Main
Page
Contents
About This Document
Chapter 1 Getting Familiar with Management Applications
Chapter 2 Configuring Basic Software Features
Chapter 3 Operations, Administration, and Maintenance
Chapter 4 Software-based Licensing
Chapter 5 Stackable Devices
Chapter 6 Monitoring Hardware Components
Chapter 7 Configuring IPv6 Management on PowerConnect B-Series FCXSwitches
Chapter 8 Configuring Spanning Tree Protocol (STP) Related Features
Chapter 9 Configuring Basic Layer 2 Features
Chapter 10 Configuring Metro Features
Chapter 11 Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups
Chapter 12 Configuring Trunk Groups and Dynamic Link Aggregation
Chapter 13 Configuring Virtual LANs (VLANs)
Page
Chapter 14 Configuring GARP VLAN Registration Protocol (GVRP)
Chapter 15 Configuring MAC-based VLANs
Chapter 16 Configuring Rule-Based IP Access Control Lists (ACLs)
Chapter 17 Configuring Quality of Service
Chapter 18 Configuring Traffic Policies
Chapter 19 Configuring Base Layer 3 and Enabling Routing Protocols
Chapter 20 Configuring Port Mirroring and Monitoring
Chapter 21 Configuring Rate Limiting and Rate Shaping on
Chapter 22 Configuring IP Multicast Traffic Reduction for
Chapter 24 Configuring LLDP and LLDP-MED
Chapter 25 Configuring IP Multicast Protocols
Page
Chapter 26 Configuring IP
Chapter 27 Configuring Multicast Listening Discovery (MLD) Snooping on
Chapter 28 Configuring RIP (IPv4)
Chapter 29 Configuring OSPF Version 2 (IPv4)
Page
Chapter 30 Configuring BGP4 (IPv4)
Page
Chapter 31 Configuring VRRP and VRRPE
Chapter 32 Securing Access to Management Functions
Page
Chapter 33 Configuring SSH2 and SCP
Chapter 34 Configuring 802.1X Port Security
Chapter 35 Using the MAC Port Security Feature
Chapter 36 Configuring Multi-Device Port Authentication
Chapter 37 Configuring Web Authentication
Chapter 38 Protecting Against Denial of Service Attacks
Chapter 39 Inspecting and Tracking DHCP Packets
Chapter 40 Securing SNMP Access
Chapter 41 Using Syslog
Appendix A Network Monitoring
Appendix B Software Specifications
About This Document
Introduction
Device nomenclature
Audience
TABLE 1
Document conventions
Text formatting
Command syntax conventions
Notes, cautions, and danger notices
TABLE 2
Notice to the reader
Related publications
Getting technical help
Contacting Dell
Page
Getting Familiar with Management Applications
Using the management port
How the management port works
CLI Commands for use with the management port
Logging on through the CLI
On-line help
Command completion
Scroll control
Line editing commands
Using stack-unit, slot number, and port number with CLI commands
TABLE 4
CLI nomenclature on Stackable devices
Searching and filtering output from CLI commands
Searching and filtering output from Show commands
Searching and filtering output at the --More-- prompt
Using special characters in regular expressions
Using stack-unit, slot number, and port number with CLI commands 1
TABLE 5
Character Operation
Creating an alias for a CLI command
TABLE 5
Logging on through the Web Management Interface
FIGURE 1
FIGURE 2
Navigating the Web Management Interface
Page
Page
Page
Page
Configuring Basic Software Features
TABLE 6
Feature PowerConnect B-Series FCX Basic System Parameters
Basic Port Parameters
Configuring basic system parameters
Entering system administration information
TABLE 6
Configuring Simple Network Management Protocol (SNMP) parameters
Specifying an SNMP trap receiver
Specifying a single trap source
Setting the SNMP trap holddown time
Disabling SNMP traps
Disabling Syslog messages and traps for CLI access
Cancelling an outbound Telnet session
Specifying a Simple Network Time Protocol (SNTP) server
TABLE 7
Setting the system clock
TABLE 8
New start and end dates for US daylight saving time
Limiting broadcast, multicast, and unknown unicast traffic
Configuration notes and feature limitationss:
-
-
Command syntax for packet-based limiting on PowerConnect B-Series FCX devices
Viewing broadcast, multicast, and unknown unicast limits
Configuring CLI banners
