PowerSwitch S5212F-ON

Dell PowerSwitch S5212F-ON User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell PowerSwitch S5212F-ON User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Dell EMC SmartFabric OS10 User Guide
Release 10.5.0
06 2020
Rev. A06
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2020- 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Other trademarks may be trademarks of their respective owners.
Chapter 1: Change history........................................................................................................... 28
Chapter 2: Getting Started with Dell EMC SmartFabric OS10.......................................................31
Switch with factory-installed OS10.............................................................................................................................. 32
Log in .............................................................................................................................................................................32
Check OS10 version....................................................................................................................................................33
OS10 upgrade............................................................................................................................................................... 33
Check OS10 license.....................................................................................................................................................42
Re-install license .........................................................................................................................................................42
Switch without OS installed........................................................................................................................................... 43
Uninstall existing OS................................................................................................................................................... 43
Download OS10 image................................................................................................................................................44
Installation using ONIE............................................................................................................................................... 44
Log in ............................................................................................................................................................................. 47
Install OS10 license......................................................................................................................................................48
Switch deployment options............................................................................................................................................ 50
Manual CLI configuration.......................................................................................................................................... 50
ZTD-automated switch deployment....................................................................................................................... 50
Ansible-automated switch provisioning................................................................................................................. 50
MX7000 Feb 2020 Solution Update Instructions...................................................................................................... 51
Remote access...................................................................................................................................................................58
Configure Management IP address.........................................................................................................................58
Configure Management route .................................................................................................................................58
Configure username and password.........................................................................................................................59
Chapter 3: CLI Basics...................................................................................................................61
CONFIGURATION mode..................................................................................................................................................62
Check device status......................................................................................................................................................... 63
Related Videos............................................................................................................................................................. 64
Command help................................................................................................................................................................... 64
Candidate configuration.................................................................................................................................................. 65
Copy running configuration ........................................................................................................................................... 67
Restore startup configuration .......................................................................................................................................67
Reload system image........................................................................................................................................................68
Filter show commands..................................................................................................................................................... 68
Common OS10 commands.............................................................................................................................................. 69
boot.................................................................................................................................................................................69
commit........................................................................................................................................................................... 69
configure........................................................................................................................................................................70
copy................................................................................................................................................................................ 70
delete.............................................................................................................................................................................. 72
dir.....................................................................................................................................................................................72
discard............................................................................................................................................................................ 73
do.....................................................................................................................................................................................73
Contents
Contents 3
end...................................................................................................................................................................................74
exit...................................................................................................................................................................................74
hostname....................................................................................................................................................................... 74
license.............................................................................................................................................................................75
lock..................................................................................................................................................................................76
management route...................................................................................................................................................... 76
move............................................................................................................................................................................... 76
no..................................................................................................................................................................................... 77
ping..................................................................................................................................................................................77
ping6............................................................................................................................................................................... 79
reload...............................................................................................................................................................................81
show boot...................................................................................................................................................................... 81
show candidate-configuration..................................................................................................................................82
show environment.......................................................................................................................................................84
show inventory.............................................................................................................................................................84
show ip management-route......................................................................................................................................85
show ipv6 management-route................................................................................................................................. 85
show license status.....................................................................................................................................................86
show running-configuration......................................................................................................................................86
show startup-configuration...................................................................................................................................... 89
show system.................................................................................................................................................................90
show version.................................................................................................................................................................92
start................................................................................................................................................................................ 92
system............................................................................................................................................................................ 92
system-cli disable........................................................................................................................................................ 93
system-user linuxadmin disable................................................................................................................................93
system identifier.......................................................................................................................................................... 94
terminal.......................................................................................................................................................................... 94
traceroute......................................................................................................................................................................94
unlock............................................................................................................................................................................. 95
username password role............................................................................................................................................ 96
write................................................................................................................................................................................97
Chapter 4: Advanced CLI tasks.................................................................................................... 98
Command alias................................................................................................................................................................... 98
Multi-line alias...............................................................................................................................................................99
alias................................................................................................................................................................................ 101
alias (multi-line)..........................................................................................................................................................102
default (alias)..............................................................................................................................................................103
description (alias)...................................................................................................................................................... 103
line (alias).....................................................................................................................................................................103
show alias.....................................................................................................................................................................104
Batch mode.......................................................................................................................................................................105
batch.............................................................................................................................................................................105
Linux shell commands.....................................................................................................................................................106
Using OS9 commands.................................................................................................................................................... 108
feature config-os9-style.......................................................................................................................................... 108
Chapter 5: Dell EMC SmartFabric OS10 zero-touch deployment.................................................109
4
Contents
ZTD DHCP server configuration....................................................................................................................................111
ZTD provisioning script....................................................................................................................................................111
ZTD CLI batch file............................................................................................................................................................ 112
Post-ZTD script................................................................................................................................................................ 113
ZTD commands................................................................................................................................................................. 113
reload ztd......................................................................................................................................................................113
show ztd-status..........................................................................................................................................................113
ztd cancel..................................................................................................................................................................... 114
Chapter 6: Dell EMC SmartFabric OS10 provisioning.................................................................. 115
Using Ansible..................................................................................................................................................................... 115
Example: Configure an OS10 switch using Ansible...................................................................................................116
Chapter 7: SmartFabric Services................................................................................................ 119
SmartFabric Services personalities..............................................................................................................................119
SmartFabric Services for leaf and spine............................................................................................................... 119
SmartFabric Services for PowerEdge MX...........................................................................................................120
