2. Computers & electronics
  3. Software
  4. Dell
  5. SmartFabric OS10 Documentation

Dell SmartFabric OS10 Documentation, SmartFabric OS10 Owner's manual

  • Hello! I am an AI chatbot trained to assist you with the Dell SmartFabric OS10 Documentation Owner's manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
OS10 Enterprise Edition User Guide
Release 10.4.3.0
March 2019
Rev. A01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2018 - 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
Chapter 1: Getting Started.......................................................................................................... 26
Supported Hardware........................................................................................................................................................ 26
Download OS10 image and license................................................................................................................................ 27
Installation using ONIE..................................................................................................................................................... 28
Automatic installation................................................................................................................................................. 29
Manual installation.......................................................................................................................................................30
Log into OS10......................................................................................................................................................................31
Install OS10 license............................................................................................................................................................ 31
Zero-touch deployment................................................................................................................................................... 33
ZTD DHCP server configuration..............................................................................................................................35
ZTD provisioning script.............................................................................................................................................. 35
ZTD CLI batch file....................................................................................................................................................... 36
Post-ZTD script........................................................................................................................................................... 37
ZTD commands............................................................................................................................................................ 37
Remote access...................................................................................................................................................................38
Configure Management IP address.........................................................................................................................39
Management Route Configuration..........................................................................................................................39
Configure user name and password....................................................................................................................... 40
CLI Basics............................................................................................................................................................................40
CLI command categories........................................................................................................................................... 42
CONFIGURATION Mode............................................................................................................................................42
Command help..............................................................................................................................................................42
Check device status................................................................................................................................................... 44
Candidate configuration.............................................................................................................................................46
Change to transaction-based configuration mode..............................................................................................50
Copy running configuration ..................................................................................................................................... 50
Restore startup configuration ..................................................................................................................................51
Reload system image...................................................................................................................................................51
Filter show commands............................................................................................................................................... 52
Alias command............................................................................................................................................................. 52
Batch mode...................................................................................................................................................................56
Linux shell commands.................................................................................................................................................56
SSH commands............................................................................................................................................................57
OS9 environment commands................................................................................................................................... 57
Common commands......................................................................................................................................................... 58
alias................................................................................................................................................................................. 58
alias (multi-line)........................................................................................................................................................... 59
batch.............................................................................................................................................................................. 60
boot.................................................................................................................................................................................60
commit........................................................................................................................................................................... 60
configure........................................................................................................................................................................ 61
copy................................................................................................................................................................................. 61
default (alias)................................................................................................................................................................62
delete..............................................................................................................................................................................63
description (alias)........................................................................................................................................................ 63
Contents
Contents 3
dir.................................................................................................................................................................................... 64
discard............................................................................................................................................................................64
do.................................................................................................................................................................................... 65
feature config-os9-style............................................................................................................................................65
exit.................................................................................................................................................................................. 66
hostname.......................................................................................................................................................................66
license............................................................................................................................................................................ 66
line (alias)...................................................................................................................................................................... 67
lock.................................................................................................................................................................................. 67
management route...................................................................................................................................................... 68
move............................................................................................................................................................................... 68
no.....................................................................................................................................................................................69
reload..............................................................................................................................................................................69
show alias...................................................................................................................................................................... 69
show boot......................................................................................................................................................................70
show candidate-configuration...................................................................................................................................71
show environment....................................................................................................................................................... 73
show inventory.............................................................................................................................................................73
show ip management-route...................................................................................................................................... 74
show ipv6 management-route..................................................................................................................................74
show license status.....................................................................................................................................................75
show running-configuration...................................................................................................................................... 75
show startup-configuration.......................................................................................................................................77
show system................................................................................................................................................................. 78
show version..................................................................................................................................................................81
start................................................................................................................................................................................. 81
system.............................................................................................................................................................................81
system-cli disable........................................................................................................................................................ 82
system identifier.......................................................................................................................................................... 82
terminal.......................................................................................................................................................................... 82
traceroute......................................................................................................................................................................83
unlock............................................................................................................................................................................. 84
write................................................................................................................................................................................84
Chapter 2: System management..................................................................................................85
OS10 upgrade.....................................................................................................................................................................85
Boot system partition................................................................................................................................................. 86
Upgrade commands.................................................................................................................................................... 87
System banners..................................................................................................................................................................91
Login banner..................................................................................................................................................................91
MOTD banner................................................................................................................................................................91
System banner commands........................................................................................................................................ 92
User session management.............................................................................................................................................. 93
User session management commands................................................................................................................... 93
Telnet server...................................................................................................................................................................... 94
Telnet commands........................................................................................................................................................ 95
Simple Network Management Protocol.......................................................................................................................96
MIBs................................................................................................................................................................................96
SNMP security models and levels........................................................................................................................... 97
SNMPv3.........................................................................................................................................................................97
4
Contents
SNMP engine ID...........................................................................................................................................................97
SNMP groups and users............................................................................................................................................ 98
SNMP views................................................................................................................................................................. 98
Configure SNMP..........................................................................................................................................................98
SNMP commands.......................................................................................................................................................101
System clock.....................................................................................................................................................................109
System Clock commands..........................................................................................................................................110
Network Time Protocol....................................................................................................................................................111
Enable NTP...................................................................................................................................................................112
Broadcasts....................................................................................................................................................................113
Source IP address.......................................................................................................................................................113
Authentication............................................................................................................................................................. 113