Setting a message of the day banner
Requiring users to press the Enter key after the message of the day banner
Setting a privileged EXEC CLI level banner
Displaying a console message when an incoming Telnet session is detected
Configuring a local MAC address for Layer 2 management traffic
Configuring basic port parameters
Assigning a port name
Modifying port speed and duplex mode
Enabling auto-negotiation maximum port speed advertisement and down-shift
Application notes
Enabling port speed down-shift
Configuring port speed down-shift and auto-negotiation for a range of ports
Configuring maximum port speed advertisement
Modifying port duplex mode
Configuring MDI/MDIX
Disabling or re-enabling a port
Configuring flow control
Disabling or re-enabling flow control
Negotiation and advertisement of flow control
Displaying flow-control status
Configuring symmetric flow control on PowerConnect B-Series FCX devices
About XON and XOFF thresholds
Configuration notes and feature limitations for symmetric flow control
TABLE 9
- - -
Enabling and disabling symmetric flow control
Changing the XON and XOFF thresholds
Changing the total buffer limits
Displaying symmetric flow control status
Configuring PHY FIFO Rx and Tx depth
Configuring the IPG on PowerConnect Stackable devices
Configuring IPG on a 10/100/1000M port
Enabling and disabling support for 100BaseTX
Enabling and disabling support for 100BaseFX
Chassis-based and Stackable devices
Changing the Gbps fiber negotiation mode
Modifying port priority (QoS)
Dynamic configuration of Voice over IP (VoIP) phones
Enabling dynamic configuration of a Voice over IP (VoIP) phone
Viewing voice VLAN configurations
Configuring port flap dampening
Configuring port flap dampening on an interface
Configuring port flap dampening on a trunk
Re-enabling a port disabled by port flap dampening
Displaying ports configured with port flap dampening
TABLE 10
Syslog messages for port flap dampening
TABLE 10
Port loop detection
Strict mode and loose mode
Recovering disabled ports
Enabling loop detection
Configuring a global loop detection interval
Configuring the device to automatically re-enable ports
Specifying the recovery time interval
Clearing loop-detection
Displaying loop-detection information
Displaying loop detection resource information
TABLE 11
Syslog message
TABLE 11
Operations, Administration, and Maintenance
TABLE 12
Determining the software versions installed and running on a device
Determining the flash image version running on the device
Compact devices
Determining the boot image version running on the device
Determining the image versions installed in flash memory
Flash image verification
CLI commands
Image file types
Viewing the contents of flash files
TABLE 13
Using SNMP to upgrade software
Using SNMP to upgrade software
Changing the block size for TFTP file transfers
Rebooting
Displaying the boot preference
Loading and saving configuration files
Replacing the startup configuration with the running configuration
Replacing the running configuration with the startup configuration
Logging changes to the startup-config file
Copying a configuration file to or from a TFTP server
Dynamic configuration loading
Usage considerations
Preparing the configuration file
Page
Loading the configuration information into the running-config
Maximum file sizes for startup-config file and running-config
Loading and saving configuration files with IPv6
Using the IPv6 copy command
Copying a file to an IPv6 TFTP server
Copying a file from flash memory
Copying a file from an IPv6 TFTP server
Copying a file to flash memory
Copying a file to the running or startup configuration
Using the IPv6 ncopy command
Copying a primary or secondary boot Image from flash memory to an IPv6 TFTP server
Copying the running or startup configuration to an IPv6 TFTP server
Uploading files from an IPv6 TFTP server
Uploading a primary or secondary boot image from an IPv6 TFTP server
Uploading a running or startup configuration from an IPv6 TFTP server
Using SNMP to save and load configuration information
