PowerSwitch S4148U-ON

Dell PowerSwitch S4148U-ON Owner's manual

  • Hello! I am an AI chatbot trained to assist you with the Dell PowerSwitch S4148U-ON Owner's manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
OS10 Enterprise Edition User Guide
Release 10.4.3.0
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks
may be trademarks of their respective owners.
2019 - 03
Rev. A01
Contents
1 Getting Started............................................................................................................................................ 29
Supported Hardware....................................................................................................................................................... 29
Download OS10 image and license................................................................................................................................ 30
Installation using ONIE..................................................................................................................................................... 31
Automatic installation................................................................................................................................................ 32
Manual installation......................................................................................................................................................33
Log into OS10................................................................................................................................................................... 34
Install OS10 license.......................................................................................................................................................... 35
Zero-touch deployment................................................................................................................................................... 37
ZTD DHCP server conguration..............................................................................................................................39
ZTD provisioning script............................................................................................................................................. 39
ZTD CLI batch le......................................................................................................................................................40
Post-ZTD script...........................................................................................................................................................41
ZTD commands...........................................................................................................................................................41
Remote access.................................................................................................................................................................42
Congure Management IP address......................................................................................................................... 43
Management Route Conguration.......................................................................................................................... 43
Congure user name and password........................................................................................................................ 44
CLI Basics..........................................................................................................................................................................44
User accounts............................................................................................................................................................ 44
Key CLI features.........................................................................................................................................................45
CLI command modes.................................................................................................................................................45
CLI command hierarchy............................................................................................................................................ 46
CLI command categories.......................................................................................................................................... 46
CONFIGURATION Mode.......................................................................................................................................... 46
Command help........................................................................................................................................................... 46
Check device status.................................................................................................................................................. 48
Candidate conguration............................................................................................................................................50
Change to transaction-based conguration mode................................................................................................ 54
Copy running conguration ..................................................................................................................................... 55
Restore startup conguration ................................................................................................................................. 55
Reload system image.................................................................................................................................................56
Filter show commands.............................................................................................................................................. 56
Alias command........................................................................................................................................................... 56
Batch mode................................................................................................................................................................ 60
Linux shell commands................................................................................................................................................ 61
SSH commands.......................................................................................................................................................... 61
OS9 environment commands...................................................................................................................................62
Common commands....................................................................................................................................................... 62
alias.............................................................................................................................................................................. 62
alias (multi-line).......................................................................................................................................................... 64
Contents
3
batch............................................................................................................................................................................64
boot............................................................................................................................................................................. 65
commit........................................................................................................................................................................ 65
congure..................................................................................................................................................................... 65
copy.............................................................................................................................................................................66
default (alias).............................................................................................................................................................. 67
delete........................................................................................................................................................................... 67
description (alias).......................................................................................................................................................68
dir.................................................................................................................................................................................69
discard......................................................................................................................................................................... 69
do................................................................................................................................................................................. 70
feature cong-os9-style............................................................................................................................................70
exit............................................................................................................................................................................... 70
hostname..................................................................................................................................................................... 71
license...........................................................................................................................................................................71
line (alias).....................................................................................................................................................................72
lock...............................................................................................................................................................................72
management route.....................................................................................................................................................72
move............................................................................................................................................................................ 73
no..................................................................................................................................................................................74
reload........................................................................................................................................................................... 74
show alias.................................................................................................................................................................... 74
show boot................................................................................................................................................................... 75
show candidate-conguration.................................................................................................................................. 76
show environment......................................................................................................................................................78
show inventory........................................................................................................................................................... 79
show ip management-route......................................................................................................................................79
show ipv6 management-route................................................................................................................................. 80
show license status................................................................................................................................................... 80
show running-conguration.......................................................................................................................................81
show startup-conguration...................................................................................................................................... 83
show system...............................................................................................................................................................84
show version...............................................................................................................................................................86
start..............................................................................................................................................................................87
system......................................................................................................................................................................... 87
system-cli disable....................................................................................................................................................... 87
system identier.........................................................................................................................................................88
terminal........................................................................................................................................................................88
traceroute................................................................................................................................................................... 88
unlock.......................................................................................................................................................................... 90
write.............................................................................................................................................................................90
2 System management....................................................................................................................................91
OS10 upgrade....................................................................................................................................................................91
Boot system partition................................................................................................................................................ 92
Upgrade commands...................................................................................................................................................93
4
Contents
System banners................................................................................................................................................................97
Login banner............................................................................................................................................................... 97
MOTD banner.............................................................................................................................................................97
System banner commands....................................................................................................................................... 98
User session management..............................................................................................................................................99
User session management commands....................................................................................................................99
Telnet server.................................................................................................................................................................... 101
Telnet commands...................................................................................................................................................... 101
Simple Network Management Protocol...................................................................................................................... 102
MIBs........................................................................................................................................................................... 102
SNMP security models and levels..........................................................................................................................103
