Dell FCX624-E, FCX624-I, FCX624-S, FCX648-E, FCX648-I, FCX648-S manual

53-1002266-01

18 March 2011

PowerConnect B-Series FCX

Configuration Guide

Contents

Main Page Contents About This Document Chapter 1 Getting Familiar with Management Applications Chapter 2 Configuring Basic Software Features Chapter 3 Operations, Administration, and Maintenance Chapter 4 Software-based Licensing Chapter 5 Stackable Devices Chapter 6 Monitoring Hardware Components Chapter 7 Configuring IPv6 Management on PowerConnect B-Series FCXSwitches Chapter 8 Configuring Spanning Tree Protocol (STP) Related Features Chapter 9 Configuring Basic Layer 2 Features Chapter 10 Configuring Metro Features Chapter 11 Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups Chapter 12 Configuring Trunk Groups and Dynamic Link Aggregation Chapter 13 Configuring Virtual LANs (VLANs) Page Chapter 14 Configuring GARP VLAN Registration Protocol (GVRP) Chapter 15 Configuring MAC-based VLANs Chapter 16 Configuring Rule-Based IP Access Control Lists (ACLs) Chapter 17 Configuring Quality of Service Chapter 18 Configuring Traffic Policies Chapter 19 Configuring Base Layer 3 and Enabling Routing Protocols Chapter 20 Configuring Port Mirroring and Monitoring Chapter 21 Configuring Rate Limiting and Rate Shaping on Chapter 22 Configuring IP Multicast Traffic Reduction for Chapter 24 Configuring LLDP and LLDP-MED Chapter 25 Configuring IP Multicast Protocols Page Chapter 26 Configuring IP Chapter 27 Configuring Multicast Listening Discovery (MLD) Snooping on Chapter 28 Configuring RIP (IPv4) Chapter 29 Configuring OSPF Version 2 (IPv4) Page Chapter 30 Configuring BGP4 (IPv4) Page Chapter 31 Configuring VRRP and VRRPE Chapter 32 Securing Access to Management Functions Page Chapter 33 Configuring SSH2 and SCP Chapter 34 Configuring 802.1X Port Security Chapter 35 Using the MAC Port Security Feature Chapter 36 Configuring Multi-Device Port Authentication Chapter 37 Configuring Web Authentication Chapter 38 Protecting Against Denial of Service Attacks Chapter 39 Inspecting and Tracking DHCP Packets Chapter 40 Securing SNMP Access Chapter 41 Using Syslog Appendix A Network Monitoring Appendix B Software Specifications About This Document Introduction Device nomenclature Audience TABLE 1 Document conventions Text formatting Command syntax conventions Notes, cautions, and danger notices TABLE 2 Notice to the reader Related publications Getting technical help Contacting Dell Page Getting Familiar with Management Applications Using the management port How the management port works CLI Commands for use with the management port Logging on through the CLI On-line help Command completion Scroll control Line editing commands Using stack-unit, slot number, and port number with CLI commands TABLE 4 CLI nomenclature on Stackable devices Searching and filtering output from CLI commands Searching and filtering output from Show commands Searching and filtering output at the --More-- prompt Using special characters in regular expressions Using stack-unit, slot number, and port number with CLI commands 1 TABLE 5 Character Operation Creating an alias for a CLI command TABLE 5 Logging on through the Web Management Interface FIGURE 1 FIGURE 2 Navigating the Web Management Interface Page Page Page Page Configuring Basic Software Features TABLE 6 Feature PowerConnect B-Series FCX Basic System Parameters Basic Port Parameters Configuring basic system parameters Entering system administration information TABLE 6 Configuring Simple Network Management Protocol (SNMP) parameters Specifying an SNMP trap receiver Specifying a single trap source Setting the SNMP trap holddown time Disabling SNMP traps Disabling Syslog messages and traps for CLI access Cancelling an outbound Telnet session Specifying a Simple Network Time Protocol (SNTP) server TABLE 7 Setting the system clock TABLE 8 New start and end dates for US daylight saving time Limiting broadcast, multicast, and unknown unicast traffic Configuration notes and feature limitationss: - - Command syntax for packet-based limiting on PowerConnect B-Series FCX devices Viewing broadcast, multicast, and unknown unicast limits Configuring CLI banners Setting a message of the day banner Requiring users to press the Enter key after the message of the day banner Setting a privileged EXEC CLI level banner Displaying a console message when an incoming Telnet session is detected Configuring a local MAC address for Layer 2 management traffic Configuring basic port parameters Assigning a port name Modifying port speed and duplex mode Enabling auto-negotiation maximum port speed advertisement and down-shift Application notes Enabling port speed down-shift Configuring port speed down-shift and auto-negotiation for a range of ports Configuring maximum port speed advertisement Modifying port duplex mode Configuring MDI/MDIX Disabling or re-enabling a port Configuring flow control Disabling or re-enabling flow control Negotiation and advertisement of flow control Displaying flow-control status Configuring symmetric flow control on PowerConnect B-Series FCX devices About XON and XOFF thresholds Configuration notes and feature limitations for symmetric flow control TABLE 9 - - - Enabling and disabling symmetric flow control Changing the XON and XOFF thresholds Changing the total buffer limits Displaying symmetric flow control status Configuring PHY FIFO Rx and Tx depth Configuring the IPG on PowerConnect Stackable devices Configuring IPG on a 10/100/1000M port Enabling and disabling support for 100BaseTX Enabling and disabling support for 100BaseFX Chassis-based and Stackable devices Changing the Gbps fiber negotiation mode Modifying port priority (QoS) Dynamic configuration of Voice over IP (VoIP) phones Enabling dynamic configuration of a Voice over IP (VoIP) phone Viewing voice VLAN configurations Configuring port flap dampening Configuring port flap dampening on an interface Configuring port flap dampening on a trunk Re-enabling a port disabled by port flap dampening Displaying ports configured with port flap dampening TABLE 10 Syslog messages for port flap dampening TABLE 10 Port loop detection Strict mode and loose mode Recovering disabled ports Enabling loop detection Configuring a global loop detection interval Configuring the device to automatically re-enable ports Specifying the recovery time interval Clearing loop-detection Displaying loop-detection information Displaying loop detection resource information TABLE 11 Syslog message TABLE 11 Operations, Administration, and Maintenance TABLE 12 Determining the software versions installed and running on a device Determining the flash image version running on the device Compact devices Determining the boot image version running on the device Determining the image versions installed in flash memory Flash image verification CLI commands Image file types Viewing the contents of flash files TABLE 13 Using SNMP to upgrade software Using SNMP to upgrade software Changing the block size for TFTP file transfers Rebooting Displaying the boot preference Loading and saving configuration files Replacing the startup configuration with the running configuration Replacing the running configuration with the startup configuration Logging changes to the startup-config file Copying a configuration file to or from a TFTP server Dynamic configuration loading Usage considerations Preparing the configuration file Page Loading the configuration information into the running-config Maximum file sizes for startup-config file and running-config Loading and saving configuration files with IPv6 Using the IPv6 copy command Copying a file to an IPv6 TFTP server Copying a file from flash memory Copying a file from an IPv6 TFTP server Copying a file to flash memory Copying a file to the running or startup configuration Using the IPv6 ncopy command Copying a primary or secondary boot Image from flash memory to an IPv6 TFTP server Copying the running or startup configuration to an IPv6 TFTP server Uploading files from an IPv6 TFTP server Uploading a primary or secondary boot image from an IPv6 TFTP server Uploading a running or startup configuration from an IPv6 TFTP server Using SNMP to save and load configuration information Erasing image and configuration files Scheduling a system reload Reloading at a specific time Reloading after a specific amount of time Displaying the amount of time remaining before a scheduled reload Canceling a scheduled reload Diagnostic error codes and remedies for TFTP transfers Testing network connectivity Pinging an IPv4 address Page Tracing an IPv4 route Software-based Licensing Software license terminology TABLE 14 Software-based licensing overview How software-based licensing works License types Non-licensed features TABLE 15 Licensed features and part numbers Licensing rules General notes PowerConnect B-Series FCX devices TABLE 16 Page Configuration tasks Obtaining a license TABLE 17 Page FIGURE 6 Page FIGURE 8 Installing a license file Using TFTP to install a license file Using Secure Copy (SCP) to install a license Deleting a license Other licensing options available from the Brocade Software Portal Viewing software license information FIGURE 10 Transferring a license Syslog messages and trap information TABLE 18 Viewing information about software licenses Viewing the License ID (LID) TABLE 18 Viewing information about software licenses Viewing the license database TABLE 19 Trial license information Viewing software packages installed in the device TABLE 20 Page Stackable Devices IronStack overview IronStack technology features Stackable models PowerConnect B-Series FCX devices IronStack terminology Stack unit roles: Page Building an IronStack IronStack topologies Mixed unit topologies PowerConnect B-Series FCX stack topologies PowerConnect B-Series FCX Configuration Guide 99 FIGURE 11 FIGURE 12 100 PowerConnect B-Series FCX Configuration Guide FIGURE 13 Device Software requirements IronStack construction methods There are three ways to build an IronStack. 1357911 131517192123 Reset 1 PS Scenario 1 - Configuring a three-member IronStack in a ring topology using secure-setup Page Page Page Page Configuration notes for scenario 2 Page Configuring an FCX IronStack Configuring PowerConnect B-Series FCX stacking ports Changing PowerConnect B-Series FCX-S and CX4 ports from 16 Gbps to 10 Gbps Configuring default ports on FCX devices Changing default stacking port configurations Syntax: [no] stack-port <stack-unit/slotnum/portnum> TABLE 22 Device Slot 1 Slot 2 Slot 3 Slot 4 Using secure-setup to build an FCX IronStack Configuring a default stacking port to function as a data port Use the no form of the command to rever t to the 4-byte Ethernet preamble. Verifying an IronStack configuration Verifying an PowerConnect B-Series FCX IronStack configuration The following output shows an example configuration of an PowerConnect B-Series FCX IronStack. The next example shows output from the show version command for the same FCX stack. Page Managing your IronStack Logging in through the CLI Logging in through Brocade Network Advisor Logging in through the console port Page IronStack management MAC address Manual allocation of the IronStack MAC address Page Removing MAC address entries IronStack unit identification IronStack unit priority CLI command syntax IronStack CLI commands TABLE 23 Stacking mode TABLE 23 Copying the flash image to a stack unit from the Active Controller Reloading a stack unit Controlling stack topology Managing IronStack partitioning Merging IronStacks MIB support for the IronStack Persistent MAC address Page Unconfiguring an IronStack Displaying IronStack information Displaying flash information For stack member 3 only: Table 24 describes the fields displayed in this example. Displaying memory information TABLE 24 Syntax: show memory Table 2 5 describes the fields displayed in this output example. Displaying chassis information TABLE 25 Syntax: show chassis Table 2 6 describes the fields displayed in this output example. Displaying stack module information TABLE 26 Displaying stack resource information Displaying stack information TABLE 27 TABLE 28 If you add a stack member ID, output is displayed for that member only. If you add detail to the show stack command, output resembles the following. Displaying stack flash information TABLE 29 TABLE 30 Syntax: show stack flash Displaying stack rel-IPC statistics Use the show stack rel-ipc stats command to display session statistics for stack units. TABLE 31 Page Page Syntax: show stack rel-ipc stats Displaying stack rel-IPC statistics for a specific stack unit To display