Erasing image and configuration files
Scheduling a system reload
Reloading at a specific time
Reloading after a specific amount of time
Displaying the amount of time remaining before a scheduled reload
Canceling a scheduled reload
Diagnostic error codes and remedies for TFTP transfers
Testing network connectivity
Pinging an IPv4 address
Page
Tracing an IPv4 route
Software-based Licensing
Software license terminology
TABLE 14
Software-based licensing overview
How software-based licensing works
License types
Non-licensed features
TABLE 15
Licensed features and part numbers
Licensing rules
General notes
PowerConnect B-Series FCX devices
TABLE 16
Page
Configuration tasks
Obtaining a license
TABLE 17
Page
FIGURE 6
Page
FIGURE 8
Installing a license file
Using TFTP to install a license file
Using Secure Copy (SCP) to install a license
Deleting a license
Other licensing options available from the Brocade Software Portal
Viewing software license information
FIGURE 10
Transferring a license
Syslog messages and trap information
TABLE 18
Viewing information about software licenses
Viewing the License ID (LID)
TABLE 18
Viewing information about software licenses
Viewing the license database
TABLE 19
Trial license information
Viewing software packages installed in the device
TABLE 20
Page
Stackable Devices
IronStack overview
IronStack technology features
Stackable models
PowerConnect B-Series FCX devices
IronStack terminology
Stack unit roles:
Page
Building an IronStack
IronStack topologies
Mixed unit topologies
PowerConnect B-Series FCX stack topologies
PowerConnect B-Series FCX Configuration Guide 99
FIGURE 11
FIGURE 12
100 PowerConnect B-Series FCX Configuration Guide
FIGURE 13
Device
Software requirements
IronStack construction methods
There are three ways to build an IronStack.
1357911 131517192123
Reset 1 PS
Scenario 1 - Configuring a three-member IronStack in a ring topology using secure-setup
Page
Page
Page
Page
Configuration notes for scenario 2
Page
Configuring an FCX IronStack
Configuring PowerConnect B-Series FCX stacking ports
Changing PowerConnect B-Series FCX-S and CX4 ports from 16 Gbps to 10 Gbps
Configuring default ports on FCX devices
Changing default stacking port configurations
Syntax: [no] stack-port <stack-unit/slotnum/portnum>
TABLE 22
Device Slot 1 Slot 2 Slot 3 Slot 4
Using secure-setup to build an FCX IronStack
Configuring a default stacking port to function as a data port
Use the no form of the command to rever t to the 4-byte Ethernet preamble.
Verifying an IronStack configuration
Verifying an PowerConnect B-Series FCX IronStack configuration
The following output shows an example configuration of an PowerConnect B-Series FCX IronStack.
The next example shows output from the show version command for the same FCX stack.
Page
Managing your IronStack
Logging in through the CLI
Logging in through Brocade Network Advisor
Logging in through the console port
Page
IronStack management MAC address
Manual allocation of the IronStack MAC address
Page
Removing MAC address entries
IronStack unit identification
IronStack unit priority
CLI command syntax
IronStack CLI commands
TABLE 23
Stacking mode
TABLE 23
Copying the flash image to a stack unit from the Active Controller
Reloading a stack unit
Controlling stack topology
Managing IronStack partitioning
Merging IronStacks
MIB support for the IronStack
Persistent MAC address
Page
Unconfiguring an IronStack
Displaying IronStack information
Displaying flash information
For stack member 3 only:
Table 24 describes the fields displayed in this example.
Displaying memory information
TABLE 24
Syntax: show memory Table 2 5 describes the fields displayed in this output example.
Displaying chassis information
TABLE 25
Syntax: show chassis Table 2 6 describes the fields displayed in this output example.
Displaying stack module information
TABLE 26
Displaying stack resource information
Displaying stack information
TABLE 27
TABLE 28
If you add a stack member ID, output is displayed for that member only.