SmartFabric Services for leaf and spine.....................................................................................................................121
SmartFabric Services Components ............................................................................................................................122
SmartFabric Services logical entities.......................................................................................................................... 123
Uplinks.......................................................................................................................................................................... 124
Uplink bonding options............................................................................................................................................. 125
Spanning tree considerations..................................................................................................................................125
Dynamic onboarding for integrated devices........................................................................................................125
Statically onboarded server.....................................................................................................................................126
Static onboarding for nonintegrated devices......................................................................................................126
Backup and Restore of fabric state............................................................................................................................ 126
Enable SmartFabric Services on the switches......................................................................................................... 127
Enable SmartFabric Services using GUI............................................................................................................... 127
SmartFabric Services Graphical User Interface....................................................................................................... 127
Configure SmartFabric Services initial setup...................................................................................................... 128
Update Default Fabric, Switch Names, and Descriptions wizard...................................................................129
Create Uplink for External Network Connectivity wizard................................................................................129
Breakout Switch Ports wizard.................................................................................................................................131
Configure Jump Host wizard................................................................................................................................... 131
Update Network Configuration wizard..................................................................................................................131
Onboard a Server onto the Fabric wizard............................................................................................................ 131
Edit Default Fabric Settings wizard.......................................................................................................................132
Restore wizard............................................................................................................................................................132
Fabric operations and life cycle management...........................................................................................................132
Configuring FEC using MSM.........................................................................................................................................133
SFS Support for MSTP on Layer3 fabric...................................................................................................................133
SmartFabric commands................................................................................................................................................. 133
smartfabric l3fabric enable...................................................................................................................................... 133
smartfabric vlti............................................................................................................................................................134
show smartfabric cluster......................................................................................................................................... 135
show smartfabric cluster member......................................................................................................................... 136
show smartfabric details.......................................................................................................................................... 136
show smartfabric networks..................................................................................................................................... 137
Contents
5
show smartfabric nodes........................................................................................................................................... 138
show smartfabric personality..................................................................................................................................139
show smartfabric uplinks......................................................................................................................................... 139
show smartfabric validation-errors........................................................................................................................ 141
show smartfabric discovered-server.................................................................................................................... 142
show smartfabric discovered-server discovered-server-interface............................................................... 142
show smartfabric configured-server.....................................................................................................................143
show smartfabric configured-server configured-server-interface................................................................144
Chapter 8: SmartFabric Director................................................................................................ 145
Enable SmartFabric Director mode on a switch.......................................................................................................145
Support for SmartFabric Director............................................................................................................................... 145
gRPC Network Management Interface agent..........................................................................................................145
Lifecycle Management using SmartFabric Director................................................................................................ 148
SmartFabric Director commands................................................................................................................................. 149
switch-operating-mode............................................................................................................................................ 149
gnmi-security-profile.................................................................................................................................................150
show switch-operating-mode.................................................................................................................................150
show sfd status..........................................................................................................................................................150
Chapter 9: System management................................................................................................ 152
System banners................................................................................................................................................................152
Login banner............................................................................................................................................................... 152
Message of the day banner.....................................................................................................................................153
System banner commands...................................................................................................................................... 153
User session management.............................................................................................................................................154
User session management commands..................................................................................................................155
Telnet server.....................................................................................................................................................................156
Telnet commands.......................................................................................................................................................157
Simple Network Management Protocol..................................................................................................................... 157
SNMP security models and levels..........................................................................................................................158
MIBs.............................................................................................................................................................................. 158
SNMPv3.......................................................................................................................................................................159
Configure SNMP........................................................................................................................................................160
SNMP commands...................................................................................................................................................... 164
Example: Configure SNMP...................................................................................................................................... 172
System clock.....................................................................................................................................................................173
Time zones and UTC offset reference................................................................................................................. 174
System Clock commands.........................................................................................................................................190
Network Time Protocol.................................................................................................................................................. 192
Enable NTP..................................................................................................................................................................193
Broadcasts...................................................................................................................................................................194
Source IP address......................................................................................................................................................194
Authentication............................................................................................................................................................ 194
Sample NTP configuration.......................................................................................................................................195
NTP commands..........................................................................................................................................................198
Dynamic Host Configuration Protocol....................................................................................................................... 204
Packet format and options..................................................................................................................................... 204
DHCP server.............................................................................................................................................................. 205
6
Contents
Automatic address allocation................................................................................................................................. 205
Hostname resolution.................................................................................................................................................207
Manual binding entries.............................................................................................................................................208
View DHCP Information.......................................................................................................................................... 209
DHCP relay agent..................................................................................................................................................... 209
DHCP snooping.......................................................................................................................................................... 210
System domain name and list.................................................................................................................................226
DHCP commands...................................................................................................................................................... 227
DNS commands......................................................................................................................................................... 239
Chapter 10: Interfaces............................................................................................................... 242
Ethernet interfaces.........................................................................................................................................................242
Unified port groups.........................................................................................................................................................242
Z9264F-ON port-group profiles..................................................................................................................................244
Port-groups on S5200F-ON switches.......................................................................................................................245
L2 mode configuration...................................................................................................................................................252
L3 mode configuration...................................................................................................................................................252
Fibre Channel interfaces............................................................................................................................................... 253
Configuring wavelength.......................................................................................................................................... 255
Management interface .................................................................................................................................................255
Management interface ........................................................................................................................................... 256
VLAN interfaces..............................................................................................................................................................256
User-configured default VLAN....................................................................................................................................256
VLAN scale profile...........................................................................................................................................................257
Loopback interfaces....................................................................................................................................................... 257
Port-channel interfaces.................................................................................................................................................258
Create port-channel................................................................................................................................................. 258
Add port member...................................................................................................................................................... 259
Minimum links.............................................................................................................................................................259
Assign Port Channel IP Address............................................................................................................................260
Remove or disable port-channel............................................................................................................................260
Load balance traffic..................................................................................................................................................260
Change hash algorithm.............................................................................................................................................261
Configure interface ranges............................................................................................................................................261