Sample NTP configuration........................................................................................................................................114
NTP commands........................................................................................................................................................... 117
Dynamic Host Configuration Protocol........................................................................................................................ 122
Packet format and options...................................................................................................................................... 123
DHCP server............................................................................................................................................................... 124
Automatic address allocation.................................................................................................................................. 124
Hostname resolution................................................................................................................................................. 126
Manual binding entries..............................................................................................................................................126
Configuring a DHCP client on a non-default VRF instance............................................................................. 127
DHCP relay agent...................................................................................................................................................... 128
View DHCP Information........................................................................................................................................... 129
System domain name and list................................................................................................................................. 129
DHCP commands.......................................................................................................................................................130
DNS commands..........................................................................................................................................................136
IPv4 DHCP limitations...............................................................................................................................................138
Chapter 3: Interfaces.................................................................................................................139
Ethernet interfaces......................................................................................................................................................... 139
Unified port groups......................................................................................................................................................... 139
Z9264F-ON port-group profiles...................................................................................................................................140
L2 mode configuration....................................................................................................................................................142
L3 mode configuration....................................................................................................................................................142
Fibre Channel interfaces................................................................................................................................................ 143
Management interface .................................................................................................................................................. 145
VLAN interfaces...............................................................................................................................................................145
User-configured default VLAN.....................................................................................................................................145
VLAN scale profile........................................................................................................................................................... 146
Loopback interfaces........................................................................................................................................................146
Port-channel interfaces..................................................................................................................................................147
Create port-channel.................................................................................................................................................. 147
Add port member....................................................................................................................................................... 148
Minimum links............................................................................................................................................................. 148
Assign Port Channel IP Address.............................................................................................................................149
Remove or disable port-channel............................................................................................................................ 149
Load balance traffic.................................................................................................................................................. 149
Change hash algorithm.............................................................................................................................................150
Configure interface ranges........................................................................................................................................... 150
Switch-port profiles.........................................................................................................................................................151
Contents
5
S4148-ON Series port profiles................................................................................................................................ 152
S4148U-ON port profiles..........................................................................................................................................153
Configure breakout mode.............................................................................................................................................. 154
Breakout auto-configuration.........................................................................................................................................154
Forward error correction............................................................................................................................................... 155
Energy-efficient Ethernet..............................................................................................................................................156
Enable energy-efficient Ethernet.......................................................................................................................... 156
Clear EEE counters....................................................................................................................................................157
View EEE status/statistics...................................................................................................................................... 157
EEE commands...........................................................................................................................................................158
View interface configuration.........................................................................................................................................160
Digital optical monitoring............................................................................................................................................... 163
Enable DOM and DOM traps...................................................................................................................................164
Interface commands....................................................................................................................................................... 165
channel-group.............................................................................................................................................................165
default vlan-id.............................................................................................................................................................166
description (Interface)............................................................................................................................................. 166
duplex............................................................................................................................................................................167
enable dom.................................................................................................................................................................. 167
enable dom traps........................................................................................................................................................167
feature auto-breakout.............................................................................................................................................. 168
fec..................................................................................................................................................................................168
interface breakout..................................................................................................................................................... 169
interface ethernet......................................................................................................................................................169
interface loopback..................................................................................................................................................... 169
interface mgmt........................................................................................................................................................... 170
interface null................................................................................................................................................................170
interface port-channel.............................................................................................................................................. 170
interface range............................................................................................................................................................ 171
interface vlan............................................................................................................................................................... 171
link-bundle-utilization................................................................................................................................................ 172
mode..............................................................................................................................................................................172
mode l3......................................................................................................................................................................... 173
mtu.................................................................................................................................................................................173
port mode Eth.............................................................................................................................................................174
port-group....................................................................................................................................................................174
profile............................................................................................................................................................................ 175
scale-profile vlan........................................................................................................................................................ 175
show interface............................................................................................................................................................ 176
show inventory media............................................................................................................................................... 177
show link-bundle-utilization..................................................................................................................................... 178
show port-channel summary...................................................................................................................................178
show port-group........................................................................................................................................................ 179
show switch-port-profile......................................................................................................................................... 180
show system............................................................................................................................................................... 180
show vlan......................................................................................................................................................................181
shutdown...................................................................................................................................................................... 181
speed (Fibre Channel).............................................................................................................................................. 182
speed (Management)................................................................................................................................................182
switch-port-profile.................................................................................................................................................... 183
6
Contents
switchport access vlan.............................................................................................................................................185
switchport mode........................................................................................................................................................ 185
switchport trunk allowed vlan.................................................................................................................................185
Chapter 4: Fibre Channel........................................................................................................... 187
Terminology.......................................................................................................................................................................188
Virtual fabric......................................................................................................................................................................188
Fibre Channel zoning...................................................................................................................................................... 190
F_Port on Ethernet.........................................................................................................................................................192
Pinning FCoE traffic to a specific port of a port-channel..................................................................................... 192
Sample FSB configuration on VLT network........................................................................................................ 194
Sample FC Switch configuration on VLT network............................................................................................ 196
Sample FSB configuration on non-VLT network................................................................................................198
Sample FC Switch configuration on non-VLT network................................................................................... 200
Multi-hop FIP-snooping bridge.....................................................................................................................................201
Configuration notes..................................................................................................................................................202
Configure multi-hop FSB.........................................................................................................................................202
Verify multi-hop FSB configuration...................................................................................................................... 208
Sample Multi-hop FSB configuration................................................................................................................... 209
Configuration guidelines................................................................................................................................................ 222
F_Port commands.......................................................................................................................................................... 223
fc alias..........................................................................................................................................................................223
fc zone.........................................................................................................................................................................223
fc zoneset................................................................................................................................................................... 223