SNMPv3....................................................................................................................................................................104
SNMP engine ID....................................................................................................................................................... 104
SNMP groups and users..........................................................................................................................................104
SNMP views............................................................................................................................................................. 104
Congure SNMP...................................................................................................................................................... 104
SNMP commands.................................................................................................................................................... 107
System clock....................................................................................................................................................................117
System Clock commands......................................................................................................................................... 117
Network Time Protocol.................................................................................................................................................. 119
Enable NTP............................................................................................................................................................... 120
Broadcasts.................................................................................................................................................................120
Source IP address......................................................................................................................................................121
Authentication........................................................................................................................................................... 121
Sample NTP conguration...................................................................................................................................... 122
NTP commands........................................................................................................................................................125
Dynamic Host Conguration Protocol......................................................................................................................... 130
Packet format and options......................................................................................................................................130
DHCP server..............................................................................................................................................................131
Automatic address allocation.................................................................................................................................. 132
Hostname resolution................................................................................................................................................ 133
Manual binding entries.............................................................................................................................................134
Conguring a DHCP client on a non-default VRF instance................................................................................ 135
DHCP relay agent.....................................................................................................................................................136
View DHCP Information...........................................................................................................................................137
System domain name and list..................................................................................................................................137
DHCP commands.....................................................................................................................................................138
DNS commands........................................................................................................................................................144
IPv4 DHCP limitations..............................................................................................................................................146
3 Interfaces................................................................................................................................................... 148
Ethernet interfaces........................................................................................................................................................ 148
Unied port groups.........................................................................................................................................................148
Z9264F-ON port-group proles................................................................................................................................... 149
L2 mode conguration....................................................................................................................................................151
L3 mode conguration....................................................................................................................................................151
Contents
5
Fibre Channel interfaces................................................................................................................................................152
Management interface ................................................................................................................................................. 153
VLAN interfaces............................................................................................................................................................. 154
User-congured default VLAN..................................................................................................................................... 154
VLAN scale prole..........................................................................................................................................................155
Loopback interfaces.......................................................................................................................................................155
Port-channel interfaces................................................................................................................................................. 156
Create port-channel.................................................................................................................................................156
Add port member..................................................................................................................................................... 156
Minimum links............................................................................................................................................................157
Assign Port Channel IP Address............................................................................................................................. 157
Remove or disable port-channel.............................................................................................................................158
Load balance trac..................................................................................................................................................158
Change hash algorithm............................................................................................................................................159
Congure interface ranges............................................................................................................................................159
Switch-port proles....................................................................................................................................................... 160
S4148-ON Series port proles.................................................................................................................................161
S4148U-ON port proles..........................................................................................................................................161
Congure breakout mode..............................................................................................................................................163
Breakout auto-conguration......................................................................................................................................... 163
Forward error correction............................................................................................................................................... 164
Energy-ecient Ethernet..............................................................................................................................................165
Enable energy-ecient Ethernet........................................................................................................................... 165
Clear EEE counters.................................................................................................................................................. 166
View EEE status/statistics......................................................................................................................................166
EEE commands.........................................................................................................................................................167
View interface conguration......................................................................................................................................... 170
Digital optical monitoring................................................................................................................................................173
Enable DOM and DOM traps...................................................................................................................................174
Interface commands.......................................................................................................................................................175
channel-group........................................................................................................................................................... 175
default vlan-id........................................................................................................................................................... 175
description (Interface)............................................................................................................................................. 176
duplex.........................................................................................................................................................................176
enable dom................................................................................................................................................................ 177
enable dom traps...................................................................................................................................................... 177
feature auto-breakout.............................................................................................................................................. 178
fec...............................................................................................................................................................................178
interface breakout.................................................................................................................................................... 179
interface ethernet.....................................................................................................................................................179
interface loopback.................................................................................................................................................... 179
interface mgmt......................................................................................................................................................... 180
interface null..............................................................................................................................................................180
interface port-channel.............................................................................................................................................. 181
interface range...........................................................................................................................................................181
6
Contents
interface vlan.............................................................................................................................................................182
link-bundle-utilization............................................................................................................................................... 182
mode.......................................................................................................................................................................... 182
mode l3...................................................................................................................................................................... 183
mtu............................................................................................................................................................................. 184
port mode Eth...........................................................................................................................................................184
port-group................................................................................................................................................................. 185
prole......................................................................................................................................................................... 185
scale-prole vlan.......................................................................................................................................................186
show interface.......................................................................................................................................................... 186
show inventory media.............................................................................................................................................. 188
show link-bundle-utilization.....................................................................................................................................188
show port-channel summary.................................................................................................................................. 189
show port-group.......................................................................................................................................................190
show switch-port-prole..........................................................................................................................................191
show system.............................................................................................................................................................. 191
show vlan...................................................................................................................................................................192
shutdown...................................................................................................................................................................192
speed (Fibre Channel)............................................................................................................................................. 193
speed (Management).............................................................................................................................................. 193
switch-port-prole....................................................................................................................................................194