Switch-port profiles....................................................................................................................................................... 262
S4148-ON Series port profiles............................................................................................................................... 263
S4148U-ON port profiles.........................................................................................................................................264
Configure negotiation modes on interfaces............................................................................................................. 265
Configure breakout mode............................................................................................................................................. 266
Breakout auto-configuration........................................................................................................................................ 267
Reset default configuration.......................................................................................................................................... 267
Forward error correction.............................................................................................................................................. 269
Energy-efficient Ethernet.............................................................................................................................................269
Enable energy-efficient Ethernet..........................................................................................................................270
Clear EEE counters...................................................................................................................................................270
View EEE status/statistics..................................................................................................................................... 270
EEE commands...........................................................................................................................................................271
View interface configuration........................................................................................................................................ 274
Digital optical monitoring...............................................................................................................................................277
Enable DOM and DOM traps.................................................................................................................................. 278
Contents
7
Default MTU Configuration.......................................................................................................................................... 279
Interface commands.......................................................................................................................................................280
channel-group............................................................................................................................................................280
default interface........................................................................................................................................................280
default vlan-id............................................................................................................................................................ 282
description (Interface).............................................................................................................................................283
duplex...........................................................................................................................................................................284
enable dom..................................................................................................................................................................284
enable dom traps.......................................................................................................................................................284
feature auto-breakout..............................................................................................................................................285
fec.................................................................................................................................................................................285
interface breakout.................................................................................................................................................... 286
interface ethernet.....................................................................................................................................................286
interface loopback.................................................................................................................................................... 286
interface mgmt.......................................................................................................................................................... 287
interface null...............................................................................................................................................................287
interface port-channel............................................................................................................................................. 287
interface range.......................................................................................................................................................... 288
interface vlan............................................................................................................................................................. 288
link-bundle-utilization...............................................................................................................................................289
mode.............................................................................................................................................................................289
mode l3........................................................................................................................................................................ 290
mtu............................................................................................................................................................................... 290
negotiation...................................................................................................................................................................291
port mode Eth............................................................................................................................................................292
port-group...................................................................................................................................................................293
profile........................................................................................................................................................................... 293
scale-profile vlan....................................................................................................................................................... 294
show discovered-expanders...................................................................................................................................294
show interface........................................................................................................................................................... 295
show interface transceiver Tunable wavelength...........................................................................................296
show inventory media.............................................................................................................................................. 297
show link-bundle-utilization....................................................................................................................................298
show port-channel summary..................................................................................................................................298
show port-group....................................................................................................................................................... 299
show switch-port-profile........................................................................................................................................ 300
show system............................................................................................................................................................... 301
show unit-provision................................................................................................................................................... 301
show vlan.................................................................................................................................................................... 302
shutdown.................................................................................................................................................................... 302
speed (Fibre Channel)............................................................................................................................................. 303
speed (Management)...............................................................................................................................................303
switch-port-profile....................................................................................................................................................304
switchport access vlan............................................................................................................................................305
switchport mode....................................................................................................................................................... 306
switchport trunk allowed vlan................................................................................................................................306
unit-provision............................................................................................................................................................. 307
wavelength................................................................................................................................................................. 307
default mtu................................................................................................................................................................. 308
show default mtu...................................................................................................................................................... 308
8
Contents
Chapter 11: PowerEdge MX Ethernet I/O modules..................................................................... 309
Operating modes.............................................................................................................................................................309
Changing operating modes.............................................................................................................................................311
Restrictions........................................................................................................................................................................ 311
Port groups on I/O modules.......................................................................................................................................... 311
Double-density QSFP28 interfaces..............................................................................................................................311
Virtual ports.......................................................................................................................................................................314
Single-density QSFP28 interfaces...............................................................................................................................316
Server-facing interfaces................................................................................................................................................ 318
Replace MX Ethernet I/O modules............................................................................................................................. 319
Deployment instructions.......................................................................................................................................... 319
Replace an IOM in Full-Switch VLT.......................................................................................................................319
Replace an IOM in SmartFabric.............................................................................................................................320
View SmartFabric Services configuration.................................................................................................................323
Chapter 12: Fibre Channel..........................................................................................................324
Fibre Channel over Ethernet........................................................................................................................................325
Configure FIP snooping........................................................................................................................................... 325
Terminology...................................................................................................................................................................... 327
Virtual fabric..................................................................................................................................................................... 327
Fibre Channel zoning......................................................................................................................................................329
F_Port on Ethernet......................................................................................................................................................... 331
Pinning FCoE traffic to a specific port of a port-channel..................................................................................... 331
Sample FSB configuration on VLT network........................................................................................................333
Sample FC Switch configuration on VLT network............................................................................................335
Sample FSB configuration on non-VLT network............................................................................................... 337
Sample FC Switch configuration on non-VLT network................................................................................... 339
Multi-hop FIP-snooping bridge....................................................................................................................................340
Configuration notes...................................................................................................................................................341
Configure multi-hop FSB..........................................................................................................................................341
Verify multi-hop FSB configuration...................................................................................................................... 347
Sample Multi-hop FSB configuration................................................................................................................... 348
Configuration guidelines.................................................................................................................................................361
NPIV Proxy Gateway cascading..................................................................................................................................362
Support for untagged VLAN in FCoE.........................................................................................................................364
Rebalance FC sessions (NPG).....................................................................................................................................364
Load balancing after system reboot...........................................................................................................................365
NPG rebalance topology......................................................................................................................................... 365
NPG switch configurations.....................................................................................................................................365
Example: Manual rebalance trigger.......................................................................................................................367
Equivalent RESTCONF request for the rebalancing CLIs...............................................................................369
F_Port commands.......................................................................................................................................................... 369
fc alias..........................................................................................................................................................................370
fc zone.........................................................................................................................................................................370