IPC statistics for a specific unit, enter the following command: Syntax: show stack rel-ipc unit num Displaying stack neighbors Syntax: show stack neighbors The show stack neighbors command displays information about stack member neighbors. Table 3 2 describes the output from the show stack neighbors command. Displaying stack port information The show stack stack-ports command displays information about stack port status. Displaying running configuration information The show running-config command displays information about the current stack configuration. TABLE 32 Displaying configured stacking ports Displaying software version information TABLE 34 Syntax: show version Displaying stacking port interface information Displaying stacking port statistics TABLE 35 Adding, removing, or replacing units in an IronStack Installing a new unit in an IronStack using secure-setup Installing a new unit using static configuration TABLE 36 Removing a unit from an IronStack Replacing an IronStack unit Moving a unit to another stack Removing an Active Controller from a powered stack Renumbering stack units Syslog, SNMP, and traps Configuring SNMP for an IronStack SNMP engine IDs for stackable devices Troubleshooting an IronStack Troubleshooting an unsuccessful stack build Troubleshooting image copy issues Stack mismatches Image mismatches Advanced feature privileges (PowerConnect B-Series FCX ) Major mismatch Minor mismatch Configuration mismatch Memory allocation failure Recovering from a mismatch Troubleshooting secure-setup Troubleshooting unit replacement issues More about IronStack technology Configuration, startup configuration files and stacking flash IronStack topologies Port down and aging Device roles and elections Active Controller Standby Controller Bootup role Active Controller and Standby Controller elections Active Controller and Standby Controller resets Selecting a standby unit Standby Controller election criteria PowerConnect B-Series FCX hitless stacking Supported events Non-supported events Supported protocols and services Page Page What happens during a hitless stacking switchover or failover Real-time synchronization among all PowerConnect B-Series FCX units in a stack How a Hitless switchover or failover impacts system functions Standby Controller role in hitless stacking Standby Controller election Runtime configuration mismatch Support during stack formation, stack merge, and stack split 170 PowerConnect B-Series FCX Configuration Guide End of Stage 2 Existing stack (after write mem and reload) FIGURE 15 Device stack formation New Stack FCX stack formation End of Stage 1 FIGURE 16 Device stack merge when the old Active controller comes back up Device stack merge 172 PowerConnect B-Series FCX Configuration Guide Figure 17 illustrates hitless stacking support in a stack split. FIGURE 17 stack split The stack splits into one operational stack and two orphan units. The stack splits into two operational stacks. Hitless stacking default behavior Enabling hitless stacking Displaying hitless stacking status Displaying pending device roles Hitless stacking failover Enabling hitless failover Hitless stacking failover example FIGURE 18 Hitless stacking switchover Executing a hitless stacking switchover Hitless stacking switchover examples FIGURE 19 FIGURE 20 . Active controller comes back (in a stack with user-assigned priorities) 180 PowerConnect B-Series FCX Configuration Guide FIGURE 21 Device stack priority change - Scenario 1 Priority 200 assigned to Unit 2 (Standby) The priority change triggers re-election of the Active controller The Standby controller is re-assigned and a switchover occurs. Stages 1 and 2 are bypassed. FIGURE 22 Device stack priority change - Scenario 2 182 PowerConnect B-Series FCX Configuration Guide FIGURE 23 Standby re-assigned Priority 150 assigned to Unit 3 (Member 3) Priority 200 assigned to Unit 4 (Member 4) The priority change triggers re-election of the Active controller Standby re-assigned Displaying information about hitless stacking Syslog messages for hitless stacking failover and switchover TABLE 38 Displaying hitless stacking diagnostic information Syntax: debug stacking sync_rel_msg <num> Page Page Page Monitoring Hardware Components Virtual cable testing TABLE 39 Viewing the results of the cable analysis FIGURE 24 TABLE 40 RJ-45 JACK T568A STANDARD PC STRAIGHT-THRU HUB Supported Fiber Optic Transceivers TABLE 41 TABLE 42 Label Manufacturing part number Type Dell part number Supports Digital Optical Monitoring? Digital optical monitoring Configuration limitations Enabling digital optical monitoring TABLE 42 Setting the alarm interval Displaying information about installed media Digital optical monitoring Use the show media slot command to obtain information about the media device installed in a slot. Syntax: show media [slot <slot-num> | ethernet [<slot-num>/]<port-num>] Viewing optical monitoring information TABLE 43 TABLE 44 Viewing optical transceiver thresholds Syslog messages Configuring IPv6 Management on PowerConnect B-Series FCXSwitches TABLE 45 IPv6 management overview IPv6 addressing FIGURE 25 Enabling and disabling IPv6 IPv6 management features IPv6 management ACLs IPv6 debug IPv6 Web management using HTTP and HTTPS Restricting web access IPv6 logging Specifying an IPv6 Syslog server Name-to-IPv6 address resolution using IPv6 DNS server Defining an IPv6 DNS entry IPv6 ping SNTP over IPv6 SNMP3 over IPv6 Specifying an IPv6 SNMP trap receiver Secure Shell, SCP, and IPv6 IPv6 Telnet Establishing a Telnet session from an IPv6 host IPv6 traceroute IPv6 management commands Page Configuring Spanning Tree Protocol (STP) Related Features STP overview TABLE 46 Configuring standard STP parameters STP parameters and defaults TABLE 47 TABLE 48 Enabling or disabling the Spanning Tree Protocol (STP) TABLE 49 TABLE 48 Enabling or disabling STP globally Changing STP bridge and port parameters Changing STP bridge parameters Changing STP port parameters STP protection enhancement Enabling STP protection Clearing BPDU drop counters Viewing the STP Protection Configuration Displaying STP information Displaying STP information for an entire device Configuring standard STP parameters TABLE 50 Global STP parameters Port STP parameters Configuring standard STP parameters 8 Displaying CPU utilization statistics TABLE 50 Displaying the STP state of a port-based VLAN Page TABLE 51 Configuring standard STP parameters 8 TABLE 51 Displaying STP state information for an individual interface Configuring STP related features Fast port span Disabling and re-enabling fast port span Excluding specific ports from fast port span Fast Uplink Span Active uplink port failure Switchover to the active uplink port Fast Uplink Span Rules for Trunk Groups Configuring a Fast Uplink Port Group 802.1W Rapid Spanning Tree (RSTP) Bridges and bridge port roles Page FIGURE 26 Edge ports and edge port roles FIGURE 27 Point-to-point ports FIGURE 28 Bridge port states Edge port and non-edge port states Changes to port roles and states FIGURE 29 FIGURE 30 FIGURE 31 FIGURE 32 FIGURE 33 240 PowerConnect B-Series FCX Configuration Guide FIGURE 34 PowerConnect B-Series FCX Configuration Guide 241 FIGURE 37 FIGURE 38 Convergence in a simple topology FIGURE 39 FIGURE 40 FIGURE 41 Convergence after a link failure FIGURE 42 Convergence at link restoration Page Convergence in a complex 802.1W topology FIGURE 43 Page FIGURE 44 Propagation of topology change FIGURE 45 254 PowerConnect B-Series FCX Configuration Guide FIGURE 46 FIGURE 47 Compatibility of 802.1W with 802.1D FIGURE 48 Configuring 802.1W parameters on a Dell PowerConnect device Switch 10 Switch 20 Switch 30 802.1W 802.1D 802.1W Page TABLE 52 Displaying information about 802-1W TABLE 53 Bridge IEEE 802.1W parameters TABLE 53 Page TABLE 54 Page 802.1W Draft 3 FIGURE 49 FIGURE 50 X Reconvergence time Enabling 802.1W Draft 3 Single Spanning Tree (SSTP) SSTP defaults Enabling SSTP Displaying SSTP information STP per VLAN group FIGURE 51 STP load balancing Configuring STP per VLAN group Page Configuration example for STP load sharing FIGURE 52 PVST/PVST+ compatibility Overview of PVST and PVST+ FIGURE 53 VLAN tags and dual mode Configuring PVST+ support Enabling PVST+ support manually Enabling dual-mode support Displaying PVST+ support information Configuration examples Tagged port using default VLAN 1 as its port native VLAN FIGURE 54 TABLE 55 Untagged port using VLAN 2 as port native VLAN FIGURE 55 PVRST compatibility BPDU guard Enabling BPDU protection by port Re-enabling ports disabled by BPDU guard Displaying the BPDU guard status Example configurations Example console messages Root guard Enabling STP root guard Displaying the STP root guard Displaying the root guard by VLAN Error disable recovery Enabling error disable recovery Setting the recovery interval Displaying the error disable recovery state by interface Displaying the recovery state for all conditions Displaying the recovery state by port number and cause Errdisable Syslog messages 802.1s Multiple Spanning Tree Protocol Multiple spanning-tree regions FIGURE 56 Configuring MSTP mode and scope Reduced occurrences of MSTP reconvergence Example application Deleting a VLAN to MSTI mapping Viewing the MSTP configuration digest Configuring additional MSTP parameters Setting the MSTP name Setting the MSTP revision number Configuring an MSTP instance Configuring bridge priority for an MSTP instance Setting the MSTP global parameters Setting ports to be operational edge ports Setting automatic operational edge ports Setting point-to-point link Disabling MSTP on a port Forcing ports to transmit an MSTP BPDU FIGURE 57 RTR1 configuration Core 1 configuration Region 1 Region 2 Displaying MSTP statistics TABLE 56 Displaying MSTP information for a specified instance Refer to Table 5 6 for details about the display parameters. Displaying MSTP information for CIST instance 0 To display details about the MSTP configuration, enter the following command. To display details about the MSTP that is configured on the device, enter the following command. Page Page Configuring Basic Layer 2 Features NOTES: TABLE 57 About port regions PowerConnect B-Series FCX device port regions Enabling or disabling the Spanning Tree Protocol (STP) Modifying STP bridge and port parameters MAC learning rate control Changing the MAC age time and disabling MAC address learning NOTES: Disabling the automatic learning of MAC addresses Configuring static MAC entries Multi-port static MAC address Configuring a multi-port static MAC address Configuring VLAN-based static MAC entries Clearing MAC address entries Flow-based MAC address learning Feature overview The benefits of flow-based learning How flow-based learning works Configuring flow-based MAC address learning Enabling flow-based MAC address learning Increasing the capacity of the MAC address table (optional) Displaying information about flow-based MACs Clearing flow-based MAC address entries Enabling port-based VLANs Assigning IEEE 802.1Q tagging to a port Defining MAC address filters Configuration notes and limitations Page Enabling logging of management traffic permitted by MAC address filters MAC address filter override for 802.1X-enabled ports Locking a port to restrict addresses Displaying and modifying system parameter default settings Displaying system parameter default values Displaying and modifying system parameter default settings Page Displaying and modifying system parameter default settings Table 5 8 defines the system parameters in the show default values command output. TABLE 58 This system parameter... Defines the maximum number of... Displaying and modifying system parameter default settings 9 Modifying system parameter default values TABLE 58 This system parameter... Defines the maximum number of... TDynamic Buffer Allocation for an IronStack Configuration Steps TDynamic Buffer Allocation for an IronStack Sample Configuration Generic buffer profiles on PowerConnect Stackable devices Configuring buffer profiles Deleting buffer profiles Remote Fault Notification (RFN) on 1G fiber connections Enabling and disabling remote fault notification Link Fault Signaling (LFS) for 10G Enabling LFS Viewing the status of LFS-enabled links Jumbo frame support Page Configuring Metro Features Topology groups TABLE 59 Master VLAN and member VLANs Control ports and free ports Configuring a topology group Displaying topology group information Displaying STP information Displaying topology group information Metro Ring Protocol (MRP) TABLE 60 FIGURE 58 MRP rings without shared interfaces (MRP Phase 1) FIGURE 59 340 