feature fc.................................................................................................................................................................... 224
member (alias)........................................................................................................................................................... 224
member (zone).......................................................................................................................................................... 224
member (zoneset).................................................................................................................................................... 225
show fc alias...............................................................................................................................................................225
show fc interface-area-id mapping.......................................................................................................................226
show fc ns switch..................................................................................................................................................... 226
show fc zone.............................................................................................................................................................. 227
show fc zoneset........................................................................................................................................................ 227
zone default-zone permit........................................................................................................................................228
zoneset activate........................................................................................................................................................229
NPG commands...............................................................................................................................................................229
fc port-mode F.......................................................................................................................................................... 229
feature fc npg............................................................................................................................................................ 230
show npg devices......................................................................................................................................................230
F_Port and NPG commands........................................................................................................................................ 230
clear fc statistics........................................................................................................................................................231
fcoe .............................................................................................................................................................................. 231
name..............................................................................................................................................................................231
show fc statistics...................................................................................................................................................... 232
show fc switch...........................................................................................................................................................232
show running-config vfabric...................................................................................................................................233
show vfabric............................................................................................................................................................... 233
vfabric.......................................................................................................................................................................... 234
vfabric (interface).....................................................................................................................................................234
vlan............................................................................................................................................................................... 235
Contents
7
FIP-snooping commands...............................................................................................................................................235
feature fip-snooping.................................................................................................................................................235
fip-snooping enable.................................................................................................................................................. 236
fip-snooping fc-map................................................................................................................................................. 236
fip-snooping port-mode...........................................................................................................................................236
FCoE commands..............................................................................................................................................................237
clear fcoe database...................................................................................................................................................237
clear fcoe statistics...................................................................................................................................................237
fcoe-pinned-port ......................................................................................................................................................238
fcoe max-sessions-per-enodemac........................................................................................................................238
fcoe priority-bits........................................................................................................................................................238
lldp tlv-select dcbxp-appln fcoe............................................................................................................................239
show fcoe enode....................................................................................................................................................... 239
show fcoe fcf.............................................................................................................................................................239
show fcoe pinned-port............................................................................................................................................ 240
show fcoe sessions...................................................................................................................................................240
show fcoe statistics.................................................................................................................................................. 241
show fcoe system......................................................................................................................................................241
show fcoe vlan...........................................................................................................................................................242
Chapter 5: Layer 2..................................................................................................................... 243
802.1X................................................................................................................................................................................ 243
Port authentication...................................................................................................................................................244
EAP over RADIUS..................................................................................................................................................... 245
Configure 802.1X.......................................................................................................................................................245
Enable 802.1X.............................................................................................................................................................246
Identity retransmissions...........................................................................................................................................247
Failure quiet period....................................................................................................................................................247
Port control mode.....................................................................................................................................................248
Reauthenticate port................................................................................................................................................. 249
Configure timeouts...................................................................................................................................................250
802.1X commands......................................................................................................................................................251
Far-end failure detection.............................................................................................................................................. 255
Enable FEFD globally................................................................................................................................................ 257
Enable FEFD on interface....................................................................................................................................... 258
Reset FEFD err-disabled interface....................................................................................................................... 258
Display FEFD information........................................................................................................................................258
FEFD Commands.......................................................................................................................................................259
Link Aggregation Control Protocol............................................................................................................................. 262
Modes.......................................................................................................................................................................... 262
Configuration..............................................................................................................................................................262
Interfaces.................................................................................................................................................................... 263
Rates............................................................................................................................................................................ 263
Sample configuration................................................................................................................................................264
LACP fallback............................................................................................................................................................. 267
LACP commands....................................................................................................................................................... 270
Link Layer Discovery Protocol......................................................................................................................................277
Optional TLVs.............................................................................................................................................................278
Organizationally-specific TLVs...............................................................................................................................278
Media endpoint discovery........................................................................................................................................ 281
8
Contents
Network connectivity device.................................................................................................................................. 281
LLDP-MED capabilities TLV.................................................................................................................................... 281
Network policies TLVs............................................................................................................................................. 282
Define network policies............................................................................................................................................283
Packet timer values.................................................................................................................................................. 283
Disable and re-enable LLDP .................................................................................................................................. 284
Disable and re-enable LLDP on management ports..........................................................................................285
Advertise TLVs.......................................................................................................................................................... 285
Network policy advertisement...............................................................................................................................286
Fast start repeat count........................................................................................................................................... 286
View LLDP configuration.........................................................................................................................................287
Adjacent agent advertisements.............................................................................................................................288
Time to live................................................................................................................................................................. 289
LLDP commands....................................................................................................................................................... 289
Media Access Control....................................................................................................................................................300
Static MAC Address..................................................................................................................................................301
MAC Address Table...................................................................................................................................................301
Clear MAC Address Table....................................................................................................................................... 302
MAC Commands........................................................................................................................................................302
Multiple Spanning-Tree................................................................................................................................................. 304
Configure MSTP........................................................................................................................................................305
Create instances....................................................................................................................................................... 305
Root selection............................................................................................................................................................ 307
Non-Dell EMC hardware..........................................................................................................................................307
Region name or revision.......................................................................................................................................... 308
Modify parameters....................................................................................................................................................308
Interface parameters................................................................................................................................................309
EdgePort Forward traffic.........................................................................................................................................310
Spanning-tree extensions........................................................................................................................................ 310
Recover BPDU guard error disabled ports.......................................................................................................... 312
Setting spanning-tree link type for rapid state transitions..............................................................................313
MAC flush optimization............................................................................................................................................ 313
MST commands..........................................................................................................................................................314
Rapid per-VLAN spanning-tree plus...........................................................................................................................326
Load balance and root selection............................................................................................................................326
Enable RPVST+..........................................................................................................................................................327