fc zoneset................................................................................................................................................................... 370
feature fc..................................................................................................................................................................... 371
member (alias)............................................................................................................................................................ 371
member (zone).......................................................................................................................................................... 372
Contents
9
member (zoneset).....................................................................................................................................................372
show fc alias............................................................................................................................................................... 372
show fc interface-area-id mapping.......................................................................................................................373
show fc ns switch..................................................................................................................................................... 373
show fc zone.............................................................................................................................................................. 374
show fc zoneset........................................................................................................................................................ 374
zone default-zone permit........................................................................................................................................376
zoneset activate........................................................................................................................................................ 376
NPG commands...............................................................................................................................................................376
fc port-mode F...........................................................................................................................................................376
feature fc npg.............................................................................................................................................................377
show npg devices...................................................................................................................................................... 377
F_Port and NPG commands.........................................................................................................................................378
clear fc statistics....................................................................................................................................................... 378
fcoe ..............................................................................................................................................................................378
fcoe delay fcf-adv.....................................................................................................................................................379
name.............................................................................................................................................................................379
Re-balance the FC sessions................................................................................................................................... 379
show npg uplink-interface....................................................................................................................................... 381
show npg node-interface........................................................................................................................................ 383
show fc statistics...................................................................................................................................................... 384
show fc switch.......................................................................................................................................................... 385
show running-config vfabric.................................................................................................................................. 385
show vfabric...............................................................................................................................................................386
vfabric..........................................................................................................................................................................386
vfabric (interface).....................................................................................................................................................387
vlan................................................................................................................................................................................387
FIP-snooping commands...............................................................................................................................................387
feature fip-snooping................................................................................................................................................. 387
fip-snooping enable.................................................................................................................................................. 388
fip-snooping fc-map................................................................................................................................................. 388
fip-snooping port-mode...........................................................................................................................................389
FCoE commands............................................................................................................................................................. 389
clear fcoe database.................................................................................................................................................. 389
clear fcoe statistics.................................................................................................................................................. 390
fcoe-pinned-port ......................................................................................................................................................390
fcoe max-sessions-per-enodemac........................................................................................................................390
fcoe priority-bits........................................................................................................................................................ 391
lldp tlv-select dcbxp-appln fcoe.............................................................................................................................391
show fcoe enode........................................................................................................................................................391
show fcoe fcf.............................................................................................................................................................392
show fcoe pinned-port............................................................................................................................................ 393
show fcoe sessions...................................................................................................................................................393
show fcoe statistics................................................................................................................................................. 394
show fcoe system..................................................................................................................................................... 394
show fcoe vlan...........................................................................................................................................................395
Chapter 13: Layer 2................................................................................................................... 396
802.1X................................................................................................................................................................................ 396
Port authentication...................................................................................................................................................397
10
Contents
EAP over RADIUS..................................................................................................................................................... 398
Configure 802.1X.......................................................................................................................................................398
Enable 802.1X.............................................................................................................................................................399
Identity retransmissions.......................................................................................................................................... 400
Failure quiet period................................................................................................................................................... 400
Port control mode......................................................................................................................................................401
Reauthenticate port................................................................................................................................................. 402
Configure timeouts................................................................................................................................................... 403
802.1X commands.....................................................................................................................................................404
Far-end failure detection.............................................................................................................................................. 408
Enable FEFD globally.................................................................................................................................................410
Enable FEFD on interface.........................................................................................................................................411
Reset FEFD err-disabled interface......................................................................................................................... 411
Display FEFD information..........................................................................................................................................411
FEFD Commands........................................................................................................................................................412
Link Aggregation Control Protocol..............................................................................................................................415
Modes........................................................................................................................................................................... 415
Configuration.............................................................................................................................................................. 415
Interfaces.....................................................................................................................................................................416
Rates.............................................................................................................................................................................416
Sample configuration.................................................................................................................................................417
LACP fallback.............................................................................................................................................................420
LACP commands....................................................................................................................................................... 423
Link Layer Discovery Protocol..................................................................................................................................... 430
Mandatory TLVs.........................................................................................................................................................431
Optional TLVs............................................................................................................................................................. 431
Configure LLDP......................................................................................................................................................... 434
Example: Advertise TLVs configuration...............................................................................................................440
View LLDP configuration......................................................................................................................................... 441
View LLDP neighbor advertisements................................................................................................................... 442
LLDP-MED.................................................................................................................................................................. 443
LLDP commands........................................................................................................................................................447
Media Access Control....................................................................................................................................................459
Static MAC Address.................................................................................................................................................460
MAC Address Table..................................................................................................................................................460
Clear MAC Address Table........................................................................................................................................461
MAC Commands........................................................................................................................................................ 461
Spanning-tree protocol..................................................................................................................................................463
Introduction to STP.................................................................................................................................................. 463
Common STP commands........................................................................................................................................ 470
Rapid per-VLAN spanning-tree.............................................................................................................................. 477
Rapid Spanning-Tree Protocol...............................................................................................................................486
Multiple Spanning-Tree........................................................................................................................................... 493
Virtual LANs..................................................................................................................................................................... 507
Default VLAN............................................................................................................................................................. 507
Create or remove VLANs........................................................................................................................................508
Access mode..............................................................................................................................................................509
Trunk mode................................................................................................................................................................. 510
Assign IP address.......................................................................................................................................................510
View VLAN configuration......................................................................................................................................... 511
Contents
11
VLAN Scaling.............................................................................................................................................................. 512
VLAN commands........................................................................................................................................................513
Port monitoring................................................................................................................................................................ 514
Local port monitoring................................................................................................................................................514