PowerConnect B-Series FCX Configuration Guide Metro Ring Protocol (MRP) MRP rings with shared interfaces (MRP Phase 2) C = customer port FIGURE 60 FIGURE 61 Example 1 Example 2 Ring initialization FIGURE 62 RHP processing in MRP Phase 1 Page Metro Ring Protocol (MRP) FIGURE 63 RHP processing in MRP Phase 2 FIGURE 64 How ring breaks are detected and healed FIGURE 65 X FIGURE 66 Master VLANs and customer VLANs FIGURE 67 Configuring MRP Adding an MRP ring to a VLAN Changing the hello and preforwarding times Using MRP diagnostics Enabling MRP diagnostics Displaying MRP diagnostics TABLE 61 Displaying MRP information Displaying topology group information Displaying ring information TABLE 61 Page MRP CLI example Commands on Switch A (master node) TABLE 62 Commands on Switch B Commands on Switch C Commands on Switch D Virtual Switch Redundancy Protocol (VSRP) FIGURE 68 Layer 2 and Layer 3 redundancy Master election and failover VSRP failover VSRP priority calculation X X FIGURE 72 MAC address failover on VSRP-aware devices X Timer scale VSRP-Aware security features VSRP parameters TABLE 63 Virtual Switch Redundancy Protocol (VSRP) 10 Interface parameters Virtual Switch Redundancy Protocol (VSRP) Configuring basic VSRP parameters Configuring optional VSRP parameters Disabling or re-enabling VSRP Changing the timer scale Configuring authentication Configuring security features on a VSRP-aware device Removing a port from the VRID VLAN Configuring a VRID IP address Changing the backup priority Saving the timer values received from the master Changing the Time-To-Live (TTL) Changing the hello interval Changing the dead interval Changing the backup hello state and interval Changing the hold-down interval Changing the default track priority Specifying a track port Disabling or re-enabling backup pre-emption Suppressing RIP advertisement from backups VSRP-aware interoperablilty Displaying VSRP information Displaying VRID information Page Displaying the active interfaces for a VRID TABLE 65 TABLE 64 VSRP fast start Configuring VSRP fast start Displaying ports that Have the VSRP fast start feature enabled TABLE 65 VSRP and MRP signaling FIGURE 74 PowerConnect B-Series FCX Configuration Guide 381 XX Virtual Switch Redundancy Protocol (VSRP) 10 XX FIGURE 75 participate on the MRP ring. FIGURE 76 Page Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups UDLD overview Switch Switch FIGURE 77 X UDLD for tagged ports Enabling UDLD Enabling UDLD for tagged ports Changing the Keepalive interval Changing the Keepalive retries Displaying UDLD information Displaying information for all ports TABLE 67 Displaying information for a single port TABLE 68 Clearing UDLD statistics Protected link groups About active ports Using UDLD with protected link groups Creating a protected link group and assigning an active port TABLE 69 Page Configuring Trunk Groups and Dynamic Link Aggregation Trunk group overview TABLE 70 FIGURE 78 Trunk group connectivity to a server Switch ... Switch1 Switch2 Trunk group rules ... Configuration notes for Dell PowerConnect devices in an IronStack Trunk group configuration examples PowerConnect B-Series FCX Configuration Guide 397 Trunk group overview 12 Device FIGURE 80 Figure 81 shows two IronStacks connected by multi-slot trunk groups. 398 PowerConnect B-Series FCX Configuration Guide Trunk group overview Support for flexible trunk group membership Trunk group load sharing Support for IPv6 Load sharing for unknown unicast, multicast, and broadcast traffic How trunk load sharing works Adding Layer 2 information to trunk hash output TABLE 72 Configuring a trunk group CLI syntax for configuring consecutive ports in a trunk group CLI syntax for configuring non-consecutive ports in a trunk group Example 1: Configuring the trunk groups shown in Figure 78 Example 2: Configuring a trunk group that spans two Gbps Ethernet modules in a chassis device Example 3: Configuring a multi-slot trunk group with one port per module Example 4: Configuring a trunk group of 10 Gbps Ethernet ports Example 5: Configuring a static trunk group for devices in an IronStack Additional trunking options Naming a trunk port Disabling or re-enabling a trunk port Page Deleting a static trunk group Specifying the minimum number of ports in a static trunk group Monitoring a trunk port Configuring outbound rate shaping for a trunk port Displaying trunk group configuration information Displaying trunk group configuration information 12 Viewing the first and last ports in a trunk group TABLE 73 Dynamic link aggregation IronStack LACP trunk group configuration example Examples of valid LACP trunk groups FIGURE 82 Configuration notes and limitations FastIron Stackable devices FastIron Stackable devices in an IronStack Adaptation to trunk disappearance Flexible trunk eligibility FIGURE 83 Enabling dynamic link aggregation TABLE 74 Port1/1 Port1/2 Port1/3 Port1/4 Group 1 Group 2 Page How changing the VLAN membership of a port affects trunk groups and dynamic keys Additional trunking options for LACP trunk ports Link aggregation parameters System priority Port priority Timeout Key FIGURE 84 FIGURE 85 Viewing keys for tagged ports Configuring link aggregation parameters Displaying and determining the status of aggregate links Events that affect the status of ports in an aggregate link Displaying link aggregation and port status information Page Displaying and determining the status of aggregate links Displaying link aggregation and port status information for PowerConnect Stackable devices Displaying LACP status information TABLE 75 Clearing the negotiated aggregate links table Configuring single link LACP CLI syntax Configuring Virtual LANs (VLANs) VLAN overview Types of VLANs VLAN support on Dell PowerConnect devices TABLE 76 Layer 2 port-based VLANs Page Layer 3 protocol-based VLANs FIGURE 87 Integrated Switch Routing (ISR) IP subnet, IPX network, and AppleTalk cable VLANs Default VLAN FIGURE 88 802.1Q tagging PowerConnect B-Series FCX Configuration Guide 435 VLAN overview 13 FIGURE 89 Tag Protocol Id (TPID) FIGURE 90 Support for 802.1Q-in-Q tagging Spanning Tree Protocol (STP) Virtual routing interfaces FIGURE 91 VLAN and virtual routing interface groups Dynamic, static, and excluded port membership Dynamic ports FIGURE 92 FIGURE 93 Static ports Excluded ports Broadcast leaks Super aggregated VLANs Trunk group ports and VLAN membership Summary of VLAN configuration rules Multiple VLAN membership rules Routing between VLANs Virtual routing interfaces (Layer 3 Switches only) Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) Dynamic port assignment (Layer 2 Switches and Layer 3 Switches) Assigning a different VLAN ID to the default VLAN Assigning different VLAN IDs to reserved VLANs 4091 and 4092 Viewing reassigned VLAN IDs for reserved VLANs 4091 and 4092 TABLE 77 Assigning trunk group ports Configuring port-based VLANs TABLE 77 FIGURE 94 Device Layer 3 Switch VLAN 222 Ports 1 - 8 VLAN 333 Ports 9 - 16 448 PowerConnect B-Series FCX Configuration Guide Device Device-A Device-B Device-C Configuring device-B Configuring device-C Modifying a port-based VLAN Removing a port-based VLAN Removing a port from a VLAN Enable spanning tree on a VLAN Configuring IP subnet, IPX network and protocol-based VLANs FIGURE 96 Port25 Device Layer 3 Switch Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs FIGURE 97 Device-A Device-B Device Device-C Configuring device-B Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs 13 Configuring device-C Enter the following comma nds to configure device- C. Configuring an IPv6 protocol VLAN Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) FIGURE 98 Device-A Device-B Device-C Device-C Building 1 Building 2 Page Page Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) requires a new VLAN ID. The VLAN ID for this port-based VLAN is VLAN 7. Configuration for device-B Enter the following comma nds to configure device- B. Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) 13 Configuration for device-C Enter the following comma nds to configure device- C. Configuring protocol VLANs with dynamic ports Aging of dynamic ports Disabling membership aging of dynamic VLAN ports Configuration guidelines Configuring an IP, IPX, or AppleTalk Protocol VLAN with Dynamic Ports Configuring an IP subnet VLAN with dynamic ports Configuring an IPX network VLAN with dynamic ports Configuring uplink ports within a port-based VLAN Configuration syntax Configuring the same IP subnet address on multiple port-based VLANs FIGURE 99 Switch FIGURE 100 Switch Configuring VLAN groups and virtual routing interface groups Configuring a VLAN group Displaying information about VLAN groups Configuring a virtual routing interface group CLI syntax Displaying the VLAN group and virtual routing interface group information Allocating memory for more VLANs or virtual routing interfaces Increasing the number of VLANs you can configure Increasing the number of virtual routing interfaces you can configure TABLE 78 Configuring super aggregated VLANs FIGURE 101 PowerConnect B-Series FCX Configuration Guide 479 Configuring super aggregated VLANs 13 FIGURE 102 Configuring aggregated VLANs Configuring aggregated VLANs on an edge device Configuring aggregated VLANs on a core device Verifying the configuration Complete CLI examples Commands for device A Commands for device B Configuring super aggregated VLANs 13 Commands for device C Commands for device D Commands for device E Commands for device F Configuring 802.1Q-in-Q tagging FIGURE 103 Configuration rules Enabling 802.1Q-in-Q tagging Page PowerConnect B-Series FCX Configuration Guide 487 Configuring 802.1Q-in-Q tagging 13 Example configuration Figure 104 shows an example 802.1Q-in-Q configuration. FIGURE 104 Configuring 802.1Q-in-Q tag profiles Configuring private VLANs FIGURE 105 FIGURE 106 Switch A Switch B PVLAN-Trunk Port - carries traffic for VLAN 10, 20 and 100 PVLAN-Trunk Ports Configuring the primary VLAN Configuring an isolated or community PVLAN Page Enabling broadcast or unknown unicast traffic to the PVLAN TABLE 80 Configuring private VLANs CLI example for a general PVLAN network To configure the PVLANs shown in Figure105 on page 489, enter the following commands. CLI example for a PVLAN network with switch-switch link ports PowerConnect B-Series FCX 2 Dual-mode VLAN ports FIGURE 108 FIGURE 109 Displaying VLAN information Displaying VLANs in alphanumeric order Displaying system-wide VLAN information Displaying global VLAN information Displaying VLAN information for specific ports Displaying a port VLAN membership Displaying a port dual-mode VLAN membership Displaying port default VLAN IDs (PVIDs) Displaying PVLAN information Configuring GARP VLAN Registration Protocol (GVRP) GVRP overview TABLE 81 Application examples FIGURE 110 Dynamic core and fixed edge Dynamic core and dynamic edge Fixed core and dynamic edge Fixed core and fixed edge VLAN names Configuration notes Page Configuring GVRP Changing the GVRP base VLAN ID Increasing the maximum configurable value of the Leaveall timer Enabling GVRP Disabling VLAN advertising Disabling VLAN learning Changing the GVRP timers Timer configuration requirements Changing the Join, Leave, and Leaveall timers Resetting the timers to their defaults Converting a VLAN created by GVRP into a statically-configured VLAN Displaying GVRP information Displaying GVRP configuration information TABLE 82 To display detailed GVRP information for an individual port, enter a command such as the following. TABLE 82 Displaying GVRP VLAN information TABLE 83 Syntax: show gvrp vlan all | brief | <vlan-id> This display shows the following information. Displaying GVRP statistics To display GVRP statistics for a port, enter a command such as the following. Syntax: show gvrp statistics all | ethernet <port> TABLE 85 This display shows the following information for the port. Page Displaying GVRP diagnostic information Clearing GVRP statistics CLI examples Dynamic core and fixed edge Dynamic core and dynamic edge Fixed core and dynamic edge Fixed core and fixed edge Page Configuring MAC-based VLANs Static and dynamic hosts MAC-based VLAN feature structure TABLE 87 Dynamic MAC-based VLAN Configuration notes and feature limitations TABLE 88 Configuration notes and feature limitations The following example shows a MAC-based VLAN configuration. TABLE 88 CLI command Description CLI level Configuring MAC-based VLANs Using MAC-based VLANs and 802.1X security on the same port Configuring generic and Dell vendor-specific attributes on the RADIUS server TABLE 89 Aging for MAC-based VLAN TABLE 90 Disabling aging for MAC-based