If you add detail to the show stack command, output resembles the following.
Displaying stack flash information
TABLE 29
TABLE 30
Syntax: show stack flash
Displaying stack rel-IPC statistics
Use the show stack rel-ipc stats command to display session statistics for stack units.
TABLE 31
Page
Page
Syntax: show stack rel-ipc stats
Displaying stack rel-IPC statistics for a specific stack unit
To display IPC statistics for a specific unit, enter the following command:
Syntax: show stack rel-ipc unit num
Displaying stack neighbors
Syntax: show stack neighbors
The show stack neighbors command displays information about stack member neighbors.
Table 3 2 describes the output from the show stack neighbors command.
Displaying stack port information
The show stack stack-ports command displays information about stack port status.
Displaying running configuration information
The show running-config command displays information about the current stack configuration.
TABLE 32
Displaying configured stacking ports
Displaying software version information
TABLE 34
Syntax: show version
Displaying stacking port interface information
Displaying stacking port statistics
TABLE 35
Adding, removing, or replacing units in an IronStack
Installing a new unit in an IronStack using secure-setup
Installing a new unit using static configuration
TABLE 36
Removing a unit from an IronStack
Replacing an IronStack unit
Moving a unit to another stack
Removing an Active Controller from a powered stack
Renumbering stack units
Syslog, SNMP, and traps
Configuring SNMP for an IronStack
SNMP engine IDs for stackable devices
Troubleshooting an IronStack
Troubleshooting an unsuccessful stack build
Troubleshooting image copy issues
Stack mismatches
Image mismatches
Advanced feature privileges (PowerConnect B-Series FCX )
Major mismatch
Minor mismatch
Configuration mismatch
Memory allocation failure
Recovering from a mismatch
Troubleshooting secure-setup
Troubleshooting unit replacement issues
More about IronStack technology
Configuration, startup configuration files and stacking flash
IronStack topologies
Port down and aging
Device roles and elections
Active Controller
Standby Controller
Bootup role
Active Controller and Standby Controller elections
Active Controller and Standby Controller resets
Selecting a standby unit
Standby Controller election criteria
PowerConnect B-Series FCX hitless stacking
Supported events
Non-supported events
Supported protocols and services
Page
Page
What happens during a hitless stacking switchover or failover
Real-time synchronization among all PowerConnect B-Series FCX units in a stack
How a Hitless switchover or failover impacts system functions
Standby Controller role in hitless stacking
Standby Controller election
Runtime configuration mismatch
Support during stack formation, stack merge, and stack split
170 PowerConnect B-Series FCX Configuration Guide
End of Stage 2
Existing stack (after write mem and reload)
FIGURE 15
Device stack formation
New Stack
FCX stack formation
End of Stage 1
FIGURE 16
Device stack merge when the old Active controller comes back up
Device stack merge
172 PowerConnect B-Series FCX Configuration Guide
Figure 17 illustrates hitless stacking support in a stack split.
FIGURE 17
stack split
The stack splits into one operational stack and two orphan units.
The stack splits into two operational stacks.
Hitless stacking default behavior
Enabling hitless stacking
Displaying hitless stacking status
Displaying pending device roles
Hitless stacking failover
Enabling hitless failover
Hitless stacking failover example
FIGURE 18
Hitless stacking switchover
Executing a hitless stacking switchover
Hitless stacking switchover examples
FIGURE 19
FIGURE 20
.
Active controller comes back (in a stack with user-assigned priorities)
180 PowerConnect B-Series FCX Configuration Guide
FIGURE 21
Device stack priority change - Scenario 1
Priority 200 assigned to Unit 2 (Standby)
The priority change triggers re-election of the Active controller
The Standby controller is re-assigned and a switchover occurs. Stages 1 and 2 are bypassed.