Remote port monitoring...........................................................................................................................................515
Encapsulated remote port monitoring.................................................................................................................. 517
Flow-based monitoring.............................................................................................................................................519
Remote port monitoring on VLT............................................................................................................................520
Port monitoring commands.................................................................................................................................... 522
Chapter 14: Layer 3....................................................................................................................527
Virtual routing and forwarding.....................................................................................................................................527
Configure management VRF.................................................................................................................................. 527
Configure non-default VRF instances..................................................................................................................529
VRF configuration......................................................................................................................................................531
View VRF instance information............................................................................................................................. 535
Static route leaking...................................................................................................................................................536
VRF commands..........................................................................................................................................................543
Bidirectional Forwarding Detection............................................................................................................................550
BFD session states................................................................................................................................................... 550
BFD three-way handshake...................................................................................................................................... 551
BFD configuration.....................................................................................................................................................552
Configure BFD globally............................................................................................................................................ 553
BFD for BGP.............................................................................................................................................................. 553
BFD for OSPF............................................................................................................................................................ 557
BFD for Static routes................................................................................................................................................561
BFD commands..........................................................................................................................................................564
Border Gateway Protocol............................................................................................................................................. 570
Sessions and peers.................................................................................................................................................... 571
Martian addresses......................................................................................................................................................571
Route reflectors.........................................................................................................................................................572
Multiprotocol BGP.................................................................................................................................................... 572
Attributes.................................................................................................................................................................... 573
Disable announcement of ASN values..................................................................................................................573
Selection criteria........................................................................................................................................................573
Weight and local preference...................................................................................................................................574
Multiexit discriminators............................................................................................................................................574
Origin............................................................................................................................................................................575
AS path and next-hop..............................................................................................................................................575
Best path selection................................................................................................................................................... 576
More path support....................................................................................................................................................576
Advertise cost............................................................................................................................................................ 577
4-Byte AS numbers...................................................................................................................................................577
AS number migration................................................................................................................................................ 577
Graceful restart......................................................................................................................................................... 578
Configure Border Gateway Protocol.................................................................................................................... 578
Enable BGP.................................................................................................................................................................578
Configure Dual Stack................................................................................................................................................ 581
Configure administrative distance......................................................................................................................... 581
Peer templates...........................................................................................................................................................582
12
Contents
Neighbor fall-over.....................................................................................................................................................585
Configure password..................................................................................................................................................587
Fast external fallover............................................................................................................................................... 588
Passive peering..........................................................................................................................................................589
Local AS...................................................................................................................................................................... 590
AS number limit.......................................................................................................................................................... 591
Redistribute routes................................................................................................................................................... 592
Additional paths.........................................................................................................................................................592
MED attributes.......................................................................................................................................................... 593
Local preference attribute...................................................................................................................................... 593
Weight attribute........................................................................................................................................................ 594
Enable multipath........................................................................................................................................................595
Route-map filters......................................................................................................................................................595
Route reflector clusters.......................................................................................................................................... 596
Aggregate routes...................................................................................................................................................... 596
Confederations.......................................................................................................................................................... 597
Route dampening...................................................................................................................................................... 598
Timers.......................................................................................................................................................................... 599
Neighbor soft-reconfiguration...............................................................................................................................600
Redistribute iBGP route to OSPF......................................................................................................................... 600
Example - BGP in a VLT topology.........................................................................................................................603
Example - Three-tier CLOS topology with eBGP............................................................................................. 608
Debug BGP..................................................................................................................................................................613
BGP commands..........................................................................................................................................................613
Equal cost multi-path.....................................................................................................................................................648
Load balancing........................................................................................................................................................... 648
Maximum ECMP groups and paths...................................................................................................................... 652
ECMP commands......................................................................................................................................................652
IPv4 routing......................................................................................................................................................................656
Assign interface IP address.................................................................................................................................... 656
Configure static routing.......................................................................................................................................... 658
Address Resolution Protocol.................................................................................................................................. 658
IPv4 routing commands...........................................................................................................................................659
IPv6 routing......................................................................................................................................................................664
Enable or disable IPv6..............................................................................................................................................664
IPv6 addresses.......................................................................................................................................................... 665
Stateless autoconfiguration................................................................................................................................... 666
Neighbor Discovery.................................................................................................................................................. 667
Duplicate address discovery...................................................................................................................................668
Static IPv6 routing....................................................................................................................................................669
IPv6 destination unreachable.................................................................................................................................669
IPv6 hop-by-hop options........................................................................................................................................ 669
View IPv6 information..............................................................................................................................................670
IPv6 commands......................................................................................................................................................... 670
Open shortest path first................................................................................................................................................ 681
Autonomous system areas......................................................................................................................................682
Areas, networks, and neighbors............................................................................................................................ 682
Router types...............................................................................................................................................................683
Designated and backup designated routers....................................................................................................... 683
Link-state advertisements...................................................................................................................................... 684
Contents
13
Router priority............................................................................................................................................................685
Shortest path first throttling................................................................................................................................. 685
OSPFv2....................................................................................................................................................................... 686
OSPFv3........................................................................................................................................................................ 719
Object tracking manager...............................................................................................................................................740
Interface tracking.......................................................................................................................................................741
Host tracking..............................................................................................................................................................742
Set tracking delays....................................................................................................................................................743
Object tracking.......................................................................................................................................................... 743
View tracked objects................................................................................................................................................ 743
OTM commands........................................................................................................................................................ 744
Policy-based routing.......................................................................................................................................................747
Access-list to match route-map............................................................................................................................ 747
Set address to match route-map.......................................................................................................................... 747