Select root bridge......................................................................................................................................................327
Root assignment........................................................................................................................................................329
Loop guard..................................................................................................................................................................329
Global parameters..................................................................................................................................................... 330
Setting spanning-tree link type for rapid state transitions............................................................................. 330
MAC flush optimization........................................................................................................................................... 330
RPVST+ commands.................................................................................................................................................. 331
Rapid Spanning-Tree Protocol.....................................................................................................................................339
Enable globally........................................................................................................................................................... 339
Global parameters......................................................................................................................................................341
Interface parameters................................................................................................................................................342
Root bridge selection............................................................................................................................................... 342
EdgePort forward traffic.........................................................................................................................................343
Spanning-tree extensions....................................................................................................................................... 343
Contents
9
Setting spanning-tree link type for rapid state transitions............................................................................. 345
MAC flush optimization........................................................................................................................................... 345
RSTP commands....................................................................................................................................................... 346
Virtual LANs..................................................................................................................................................................... 352
Default VLAN............................................................................................................................................................. 353
Create or remove VLANs........................................................................................................................................ 353
Access mode.............................................................................................................................................................. 354
Trunk mode.................................................................................................................................................................355
Assign IP address...................................................................................................................................................... 356
View VLAN configuration........................................................................................................................................ 357
VLAN commands.......................................................................................................................................................358
Port monitoring............................................................................................................................................................... 359
Local port monitoring...............................................................................................................................................359
Remote port monitoring.......................................................................................................................................... 360
Encapsulated remote port monitoring................................................................................................................. 362
Flow-based monitoring............................................................................................................................................ 363
Remote port monitoring on VLT............................................................................................................................364
Port monitoring commands.................................................................................................................................... 366
Chapter 6: Layer 3......................................................................................................................371
Virtual routing and forwarding...................................................................................................................................... 371
Configure management VRF................................................................................................................................... 371
Configure non-default VRF instances.................................................................................................................. 373
VRF configuration..................................................................................................................................................... 375
View VRF instance information..............................................................................................................................379
Static route leaking...................................................................................................................................................379
VRF commands..........................................................................................................................................................383
Bidirectional Forwarding Detection............................................................................................................................ 390
BFD session states................................................................................................................................................... 390
BFD three-way handshake...................................................................................................................................... 391
BFD configuration..................................................................................................................................................... 392
Configure BFD globally............................................................................................................................................ 392
BFD for BGP...............................................................................................................................................................393
BFD for OSPF............................................................................................................................................................ 397
BFD for Static route..................................................................................................................................................401
BFD commands..........................................................................................................................................................403
Border Gateway Protocol............................................................................................................................................. 409
Sessions and peers.................................................................................................................................................... 410
Route reflectors.......................................................................................................................................................... 411
Multiprotocol BGP..................................................................................................................................................... 412
Attributes.....................................................................................................................................................................412
Selection criteria........................................................................................................................................................ 412
Weight and local preference................................................................................................................................... 413
Multiexit discriminators............................................................................................................................................ 413
Origin.............................................................................................................................................................................414
AS path and next-hop...............................................................................................................................................414
Best path selection....................................................................................................................................................415
More path support.....................................................................................................................................................415
Advertise cost.............................................................................................................................................................416
4-Byte AS numbers................................................................................................................................................... 416
10
Contents
AS number migration.................................................................................................................................................416
Configure Border Gateway Protocol..................................................................................................................... 417
Enable BGP..................................................................................................................................................................417
Configure Dual Stack............................................................................................................................................... 420
Configure administrative distance........................................................................................................................ 420
Peer templates........................................................................................................................................................... 421
Neighbor fall-over..................................................................................................................................................... 424
Configure password..................................................................................................................................................426
Fast external fallover................................................................................................................................................427
Passive peering..........................................................................................................................................................429
Local AS.......................................................................................................................................................................429
AS number limit......................................................................................................................................................... 430
Redistribute routes.................................................................................................................................................... 431
Additional paths......................................................................................................................................................... 432
MED attributes.......................................................................................................................................................... 432
Local preference attribute...................................................................................................................................... 432
Weight attribute........................................................................................................................................................ 433
Enable multipath........................................................................................................................................................434
Route-map filters...................................................................................................................................................... 434
Route reflector clusters...........................................................................................................................................435
Aggregate routes...................................................................................................................................................... 435
Confederations.......................................................................................................................................................... 436
Route dampening.......................................................................................................................................................437
Timers.......................................................................................................................................................................... 438
Neighbor soft-reconfiguration............................................................................................................................... 438
BGP commands......................................................................................................................................................... 439
Equal cost multi-path......................................................................................................................................................471
Load balancing............................................................................................................................................................ 471
Maximum ECMP groups and paths...................................................................................................................... 475
ECMP commands......................................................................................................................................................475
IPv4 routing...................................................................................................................................................................... 479
Assign interface IP address.................................................................................................................................... 480
Configure static routing........................................................................................................................................... 481
Address Resolution Protocol................................................................................................................................... 481
IPv4 routing commands...........................................................................................................................................482
IPv6 routing...................................................................................................................................................................... 487
Enable or disable IPv6.............................................................................................................................................. 487
IPv6 addresses...........................................................................................................................................................488
Stateless autoconfiguration....................................................................................................................................489
Neighbor Discovery.................................................................................................................................................. 490
Duplicate address discovery....................................................................................................................................491
Static IPv6 routing.....................................................................................................................................................491
IPv6 destination unreachable................................................................................................................................. 492
IPv6 hop-by-hop options.........................................................................................................................................492
View IPv6 information..............................................................................................................................................492
IPv6 commands......................................................................................................................................................... 493
Open shortest path first............................................................................................................................................... 504
Autonomous system areas......................................................................................................................................504