switchport access vlan............................................................................................................................................ 196
switchport mode...................................................................................................................................................... 196
switchport trunk allowed vlan................................................................................................................................. 197
4 Fibre Channel............................................................................................................................................. 198
Terminology.....................................................................................................................................................................199
Virtual fabric....................................................................................................................................................................199
Fibre Channel zoning.....................................................................................................................................................202
F_Port on Ethernet....................................................................................................................................................... 203
Pinning FCoE trac to a specic port of a port-channel.........................................................................................204
Sample FSB conguration on VLT network......................................................................................................... 206
Sample FC Switch conguration on VLT network...............................................................................................208
Sample FSB conguration on non-VLT network..................................................................................................209
Sample FC Switch conguration on non-VLT network........................................................................................ 211
Multi-hop FIP-snooping bridge..................................................................................................................................... 212
Conguration notes..................................................................................................................................................213
Congure multi-hop FSB.........................................................................................................................................213
Verify multi-hop FSB conguration........................................................................................................................218
Sample Multi-hop FSB conguration.....................................................................................................................219
Conguration guidelines................................................................................................................................................232
F_Port commands......................................................................................................................................................... 232
fc alias........................................................................................................................................................................232
fc zone...................................................................................................................................................................... 232
fc zoneset................................................................................................................................................................. 233
feature fc.................................................................................................................................................................. 233
Contents
7
member (alias)..........................................................................................................................................................233
member (zone).........................................................................................................................................................234
member (zoneset)................................................................................................................................................... 234
show fc alias............................................................................................................................................................. 235
show fc interface-area-id mapping........................................................................................................................235
show fc ns switch....................................................................................................................................................235
show fc zone............................................................................................................................................................236
show fc zoneset.......................................................................................................................................................237
zone default-zone permit........................................................................................................................................238
zoneset activate.......................................................................................................................................................238
NPG commands.............................................................................................................................................................239
fc port-mode F.........................................................................................................................................................239
feature fc npg...........................................................................................................................................................239
show npg devices.................................................................................................................................................... 239
F_Port and NPG commands........................................................................................................................................ 240
clear fc statistics......................................................................................................................................................240
fcoe ........................................................................................................................................................................... 241
name...........................................................................................................................................................................241
show fc statistics.....................................................................................................................................................242
show fc switch......................................................................................................................................................... 242
show running-cong vfabric...................................................................................................................................243
show vfabric............................................................................................................................................................. 243
vfabric....................................................................................................................................................................... 244
vfabric (interface)....................................................................................................................................................244
vlan............................................................................................................................................................................ 244
FIP-snooping commands.............................................................................................................................................. 245
feature p-snooping................................................................................................................................................ 245
p-snooping enable................................................................................................................................................. 245
p-snooping fc-map................................................................................................................................................246
p-snooping port-mode..........................................................................................................................................246
FCoE commands............................................................................................................................................................247
clear fcoe database..................................................................................................................................................247
clear fcoe statistics..................................................................................................................................................247
fcoe-pinned-port .................................................................................................................................................... 248
fcoe max-sessions-per-enodemac........................................................................................................................ 248
fcoe priority-bits.......................................................................................................................................................248
lldp tlv-select dcbxp-appln fcoe.............................................................................................................................249
show fcoe enode..................................................................................................................................................... 249
show fcoe fcf........................................................................................................................................................... 250
show fcoe pinned-port........................................................................................................................................... 250
show fcoe sessions.................................................................................................................................................. 251
show fcoe statistics................................................................................................................................................. 251
show fcoe system....................................................................................................................................................252
show fcoe vlan......................................................................................................................................................... 252
5 Layer 2...................................................................................................................................................... 253
8
Contents
802.1X..............................................................................................................................................................................253
Port authentication..................................................................................................................................................254
EAP over RADIUS....................................................................................................................................................255
Congure 802.1X......................................................................................................................................................255
Enable 802.1X........................................................................................................................................................... 256
Identity retransmissions...........................................................................................................................................257
Failure quiet period.................................................................................................................................................. 258
Port control mode....................................................................................................................................................258
Reauthenticate port................................................................................................................................................ 259
Congure timeouts..................................................................................................................................................260
802.1X commands.................................................................................................................................................... 261
Far-end failure detection...............................................................................................................................................265
Enable FEFD globally............................................................................................................................................... 267
Enable FEFD on interface.......................................................................................................................................268
Reset FEFD err-disabled interface........................................................................................................................ 268
Display FEFD information........................................................................................................................................268
FEFD Commands.....................................................................................................................................................269
Link Aggregation Control Protocol...............................................................................................................................272
Modes........................................................................................................................................................................272
Conguration............................................................................................................................................................ 273
Interfaces.................................................................................................................................................................. 273
Rates..........................................................................................................................................................................274
Sample conguration............................................................................................................................................... 274
LACP fallback........................................................................................................................................................... 278
LACP commands.....................................................................................................................................................280
Link Layer Discovery Protocol...................................................................................................................................... 287
Protocol data units...................................................................................................................................................288
Optional TLVs........................................................................................................................................................... 289
Organizationally-specic TLVs............................................................................................................................... 289
Media endpoint discovery.......................................................................................................................................292
Network connectivity device................................................................................................................................. 292