Assign route-map to interface............................................................................................................................... 748
View PBR information.............................................................................................................................................. 748
Policy-based routing per VRF................................................................................................................................ 749
Configuring PBR per VRF........................................................................................................................................749
PBR and VLT.............................................................................................................................................................. 749
Sample configuration................................................................................................................................................752
Track route reachability...........................................................................................................................................753
Use PBR to permit and block specific traffic.....................................................................................................754
View PBR configuration...........................................................................................................................................755
PBR commands......................................................................................................................................................... 756
Virtual Router Redundancy Protocol..........................................................................................................................758
Configuration..............................................................................................................................................................759
Create virtual router.................................................................................................................................................760
Group version.............................................................................................................................................................760
Virtual IP addresses...................................................................................................................................................761
Configure virtual IP address.................................................................................................................................... 761
Configure virtual IP address in a VRF.................................................................................................................. 762
Set group priority...................................................................................................................................................... 763
Authentication............................................................................................................................................................763
Disable preempt.........................................................................................................................................................764
Advertisement interval.............................................................................................................................................765
Interface/object tracking........................................................................................................................................ 765
Configure tracking.................................................................................................................................................... 766
VRRP commands.......................................................................................................................................................767
Chapter 15: Multicast................................................................................................................ 772
Important notes............................................................................................................................................................... 772
Configure multicast routing.......................................................................................................................................... 772
Unknown multicast flood control.................................................................................................................................773
Enable multicast flood control................................................................................................................................774
Multicast Commands......................................................................................................................................................774
multicast snooping flood-restrict...........................................................................................................................774
Internet Group Management Protocol.......................................................................................................................775
Standards compliance.............................................................................................................................................. 775
Important notes......................................................................................................................................................... 775
Supported IGMP versions....................................................................................................................................... 776
14
Contents
Query interval.............................................................................................................................................................776
Last member query interval.................................................................................................................................... 776
Maximum response time..........................................................................................................................................776
IGMP immediate leave............................................................................................................................................. 776
Select an IGMP version............................................................................................................................................777
View IGMP-enabled interfaces and groups.........................................................................................................777
IGMP snooping...........................................................................................................................................................778
IGMP commands....................................................................................................................................................... 780
Multicast Listener Discovery Protocol.......................................................................................................................790
MLD snooping............................................................................................................................................................. 791
MLD snooping commands.......................................................................................................................................792
Protocol Independent Multicast.................................................................................................................................. 799
PIM terminology........................................................................................................................................................ 799
Standards compliance.............................................................................................................................................. 799
PIM-SM....................................................................................................................................................................... 800
PIM-SSM.................................................................................................................................................................... 800
Configure expiry timers for S, G entries.............................................................................................................. 801
Configure static rendezvous point........................................................................................................................ 801
Configure dynamic RP using the BSR mechanism............................................................................................802
Configure designated router priority....................................................................................................................804
PIM commands..........................................................................................................................................................805
PIM-SM sample configuration................................................................................................................................ 816
PIM-SSM sample configuration.............................................................................................................................820
Multicast VRF sample configuration.......................................................................................................................... 825
VLT multicast routing.....................................................................................................................................................833
Multicast routing table synchronization.............................................................................................................. 833
IGMP message synchronization............................................................................................................................ 834
Egress mask................................................................................................................................................................834
Spanned VLAN...........................................................................................................................................................834
Deployment considerations.....................................................................................................................................834
Example: Spanned L3 VLAN IIF............................................................................................................................. 834
Example: Active-active PIM in a square VLT topology....................................................................................842
VLT multicast routing commands..........................................................................................................................873
Chapter 16: VXLAN ................................................................................................................... 875
VXLAN concepts.............................................................................................................................................................875
VXLAN as NVO solution................................................................................................................................................ 876
Configure VXLAN............................................................................................................................................................876
Configure source IP address on VTEP................................................................................................................. 877
Configure a VXLAN virtual network......................................................................................................................877
Configure VLAN-tagged access ports................................................................................................................. 878
Configure untagged access ports......................................................................................................................... 879
Enable overlay routing between virtual networks............................................................................................. 879
Advertise VXLAN source IP address ....................................................................................................................881
Configure VLT............................................................................................................................................................882
L3 VXLAN route scaling ............................................................................................................................................... 882
DHCP relay on VTEPs .................................................................................................................................................. 884
View VXLAN configuration........................................................................................................................................... 884
VXLAN MAC addresses.................................................................................................................................................886
VXLAN commands..........................................................................................................................................................889
Contents
15
hardware overlay-routing-profile.......................................................................................................................... 889
interface virtual-network........................................................................................................................................ 889
ip virtual-router address..........................................................................................................................................890
ip virtual-router mac-address................................................................................................................................ 890
ipv6 virtual-router address...................................................................................................................................... 891
member-interface...................................................................................................................................................... 891
nve................................................................................................................................................................................ 892
remote-vtep............................................................................................................................................................... 892
show hardware overlay-routing-profile mode....................................................................................................892
show interface virtual-network............................................................................................................................. 893
show nve remote-vtep............................................................................................................................................ 894
show nve remote-vtep counters...........................................................................................................................894
show nve vxlan-vni................................................................................................................................................... 894
show virtual-network............................................................................................................................................... 895
show virtual-network counters............................................................................................................................. 895
show virtual-network interface counters............................................................................................................896
show virtual-network interface............................................................................................................................. 896
show virtual-network vlan.......................................................................................................................................897
show vlan (virtual network)....................................................................................................................................897
source-interface loopback...................................................................................................................................... 898
virtual-network.......................................................................................................................................................... 898
virtual-network untagged-vlan.............................................................................................................................. 898
vxlan-vni...................................................................................................................................................................... 899
VXLAN MAC commands............................................................................................................................................... 899
clear mac address-table dynamic nve remote-vtep......................................................................................... 899
clear mac address-table dynamic virtual-network............................................................................................900
show mac address-table count extended...........................................................................................................900