VLAN sessions Globally disabling aging Disabling the aging on interfaces Configuring the maximum MAC addresses per port Configuring a MAC-based VLAN for a static host Configuring MAC-based VLAN for a dynamic host Configuring dynamic MAC-based VLAN Configuring MAC-based VLANs using SNMP Displaying Information about MAC-based VLANs Displaying the MAC-VLAN table Displaying the MAC-VLAN table for a specific MAC address Displaying allowed MAC addresses Enter the following command to display information about successfully authenticated MAC addresses. Displaying denied MAC addresses Displaying detailed MAC-VLAN data Page Displaying Information about MAC-based VLANs 15 Displaying MAC-VLAN information for a specific interface Enter the following command to display MAC-VLAN information for a specific interface. The following table describes the information in this output. Displaying MAC addresses in a MAC-based VLAN Enter the following command to display a list of MAC addresses in a MAC-based VLAN. Displaying MAC-based VLAN logging Clearing MAC-VLAN information Sample application Sample application FIGUR E 111 Sample application 15 The show table-mac-vlan command returns the following results for all ports in this configuration. Page Configuring Rule-Based IP Access Control Lists (ACLs) Table 91 lists the individual Dell PowerConnect switches and ACL features they support. TABLE 91 Feature PowerConnect B-Series FCX ACL overview Types of IP ACLs ACL IDs and entries Numbered and named ACLs Default ACL action TABLE 92 How hardware-based ACLs work How fragmented packets are processed Hardware aging of Layer 4 CAM entries Configuration considerations Configuring standard numbered ACLs Standard numbered ACL syntax Page Configuration example for standard numbered ACLs Configuring standard named ACLs Standard named ACL syntax Configuration example for standard named ACLs Configuring extended numbered ACLs Extended numbered ACL syntax Page Page Configuration examples for extended numbered ACLs Page Configuring extended named ACLs Extended named ACL syntax Page Page Configuration example for extended named ACLs Preserving user input for ACL TCP/UDP port numbers Managing ACL comment text Adding a comment to an entry in a numbered ACL Adding a comment to an entry in a named ACL Deleting a comment from an ACL entry Viewing comments in an ACL Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN Enabling ACL logging Configuration Tasks Example Configuration Displaying ACL Log Entries Enabling strict control of ACL filtering of fragmented packets Enabling ACL support for switched traffic in the router image Enabling ACL filtering based on VLAN membership or VE port membership Applying an IPv4 ACL to specific VLAN members on a port (Layer 2 devices only) Applying an IPv4 ACL to a subset of ports on a virtual interface (Layer 3 devices only) Using ACLs to filter ARP packets Configuring ACLs for ARP filtering Displaying ACL filters for ARP Clearing the filter count Filtering on IP precedence and ToS values TCP flags - edge port security QoS options for IP ACLs Configuration notes for PowerConnect B-Series FCX devices Using an IP ACL to mark DSCP values (DSCP marking) Combined ACL for 802.1p marking Using an ACL to change the forwarding queue DSCP matching ACL-based rate limiting ACL statistics Using ACLs to control multicast features Enabling and viewing hardware usage statistics for an ACL Displaying ACL information Troubleshooting ACLs Policy-based routing (PBR) Configuring a PBR policy Configure the ACLs Configure the route map Enabling PBR Configuration examples Basic example Setting the next hop Setting the output interface to the null interface Trunk formation Configuring Quality of Service Classification Processing of classified traffic TABLE 93 Determining the trust level of a packet PowerConnect B-Series FCX Configuration Guide 593 Classification 17 FIGURE 112 Classification TABLE 94 DSCP value 0123456789101112121415 TABLE 95 DSCP value 16171819202122232425262728293031 TABLE 96 QoS for stackable devices QoS profile restrictions in an IronStack QoS behavior for trusting Layer 2 (802.1p) in an IronStack QoS behavior for trusting Layer 3 (DSCP) in an IronStack QoS behavior on port priority and VLAN priority in an IronStack QoS queues Assigning QoS priorities to traffic TABLE 98 Changing a port priority Assigning static MAC entries to priority queues Buffer allocation/threshold for QoS queues 802.1p priority override Enabling 802.1p priority override Marking Configuring DSCP-based QoS Application notes Using ACLs to honor DSCP-based QoS PowerConnect stackable devices Configuring the QoS mappings Default DSCP to internal forwarding priority mappings TABLE 99 Changing the DSCP to internal forwarding priority mappings TABLE 100 Changing the VLAN priority 802.1p to hardware forwarding queue mappings TABLE 101 8 to 4 queue mapping Scheduling QoS queuing methods TABLE 102 Selecting the QoS queuing method Configuring the QoS queues Renaming the queues Changing the minimum bandwidth percentages of the WRR queues TABLE 103 Configuration notes Bandwidth allocations of the hybrid WRR and SP queues. Viewing QoS settings Viewing QoS settings To display the QoS settings for all of the queues, enter the show qos-profiles command. Viewing DSCP-based QoS settings Syntax: show qos-tos Table 10 4 shows the output information for the show qos-tos command. TABLE 10 4 Viewing DSCP-based QoS settings TABLE 105 Priority-> Hardware Queue Configuring Traffic Policies Traffic policies overview TABLE 106 Configuration notes and feature limitations Maximum number of traffic policies supported on a device TABLE 107 Setting the maximum number of traffic policies supported on a Layer 3 device ACL-based rate limiting using traffic policies Support for fixed rate limiting and adaptive rate limiting Configuring ACL-based fixed rate limiting Configuring ACL-based adaptive rate limiting TABLE 108 Inspecting the 802.1p bit in the ACL for adaptive rate limiting Specifying the action to be taken for packets that are over the limit Dropping packets that exceed the limit Permitting packets that exceed the limit ACL statistics and rate limit counting Enabling ACL statistics Enabling ACL statistics with rate limiting traffic policies Viewing ACL and rate limit counters Clearing ACL and rate limit counters TABLE 109 Viewing traffic policies TABLE 110 Configuring Base Layer 3 and Enabling Routing Protocols Adding a static IP route TABLE 111 Adding a static ARP entry Modifying and displaying layer 3 system parameter limits PowerConnect IPv6 models Displaying Layer 3 system parameter limits Configuring RIP The following shows an example output on a IPV6 device. Configuring RIP Enabling RIP Enabling redistribution of IP static routes into RIP Enabling redistribution Enabling learning of default routes Changing the route loop prevention method Other layer 3 protocols Enabling or disabling routing protocols Enabling or disabling layer 2 switching Page Page Configuring Port Mirroring and Monitoring Configuring port mirroring and monitoring TABLE 112 Page Monitoring a port Monitoring an individual trunk port Configuring mirroring on an Ironstack Example 1. Configuring mirroring for ports on different members in an IronStack Example 2. Configuring mirroring for ports on the same stack member in an IronStack ACL-based inbound mirroring Creating an ACL-based inbound mirror clause for PowerConnect B-Series FCX devices MAC address filter-based mirroring Configuring MAC address filter-based mirroring VLAN-based mirroring Configuring VLAN-based mirroring VLAN-based mirroring Syntax: [no] monitor ethernet <port> Displaying VLAN mirroring status The show vlan command displays the VLAN mirroring status. Page Page Configuring Rate Limiting and Rate Shaping on PowerConnect B-Series FCX Switches Rate limiting overview TABLE 114 Rate limiting in hardware How Fixed rate limiting works FIGURE 113 Configuring a port-based rate limiting policy Configuring an ACL-based rate limiting policy Displaying the fixed rate limiting configuration Rate shaping overview TABLE 115 Configuring outbound rate shaping for a port Configuring outbound rate shaping for a specific priority Configuring outbound rate shaping for a trunk port Displaying rate shaping configurations Configuring IP Multicast Traffic Reduction for PowerConnect B-Series FCX Switches IGMP snooping overview TABLE 116 Page Page Configuring queriers and non-queriers VLAN specific configuration Using IGMPv2 with IGMPv3 PIM SM traffic snooping overview Application example FIGURE 114 Configuring IGMP snooping Global tasks VLAN-specific tasks Configuring the hardware and software resource limits Enabling or disabling transmission and receipt of IGMP packets on a port Configuring the global IGMP mode Modifying the age interval Modifying the query interval (active IGMP snooping mode only) Configuring the global IGMP version Configuring report control Modifying the wait time before stopping traffic when receiving a leave message Modifying the multicast cache age time Enabling or disabling error and warning messages Enabling or disabling PIM sparse snooping Configuring the IGMP mode for a VLAN Disabling IGMP snooping for the VLAN Enabling PIM sparse mode snooping for the VLAN Disabling PIM sparse mode snooping for the VLAN Configuring the IGMP version for the VLAN Configuring the IGMP version for individual ports Configuring static groups to the entire VLAN or to specific ports Configuring static router ports Turning off static group proxy Enabling IGMPv3 membership tracking and fast leave for the VLAN Configuring fast leave for IGMPv2 Enabling fast convergence Displaying IGMP snooping information Displaying IGMP errors Displaying IGMP group information Displaying IGMP snooping mcache information Displaying PIM sparse snooping information Displaying software resource usage for VLANs Displaying status of IGMP snooping traffic To display status information for IGMP snooping traffic, enter the following command. Displaying IGMP snooping information by VLAN Displaying querier information Active interface with no other querier present Passive interface with no other querier present Active interface with other querier present Passive interface with other querier present Clear IGMP snooping commands Syntax: clear ip multicast mcache Clear IGMP counters on VLANs To clear IGMP snooping on error and traffic counters for all VLANs, enter the following command. Syntax: clear ip multicast counters Page Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets Using FDP Configuring FDP Enabling FDP globally Enabling FDP at the interface level Specifying the IP management address to advertise Changing the FDP update timer Changing the FDP hold time Displaying FDP information Displaying neighbor information TABLE 118 Using FDP Displaying FDP entries To display the detailed neighbor information for a specific device, enter a command such as the TABLE 119 TABLE 118 Displaying FDP information for an interface Clearing FDP and CDP information Clearing FDP and CDP neighbor information Clearing FDP and CDP statistics Reading CDP packets Enabling interception of CDP packets globally Enabling interception of CDP packets on an interface Displaying CDP information Displaying neighbors Reading CDP packets Displaying CDP entries To display CDP entries for all neighbors, enter the following command. To display CDP entries for a specific device, specify the device ID. Here is an example. Syntax: show fdp entry * | <device-id> Displaying CDP statistics Clearing CDP information Page Configuring LLDP and LLDP-MED TABLE 12 0 Terms used in this chapter LLDP overview FIGURE 115 Benefits of LLDP LLDP-MED overview FIGURE 116 Benefits of LLDP-MED LLDP-MED class General operating principles Operating modes Transmit mode Receive mode LLDP packets FIGURE 117 TLV support LLDP TLVs LLDP-MED TLVs Mandatory TLVs TABLE 121 FIGURE 118 TABLE 12 2 FIGURE 119 MIB support Syslog messages Configuring LLDP TABLE 12 3 Configuration notes and considerations Enabling and disabling LLDP TABLE 12 3 Enabling support for tagged LLDP packets Changing a port LLDP operating mode Page Specifying the maximum number of LLDP neighbors Per device Per port Enabling LLDP SNMP notifications and syslog messages Specifying the minimum time between SNMP traps and syslog messages Changing the minimum time between LLDP transmissions Changing the interval between regular LLDP transmissions Changing the holdtime multiplier for transmit TTL Changing the minimum time between port reinitializations LLDP TLVs advertised by the Dell PowerConnect device General