FIGURE 22
Device stack priority change - Scenario 2
182 PowerConnect B-Series FCX Configuration Guide
FIGURE 23
Standby re-assigned
Priority 150 assigned to Unit 3 (Member 3) Priority 200 assigned to Unit 4 (Member 4)
The priority change triggers re-election of the Active controller
Standby re-assigned
Displaying information about hitless stacking
Syslog messages for hitless stacking failover and switchover
TABLE 38
Displaying hitless stacking diagnostic information
Syntax: debug stacking sync_rel_msg <num>
Page
Page
Page
Monitoring Hardware Components
Virtual cable testing
TABLE 39
Viewing the results of the cable analysis
FIGURE 24
TABLE 40
RJ-45 JACK T568A STANDARD
PC STRAIGHT-THRU HUB
Supported Fiber Optic Transceivers
TABLE 41
TABLE 42
Label Manufacturing part number Type Dell part number Supports Digital Optical Monitoring?
Digital optical monitoring
Configuration limitations
Enabling digital optical monitoring
TABLE 42
Setting the alarm interval
Displaying information about installed media
Digital optical monitoring
Use the show media slot command to obtain information about the media device installed in a slot.
Syntax: show media [slot <slot-num> | ethernet [<slot-num>/]<port-num>]
Viewing optical monitoring information
TABLE 43
TABLE 44
Viewing optical transceiver thresholds
Syslog messages
Configuring IPv6 Management on PowerConnect B-Series FCXSwitches
TABLE 45
IPv6 management overview
IPv6 addressing
FIGURE 25
Enabling and disabling IPv6
IPv6 management features
IPv6 management ACLs
IPv6 debug
IPv6 Web management using HTTP and HTTPS
Restricting web access
IPv6 logging
Specifying an IPv6 Syslog server
Name-to-IPv6 address resolution using IPv6 DNS server
Defining an IPv6 DNS entry
IPv6 ping
SNTP over IPv6
SNMP3 over IPv6
Specifying an IPv6 SNMP trap receiver
Secure Shell, SCP, and IPv6
IPv6 Telnet
Establishing a Telnet session from an IPv6 host
IPv6 traceroute
IPv6 management commands
Page
Configuring Spanning Tree Protocol (STP) Related Features
STP overview
TABLE 46
Configuring standard STP parameters
STP parameters and defaults
TABLE 47
TABLE 48
Enabling or disabling the Spanning Tree Protocol (STP)
TABLE 49
TABLE 48
Enabling or disabling STP globally
Changing STP bridge and port parameters
Changing STP bridge parameters
Changing STP port parameters
STP protection enhancement
Enabling STP protection
Clearing BPDU drop counters
Viewing the STP Protection Configuration
Displaying STP information
Displaying STP information for an entire device
Configuring standard STP parameters
TABLE 50
Global STP parameters
Port STP parameters
Configuring standard STP parameters 8
Displaying CPU utilization statistics
TABLE 50
Displaying the STP state of a port-based VLAN
Page
TABLE 51
Configuring standard STP parameters 8
TABLE 51
Displaying STP state information for an individual interface
Configuring STP related features
Fast port span
Disabling and re-enabling fast port span
Excluding specific ports from fast port span
Fast Uplink Span
Active uplink port failure
Switchover to the active uplink port
Fast Uplink Span Rules for Trunk Groups
Configuring a Fast Uplink Port Group
802.1W Rapid Spanning Tree (RSTP)
Bridges and bridge port roles
Page
FIGURE 26
Edge ports and edge port roles
FIGURE 27
Point-to-point ports
FIGURE 28
Bridge port states
Edge port and non-edge port states
Changes to port roles and states
FIGURE 29
FIGURE 30
FIGURE 31
FIGURE 32
FIGURE 33
240 PowerConnect B-Series FCX Configuration Guide
FIGURE 34
PowerConnect B-Series FCX Configuration Guide 241
FIGURE 37
FIGURE 38
Convergence in a simple topology
FIGURE 39
FIGURE 40
FIGURE 41
Convergence after a link failure
FIGURE 42
Convergence at link restoration
Page
Convergence in a complex 802.1W topology
FIGURE 43
Page
FIGURE 44
Propagation of topology change
FIGURE 45
254 PowerConnect B-Series FCX Configuration Guide
FIGURE 46
FIGURE 47
Compatibility of 802.1W with 802.1D
FIGURE 48
Configuring 802.1W parameters on a Dell PowerConnect device