LLDP-MED capabilities TLV................................................................................................................................... 293
Network policies TLVs.............................................................................................................................................294
Dene network policies...........................................................................................................................................294
Packet timer values.................................................................................................................................................295
Disable and re-enable LLDP .................................................................................................................................. 295
Disable and re-enable LLDP on management ports............................................................................................296
Advertise TLVs......................................................................................................................................................... 297
Network policy advertisement............................................................................................................................... 297
Fast start repeat count........................................................................................................................................... 298
View LLDP conguration........................................................................................................................................ 298
Adjacent agent advertisements............................................................................................................................. 299
Time to live............................................................................................................................................................... 300
LLDP commands...................................................................................................................................................... 301
Media Access Control.................................................................................................................................................... 312
Contents
9
Static MAC Address.................................................................................................................................................313
MAC Address Table.................................................................................................................................................. 313
Clear MAC Address Table........................................................................................................................................ 313
MAC Commands...................................................................................................................................................... 314
Multiple Spanning-Tree.................................................................................................................................................. 316
Congure MSTP....................................................................................................................................................... 317
Create instances....................................................................................................................................................... 318
Root selection........................................................................................................................................................... 319
Non-Dell EMC hardware.........................................................................................................................................320
Region name or revision..........................................................................................................................................320
Modify parameters.................................................................................................................................................. 320
Interface parameters................................................................................................................................................321
EdgePort Forward trac........................................................................................................................................322
Spanning-tree extensions....................................................................................................................................... 322
Recover BPDU guard error disabled ports........................................................................................................... 324
Setting spanning-tree link type for rapid state transitions..................................................................................325
MAC ush optimization...........................................................................................................................................325
MST commands.......................................................................................................................................................327
Rapid per-VLAN spanning-tree plus............................................................................................................................339
Load balance and root selection............................................................................................................................ 340
Enable RPVST+........................................................................................................................................................340
Select root bridge..................................................................................................................................................... 341
Root assignment...................................................................................................................................................... 342
Loop guard................................................................................................................................................................343
Global parameters....................................................................................................................................................343
Setting spanning-tree link type for rapid state transitions..................................................................................344
MAC ush optimization...........................................................................................................................................344
RPVST+ commands................................................................................................................................................ 344
Rapid Spanning-Tree Protocol......................................................................................................................................353
Enable globally..........................................................................................................................................................353
Global parameters....................................................................................................................................................355
Interface parameters...............................................................................................................................................356
Root bridge selection...............................................................................................................................................357
EdgePort forward trac.........................................................................................................................................357
Spanning-tree extensions.......................................................................................................................................358
Setting spanning-tree link type for rapid state transitions................................................................................. 359
MAC ush optimization...........................................................................................................................................360
RSTP commands.....................................................................................................................................................360
Virtual LANs....................................................................................................................................................................367
Default VLAN............................................................................................................................................................367
Create or remove VLANs........................................................................................................................................368
Access mode............................................................................................................................................................369
Trunk mode............................................................................................................................................................... 370
Assign IP address..................................................................................................................................................... 370
View VLAN conguration........................................................................................................................................ 371
10
Contents
VLAN commands..................................................................................................................................................... 373
Port monitoring...............................................................................................................................................................374
Local port monitoring...............................................................................................................................................374
Remote port monitoring..........................................................................................................................................375
Encapsulated remote port monitoring................................................................................................................... 377
Flow-based monitoring............................................................................................................................................378
Remote port monitoring on VLT.............................................................................................................................379
Port monitoring commands.....................................................................................................................................381
6 Layer 3...................................................................................................................................................... 386
Virtual routing and forwarding......................................................................................................................................386
Congure management VRF..................................................................................................................................386
Congure non-default VRF instances...................................................................................................................388
VRF conguration.....................................................................................................................................................391
View VRF instance information..............................................................................................................................395
Static route leaking..................................................................................................................................................396
VRF commands....................................................................................................................................................... 399
Bidirectional Forwarding Detection..............................................................................................................................407
BFD session states.................................................................................................................................................. 408
BFD three-way handshake..................................................................................................................................... 409
BFD conguration.....................................................................................................................................................410
Congure BFD globally............................................................................................................................................ 410
BFD for BGP..............................................................................................................................................................411
BFD for OSPF...........................................................................................................................................................415
BFD for Static route................................................................................................................................................ 420
BFD commands........................................................................................................................................................422
Border Gateway Protocol............................................................................................................................................. 429
Sessions and peers..................................................................................................................................................430
Route reectors....................................................................................................................................................... 430
Multiprotocol BGP....................................................................................................................................................431
Attributes...................................................................................................................................................................431
Selection criteria...................................................................................................................................................... 432
Weight and local preference...................................................................................................................................433
Multiexit discriminators........................................................................................................................................... 433
Origin......................................................................................................................................................................... 434
AS path and next-hop............................................................................................................................................. 434
Best path selection..................................................................................................................................................434
More path support...................................................................................................................................................435
Advertise cost.......................................................................................................................................................... 436
4-Byte AS numbers................................................................................................................................................. 436
AS number migration...............................................................................................................................................436
Congure Border Gateway Protocol......................................................................................................................437
Enable BGP...............................................................................................................................................................438
Congure Dual Stack...............................................................................................................................................440