system information Page Page 802.1 capabilities 802.3 capabilities Configuring LLDP-MED Enabling LLDP-MED TABLE 124 Enabling SNMP notifications and syslog messages for LLDP-MED topology changes Changing the fast start repeat count Defining a location id Coordinate-based location Page Civic address location Configuring LLDP-MED TABLE 12 5 Configuring LLDP-MED 24 TABLE 12 5 Configuring LLDP-MED Emergency call services TABLE 12 5 Defining an LLDP-MED network policy Page LLDP-MED attributes advertised by the Dell PowerConnect device LLDP-MED capabilities Displaying LLDP statistics and configuration settings LLDP configuration summary LLDP-MED attributes advertised by the Dell PowerConnect device 24 LLDP statistics Syntax: show lldp statistics LLDP-MED attributes advertised by the Dell PowerConnect device 24 LLDP neighbors LLDP neighbors detail LLDP configuration details Page Resetting LLDP statistics Clearing cached LLDP neighbor information Page Configuring IP Multicast Protocols Overview of IP multicasting TABLE 12 6 IPv4 multicast group addresses Mapping of IPv4 Multicast group addresses to Ethernet MAC addresses Supported Layer 3 multicast routing protocols Suppression of unregistered multicast packets Multicast terms Changing global IP multicast parameters Changing dynamic memory allocation for IP multicast groups Increasing the number of IGMP memberships Defining the maximum number of DVMRP cache entries Defining the maximum number of PIM cache entries Changing IGMP V1 and V2 parameters Modifying IGMP (V1 and V2) query interval period Modifying IGMP (V1 and V2) membership time Modifying IGMP (V1 and V2) maximum response time Adding an interface to a multicast group PIM Dense Initiating PIM multicasts on a network Pruning a multicast tree PowerConnect B-Series FCX Configuration Guide 735 PIM Dense 25 FIGURE 120 ... ... ... FIGURE 121 Grafts to a multicast Tree ... ... PIM DM versions ... Configuring PIM DM Enabling PIM on the router and an interface Modifying PIM global parameters Page Page Failover time in a multi-path topology Modifying the TTL Dropping PIM traffic in hardware PIM Sparse FIGURE 122 PIM Sparse switch types RP paths and SPT paths Configuring PIM Sparse Limitations Configuring Global PIM Sparse parameters Globally enabling and disabling PIM without deleting the multicast configuration Configuring PIM interface parameters Configuring BSRs Configuring RPs Changing the Shortest Path Tree (SPT) threshold Changing the PIM join and prune message interval Dropping PIM traffic in hardware Displaying PIM Sparse configuration information and statistics Displaying basic PIM Sparse configuration information Displaying a list of multicast groups PIM Sparse interface information TABLE 127 Displaying BSR information TABLE 12 8 Displaying Pim resources TABLE 12 9 PIM Sparse TABLE 13 0 Displaying candidate RP information Displaying RP-to-group mappings TABLE 131 Displaying RP information for a PIM Sparse group Displaying the RP set list TABLE 13 2 TABLE 13 3 This display shows the following information. Displaying multicast neighbor information Syntax: show ip pim nbr This display shows the following information. TABLE 13 4 TABLE 13 5 Displaying information about an upstream neighbor device Displaying the PIM flow cache TABLE 13 6 TABLE 13 5 Displaying the PIM multicast cache To display the PIM multicast cache, enter the following command at any CLI level. Syntax: show ip pim mcache This display shows the following information. TABLE 137 TABLE 137 Displaying PIM traffic statistics Displaying and clearing PIM errors TABLE 13 8 PIM Passive Passive multicast route insertion Configuring an IP tunnel FIGURE 123 Using ACLs to control multicast features Using ACLs to limit static RP groups Page Using ACLs to limit PIM RP candidate advertisement Disabling CPU processing for select multicast groups TABLE 13 9 CLI command syntax Viewing disabled multicast addresses TABLE 13 9 Displaying the multicast configuration for another multicast router IGMP V3 Default IGMP version Compatibility with IGMP V1 and V2 Globally enabling the IGMP version Enabling the IGMP version per interface setting Enabling the IGMP version on a physical port within a virtual routing interface Enabling membership tracking and fast leave Setting the query interval Setting the group membership time Setting the maximum response time IGMP V3 and source specific multicast protocols Enabling SSM Displaying IGMP V3 information on Layer 3 Switches Displaying IGMP group status TABLE 140 IGMP V3 Displaying the IGMP status of an interface Syntax: show ip igmp interface [ ve | ethernet <number> <group-address>] This report is available on Layer 3 Switches. TABLE 140 Displaying IGMP traffic status TABLE 141 TABLE 142 Clearing IGMP statistics IGMP Proxy TABLE 142 Configuring IGMP Proxy Displaying IGMP Proxy traffic IP multicast protocols and IGMP snooping on the same device Page CLI commands IP multicast protocols and IGMP snooping on the same device 3. Configure the neighboring device. Configuring IP Table 14 3 lists the individual Dell PowerConnect switches and the IP features they support. TABLE 143 Basic configuration Full Layer 3 support IP interfaces Layer 3 Switches FIGURE 126 Layer 2 Switches Page ARP cache and static ARP table IP route table - - IP forwarding cache Layer 4 session table IP route exchange protocols IP multicast protocols IP interface redundancy protocols Access Control Lists and IP access policies Basic IP parameters and defaults Layer 3 Switches - - - When parameter changes take effect IP global parameters Layer 3 Switches Basic IP parameters and defaults Layer 3 Switches 26 TABLE 144 Basic IP parameters and defaults Layer 3 Switches IP interface parameters Layer 3 Switches Table 14 5 lists the interface-level IP parameters for Layer 3 Switches. TABLE 145 Basic IP parameters and defaults Layer 2 Switches 26 Basic IP parameters and defaults Layer 2 Switches Table 14 6 lists the IP global parameters for Layer 2 Switches. Layer 2 Switches also provide IP multicast forwarding, which is enabled by default. IP global parameters Layer 2 Switches Configuring IP parameters Layer 3 Switches Configuring IP addresses TABLE 147 TABLE 146 Assigning an IP address to an Ethernet port Assigning an IP address to a loopback interface Assigning an IP address to a virtual interface Configuring IP follow on a virtual routing interface Deleting an IP address Configuring Domain Name Server (DNS) resolver FIGURE 127 Defining a domain name Defining DNS server addresses Defining a domain list Using a DNS name to initiate a trace route Configuring packet parameters - Changing the encapsulation type Changing the Maximum Transmission Unit (MTU) Changing the router ID - - - Configuring ARP parameters How ARP works Rate limiting ARP packets Changing the ARP aging period Enabling proxy ARP Enabling local proxy ARP Creating static ARP entries Configuring forwarding parameters Changing the TTL threshold Enabling forwarding of directed broadcasts TABLE 148 Disabling forwarding of IP source-routed packets Enabling support for zero-based IP subnet broadcasts Disabling ICMP messages Page Disabling ICMP Redirect Messages Configuring static routes Static route types Static IP route parameters Multiple static routes to the same destination provide load sharing and redundancy Static route states follow port states FIGURE 128 Configuring a static IP route Configuring a Null route Configuring load balancing and redundancy using multiple static routes to the same destination Configuring standard static IP routes and interface or null static routes to the same destination FIGURE 129 X FIGURE 130 Configuring a default network route Configuring a default network route Configuring IP load sharing How multiple equal-cost paths enter the IP route table How IP load sharing works TABLE 149 Response to path state changes Changing the maximum number of ECMP (load sharing) paths Configuring IRDP TABLE 15 0 Enabling IRDP globally Enabling IRDP on an individual port Configuring RARP How RARP Differs from BootP/DHCP Disabling RARP Creating static RARP entries Changing the maximum number of static RARP entries supported Configuring UDP broadcast and IP helper parameters Enabling forwarding for a UDP application Configuring an IP helper address Configuring BootP/DHCP relay parameters BootP/DHCP relay parameters Configuring an IP helper address Configuring the BOOTP/DHCP reply source address Changing the IP address used for stamping BootP/DHCP requests Changing the maximum number of hops to a BootP relay server DHCP Server DHCP Option 82 support DHCP Server options PowerConnect B-Series FCX Configuration Guide 843 FIGURE 131 Configuring DHCP Server on a device Default DHCP server settings Table 15 1 shows the default DHCP server settings. This section describes the CLI commands that are available in the DHCP Server feature. DHCP server CLI commands TABLE 151 TABLE 15 3 Command Description Removing DHCP leases Enabling DHCP Server Disabling DHCP Server on the management port TABLE 15 3 Setting the wait time for ARP-ping response Creating an address pool Enabling relay agent echo (Option 82) Configuring the IP address of the DHCP server Page Specify addresses to exclude from the address pool Configure the NetBIOS server for DHCP clients Configure the subnet and mask of a DHCP address pool Configure a next-bootstrap server Displaying DHCP server information Display active lease entries Display address-pool information TABLE 15 4 Display lease-binding information in flash memory TABLE 15 5 Display summary DHCP server information TABLE 15 6 DHCP Client-Based Auto-Configuration and Flash image update TABLE 157 TABLE 15 8 FIGURE 132 How DHCP Client-Based Auto-Configuration and Flash image update works PowerConnect B-Series FCX Configuration Guide 857 FIGURE 133 IP Address Validation and Lease Negotiation Legend: Typical process (may change depending on environment) Existing Device New Device Other Possible Events TFTP Configuration Download and Update Page Supported Options for DHCP Servers Disabling or re-enabling Auto-Configuration Disabling or re-enabling Auto-Update Displaying DHCP configuration information The following example shows a base Layer 3 device configuration as a result of the show run Configuring IP parameters Layer 2 Switches DHCP Log messages The following DHCP notification messages are sent to the log file. Configuring IP parameters Layer 2 Switches The following sections describe how to configure IP parameters on a Layer 2 Switch. Configuring the management IP address and specifying the default gateway Configuring Domain Name Server (DNS) resolver Defining a DNS entry Using a DNS name To initiate a trace route FIGURE 134 Changing the TTL threshold Configuring DHCP Assist [ FIGURE 135 How DHCP Assist works FIGURE 136 FIGURE 137 Configuring DHCP Assist Displaying IP configuration information and statistics Changing the network mask display to prefix format Displaying IP information Layer 3 Switches Displaying global IP configuration information TABLE 15 9 Global settings Static routes Policies Displaying CPU utilization statistics TABLE 15 9 Displaying IP interface information TABLE 160 Displaying ARP entries TABLE 160 TABLE 161 TABLE 161 Displaying the forwarding cache TABLE 162 TABLE 163 Displaying the IP route table TABLE 163 Page Clearing IP routes TABLE 164 To clear route 209.157.22.0/24 from the IP routing table, enter the following command. Displaying IP traffic statistics To display IP traffic statistics, enter the following command at any CLI level. The show ip traffic command displays the following information. TABLE 165 IP statistics ICMP statistics UDP statistics TCP statistics Displaying IP information Layer 2 Switches You can display the following IP configuration information statistics on Layer 2 Switches: RIP statistics TABLE 165 Displaying global IP configuration information Displaying ARP entries TABLE 166 Syntax: show arp Displaying IP traffic statistics Syntax: show ip traffic To display IP traffic statistics on a Layer 2 Switch, enter the following command at any CLI level. TABLE 167 The show ip traffic command displays the following information. TABLE 168 IP statistics ICMP statistics UDP statistics TCP statistics Page Configuring Multicast Listening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches TABLE 169 Page Page Configuring queriers and non-queriers VLAN specific configuration Using MLDv1 with MLDv2 Configuring MLD snooping Configuring the hardware and software resource limits Disabling transmission and receipt of MLD packets on a port Configuring the global MLD mode Modifying