show mac address-table count nve...................................................................................................................... 901
show mac address-table count virtual-network................................................................................................ 901
show mac address-table extended.......................................................................................................................902
show mac address-table nve................................................................................................................................. 903
show mac address-table virtual-network............................................................................................................903
Example: VXLAN with static VTEP............................................................................................................................ 904
BGP EVPN for VXLAN................................................................................................................................................... 917
BGP EVPN compared to static VXLAN................................................................................................................917
VXLAN BGP EVPN operation................................................................................................................................. 917
Configure BGP EVPN for VXLAN..........................................................................................................................919
VXLAN BGP EVPN routing.....................................................................................................................................923
BGP EVPN with VLT................................................................................................................................................ 924
VXLAN BGP commands.......................................................................................................................................... 925
VXLAN EVPN commands........................................................................................................................................928
Example: VXLAN with BGP EVPN........................................................................................................................ 934
Example: VXLAN BGP EVPN Multiple AS topology .................................................................................. 955
Example: VXLAN BGP EVPN Centralized L3 gateway.............................................................................. 976
Example: VXLAN BGP EVPN Border leaf gateway with asymmetric IRB............................................. 978
Controller-provisioned VXLAN.................................................................................................................................... 982
Configure controller-provisioned VXLAN............................................................................................................983
Configure and control VXLAN from VMware vCenter.................................................................................... 986
Example: VXLAN with a controller configuration..............................................................................................989
VXLAN Controller commands................................................................................................................................ 993
16
Contents
Chapter 17: UFT modes............................................................................................................ 1000
Configure UFT modes...................................................................................................................................................1001
IPv6 extended prefix routes................................................................................................................................. 1002
UFT commands..............................................................................................................................................................1002
hardware forwarding-table mode........................................................................................................................1002
hardware l3 ipv6-extended-prefix ......................................................................................................................1003
show hardware forwarding-table mode.............................................................................................................1003
show hardware forwarding-table mode all........................................................................................................1004
show hardware l3.................................................................................................................................................... 1004
Chapter 18: Security................................................................................................................ 1005
User configuration........................................................................................................................................................ 1005
Role-based access control....................................................................................................................................1005
Unknown user role.................................................................................................................................................. 1006
Enable user lockout.................................................................................................................................................1006
Linuxadmin user configuration............................................................................................................................. 1007
Simple password check..........................................................................................................................................1008
Password strength..................................................................................................................................................1008
Obscure passwords................................................................................................................................................ 1009
Privilege levels ........................................................................................................................................................ 1009
User configuration commands.............................................................................................................................. 1012
AAA....................................................................................................................................................................................1019
AAA authentication..................................................................................................................................................1019
AAA with RADIUS authentication.........................................................................................................................1021
AAA with TACACS+ authentication....................................................................................................................1023
Enable AAA accounting..........................................................................................................................................1024
AAA commands........................................................................................................................................................1025
SSH server.......................................................................................................................................................................1031
SSH commands........................................................................................................................................................1032
Limit concurrent login sessions..................................................................................................................................1040
Limit concurrent login session commands......................................................................................................... 1041
Virtual terminal line ACLs............................................................................................................................................. 1041
VTY commands........................................................................................................................................................ 1042
Enable login statistics...................................................................................................................................................1043
Login statistics commands....................................................................................................................................1043
Audit log...........................................................................................................................................................................1044
Audit log commands............................................................................................................................................... 1045
Restrict SNMP access................................................................................................................................................. 1047
Bootloader protection.................................................................................................................................................. 1047
Boot protect commands........................................................................................................................................ 1047
X.509v3 certificates.....................................................................................................................................................1049
X.509v3 concepts................................................................................................................................................... 1049
Public key infrastructure....................................................................................................................................... 1050
Manage CA certificates......................................................................................................................................... 1050
Certificate revocation............................................................................................................................................ 1052
Request and install host certificates.................................................................................................................. 1053
Self-signed certificates .........................................................................................................................................1057
Security profiles.......................................................................................................................................................1059
Contents
17
Cluster security........................................................................................................................................................1060
X.509v3 commands.................................................................................................................................................1061
Example: Configure RADIUS over TLS with X.509v3 certificates.............................................................. 1072
Chapter 19: OpenFlow.............................................................................................................. 1074
OpenFlow logical switch instance............................................................................................................................. 1075
OpenFlow controller..................................................................................................................................................... 1075
OpenFlow version 1.3................................................................................................................................................... 1075
Ports........................................................................................................................................................................... 1075
Flow table.................................................................................................................................................................. 1075
Group table............................................................................................................................................................... 1076
Meter table................................................................................................................................................................1076
Instructions............................................................................................................................................................... 1076
Action set.................................................................................................................................................................. 1076
Action types.............................................................................................................................................................. 1077
Counters.................................................................................................................................................................... 1077
OpenFlow protocol..................................................................................................................................................1079
OpenFlow use cases......................................................................................................................................................1091
Configure OpenFlow.....................................................................................................................................................1092
Establish TLS connection...................................................................................................................................... 1093
OpenFlow commands...................................................................................................................................................1094
controller................................................................................................................................................................... 1094
dpid-mac-address................................................................................................................................................... 1095
in-band-mgmt.......................................................................................................................................................... 1095
max-backoff............................................................................................................................................................. 1096
mode openflow-only............................................................................................................................................... 1096
openflow.................................................................................................................................................................... 1097
probe-interval........................................................................................................................................................... 1097
protocol-version.......................................................................................................................................................1097
rate-limit packet_in.................................................................................................................................................1098
show openflow.........................................................................................................................................................1099
show openflow flows..............................................................................................................................................1099
show openflow ports...............................................................................................................................................1100
show openflow switch............................................................................................................................................. 1101
show openflow switch controllers....................................................................................................................... 1102
switch..........................................................................................................................................................................1103
OpenFlow-only mode commands............................................................................................................................... 1103
Chapter 20: Access Control Lists..............................................................................................1106
IP ACLs............................................................................................................................................................................. 1106
MAC ACLs....................................................................................................................................................................... 1106
Control-plane ACLs........................................................................................................................................................1107
Control-plane ACL qualifiers..................................................................................................................................1107
IP fragment handling..................................................................................................................................................... 1108