Switch 10 Switch 20 Switch 30 802.1W 802.1D 802.1W
Page
TABLE 52
Displaying information about 802-1W
TABLE 53
Bridge IEEE 802.1W parameters
TABLE 53
Page
TABLE 54
Page
802.1W Draft 3
FIGURE 49
FIGURE 50
X
Reconvergence time
Enabling 802.1W Draft 3
Single Spanning Tree (SSTP)
SSTP defaults
Enabling SSTP
Displaying SSTP information
STP per VLAN group
FIGURE 51
STP load balancing
Configuring STP per VLAN group
Page
Configuration example for STP load sharing
FIGURE 52
PVST/PVST+ compatibility
Overview of PVST and PVST+
FIGURE 53
VLAN tags and dual mode
Configuring PVST+ support
Enabling PVST+ support manually
Enabling dual-mode support
Displaying PVST+ support information
Configuration examples
Tagged port using default VLAN 1 as its port native VLAN
FIGURE 54
TABLE 55
Untagged port using VLAN 2 as port native VLAN
FIGURE 55
PVRST compatibility
BPDU guard
Enabling BPDU protection by port
Re-enabling ports disabled by BPDU guard
Displaying the BPDU guard status
Example configurations
Example console messages
Root guard
Enabling STP root guard
Displaying the STP root guard
Displaying the root guard by VLAN
Error disable recovery
Enabling error disable recovery
Setting the recovery interval
Displaying the error disable recovery state by interface
Displaying the recovery state for all conditions
Displaying the recovery state by port number and cause
Errdisable Syslog messages
802.1s Multiple Spanning Tree Protocol
Multiple spanning-tree regions
FIGURE 56
Configuring MSTP mode and scope
Reduced occurrences of MSTP reconvergence
Example application
Deleting a VLAN to MSTI mapping
Viewing the MSTP configuration digest
Configuring additional MSTP parameters
Setting the MSTP name
Setting the MSTP revision number
Configuring an MSTP instance
Configuring bridge priority for an MSTP instance
Setting the MSTP global parameters
Setting ports to be operational edge ports
Setting automatic operational edge ports
Setting point-to-point link
Disabling MSTP on a port
Forcing ports to transmit an MSTP BPDU
FIGURE 57
RTR1 configuration
Core 1 configuration
Region 1
Region 2
Displaying MSTP statistics
TABLE 56
Displaying MSTP information for a specified instance
Refer to Table 5 6 for details about the display parameters.
Displaying MSTP information for CIST instance 0
To display details about the MSTP configuration, enter the following command.
To display details about the MSTP that is configured on the device, enter the following command.
Page
Page
Configuring Basic Layer 2 Features
NOTES:
TABLE 57
About port regions
PowerConnect B-Series FCX device port regions
Enabling or disabling the Spanning Tree Protocol (STP)
Modifying STP bridge and port parameters
MAC learning rate control
Changing the MAC age time and disabling MAC address learning
NOTES:
Disabling the automatic learning of MAC addresses
Configuring static MAC entries
Multi-port static MAC address
Configuring a multi-port static MAC address
Configuring VLAN-based static MAC entries
Clearing MAC address entries
Flow-based MAC address learning
Feature overview
The benefits of flow-based learning
How flow-based learning works
Configuring flow-based MAC address learning
Enabling flow-based MAC address learning
Increasing the capacity of the MAC address table (optional)
Displaying information about flow-based MACs
Clearing flow-based MAC address entries
Enabling port-based VLANs
Assigning IEEE 802.1Q tagging to a port
Defining MAC address filters
Configuration notes and limitations
Page
Enabling logging of management traffic permitted by MAC address filters
MAC address filter override for 802.1X-enabled ports
Locking a port to restrict addresses
Displaying and modifying system parameter default settings
Displaying system parameter default values
Displaying and modifying system parameter default settings
Page
Displaying and modifying system parameter default settings
Table 5 8 defines the system parameters in the show default values command output.