Congure administrative distance......................................................................................................................... 440
Peer templates..........................................................................................................................................................441
Contents
11
Neighbor fall-over....................................................................................................................................................445
Congure password.................................................................................................................................................446
Fast external fallover............................................................................................................................................... 448
Passive peering........................................................................................................................................................ 449
Local AS.................................................................................................................................................................... 450
AS number limit.........................................................................................................................................................451
Redistribute routes.................................................................................................................................................. 452
Additional paths....................................................................................................................................................... 452
MED attributes.........................................................................................................................................................452
Local preference attribute...................................................................................................................................... 453
Weight attribute.......................................................................................................................................................454
Enable multipath...................................................................................................................................................... 454
Route-map lters.....................................................................................................................................................454
Route reector clusters.......................................................................................................................................... 455
Aggregate routes..................................................................................................................................................... 456
Confederations.........................................................................................................................................................456
Route dampening.....................................................................................................................................................457
Timers....................................................................................................................................................................... 458
Neighbor soft-reconguration............................................................................................................................... 459
BGP commands.......................................................................................................................................................459
Equal cost multi-path.................................................................................................................................................... 493
Load balancing......................................................................................................................................................... 493
Maximum ECMP groups and paths.......................................................................................................................497
ECMP commands....................................................................................................................................................497
IPv4 routing.................................................................................................................................................................... 502
Assign interface IP address.................................................................................................................................... 502
Congure static routing.......................................................................................................................................... 503
Address Resolution Protocol.................................................................................................................................. 504
IPv4 routing commands..........................................................................................................................................504
IPv6 routing....................................................................................................................................................................509
Enable or disable IPv6.............................................................................................................................................509
IPv6 addresses..........................................................................................................................................................510
Stateless autoconguration.....................................................................................................................................512
Neighbor Discovery..................................................................................................................................................512
Duplicate address discovery....................................................................................................................................514
Static IPv6 routing....................................................................................................................................................514
IPv6 destination unreachable..................................................................................................................................515
IPv6 hop-by-hop options.........................................................................................................................................515
View IPv6 information..............................................................................................................................................515
IPv6 commands........................................................................................................................................................516
Open shortest path rst............................................................................................................................................... 528
Autonomous system areas......................................................................................................................................528
Areas, networks, and neighbors.............................................................................................................................529
Router types.............................................................................................................................................................529
Designated and backup designated routers......................................................................................................... 530
12
Contents
Link-state advertisements.......................................................................................................................................531
Router priority.......................................................................................................................................................... 532
Shortest path rst throttling.................................................................................................................................. 532
OSPFv2.....................................................................................................................................................................534
OSPFv3.....................................................................................................................................................................567
Object tracking manager...............................................................................................................................................587
Interface tracking.....................................................................................................................................................588
Host tracking............................................................................................................................................................589
Set tracking delays.................................................................................................................................................. 590
Object tracking........................................................................................................................................................ 590
View tracked objects...............................................................................................................................................590
OTM commands.......................................................................................................................................................591
Policy-based routing......................................................................................................................................................594
Policy-based route-maps........................................................................................................................................594
Access-list to match route-map............................................................................................................................ 594
Set address to match route-map...........................................................................................................................594
Assign route-map to interface............................................................................................................................... 595
View PBR information.............................................................................................................................................595
Policy-based routing per VRF................................................................................................................................ 596
Conguring PBR per VRF.......................................................................................................................................596
Sample conguration...............................................................................................................................................597
Track route reachability........................................................................................................................................... 597
Use PBR to permit and block specic trac....................................................................................................... 598
View PBR conguration..........................................................................................................................................599
PBR commands....................................................................................................................................................... 599
Virtual Router Redundancy Protocol...........................................................................................................................603
Conguration............................................................................................................................................................603
Create virtual router................................................................................................................................................ 604
Group version...........................................................................................................................................................604
Virtual IP addresses.................................................................................................................................................605
Congure virtual IP address................................................................................................................................... 605
Congure virtual IP address in a VRF................................................................................................................... 606
Set group priority..................................................................................................................................................... 607
Authentication..........................................................................................................................................................608
Disable preempt....................................................................................................................................................... 608
Advertisement interval............................................................................................................................................609
Interface/object tracking.........................................................................................................................................610
Congure tracking....................................................................................................................................................610
VRRP commands...................................................................................................................................................... 611
7 Multicast.................................................................................................................................................... 617
Important notes.............................................................................................................................................................. 617
Congure multicast routing........................................................................................................................................... 617
Unknown multicast ood control..................................................................................................................................618
Enable multicast ood control................................................................................................................................ 619
Multicast Commands.....................................................................................................................................................619
Contents
13
multicast snooping ood-restrict........................................................................................................................... 619
Internet Group Management Protocol........................................................................................................................620
Standards compliance.............................................................................................................................................620
Important notes........................................................................................................................................................ 621
Supported IGMP versions....................................................................................................................................... 621
Query interval............................................................................................................................................................621
Last member query interval.....................................................................................................................................621
Maximum response time..........................................................................................................................................621
IGMP immediate leave............................................................................................................................................ 622
Select an IGMP version.......................................................................................................................................... 622