Areas, networks, and neighbors............................................................................................................................ 505
Router types.............................................................................................................................................................. 505
Contents
11
Designated and backup designated routers....................................................................................................... 506
Link-state advertisements...................................................................................................................................... 507
Router priority............................................................................................................................................................507
Shortest path first throttling................................................................................................................................. 508
OSPFv2....................................................................................................................................................................... 509
OSPFv3........................................................................................................................................................................ 541
Object tracking manager...............................................................................................................................................562
Interface tracking......................................................................................................................................................562
Host tracking..............................................................................................................................................................563
Set tracking delays................................................................................................................................................... 564
Object tracking.......................................................................................................................................................... 564
View tracked objects................................................................................................................................................564
OTM commands........................................................................................................................................................565
Policy-based routing...................................................................................................................................................... 568
Access-list to match route-map............................................................................................................................568
Set address to match route-map..........................................................................................................................569
Assign route-map to interface...............................................................................................................................569
View PBR information..............................................................................................................................................569
Policy-based routing per VRF................................................................................................................................ 570
Configuring PBR per VRF....................................................................................................................................... 570
Sample configuration................................................................................................................................................ 571
Track route reachability...........................................................................................................................................572
Use PBR to permit and block specific traffic..................................................................................................... 572
View PBR configuration...........................................................................................................................................573
PBR commands..........................................................................................................................................................574
Virtual Router Redundancy Protocol..........................................................................................................................576
Configuration..............................................................................................................................................................577
Create virtual router.................................................................................................................................................578
Group version.............................................................................................................................................................578
Virtual IP addresses.................................................................................................................................................. 579
Configure virtual IP address................................................................................................................................... 579
Configure virtual IP address in a VRF.................................................................................................................. 580
Set group priority.......................................................................................................................................................581
Authentication............................................................................................................................................................ 581
Disable preempt.........................................................................................................................................................582
Advertisement interval.............................................................................................................................................583
Interface/object tracking........................................................................................................................................583
Configure tracking.................................................................................................................................................... 584
VRRP commands...................................................................................................................................................... 585
Chapter 7: Multicast................................................................................................................. 590
Important notes...............................................................................................................................................................590
Configure multicast routing..........................................................................................................................................590
Unknown multicast flood control.................................................................................................................................591
Enable multicast flood control............................................................................................................................... 592
Multicast Commands..................................................................................................................................................... 592
multicast snooping flood-restrict.......................................................................................................................... 592
Internet Group Management Protocol...................................................................................................................... 593
Standards compliance..............................................................................................................................................593
Important notes.........................................................................................................................................................593
12
Contents
Supported IGMP versions.......................................................................................................................................594
Query interval.............................................................................................................................................................594
Last member query interval....................................................................................................................................594
Maximum response time......................................................................................................................................... 594
IGMP immediate leave............................................................................................................................................. 594
Select an IGMP version...........................................................................................................................................595
View IGMP-enabled interfaces and groups........................................................................................................595
IGMP snooping.......................................................................................................................................................... 596
IGMP commands....................................................................................................................................................... 597
Multicast Listener Discovery Protocol.......................................................................................................................608
MLD snooping............................................................................................................................................................608
MLD snooping commands....................................................................................................................................... 610
Protocol Independent Multicast...................................................................................................................................617
PIM terminology......................................................................................................................................................... 617
Standards compliance...............................................................................................................................................617
PIM-SM........................................................................................................................................................................ 617
PIM-SSM..................................................................................................................................................................... 618
Expiry timers for S, G entries..................................................................................................................................619
Static rendezvous point........................................................................................................................................... 619
Designated router...................................................................................................................................................... 619
PIM commands...........................................................................................................................................................619
PIM-SM sample configuration................................................................................................................................627
PIM-SSM sample configuration..............................................................................................................................631
Multicast VRF sample configuration.................................................................................................................... 636
Multicast support on VLT....................................................................................................................................... 644
Chapter 8: VXLAN .................................................................................................................... 650
VXLAN concepts.............................................................................................................................................................650
VXLAN as NVO solution.................................................................................................................................................651
Configure VXLAN............................................................................................................................................................ 651
Configure source IP address on VTEP.................................................................................................................652
Configure a VXLAN virtual network..................................................................................................................... 652
Configure VLAN-tagged access ports.................................................................................................................653
Configure untagged access ports......................................................................................................................... 654
Enable overlay routing between virtual networks.............................................................................................654
Advertise VXLAN source IP address ...................................................................................................................656
Configure VLT............................................................................................................................................................657
L3 VXLAN route scaling ............................................................................................................................................... 657
DHCP relay on VTEPs .................................................................................................................................................. 659
View VXLAN configuration...........................................................................................................................................659
VXLAN MAC addresses................................................................................................................................................. 661
VXLAN commands..........................................................................................................................................................664
hardware overlay-routing-profile.......................................................................................................................... 664
interface virtual-network........................................................................................................................................ 664
ip virtual-router address..........................................................................................................................................665
ip virtual-router mac-address................................................................................................................................ 665
member-interface..................................................................................................................................................... 665
nve................................................................................................................................................................................ 666
remote-vtep............................................................................................................................................................... 666
show hardware overlay-routing-profile mode.................................................................................................... 667
Contents
13
show interface virtual-network............................................................................................................................. 667
show nve remote-vtep............................................................................................................................................ 668
show nve remote-vtep counters...........................................................................................................................668
show nve vxlan-vni...................................................................................................................................................669
show virtual-network............................................................................................................................................... 669
show virtual-network counters..............................................................................................................................670
show virtual-network interface counters............................................................................................................670
show virtual-network interface.............................................................................................................................. 671
show virtual-network vlan....................................................................................................................................... 671
show vlan (virtual network)....................................................................................................................................672
source-interface loopback...................................................................................................................................... 672
virtual-network.......................................................................................................................................................... 673
virtual-network untagged-vlan.............................................................................................................................. 673
vxlan-vni...................................................................................................................................................................... 673