TABLE 58
This system parameter... Defines the maximum number of...
Displaying and modifying system parameter default settings 9
Modifying system parameter default values
TABLE 58
This system parameter... Defines the maximum number of...
TDynamic Buffer Allocation for an IronStack
Configuration Steps
TDynamic Buffer Allocation for an IronStack
Sample Configuration
Generic buffer profiles on PowerConnect Stackable devices
Configuring buffer profiles
Deleting buffer profiles
Remote Fault Notification (RFN) on 1G fiber connections
Enabling and disabling remote fault notification
Link Fault Signaling (LFS) for 10G
Enabling LFS
Viewing the status of LFS-enabled links
Jumbo frame support
Page
Configuring Metro Features
Topology groups
TABLE 59
Master VLAN and member VLANs
Control ports and free ports
Configuring a topology group
Displaying topology group information
Displaying STP information
Displaying topology group information
Metro Ring Protocol (MRP)
TABLE 60
FIGURE 58
MRP rings without shared interfaces (MRP Phase 1)
FIGURE 59
340 PowerConnect B-Series FCX Configuration Guide
Metro Ring Protocol (MRP)
MRP rings with shared interfaces (MRP Phase 2)
C = customer port
FIGURE 60
FIGURE 61
Example 1 Example 2
Ring initialization
FIGURE 62
RHP processing in MRP Phase 1
Page
Metro Ring Protocol (MRP)
FIGURE 63
RHP processing in MRP Phase 2
FIGURE 64
How ring breaks are detected and healed
FIGURE 65
X
FIGURE 66
Master VLANs and customer VLANs
FIGURE 67
Configuring MRP
Adding an MRP ring to a VLAN
Changing the hello and preforwarding times
Using MRP diagnostics
Enabling MRP diagnostics
Displaying MRP diagnostics
TABLE 61
Displaying MRP information
Displaying topology group information
Displaying ring information
TABLE 61
Page
MRP CLI example
Commands on Switch A (master node)
TABLE 62
Commands on Switch B
Commands on Switch C
Commands on Switch D
Virtual Switch Redundancy Protocol (VSRP)
FIGURE 68
Layer 2 and Layer 3 redundancy
Master election and failover
VSRP failover
VSRP priority calculation
X
X
FIGURE 72
MAC address failover on VSRP-aware devices
X
Timer scale
VSRP-Aware security features
VSRP parameters
TABLE 63
Virtual Switch Redundancy Protocol (VSRP) 10
Interface parameters
Virtual Switch Redundancy Protocol (VSRP)
Configuring basic VSRP parameters
Configuring optional VSRP parameters
Disabling or re-enabling VSRP
Changing the timer scale
Configuring authentication
Configuring security features on a VSRP-aware device
Removing a port from the VRID VLAN
Configuring a VRID IP address
Changing the backup priority
Saving the timer values received from the master
Changing the Time-To-Live (TTL)
Changing the hello interval
Changing the dead interval
Changing the backup hello state and interval
Changing the hold-down interval
Changing the default track priority
Specifying a track port
Disabling or re-enabling backup pre-emption
Suppressing RIP advertisement from backups
VSRP-aware interoperablilty
Displaying VSRP information
Displaying VRID information
Page
Displaying the active interfaces for a VRID
TABLE 65
TABLE 64
VSRP fast start
Configuring VSRP fast start
Displaying ports that Have the VSRP fast start feature enabled
TABLE 65
VSRP and MRP signaling
FIGURE 74
PowerConnect B-Series FCX Configuration Guide 381
XX
Virtual Switch Redundancy Protocol (VSRP) 10
XX
FIGURE 75
participate on the MRP ring.