the age interval Modifying the query interval (Active MLD snooping mode only) Configuring the global MLD version Configuring report control Modifying the wait time before stopping traffic when receiving a leave message Modifying the multicast cache (mcache) aging time Disabling error and warning messages Configuring the MLD mode for a VLAN Disabling MLD snooping for the VLAN Configuring the MLD version for the VLAN Configuring the MLD version for individual ports Configuring static groups to the entire VLAN or to individual ports Configuring static router ports Turning off static group proxy Enabling MLDv2 membership tracking and fast leave for the VLAN Configuring fast leave for MLDv1 Enabling fast convergence Displaying MLD snooping information Displaying MLD snooping error information Displaying MLD group information Displaying MLD snooping mcache information Configuring MLD snooping Displaying software resource usage for VLANs To display information about the software resources used, enter the following command. Configuring MLD snooping 27 Displaying status of MLD snooping traffic To display status information for MLD snooping traffic, enter the following command. This field Displays Displaying MLD snooping information by VLAN Clear MLD snooping commands Page Page Configuring RIP (IPv4) RIP overview TABLE 170 RIP parameters and defaults RIP global parameters TABLE 171 RIP parameters and defaults 28 RIP interface parameters TABLE 172 Parameter Description Default Reference TABLE 171 Configuring RIP parameters Enabling RIP Configuring metric parameters Changing the cost of routes learned on a port Configuring a RIP offset list Changing the administrative distance Configuring redistribution Configuring redistribution filters Changing the redistribution metric Enabling redistribution Removing a RIP redistribution deny filter Configuring route learning and advertising parameters Changing the update interval for route advertisements Enabling learning of RIP default routes Configuring a RIP neighbor filter Changing the route loop prevention method Suppressing RIP route advertisement on a VRRP or VRRPE backup interface Configuring RIP route filters Applying a RIP route filter to an interface Displaying RIP filters Displaying CPU utilization statistics Displaying CPU utilization statistics TABLE 173 Route filters Neighbor filters Page Page Configuring OSPF Version 2 (IPv4) TABL E 174 Overview of OSPF TABL E 174 FIGURE 138 OSPF point-to-point links Designated routers in multi-access networks Designated router election in multi-access networks FIGURE 139 FIGURE 140 - - - X Reduction of equivalent AS External LSAs FIGURE 141 Algorithm for AS External LSA reduction Support for OSPF RFC 2328 Appendix E Dynamic OSPF activation and configuration Dynamic OSPF memory OSPF graceful restart Configuring OSPF Configuration rules OSPF parameters Global parameters: Interface parameters: Enabling OSPF on the router Note regarding disabling OSPF Resetting OSPF Assigning OSPF areas - - Assigning a totally stubby area Assigning a Not-So-Stubby Area (NSSA) FIGURE 142 Page Assigning an area range (optional) Assigning interfaces to an area Modifying interface defaults OSPF interface parameters Page Changing the timer for OSPF authentication changes - - - Block flooding of outbound LSAs on specific OSPF interfaces Configuring an OSPF non-broadcast interface Assigning virtual links FIGURE 143 Modifying virtual link parameters Virtual link parameter descriptions Page Changing the reference bandwidth for the cost on OSPF interfaces Interface types to which the reference bandwidth does not apply Changing the reference bandwidth Defining redistribution filters FIGURE 144 Page Preventing specific OSPF routes from being installed in the IP route table Using a standard ACL as input to the distribution list Using an extended ACL as input to the distribution list Page Modifying the default metric for redistribution Enabling route redistribution Example using a route map Disabling or re-enabling load sharing FIGURE 145 Device Configuring external route summarization Configuring default route origination Modifying SPF timers Modifying the redistribution metric type Modifying the administrative distance Configuring administrative distance based on route type Configuring OSPF group Link State Advertisement (LSA) pacing Usage guidelines Changing the LSA pacing interval Modifying OSPF traps generated Specifying the types of OSPF Syslog messages to log Modifying the OSPF standard compliance setting Modifying the exit overflow interval Configuring an OSPF point-to-point link Configuration notes and limitations Viewing configured OSPF point-to-point links Configuring OSPF graceful restart Clearing OSPF information Clearing OSPF neighbor information Clearing OSPF topology information Clearing redistributed routes from the OSPF routing table Clearing information for OSPF areas Displaying OSPF information Displaying general OSPF configuration information Syntax: show ip ospf config To display general OSPF configuration information, enter the following command at any CLI level. Page Displaying OSPF area information Displaying OSPF neighbor information TABLE 175 TABLE 176 Displaying OSPF interface information To display OSPF interface information, enter the following command at any CLI level. TABLE 176 Page Displaying OSPF route information To display OSPF route information for the router, enter the following command at any CLI level. TABLE 178 TABLE 177 Displaying the routes that have been redistributed into OSPF Displaying OSPF external link state information TABLE 179 Displaying OSPF link state information Displaying the data in an LSA TABLE 179 Displaying OSPF virtual neighbor information Displaying OSPF virtual link information Displaying OSPF ABR and ASBR information Displaying OSPF trap status Displaying OSPF graceful restart information Table 1 80 defines the fields in the show output. TABLE 18 0 Page Configuring BGP4 (IPv4) TABLE 181 Overview of BGP4 FIGURE 146 Relationship between the BGP4 route table and the IP route table How BGP4 selects a path for a route BGP4 message types OPEN message UPDATE message KEEPALIVE message NOTIFICATION message BGP4 graceful restart Basic configuration and activation for BGP4 Note regarding disabling BGP4 BGP4 parameters When parameter changes take effect Immediately After resetting neighbor sessions After disabling and re-enabling redistribution Memory considerations Memory configuration options obsoleted by dynamic memory Basic configuration tasks Enabling BGP4 on the router Changing the router ID Setting the local AS number Adding a loopback interface Adding BGP4 neighbors Page Page Page Page Encryption of BGP4 MD5 authentication keys Page Adding a BGP4 peer group Peer group parameters Configuration rules Page Configuring a peer group Applying a peer group to a neighbor Administratively shutting down a session with a BGP4 neighbor Optional configuration tasks Changing the Keep Alive Time and Hold Time Changing the BGP4 next-hop update timer Enabling fast external fallover Changing the maximum number of paths for BGP4 load sharing How load sharing affects route selection How load sharing works Changing the maximum number of shared BGP4 paths Customizing BGP4 load sharing Specifying a list of networks to advertise Specifying a route map name when configuring BGP4 network information Changing the default local preference Using the IP default route as a valid next hop for a BGP4 route Advertising the default route Changing the default MED (Metric) used for route redistribution Enabling next-hop recursion Example when recursive route lookups are disabled Example when recursive route lookups are enabled Page Enabling recursive next-hop lookups Changing administrative distances Requiring the first AS to be the neighbor AS Disabling or re-enabling comparison of the AS-Path length Enabling or disabling comparison of the router IDs Configuring the Layer 3 Switch to always compare Multi-Exit Discriminators (MEDs) Treating missing MEDs as the worst MEDs Configuring route reflection parameters Page FIGURE 147 Support for RFC 2796 Configuration procedures Page FIGURE 148 Configuring a BGP confederation Page Aggregating routes advertised to BGP4 neighbors Configuring BGP4 graceful restart Configuring BGP4 graceful restart Configuring timers for BGP4 graceful restart (optional) Configuring the restart timer for BGP4 graceful restart BGP null0 routing FIGURE 149 Configuration steps Configuration examples BGP null0 routing 30 Show commands Modifying redistribution parameters Redistributing connected routes Redistributing RIP routes Redistributing OSPF external routes Redistributing static routes Disabling or re-enabling re-advertisement of all learned BGP4 routes to all BGP4 neighbors Redistributing IBGP routes into RIP and OSPF Filtering Filtering specific IP addresses Page Filtering AS-paths Defining an AS-path filter Defining an AS-path ACL Using regular expressions TABLE 18 2 Character Operation Filtering communities TABLE 18 2 Defining a community filter Defining a community ACL Defining IP prefix lists Defining neighbor distribute lists Defining route maps Entering the route map into the software Specifying the match conditions Match examples using ACLs Page Setting parameters in the routes Page Using a table map to set the rag value Configuring cooperative BGP4 route filtering Enabling cooperative filtering Sending and receiving ORFs Displaying cooperative filtering information Configuring route flap dampening Globally configuring route flap dampening Using a route map to configure route flap dampening for specific routes Using a route map to configure route flap dampening for a specific neighbor Removing route dampening from a route Removing route dampening from a neighbor routes suppressed due to aggregation Page Displaying and clearing route flap dampening statistics Displaying route flap dampening statistics Clearing route flap dampening statistics Generating traps for BGP TABLE 18 3 Displaying BGP4 information Displaying summary BGP4 information Table 1 84 lists the field definitions for the command output. TABLE 18 4 Page Displaying the active BGP4 configuration TABLE 18 4 Page Displaying summary neighbor information TABLE 18 5 Displaying BGP4 neighbor information Page Page Page Page Page Displaying route information for a neighbor TABLE 187 Displaying peer group information Displaying summary route information Syntax: show ip bgp routes summary Table 1 88 lists the field definitions for the command output. TABLE 18 8 Displaying the BGP4 route table TABLE 18 8 Displaying the best BGP4 routes Displaying the best BGP4 routes that are not in the IP route table Displaying BGP4 routes whose destinations are unreachable Displaying information for a specific route These displays show the following information. TABLE 18 9 Displaying route details TABLE 18 9 Page Displaying BGP4 route-attribute entries TABLE 19 0 Displaying the routes BGP4 has placed in the IP route table TABLE 191 Displaying route flap dampening statistics Displaying the active route map configuration TABLE 19 2 Displaying BGP4 graceful restart neighbor information Updating route information and resetting a neighbor session Using soft reconfiguration Enabling soft reconfiguration Placing a policy change into effect Displaying the filtered routes received from the neighbor or peer group Displaying all the routes received from the neighbor Dynamically requesting a route refresh from a BGP4 neighbor Dynamically refreshing routes - - - Displaying dynamic refresh information Closing or resetting a neighbor session Clearing and resetting BGP4 routes in the IP route table Clearing traffic counters Clearing route flap dampening statistics Removing route flap dampening Clearing diagnostic buffers Page Configuring VRRP and VRRPE TABLE 19 3 Overview of VRRP FIGURE 150 FIGURE 151 Virtual Router ID (VRID) Virtual router MAC address Virtual router IP address Master negotiation Hello messages Track ports and track priority Suppression of RIP advertisements for backed up interfaces Authentication Independent operation of VRRP alongside RIP, OSPF, and BGP4 Overview of VRRPE Page FIGURE 152 Configuration note Comparison of VRRP and VRRPE VRRP VRRPE Architectural differences Management protocol VRRP and VRRPE parameters TABLE 19 4 VRRP and VRRPE parameters 31 TABLE 19 4 VRRP and VRRPE parameters Configuring basic VRRP parameters Configuring the Owner Configuring a Backup Configuration rules for VRRP Note regarding disabling VRRP or VRRPE Configuring additional VRRP and VRRPE parameters Authentication