VXLAN MAC commands................................................................................................................................................674
clear mac address-table dynamic nve remote-vtep......................................................................................... 674
clear mac address-table dynamic virtual-network............................................................................................ 674
show mac address-table count extended........................................................................................................... 675
show mac address-table count nve......................................................................................................................675
show mac address-table count virtual-network................................................................................................676
show mac address-table extended....................................................................................................................... 676
show mac address-table nve..................................................................................................................................677
show mac address-table virtual-network............................................................................................................678
Example: VXLAN with static VTEP.............................................................................................................................679
BGP EVPN for VXLAN................................................................................................................................................... 691
BGP EVPN compared to static VXLAN................................................................................................................691
VXLAN BGP EVPN operation................................................................................................................................ 692
Configure BGP EVPN for VXLAN......................................................................................................................... 694
VXLAN BGP EVPN routing.....................................................................................................................................698
BGP EVPN with VLT................................................................................................................................................699
VXLAN BGP commands.......................................................................................................................................... 700
VXLAN EVPN commands........................................................................................................................................703
Example: VXLAN with BGP EVPN........................................................................................................................ 709
Controller-provisioned VXLAN.....................................................................................................................................728
Configuration notes.................................................................................................................................................. 729
Controller-provisioned VXLAN operations.......................................................................................................... 729
Steps to configure controller-provisioned VXLAN............................................................................................730
Configure and control VXLAN from VMware vCenter.....................................................................................733
Example: VXLAN with a controller configuration.............................................................................................. 736
VXLAN Controller commands.................................................................................................................................740
Chapter 9: UFT modes............................................................................................................... 746
Configure UFT modes.................................................................................................................................................... 747
IPv6 extended prefix routes................................................................................................................................... 748
UFT commands................................................................................................................................................................748
hardware forwarding-table mode..........................................................................................................................748
hardware l3 ipv6-extended-prefix ....................................................................................................................... 749
show hardware forwarding-table mode...............................................................................................................749
show hardware forwarding-table mode all..........................................................................................................750
show hardware l3......................................................................................................................................................750
14
Contents
Chapter 10: Security.................................................................................................................. 751
User re-authentication...................................................................................................................................................752
Password strength..........................................................................................................................................................752
Role-based access control............................................................................................................................................752
Assign user role............................................................................................................................................................... 753
Bootloader Protection....................................................................................................................................................753
Linuxadmin User Configuration....................................................................................................................................754
RADIUS authentication..................................................................................................................................................755
RADIUS over TLS authentication................................................................................................................................756
TACACS+ authentication.............................................................................................................................................. 757
Unknown user role.......................................................................................................................................................... 758
SSH server........................................................................................................................................................................758
Virtual terminal line......................................................................................................................................................... 759
Control access to VTY............................................................................................................................................. 759
Enable AAA accounting................................................................................................................................................. 760
Enable user lockout........................................................................................................................................................ 760
Limit concurrent login sessions.................................................................................................................................... 761
Enable login statistics..................................................................................................................................................... 761
Privilege levels overview............................................................................................................................................... 762
Configure privilege levels for users.......................................................................................................................762
Configure enable password.................................................................................................................................... 763
Audit log............................................................................................................................................................................ 764
Security commands........................................................................................................................................................ 765
aaa accounting...........................................................................................................................................................765
aaa authentication login...........................................................................................................................................766
aaa re-authenticate enable..................................................................................................................................... 766
boot protect disable username.............................................................................................................................. 767
boot protect enable username password............................................................................................................ 767
clear logging audit..................................................................................................................................................... 767
crypto ssh-key generate..........................................................................................................................................768
disable.......................................................................................................................................................................... 768
enable...........................................................................................................................................................................769
enable password........................................................................................................................................................769
ip access-class........................................................................................................................................................... 770
ip radius source-interface........................................................................................................................................770
ip tacacs source-interface...................................................................................................................................... 770
ipv6 access-class....................................................................................................................................................... 771
ip ssh server challenge-response-authentication...............................................................................................771
ip ssh server cipher....................................................................................................................................................771
ip ssh server enable.................................................................................................................................................. 772
ip ssh server hostbased-authentication...............................................................................................................772
ip ssh server kex........................................................................................................................................................ 773
ip ssh server mac.......................................................................................................................................................773
ip ssh server password-authentication................................................................................................................ 774
ip ssh server port.......................................................................................................................................................774
ip ssh server pubkey-authentication.....................................................................................................................775
ip ssh server vrf......................................................................................................................................................... 775
line vty..........................................................................................................................................................................775
logging audit enable.................................................................................................................................................. 776
Contents
15
login concurrent-session limit.................................................................................................................................776
login-statistics enable...............................................................................................................................................776
password-attributes..................................................................................................................................................777
password-attributes max-retry lockout-period..................................................................................................777
privilege........................................................................................................................................................................778
radius-server host..................................................................................................................................................... 779
radius-server host tls................................................................................................................................................779
radius-server retransmit.......................................................................................................................................... 780
radius-server timeout...............................................................................................................................................780
radius-server vrf........................................................................................................................................................780
show boot protect..................................................................................................................................................... 781
show crypto ssh-key................................................................................................................................................. 781
show ip ssh................................................................................................................................................................. 782
show logging audit.................................................................................................................................................... 782
show login-statistics.................................................................................................................................................783
show privilege.............................................................................................................................................................784
show running-configuration privilege................................................................................................................... 784
show users.................................................................................................................................................................. 784
system-user linuxadmin disable............................................................................................................................. 785
system-user linuxadmin password........................................................................................................................ 785
tacacs-server host....................................................................................................................................................785
tacacs-server timeout..............................................................................................................................................786
tacacs-server vrf.......................................................................................................................................................786
username password role.......................................................................................................................................... 787
username sshkey....................................................................................................................................................... 788
username sshkey filename...................................................................................................................................... 788
userrole inherit........................................................................................................................................................... 789
X.509v3 certificates.......................................................................................................................................................789
X.509v3 concepts.....................................................................................................................................................790
