........................................................................................................................................................1133
show logging access-list............................................................................................................................................ 1133
Route-map commands.....................................................................................................................................................1133
continue....................................................................................................................................................................... 1133
match as-path.............................................................................................................................................................1134
match community.......................................................................................................................................................1134
match extcommunity................................................................................................................................................. 1134
20
Contents
/