type Router type Suppression of RIP advertisements on Backup routers for the Backup interface Hello interval Dead interval Backup Hello message state and interval Track port Track priority Backup preempt Changing the timer scale VRRP-E slow start timer Forcing a Master router to abdicate to a standby router Displaying VRRP and VRRPE information Displaying summary information Displaying detailed information TABLE 19 5 This example is for a VRRP Owner. Here is an example for a VRRP Backup. Here is an example for a VRRPE Backup. Syntax: show ip vrrp brief | ethernet [<slotnum>/]<portnum> | ve <num> | stat TABLE 19 6 Displaying detailed information for an individual VRID TABLE 197 TABLE 19 6 Displaying statistics TABLE 197 TABLE 19 8 Clearing VRRP or VRRPE statistics TABLE 19 8 Configuration examples VRRP example Configuring Router1 Configuring Router2 VRRPE example Configuring Router1 Configuring Router2 Page Securing Access to Management Functions Securing access methods TABLE 19 9 Securing access methods TABLE 20 0 Access method How the access method is secured by default Ways to secure the access method See page Restricting remote access to management functions 32 Restricting remote access to management functions TABLE 20 0 Ways to secure the access method See page Access method How the access method is secured by default Using ACLs to restrict remote access Using an ACL to restrict Telnet access Using an ACL to restrict SSH access Using an ACL to restrict Web management access Using ACLs to restrict SNMP access Defining the console idle time Restricting remote access to the device to specific IP addresses Restricting Telnet access to a specific IP address Restricting SSH access to a specific IP address Restricting Web management access to a specific IP address Restricting SNMP access to a specific IP address Restricting access to the device based on IP or MAC address Restricting Telnet connection Restricting SSH connection Restricting HTTP and HTTPS connection Defining the Telnet idle time Changing the login timeout period for Telnet sessions Specifying the maximum number of login attempts for Telnet access Changing the login timeout period for Telnet sessions Restricting remote access to the device to specific VLAN IDs Restricting Telnet access to a specific VLAN Restricting Web management access to a specific VLAN Designated VLAN for Telnet management sessions to a Layer 2 Switch Device management security SSHv2 SNMP Web management through HTTP Web management through HTTPS Disabling specific access methods Disabling Telnet access Disabling Web management access Disabling SNMP access Disabling TFTP access Setting passwords Setting a Telnet password Suppressing Telnet connection rejection messages Setting passwords for management privilege levels Augmenting management privilege levels Recovering from a lost password Displaying the SNMP community string Disabling password encryption Specifying a minimum password length Setting up local user accounts Enhancements to username and password Enabling enhanced user password combination requirements Enabling user password masking Enabling user password aging Configuring password history Enhanced login lockout Setting passwords to expire Requirement to accept the message of the day Configuring a local user account Local user accounts with no passwords Local user accounts with unencrypted passwords Local accounts with encrypted passwords Create password option Changing a local user password Configuring SSL security for the Web Management Interface Enabling the SSL server on the Dell PowerConnect device Specifying a port for SSL communication Changing the SSL server certificate key size Support for SSL digital certificates larger than 2048 bytes Importing digital certificates and RSA private key files Generating an SSL certificate Deleting the SSL certificate Configuring TACACS/TACACS+ security How TACACS+ differs from TACACS TACACS/TACACS+ authentication, authorization, and accounting Configuring TACACS/TACACS+ for devices in a Dell IronStack TACACS authentication TACACS+ authentication TACACS+ authorization TACACS+ accounting AAA operations for TACACS/TACACS+ AAA security for commands pasted into the running-config TACACS/TACACS+ configuration considerations TACACS configuration procedure TACACS+ configuration procedure Enabling TACACS Identifying the TACACS/TACACS+ servers Specifying different servers for individual AAA functions Setting optional TACACS/TACACS+ parameters Setting the TACACS+ key Setting the retransmission limit Setting the timeout parameter Configuring authentication-method lists for TACACS/TACACS+ Entering privileged EXEC mode after a Telnet or SSH login TABLE 201 Configuring enable authentication to prompt for password only Telnet/SSH prompts when the TACACS+ Server is unavailable Configuring TACACS+ authorization Configuring exec authorization Page Configuring command authorization TABLE 20 2 Configuring TACACS+ accounting Configuring TACACS+ accounting for Telnet/SSH (Shell) access Configuring TACACS+ accounting for CLI commands Configuring TACACS+ accounting for system events Configuring an interface as the source for all TACACS/TACACS+ packets Configuring TACACS/TACACS+ security Displaying TACACS/TACACS+ statistics and configuration information The following table describes the TACACS/TACACS+ information displayed by the show aaa The show web connection command displays the privilege level of Web Management Interface users. TABLE 20 3 Configuring RADIUS security RADIUS authentication, authorization, and accounting RADIUS authentication RADIUS authorization RADIUS accounting AAA operations for RADIUS AAA security for commands pasted Into the running-config RADIUS configuration considerations RADIUS configuration procedure Configuring Dell-specific attributes on the Configuring RADIUS security TABLE 20 4 Enabling SNMP to configure RADIUS To enable SNMP access to RADIUS MIB objects on the device, enter a command such as the TABLE 20 4 Attribute name Attribute ID Data type Description Identifying the RADIUS server to the Dell PowerConnect device Specifying different servers for individual AAA functions Configuring a RADIUS server per port Configuration example and command syntax Mapping a RADIUS server to individual ports Configuration example and command syntax Setting RADIUS parameters Setting the RADIUS key Setting the retransmission limit Setting the timeout parameter RADIUS over IPv6 Configuring authentication-method lists for RADIUS Entering privileged EXEC mode after a Telnet or SSH login Configuring enable authentication to prompt for password only TABLE 20 5 Configuring RADIUS authorization Configuring exec authorization Configuring command authorization Command authorization and accounting for console commands Configuring RADIUS accounting Configuring RADIUS accounting for Telnet/SSH (Shell) access Configuring RADIUS accounting for CLI commands Configuring RADIUS accounting for system events Configuring an interface as the source for all RADIUS packets Displaying RADIUS configuration information Configuring RADIUS security 32 The following table describes the RADIUS information displayed by the show aaa command. The show web connection command displays the privilege level of Web Management Interface users. Configuring authentication-method lists Configuration considerations for authentication- method lists Examples of authentication-method lists TCP Flags - edge port security TABLE 207 Using TCP Flags in combination with other ACL features Configuring SSH2 and SCP SSH version 2 support TABLE 20 8 Tested SSH2 clients Supported features Unsupported features AES encryption for SSH2 Configuring SSH2 Recreating SSH keys Generating a host key pair Providing the public key to clients Configuring DSA challenge-response authentication Importing authorized public keys into the Dell PowerConnect device Enabling DSA challenge-response authentication Setting optional parameters Setting the number of SSH authentication retries Deactivating user authentication Enabling empty password logins Setting the SSH port number Setting the SSH login timeout value Designating an interface as the source for all SSH packets Configuring the maximum idle time for SSH sessions Filtering SSH access using ACLs Terminating an active SSH connection Displaying SSH connection information TABLE 20 9 Using Secure copy with SSH2 Enabling and disabling SCP Example file transfers using SCP Copying a file to the running config Copying a file to the startup config Copying the running config file to an SCP-enabled client Copying the startup config file to an SCP-enabled client Copying a software image file to flash memory Copying a Software Image file from flash memory Page Configuring 802.1X Port Security IETF RFC support TABLE 210 How 802.1X port security works Device roles in an 802.1X configuration FIGURE 153 Communication between the devices FIGURE 154 Controlled and uncontrolled ports FIGURE 155 Message exchange during authentication FIGURE 156 Setting the IP MTU size EAP pass-through support Support for RADIUS user-name attribute in access-accept messages Authenticating multiple hosts connected to the same port FIGURE 157 How 802.1X Multiple-host authentication works Configurable hardware aging period for denied client dot1x-mac-sessions 802.1X port security and sFlow 802.1X accounting Configuring 802.1X port security Configuring an authentication method list for 802.1X Setting RADIUS parameters Supported RADIUS attributes Specifying the RADIUS timeout action Allow user access to a restricted VLAN after a RADIUS timeout Configuring dynamic VLAN assignment for 802.1X ports Automatic removal of dynamic VLAN assignments for 802.1X ports Dynamic multiple VLAN assignment for 802.1X ports Saving dynamic VLAN assignments to the running-config file Considerations for dynamic VLAN assignment in an 802.1X multiple-host configuration Using dynamic VLAN assignment with the MAC port security feature Dynamically applying IP ACLs and MAC address filters to 802.1X ports Disabling and enabling strict security mode for dynamic filter assignment Dynamically applying existing ACLs or MAC address filters Notes Configuring per-user IP ACLs or MAC address filters Enabling 802.1X port security Setting the port control Configuring periodic re-authentication Re-authenticating a port manually Setting the quiet period Setting the wait interval for EAP frame retransmissions Setting the maximum number of EAP frame retransmissions Setting the wait interval for EAP frame retransmissions Setting the maximum number of EAP frame retransmissions Specifying a timeout for retransmission of messages to the authentication server Initializing 802.1X on a port Allowing access to multiple hosts Configuring 802.1X multiple-host authentication Page Defining MAC address filters for EAP frames MAC address filters for EAPS on most devices Configuring VLAN access for non-EAP-capable clients Configuring 802.1X accounting 802.1X Accounting attributes for RADIUS TABLE 211 Displaying 802.1X information Displaying 802.1X configuration information Displaying 802.1X information TABLE 212 Displaying 802.1X information 34 Syntax: show dot1x config ethernet <port> TABLE 213 Displaying 802.1X statistics TABLE 214 TABLE 213 Clearing 802.1X statistics Displaying dynamically assigned VLAN information TABLE 214 Displaying information about dynamically applied MAC address filters and IP ACLs Displaying user-defined MAC address filters and IP ACLs Displaying dynamically applied MAC address filters and IP ACLs Displaying the status of strict security mode Displaying 802.1X multiple-host authentication information Displaying 802.1X multiple-host configuration information TABLE 215 Displaying information about the dot1x MAC sessions on each port TABLE 216 Displaying 802.1X information 34 Syntax: show dot1x mac-session Table 217 lists the new fields in the display. Displaying information about the ports in an 802.1X multiple-host configuration TABLE 217 Sample 802.1X configurations TABLE 218 Sample 802.1X configurations 34 Point-to-point configuration FIGURE 158 The following commands configure the Dell PowerConnect device in Figure158 Hub configuration FIGURE 159 802.1X Authentication with dynamic VLAN assignment FIGURE 160 Using multi-device port authentication and 802.1X security on the same port Using the MAC Port Security Feature TABLE 219 Local and global resources Configuring the MAC port security feature Enabling the MAC port security feature Setting the maximum number of secure MAC addresses for an interface Setting the port security age timer Specifying