L3 ACL rules.................................................................................................................................................................... 1108
Assign sequence number to filter.............................................................................................................................. 1109
Delete ACL rule............................................................................................................................................................... 1110
L2 and L3 ACLs............................................................................................................................................................... 1110
Assign and apply ACL filters......................................................................................................................................... 1111
18
Contents
Ingress ACL filters.......................................................................................................................................................... 1112
Egress ACL filters........................................................................................................................................................... 1112
VTY ACLs..........................................................................................................................................................................1113
SNMP ACLs......................................................................................................................................................................1113
Clear access-list counters............................................................................................................................................ 1113
IP prefix-lists.................................................................................................................................................................... 1113
Route-maps......................................................................................................................................................................1114
Match routes................................................................................................................................................................... 1115
Set conditions..................................................................................................................................................................1116
Continue clause............................................................................................................................................................... 1116
ACL flow-based monitoring..........................................................................................................................................1116
Enable flow-based monitoring......................................................................................................................................1117
View ACL table utilization report................................................................................................................................ 1118
Known behavior........................................................................................................................................................ 1120
ACL logging..................................................................................................................................................................... 1120
Important notes........................................................................................................................................................ 1120
ACL commands................................................................................................................................................................1121
clear ip access-list counters...................................................................................................................................1121
clear ipv6 access-list counters.............................................................................................................................. 1121
clear mac access-list counters.............................................................................................................................. 1121
deny............................................................................................................................................................................. 1122
deny (IPv6)................................................................................................................................................................ 1122
deny (MAC)............................................................................................................................................................... 1123
deny icmp................................................................................................................................................................... 1124
deny icmp (IPv6)...................................................................................................................................................... 1124
deny ip.........................................................................................................................................................................1125
deny ipv6.................................................................................................................................................................... 1125
deny tcp......................................................................................................................................................................1126
deny tcp (IPv6).........................................................................................................................................................1127
deny udp..................................................................................................................................................................... 1127
deny udp (IPv6)........................................................................................................................................................1128
description................................................................................................................................................................. 1129
ip access-group........................................................................................................................................................ 1129
ip access-list..............................................................................................................................................................1130
ip as-path access-list.............................................................................................................................................. 1130
ip community-list standard deny.......................................................................................................................... 1130
ip communitylist standard permit....................................................................................................................... 1131
ip extcommunity-list standard deny..................................................................................................................... 1131
ip extcommunity-list standard permit................................................................................................................. 1132
ip prefix-list description.......................................................................................................................................... 1132
ip prefix-list deny......................................................................................................................................................1132
ip prefix-list permit...................................................................................................................................................1133
ip prefix-list seq deny.............................................................................................................................................. 1133
ip prefix-list seq permit........................................................................................................................................... 1134
ipv6 access-group....................................................................................................................................................1134
ipv6 access-list......................................................................................................................................................... 1135
ipv6 prefix-list deny................................................................................................................................................. 1135
ipv6 prefix-list description..................................................................................................................................... 1135
ipv6 prefix-list permit..............................................................................................................................................1136
ipv6 prefix-list seq deny......................................................................................................................................... 1136
Contents
19
ipv6 prefix-list seq permit...................................................................................................................................... 1136
mac access-group.................................................................................................................................................... 1137
mac access-list..........................................................................................................................................................1137
permit.......................................................................................................................................................................... 1138
permit (IPv6).............................................................................................................................................................1138
permit (MAC)............................................................................................................................................................1139
permit icmp................................................................................................................................................................1140
permit icmp (IPv6)...................................................................................................................................................1140
permit ip...................................................................................................................................................................... 1141
permit ipv6..................................................................................................................................................................1141
permit tcp...................................................................................................................................................................1142
permit tcp (IPv6)......................................................................................................................................................1143
permit udp..................................................................................................................................................................1143
permit udp (IPv6).....................................................................................................................................................1144
remark......................................................................................................................................................................... 1145
seq deny..................................................................................................................................................................... 1145
seq deny (IPv6)........................................................................................................................................................ 1146
seq deny (MAC)....................................................................................................................................................... 1146
seq deny icmp............................................................................................................................................................1147
seq deny icmp (IPv6).............................................................................................................................................. 1148
seq deny ip................................................................................................................................................................. 1148
seq deny ipv6............................................................................................................................................................ 1149
seq deny tcp.............................................................................................................................................................. 1149
seq deny tcp (IPv6).................................................................................................................................................1150
seq deny udp..............................................................................................................................................................1151
seq deny udp (IPv6)................................................................................................................................................ 1152
seq permit.................................................................................................................................................................. 1153
seq permit (IPv6)..................................................................................................................................................... 1153
seq permit (MAC).................................................................................................................................................... 1154
seq permit icmp........................................................................................................................................................ 1155
seq permit icmp (IPv6)........................................................................................................................................... 1155
seq permit ip..............................................................................................................................................................1156
seq permit ipv6......................................................................................................................................................... 1157
seq permit tcp........................................................................................................................................................... 1157
seq permit tcp (IPv6)..............................................................................................................................................1158
seq permit udp.......................................................................................................................................................... 1159
seq permit udp (IPv6).............................................................................................................................................1160
show access-group...................................................................................................................................................1161
show access-lists...................................................................................................................................................... 1161
show acl-table-usage detail................................................................................................................................... 1163
show ip as-path-access-list ..................................................................................................................................1166
show ip community-list...........................................................................................................................................1166
show ip extcommunity-list..................................................................................................................................... 1167
show ip prefix-list..................................................................................................................................................... 1167
show logging access-list.........................................................................................................................................1168
Route-map commands..................................................................................................................................................1168
continue...................................................................................................................................................................... 1168
match as-path...........................................................................................................................................................1168
match community.....................................................................................................................................................1169
match extcommunity...............................................................................................................................................1169
20
Contents
/