View IGMP-enabled interfaces and groups..........................................................................................................622
IGMP snooping.........................................................................................................................................................623
IGMP commands.....................................................................................................................................................625
Multicast Listener Discovery Protocol........................................................................................................................ 635
MLD snooping..........................................................................................................................................................636
MLD snooping commands...................................................................................................................................... 637
Protocol Independent Multicast...................................................................................................................................644
PIM terminology.......................................................................................................................................................644
Standards compliance.............................................................................................................................................645
PIM-SM.................................................................................................................................................................... 645
PIM-SSM..................................................................................................................................................................645
Expiry timers for S, G entries................................................................................................................................. 646
Static rendezvous point.......................................................................................................................................... 646
Designated router.................................................................................................................................................... 647
PIM commands........................................................................................................................................................ 647
PIM-SM sample conguration............................................................................................................................... 655
PIM-SSM sample conguration.............................................................................................................................660
Multicast VRF sample conguration..................................................................................................................... 664
Multicast support on VLT........................................................................................................................................673
8 VXLAN ......................................................................................................................................................679
VXLAN concepts........................................................................................................................................................... 679
VXLAN as NVO solution............................................................................................................................................... 680
Congure VXLAN........................................................................................................................................................... 681
Congure source IP address on VTEP...................................................................................................................681
Congure a VXLAN virtual network......................................................................................................................682
Congure VLAN-tagged access ports..................................................................................................................682
Congure untagged access ports..........................................................................................................................683
Enable overlay routing between virtual networks................................................................................................684
Advertise VXLAN source IP address ....................................................................................................................686
Congure VLT.......................................................................................................................................................... 686
L3 VXLAN route scaling ...............................................................................................................................................687
DHCP relay on VTEPs ..................................................................................................................................................688
View VXLAN conguration...........................................................................................................................................689
VXLAN MAC addresses.................................................................................................................................................691
VXLAN commands........................................................................................................................................................ 693
14
Contents
hardware overlay-routing-prole............................................................................................................................693
interface virtual-network........................................................................................................................................ 694
ip virtual-router address..........................................................................................................................................695
ip virtual-router mac-address.................................................................................................................................695
member-interface....................................................................................................................................................695
nve.............................................................................................................................................................................696
remote-vtep............................................................................................................................................................. 696
show hardware overlay-routing-prole mode.......................................................................................................697
show interface virtual-network.............................................................................................................................. 697
show nve remote-vtep............................................................................................................................................698
show nve remote-vtep counters........................................................................................................................... 699
show nve vxlan-vni..................................................................................................................................................699
show virtual-network.............................................................................................................................................. 699
show virtual-network counters.............................................................................................................................. 700
show virtual-network interface counters..............................................................................................................700
show virtual-network interface...............................................................................................................................701
show virtual-network vlan...................................................................................................................................... 702
show vlan (virtual network)....................................................................................................................................702
source-interface loopback...................................................................................................................................... 702
virtual-network.........................................................................................................................................................703
virtual-network untagged-vlan...............................................................................................................................703
vxlan-vni....................................................................................................................................................................704
VXLAN MAC commands.............................................................................................................................................. 704
clear mac address-table dynamic nve remote-vtep............................................................................................ 704
clear mac address-table dynamic virtual-network...............................................................................................705
show mac address-table count extended.............................................................................................................705
show mac address-table count nve.......................................................................................................................706
show mac address-table count virtual-network...................................................................................................707
show mac address-table extended........................................................................................................................ 707
show mac address-table nve..................................................................................................................................708
show mac address-table virtual-network............................................................................................................. 709
Example: VXLAN with static VTEP..............................................................................................................................710
VTEP 1 Leaf Switch...................................................................................................................................................711
VTEP 2 Leaf Switch................................................................................................................................................. 713
VTEP 3 Leaf Switch.................................................................................................................................................716
VTEP 4 Leaf Switch.................................................................................................................................................718
Spine Switch 1........................................................................................................................................................... 721
Spine Switch 2......................................................................................................................................................... 722
BGP EVPN for VXLAN..................................................................................................................................................722
BGP EVPN compared to static VXLAN................................................................................................................723
VXLAN BGP EVPN operation................................................................................................................................ 723
Congure BGP EVPN for VXLAN..........................................................................................................................726
VXLAN BGP EVPN routing.................................................................................................................................... 729
BGP EVPN with VLT............................................................................................................................................... 730
VXLAN BGP commands.......................................................................................................................................... 731
Contents
15
VXLAN EVPN commands.......................................................................................................................................734
Example: VXLAN with BGP EVPN......................................................................................................................... 741
Controller-provisioned VXLAN......................................................................................................................................761
Conguration notes................................................................................................................................................. 762
Controller-provisioned VXLAN operations............................................................................................................762
Steps to congure controller-provisioned VXLAN...............................................................................................763
Congure and control VXLAN from VMware vCenter....................................................................................... 766
Example: VXLAN with a controller conguration.................................................................................................769
VXLAN Controller commands................................................................................................................................ 773
9 UFT modes................................................................................................................................................ 780
Congure UFT modes................................................................................................................................................... 782
IPv6 extended prex routes....................................................................................................................................782
UFT commands..............................................................................................................................................................783
hardware forwarding-table mode...........................................................................................................................783
hardware l3 ipv6-extended-prex .........................................................................................................................783
show hardware forwarding-table mode................................................................................................................ 784
show hardware forwarding-table mode all............................................................................................................784
show hardware l3.....................................................................................................................................................784
10 Security....................................................................................................................................................786
User re-authentication...................................................................................................................................................787
Password strength.........................................................................................................................................................787
Role-based access control............................................................................................................................................ 787
Assign user role.............................................................................................................................................................. 788
Bootloader Protection................................................................................................................................................... 788