Public key infrastructure......................................................................................................................................... 790
Manage CA certificates............................................................................................................................................791
Request and install host certificates.................................................................................................................... 793
Self-signed certificates .......................................................................................................................................... 796
Security profiles.........................................................................................................................................................798
Cluster security..........................................................................................................................................................799
X.509v3 commands..................................................................................................................................................800
Example: Configure RADIUS over TLS with X.509v3 certificates................................................................ 807
Chapter 11: OpenFlow................................................................................................................809
OpenFlow logical switch instance................................................................................................................................810
OpenFlow controller........................................................................................................................................................810
OpenFlow version 1.3......................................................................................................................................................810
Ports............................................................................................................................................................................. 810
Flow table.................................................................................................................................................................... 810
Group table...................................................................................................................................................................811
Meter table...................................................................................................................................................................811
Instructions.................................................................................................................................................................. 811
Action set..................................................................................................................................................................... 811
Action types................................................................................................................................................................ 812
Counters.......................................................................................................................................................................812
16
Contents
OpenFlow protocol.................................................................................................................................................... 814
OpenFlow use cases.......................................................................................................................................................826
Configure OpenFlow.......................................................................................................................................................827
Establish TLS connection........................................................................................................................................828
OpenFlow commands.....................................................................................................................................................828
controller..................................................................................................................................................................... 828
dpid-mac-address..................................................................................................................................................... 829
in-band-mgmt............................................................................................................................................................ 830
max-backoff............................................................................................................................................................... 830
mode openflow-only..................................................................................................................................................831
openflow.......................................................................................................................................................................831
probe-interval............................................................................................................................................................. 831
protocol-version........................................................................................................................................................ 832
rate-limit packet_in.................................................................................................................................................. 833
show openflow...........................................................................................................................................................833
show openflow flows................................................................................................................................................834
show openflow ports................................................................................................................................................835
show openflow switch............................................................................................................................................. 836
show openflow switch controllers.........................................................................................................................837
switch...........................................................................................................................................................................837
OpenFlow-only mode commands................................................................................................................................ 838
Chapter 12: Access Control Lists............................................................................................... 840
IP ACLs..............................................................................................................................................................................840
MAC ACLs......................................................................................................................................................................... 841
Control-plane ACLs......................................................................................................................................................... 841
Control-plane ACL qualifiers................................................................................................................................... 841
IP fragment handling...................................................................................................................................................... 842
L3 ACL rules..................................................................................................................................................................... 843
Assign sequence number to filter............................................................................................................................... 843
Delete ACL rule................................................................................................................................................................844
L2 and L3 ACLs............................................................................................................................................................... 845
Assign and apply ACL filters.........................................................................................................................................845
Ingress ACL filters.......................................................................................................................................................... 846
Egress ACL filters........................................................................................................................................................... 846
Clear access-list counters.............................................................................................................................................847
IP prefix-lists.................................................................................................................................................................... 847
Route-maps......................................................................................................................................................................848
Match routes....................................................................................................................................................................849
Set conditions.................................................................................................................................................................. 849
Continue clause...............................................................................................................................................................850
ACL flow-based monitoring..........................................................................................................................................850
Enable flow-based monitoring...................................................................................................................................... 851
View ACL table utilization report................................................................................................................................ 852
Known behavior.........................................................................................................................................................854
ACL logging...................................................................................................................................................................... 854
Important notes.........................................................................................................................................................854
ACL commands............................................................................................................................................................... 855
clear ip access-list counters...................................................................................................................................855
clear ipv6 access-list counters.............................................................................................................................. 855
Contents
17
clear mac access-list counters.............................................................................................................................. 855
deny..............................................................................................................................................................................856
deny (IPv6).................................................................................................................................................................856
deny (MAC)................................................................................................................................................................857
deny icmp....................................................................................................................................................................858
deny icmp (IPv6).......................................................................................................................................................858
deny ip......................................................................................................................................................................... 859
deny ipv6.....................................................................................................................................................................859
deny tcp...................................................................................................................................................................... 860
deny tcp (IPv6)......................................................................................................................................................... 860
deny udp.......................................................................................................................................................................861
deny udp (IPv6).........................................................................................................................................................862
description.................................................................................................................................................................. 863
ip access-group......................................................................................................................................................... 863
ip access-list...............................................................................................................................................................864
ip as-path access-list............................................................................................................................................... 864
ip community-list standard deny........................................................................................................................... 864
ip community–list standard permit....................................................................................................................... 865
ip extcommunity-list standard deny..................................................................................................................... 865
ip extcommunity-list standard permit.................................................................................................................. 866
ip prefix-list description...........................................................................................................................................866
ip prefix-list deny...................................................................................................................................................... 866
ip prefix-list permit....................................................................................................................................................867
ip prefix-list seq deny...............................................................................................................................................867
ip prefix-list seq permit............................................................................................................................................868
ipv6 access-group.....................................................................................................................................................868
ipv6 access-list..........................................................................................................................................................869
ipv6 prefix-list deny..................................................................................................................................................869
ipv6 prefix-list description...................................................................................................................................... 869
ipv6 prefix-list permit............................................................................................................................................... 870
ipv6 prefix-list seq deny.......................................................................................................................................... 870
ipv6 prefix-list seq permit....................................................................................................................................... 870
mac access-group......................................................................................................................................................871
mac access-list........................................................................................................................................................... 871
permit........................................................................................................................................................................... 872
permit (IPv6)..............................................................................................................................................................872
permit (MAC)............................................................................................................................................................. 873
permit icmp................................................................................................................................................................. 874
permit icmp (IPv6)....................................................................................................................................................874
permit ip.......................................................................................................................................................................875