secure MAC addresses On an untagged interface On a tagged interface Autosaving secure MAC addresses to the startup-config file Specifying the action taken when a security violation occurs Dropping packets from a violating address Disabling the port for a specified amount of time Clearing port security statistics Clearing restricted MAC addresses Clearing violation statistics Displaying port security information Displaying port security settings Displaying the secure MAC addresses TABLE 22 0 TABLE 221 Displaying port security statistics TABLE 22 2 TABLE 221 Displaying restricted MAC addresses on a port TABLE 22 3 Page Configuring Multi-Device Port Authentication TABLE 22 4 How multi-device port authentication works RADIUS authentication Authentication-failure actions Supported RADIUS attributes Support for dynamic VLAN assignment Support for dynamic ACLs Support for authenticating multiple MAC addresses on an interface Support for source guard protection Using multi-device port authentication and 802.1X security on the same port Configuring Dell-specific attributes on the TABLE 22 5 Configuring multi-device port authentication Enabling multi-device port authentication Globally enabling multi-device port authentication Enabling multi-device port authentication on an interface Specifying the format of the MAC addresses sent to the Specifying the authentication-failure action Generating traps for multi-device port authentication Defining MAC address filters Configuring dynamic VLAN assignment Configuring a port to remain in the restricted VLAN after a successful authentication attempt Configuring the RADIUS server to support dynamic VLAN assignment Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires Saving dynamic VLAN assignments to the running-config file Dynamically applying IP ACLs to authenticated MAC addresses Multi-device port authentication with dynamic IP ACLs and ACL-per-port-per-VLAN Configuration considerations and guidelines Configuring the RADIUS server to support dynamic IP ACLs Enabling source guard protection Viewing the assigned ACL for ports on which source guard protection is enabled Clearing authenticated MAC addresses Disabling aging for authenticated MAC addresses Globally disabling aging of MAC addresses Disabling the aging of MAC addresses on interfaces Changing the hardware aging period for blocked MAC addresses Specifying the aging time for blocked MAC addresses Specifying the RADIUS timeout action Permit User access to the network after a RADIUS timeout Deny User access to the network after a RADIUS timeout Allow user access to a restricted VLAN after a RADIUS timeout Multi-device port authentication password override Limiting the number of authenticated MAC addresses Displaying multi-device port authentication information Displaying authenticated MAC address information Displaying multi-device port authentication configuration information TABLE 22 6 Displaying multi-device port authentication information for a specific MAC address or port TABLE 227 TABLE 22 8 Displaying the authenticated MAC addresses Displaying the non-authenticated MAC addresses TABLE 22 8 Displaying multi-device port authentication information for a port Displaying multi-device port authentication settings and authenticated MAC addresses TABLE 22 9 Displaying multi-device port authentication information The following table describes the information displayed by the show auth-mac-addresses detailed TABLE 23 0 Displaying multi-device port authentication information 36 Displaying the MAC authentication table for PowerConnect B-Series FCX devices TABLE 23 0 Example configurations Multi-device port authentication with dynamic VLAN assignment FIGURE 161 Example 2 FIGURE 162 Example 1 FIGURE 163 Example 2 FIGURE 164 Page Page Configuring Web Authentication TABLE 231 Configuration considerations FIGURE 165 Configuration tasks Page Enabling and disabling web authentication Configuring the web authentication mode Using local user databases Configuration steps Creating a local user database Adding a User record to a local user database Deleting a user record from a local user database Deleting All user records from a local user database Creating a text file of user records Importing a text file of user records from a TFTP server Using a RADIUS server as the web authentication method Setting the local user database authentication method Setting the web authentication failover sequence Assigning a local user database to a web authentication VLAN Using passcodes Configuration steps Creating static passcodes Enabling passcode authentication Configuring the length of dynamically-generated passcodes Configuring the passcode refresh method Configuring a Grace Period for an expired passcode Flushing all expired passcodes that are in the grace period Disabling and re-enabling passcode logging Re-sending the passcode log message Manually refreshing the passcode Using automatic authentication Configuring web authentication options Enabling RADIUS accounting for web authentication Changing the login mode (HTTPS or HTTP) Specifying trusted ports Specifying hosts that are permanently authenticated Configuring the re-authentication period Defining the web authentication cycle Limiting the number of web authentication attempts Clearing authenticated hosts from the web authentication table Setting and clearing the block duration for web authentication attempts Manually blocking and unblocking a specific host Limiting the number of authenticated hosts Filtering DNS queries Forcing re-authentication when ports are down Forcing re-authentication after an inactive period Defining the web authorization redirect address Deleting a web authentication VLAN Web authentication pages FIGURE 166 Page Page FIGURE 172 Displaying text for web authentication pages Customizing web authentication pages FIGURE 173 Page Displaying web authentication information Displaying the web authentication configuration Displaying web authentication information The display shows the following information. Displaying web authentication information 37 Syntax: show webauth allowed-list Displaying a list of authenticated hosts Enter the following command to display a list of hosts that are currently authenticated. The displays shows the following information. Displaying web authentication information Displaying a list of hosts attempting to authenticate The report shows the following information. Enter the following command to display a list of hosts that are trying to authenticate. The report shows the following information. Syntax: show webauth authenticating-list Displaying a list of local user databases Syntax: show local-userdb Displaying a list of users in a local user database The following command displays a list of all users in a particular local user database. Displaying passcodes Protecting Against Denial of Service Attacks Protecting against Smurf attacks FIGU RE 174 TABLE 23 2 Avoiding being an intermediary in a Smurf attack Avoiding being a victim in a Smurf attack Protecting against TCP SYN attacks TCP security enhancement Protecting against a blind TCP reset attack using the RST bit Protecting against a blind TCP reset attack using the SYN bit Protecting against a blind injection attack Displaying statistics about packets dropped because of DoS attacks Page Inspecting and Tracking DHCP Packets Dynamic ARP inspection ARP poisoning TABLE 23 3 How DAI works FIGURE 175 ARP entries Configuring DAI Configuring an inspection ARP entry Enabling DAI on a VLAN Enabling trust on a port Displaying ARP inspection status and ports Displaying the ARP table DHCP snooping How DHCP snooping works FIGURE 176 FIGURE 177 DHCP binding database About client IP-to-MAC address mappings System reboot and the binding database Configuring DHCP snooping Enabling DHCP snooping on a VLAN Clearing the DHCP binding database Displaying DHCP snooping status and ports Displaying the DHCP snooping binding database Displaying DHCP binding entry and status DHCP snooping configuration example DHCP relay agent information (DHCP Option 82) FIGURE 178 FIGURE 179 DHCP Option 82 sub-options + Sub-option 1 circuit id FIGURE 180 Sub-option 2 Remote ID FIGURE 181 Sub-option 6 - subscriber id Configuring DHCP option 82 Disabling and re-enabling DHCP option 82 processing on an individual interface Changing the forwarding policy Enabling and disabling subscriber ID processing Viewing information about DHCP option 82 processing Viewing the circuit Id, remote id, and forwarding policy Viewing the ports on which DHCP option 82 is disabled TABLE 23 4 IP source guard Page Enabling IP source guard on a port Defining static IP source bindings Enabling IP source guard per-port-per-VLAN Enabling IP source guard on a VE Displaying learned IP addresses Page Securing SNMP Access SNMP overview Establishing SNMP community strings Encryption of SNMP community strings Adding an SNMP community string Page Displaying the SNMP community strings Using the user-based security model Configuring your NMS Configuring SNMP version 3 on Dell PowerConnect devices Defining the engine id Defining an SNMP group Defining an SNMP user account Page Defining SNMP views SNMP version 3 traps Defining an SNMP group and specifying which view is notified of traps Defining the UDP port for SNMP v3 traps Trap MIB changes Backward compatibility with SMIv1 trap format Specifying an IPv6 host as an SNMP trap receiver SNMP v3 over IPv6 Restricting SNMP Access to an IPv6 Node Specifying an IPv6 host as an SNMP trap receiver Viewing IPv6 SNMP server addresses Displaying SNMP Information Displaying the Engine ID Displaying SNMP groups Displaying user information Interpreting varbinds in report packets SNMP v3 Configuration examples 40 Varbind object Identifier Description SNMP v3 Configuration examples The following sections present examples of how to configure SNMP v3. Simple SNMP v3 configuration More detailed SNMP v3 configuration Page Using Syslog TABLE 237 Displaying Syslog messages Enabling real-time display of Syslog messages Enabling real-time display for a Telnet or SSH session Show log on all terminals Configuring the Syslog service Displaying the Syslog configuration TABLE 23 8 Static and dynamic buffers TABLE 23 8 Time stamps Disabling or re-enabling Syslog Specifying a Syslog server Specifying an additional Syslog server Disabling logging of a message level Changing the number of entries the local buffer can hold Changing the log facility Displaying Interface names in Syslog messages Displaying TCP or UDP port numbers in Syslog messages Retaining Syslog messages after a soft reboot Clearing the Syslog messages from the local buffer Syslog messages TABLE 23 9 Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Appendix A Network Monitoring Basic management Viewing system information TABLE 24 0 Viewing configuration information Viewing port statistics TABLE 241 Basic management Statistics TABLE 241 Viewing STP statistics Clearing statistics TABLE 241 Basic management Viewing egress queue counters on PowerConnect B-Series FCX devices Clearing the egress queue counters RMON support Maximum number of entries allowed in the RMON control table TABLE 24 2 Statistics (RMON group 1) TABLE 24 3 RMON support A History (RMON group 2) Alarm (RMON group 3) Event (RMON group 9) sFlow sFlow version 5 sFlow support for IPv6 packets Extended router information Extended gateway information Hardware support CPU utilization Source address Sampling rate Port monitoring and sFlow Configuring and enabling sFlow Specifying the collector Changing the polling interval Changing the sampling rate Page Enabling sFlow forwarding Configuring sFlow version 5 features Egress interface ID for sampled broadcast and multicast packets Specifying the sFlow version format Specifying the sFlow agent IP address Specifying the version used for exporting sFlow data Specifying the maximum flow sample size Exporting CPU and memory usage information to the sFlow collector Exporting CPU-directed data (management traffic) to the sFlow collector Displaying sFlow information sFlow sFlow A Syntax: show sflow This command shows the following information. TABLE 24 4 Clearing sFlow statistics Configuring a utilization list for an uplink port TABLE 24 4 Displaying utilization percentages for an uplink Page Appendix B The following table lists the RFCs supported by Dell PowerConnect devices. Software Specifications IEEE compliance Dell PowerConnect devices support the following standards. TABLE 24 6 Page Page Page Page Page Internet drafts

Dell manual

Models: FCX624-E FCX624-I FCX624-S FCX648-E FCX648-I FCX648-S