Linuxadmin User Conguration.................................................................................................................................... 789
RADIUS authentication................................................................................................................................................. 790
RADIUS over TLS authentication................................................................................................................................. 791
TACACS+ authentication..............................................................................................................................................792
Unknown user role......................................................................................................................................................... 793
SSH server......................................................................................................................................................................793
Virtual terminal line........................................................................................................................................................ 794
Control access to VTY............................................................................................................................................ 794
Enable AAA accounting.................................................................................................................................................795
Enable user lockout....................................................................................................................................................... 795
Limit concurrent login sessions.................................................................................................................................... 796
Enable login statistics....................................................................................................................................................796
Privilege levels overview................................................................................................................................................797
Congure privilege levels for users........................................................................................................................ 797
Congure enable password.................................................................................................................................... 798
Audit log..........................................................................................................................................................................799
Security commands.......................................................................................................................................................800
aaa accounting.........................................................................................................................................................800
aaa authentication login...........................................................................................................................................801
aaa re-authenticate enable......................................................................................................................................801
16
Contents
boot protect disable username.............................................................................................................................. 802
boot protect enable username password............................................................................................................. 802
clear logging audit....................................................................................................................................................803
crypto ssh-key generate......................................................................................................................................... 803
disable....................................................................................................................................................................... 804
enable........................................................................................................................................................................804
enable password...................................................................................................................................................... 805
ip access-class.........................................................................................................................................................805
ip radius source-interface....................................................................................................................................... 806
ip tacacs source-interface......................................................................................................................................806
ipv6 access-class.....................................................................................................................................................807
ip ssh server challenge-response-authentication................................................................................................ 807
ip ssh server cipher..................................................................................................................................................807
ip ssh server enable.................................................................................................................................................808
ip ssh server hostbased-authentication................................................................................................................808
ip ssh server kex...................................................................................................................................................... 809
ip ssh server mac.....................................................................................................................................................809
ip ssh server password-authentication..................................................................................................................810
ip ssh server port.......................................................................................................................................................811
ip ssh server pubkey-authentication.......................................................................................................................811
ip ssh server vrf.........................................................................................................................................................811
line vty........................................................................................................................................................................812
logging audit enable..................................................................................................................................................812
login concurrent-session limit..................................................................................................................................812
login-statistics enable...............................................................................................................................................813
password-attributes................................................................................................................................................. 813
password-attributes max-retry lockout-period.....................................................................................................814
privilege......................................................................................................................................................................814
radius-server host.................................................................................................................................................... 815
radius-server host tls............................................................................................................................................... 816
radius-server retransmit...........................................................................................................................................817
radius-server timeout............................................................................................................................................... 817
radius-server vrf....................................................................................................................................................... 817
show boot protect....................................................................................................................................................818
show crypto ssh-key................................................................................................................................................818
show ip ssh................................................................................................................................................................819
show logging audit....................................................................................................................................................819
show login-statistics................................................................................................................................................820
show privilege........................................................................................................................................................... 821
show running-conguration privilege.....................................................................................................................821
show users................................................................................................................................................................ 821
system-user linuxadmin disable..............................................................................................................................822
system-user linuxadmin password.........................................................................................................................822
tacacs-server host...................................................................................................................................................823
tacacs-server timeout.............................................................................................................................................823
Contents
17
tacacs-server vrf..................................................................................................................................................... 824
username password role......................................................................................................................................... 824
username sshkey..................................................................................................................................................... 825
username sshkey lename......................................................................................................................................826
userrole inherit..........................................................................................................................................................826
X.509v3 certicates...................................................................................................................................................... 827
X.509v3 concepts....................................................................................................................................................828
Public key infrastructure......................................................................................................................................... 828
Manage CA certicates.......................................................................................................................................... 829
Request and install host certicates...................................................................................................................... 831
Self-signed certicates .......................................................................................................................................... 834
Security proles....................................................................................................................................................... 836
Cluster security........................................................................................................................................................ 837
X.509v3 commands................................................................................................................................................ 838
Example: Congure RADIUS over TLS with X.509v3 certicates.................................................................... 846
11 OpenFlow..................................................................................................................................................847
OpenFlow logical switch instance................................................................................................................................848
OpenFlow controller...................................................................................................................................................... 848
OpenFlow version 1.3.................................................................................................................................................... 848
Ports..........................................................................................................................................................................848
Flow table................................................................................................................................................................. 849
Group table...............................................................................................................................................................849
Meter table............................................................................................................................................................... 849
Instructions...............................................................................................................................................................849
Action set................................................................................................................................................................. 850
Action types............................................................................................................................................................. 850
Counters.................................................................................................................................................................... 851
OpenFlow protocol.................................................................................................................................................. 852
OpenFlow use cases..................................................................................................................................................... 866
Congure OpenFlow..................................................................................................................................................... 866
Establish TLS connection........................................................................................................................................867
OpenFlow commands................................................................................................................................................... 868
controller...................................................................................................................................................................868
dpid-mac-address....................................................................................................................................................869
in-band-mgmt.......................................................................................................................................................... 869