permit ipv6..................................................................................................................................................................875
permit tcp....................................................................................................................................................................876
permit tcp (IPv6).......................................................................................................................................................877
permit udp................................................................................................................................................................... 877
permit udp (IPv6)......................................................................................................................................................878
remark.......................................................................................................................................................................... 879
seq deny...................................................................................................................................................................... 879
seq deny (IPv6)......................................................................................................................................................... 880
seq deny (MAC).........................................................................................................................................................881
seq deny icmp.............................................................................................................................................................881
18
Contents
seq deny icmp (IPv6)............................................................................................................................................... 882
seq deny ip..................................................................................................................................................................882
seq deny ipv6............................................................................................................................................................. 883
seq deny tcp...............................................................................................................................................................884
seq deny tcp (IPv6)..................................................................................................................................................885
seq deny udp.............................................................................................................................................................. 885
seq deny udp (IPv6).................................................................................................................................................886
seq permit................................................................................................................................................................... 887
seq permit (IPv6)...................................................................................................................................................... 888
seq permit (MAC)..................................................................................................................................................... 888
seq permit icmp......................................................................................................................................................... 889
seq permit icmp (IPv6)............................................................................................................................................890
seq permit ip...............................................................................................................................................................890
seq permit ipv6...........................................................................................................................................................891
seq permit tcp............................................................................................................................................................ 891
seq permit tcp (IPv6)...............................................................................................................................................892
seq permit udp........................................................................................................................................................... 893
seq permit udp (IPv6)..............................................................................................................................................894
show access-group.................................................................................................................................................. 895
show access-lists...................................................................................................................................................... 896
show acl-table-usage detail....................................................................................................................................897
show ip as-path-access-list .................................................................................................................................. 900
show ip community-list............................................................................................................................................ 901
show ip extcommunity-list.......................................................................................................................................901
show ip prefix-list...................................................................................................................................................... 901
show logging access-list......................................................................................................................................... 902
Route-map commands...................................................................................................................................................902
continue.......................................................................................................................................................................902
match as-path............................................................................................................................................................903
match community..................................................................................................................................................... 903
match extcommunity............................................................................................................................................... 903
match interface......................................................................................................................................................... 904
match ip address.......................................................................................................................................................904
match ip next-hop.................................................................................................................................................... 904
match ipv6 address.................................................................................................................................................. 905
match ipv6 next-hop................................................................................................................................................905
match metric..............................................................................................................................................................905
match origin................................................................................................................................................................906
match route-type......................................................................................................................................................906
match tag....................................................................................................................................................................906
route-map................................................................................................................................................................... 907
set comm-list add..................................................................................................................................................... 907
set comm-list delete.................................................................................................................................................908
set community........................................................................................................................................................... 908
set extcomm-list add............................................................................................................................................... 908
set extcomm-list delete...........................................................................................................................................909
set extcommunity..................................................................................................................................................... 909
set local-preference................................................................................................................................................. 909
set metric.....................................................................................................................................................................910
set metric-type...........................................................................................................................................................910
Contents
19
set next-hop................................................................................................................................................................ 911
set origin....................................................................................................................................................................... 911
set tag...........................................................................................................................................................................912
set weight....................................................................................................................................................................912
show route-map......................................................................................................................................................... 912
Chapter 13: Quality of service.................................................................................................... 914
Configure quality of service.......................................................................................................................................... 914
Ingress traffic classification.......................................................................................................................................... 916
Data traffic classification.........................................................................................................................................916
Control-plane policing...............................................................................................................................................921
Egress traffic classification.......................................................................................................................................... 926
Policing traffic..................................................................................................................................................................927
Mark Traffic......................................................................................................................................................................927
Color traffic...................................................................................................................................................................... 928
Modify packet fields.......................................................................................................................................................928
Shaping traffic................................................................................................................................................................. 928
Bandwidth allocation...................................................................................................................................................... 929
Strict priority queuing....................................................................................................................................................930
Rate adjustment...............................................................................................................................................................931
Buffer management........................................................................................................................................................932
Configure ingress buffer......................................................................................................................................... 932
Configure egress buffer.......................................................................................................................................... 933
Deep Buffer mode.....................................................................................................................................................934
Congestion avoidance....................................................................................................................................................935
Storm control................................................................................................................................................................... 937
RoCE for faster access and lossless connectivity.................................................................................................. 937
Configure RoCE on the switch.............................................................................................................................. 937
Configure RoCE on the interfaces........................................................................................................................938
RoCE for VXLAN over VLT.....................................................................................................................................939
Buffer statistics tracking.........................................................................................................................................948
QoS commands............................................................................................................................................................... 949
bandwidth................................................................................................................................................................... 949
buffer-statistics-tracking........................................................................................................................................949
class..............................................................................................................................................................................949
class-map....................................................................................................................................................................950
clear interface ...........................................................................................................................................................950
clear qos statistics.....................................................................................................................................................951
clear qos statistics type........................................................................................................................................... 951
control-plane.............................................................................................................................................................. 952
control-plane-buffer-size........................................................................................................................................952
flowcontrol..................................................................................................................................................................952
hardware deep-buffer-mode..................................................................................................................................953
match........................................................................................................................................................................... 953
match cos................................................................................................................................................................... 954
match dscp.................................................................................................................................................................954
match precedence....................................................................................................................................................955
match queue.............................................................................................................................................................. 955
match vlan.................................................................................................................................................................. 955
mtu............................................................................................................................................................................... 956
20
Contents
/