max-backo..............................................................................................................................................................870
mode openow-only................................................................................................................................................ 870
openow.................................................................................................................................................................... 871
probe-interval............................................................................................................................................................ 871
protocol-version........................................................................................................................................................871
rate-limit packet_in.................................................................................................................................................. 872
show openow......................................................................................................................................................... 873
show openow ows...............................................................................................................................................874
show openow ports............................................................................................................................................... 874
show openow switch.............................................................................................................................................876
18
Contents
show openow switch controllers......................................................................................................................... 876
switch........................................................................................................................................................................ 877
OpenFlow-only mode commands................................................................................................................................ 877
12 Access Control Lists.................................................................................................................................880
IP ACLs........................................................................................................................................................................... 880
MAC ACLs.......................................................................................................................................................................881
Control-plane ACLs........................................................................................................................................................ 881
Control-plane ACL qualiers...................................................................................................................................882
IP fragment handling..................................................................................................................................................... 882
IP fragments ACL.................................................................................................................................................... 883
L3 ACL rules................................................................................................................................................................... 883
Permit ACL with L3 information only.................................................................................................................... 883
Deny ACL with L3 information only.......................................................................................................................883
Permit all packets from host.................................................................................................................................. 884
Permit only rst fragments and non-fragmented packets from host............................................................... 884
Assign sequence number to lter................................................................................................................................ 884
User-provided sequence number.......................................................................................................................... 884
Auto-generated sequence number........................................................................................................................884
Delete ACL rule.............................................................................................................................................................. 885
L2 and L3 ACLs..............................................................................................................................................................885
Assign and apply ACL lters.........................................................................................................................................886
Ingress ACL lters..........................................................................................................................................................887
Egress ACL lters...........................................................................................................................................................887
Clear access-list counters............................................................................................................................................ 888
IP prex-lists...................................................................................................................................................................888
Route-maps....................................................................................................................................................................889
Match routes..................................................................................................................................................................890
Set conditions................................................................................................................................................................ 890
Continue clause.............................................................................................................................................................. 891
ACL ow-based monitoring...........................................................................................................................................891
Flow-based mirroring............................................................................................................................................... 891
Enable ow-based monitoring......................................................................................................................................892
View ACL table utilization report................................................................................................................................. 893
Known behavior....................................................................................................................................................... 894
ACL logging.................................................................................................................................................................... 895
Important notes....................................................................................................................................................... 895
ACL commands..............................................................................................................................................................895
clear ip access-list counters...................................................................................................................................895
clear ipv6 access-list counters...............................................................................................................................896
clear mac access-list counters...............................................................................................................................896
deny........................................................................................................................................................................... 897
deny (IPv6)............................................................................................................................................................... 897
deny (MAC)..............................................................................................................................................................898
deny icmp................................................................................................................................................................. 899
deny icmp (IPv6)..................................................................................................................................................... 899
Contents
19
deny ip.......................................................................................................................................................................900
deny ipv6.................................................................................................................................................................. 900
deny tcp.....................................................................................................................................................................901
deny tcp (IPv6)........................................................................................................................................................902
deny udp................................................................................................................................................................... 903
deny udp (IPv6).......................................................................................................................................................904
description................................................................................................................................................................905
ip access-group....................................................................................................................................................... 905
ip access-list.............................................................................................................................................................905
ip as-path access-list.............................................................................................................................................. 906
ip community-list standard deny............................................................................................................................906
ip community–list standard permit........................................................................................................................ 907
ip extcommunity-list standard deny.......................................................................................................................907
ip extcommunity-list standard permit................................................................................................................... 908
ip prex-list description...........................................................................................................................................908
ip prex-list deny......................................................................................................................................................909
ip prex-list permit...................................................................................................................................................909
ip prex-list seq deny.............................................................................................................................................. 909
ip prex-list seq permit............................................................................................................................................ 910
ipv6 access-group....................................................................................................................................................910
ipv6 access-list..........................................................................................................................................................911
ipv6 prex-list deny...................................................................................................................................................911
ipv6 prex-list description....................................................................................................................................... 912
ipv6 prex-list permit............................................................................................................................................... 912
ipv6 prex-list seq deny...........................................................................................................................................912
ipv6 prex-list seq permit........................................................................................................................................ 913
mac access-group.................................................................................................................................................... 913
mac access-list......................................................................................................................................................... 914
permit.........................................................................................................................................................................914
permit (IPv6)............................................................................................................................................................ 915
permit (MAC)............................................................................................................................................................916
permit icmp............................................................................................................................................................... 916
permit icmp (IPv6)................................................................................................................................................... 917
permit ip.....................................................................................................................................................................918
permit ipv6................................................................................................................................................................ 918
permit tcp..................................................................................................................................................................919
permit tcp (IPv6)..................................................................................................................................................... 920
permit udp................................................................................................................................................................. 921
permit udp (IPv6).................................................................................................................................................... 922
remark....................................................................................................................................................................... 923
seq deny....................................................................................................................................................................923
seq deny (IPv6)........................................................................................................................................................924
seq deny (MAC).......................................................................................................................................................925
seq deny icmp.......................................................................................................................................................... 925
seq deny icmp (IPv6).............................................................................................................................................. 926
20
Contents
/