FIGURE 76
Page
Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups
UDLD overview
Switch Switch
FIGURE 77
X
UDLD for tagged ports
Enabling UDLD
Enabling UDLD for tagged ports
Changing the Keepalive interval
Changing the Keepalive retries
Displaying UDLD information
Displaying information for all ports
TABLE 67
Displaying information for a single port
TABLE 68
Clearing UDLD statistics
Protected link groups
About active ports
Using UDLD with protected link groups
Creating a protected link group and assigning an active port
TABLE 69
Page
Configuring Trunk Groups and Dynamic Link Aggregation
Trunk group overview
TABLE 70
FIGURE 78
Trunk group connectivity to a server
Switch
...
Switch1
Switch2
Trunk group rules
...
Configuration notes for Dell PowerConnect devices in an IronStack
Trunk group configuration examples
PowerConnect B-Series FCX Configuration Guide 397
Trunk group overview 12
Device
FIGURE 80
Figure 81 shows two IronStacks connected by multi-slot trunk groups.
398 PowerConnect B-Series FCX Configuration Guide
Trunk group overview
Support for flexible trunk group membership
Trunk group load sharing
Support for IPv6
Load sharing for unknown unicast, multicast, and broadcast traffic
How trunk load sharing works
Adding Layer 2 information to trunk hash output
TABLE 72
Configuring a trunk group
CLI syntax for configuring consecutive ports in a trunk group
CLI syntax for configuring non-consecutive ports in a trunk group
Example 1: Configuring the trunk groups shown in Figure 78
Example 2: Configuring a trunk group that spans two Gbps Ethernet modules in a chassis device
Example 3: Configuring a multi-slot trunk group with one port per module
Example 4: Configuring a trunk group of 10 Gbps Ethernet ports
Example 5: Configuring a static trunk group for devices in an IronStack
Additional trunking options
Naming a trunk port
Disabling or re-enabling a trunk port
Page
Deleting a static trunk group
Specifying the minimum number of ports in a static trunk group
Monitoring a trunk port
Configuring outbound rate shaping for a trunk port
Displaying trunk group configuration information
Displaying trunk group configuration information 12
Viewing the first and last ports in a trunk group
TABLE 73
Dynamic link aggregation
IronStack LACP trunk group configuration example
Examples of valid LACP trunk groups
FIGURE 82
Configuration notes and limitations
FastIron Stackable devices
FastIron Stackable devices in an IronStack
Adaptation to trunk disappearance
Flexible trunk eligibility
FIGURE 83
Enabling dynamic link aggregation
TABLE 74
Port1/1 Port1/2 Port1/3 Port1/4
Group 1 Group 2
Page
How changing the VLAN membership of a port affects trunk groups and dynamic keys
Additional trunking options for LACP trunk ports
Link aggregation parameters
System priority
Port priority
Timeout
Key
FIGURE 84
FIGURE 85
Viewing keys for tagged ports
Configuring link aggregation parameters
Displaying and determining the status of aggregate links
Events that affect the status of ports in an aggregate link
Displaying link aggregation and port status information
Page
Displaying and determining the status of aggregate links
Displaying link aggregation and port status information for PowerConnect Stackable devices
Displaying LACP status information
TABLE 75
Clearing the negotiated aggregate links table
Configuring single link LACP
CLI syntax
Configuring Virtual LANs (VLANs)
VLAN overview
Types of VLANs
VLAN support on Dell PowerConnect devices
TABLE 76
Layer 2 port-based VLANs
Page
Layer 3 protocol-based VLANs
FIGURE 87
Integrated Switch Routing (ISR)
IP subnet, IPX network, and AppleTalk cable VLANs
Default VLAN
FIGURE 88
802.1Q tagging
PowerConnect B-Series FCX Configuration Guide 435
VLAN overview 13
FIGURE 89
Tag Protocol Id (TPID)
FIGURE 90
Support for 802.1Q-in-Q tagging
Spanning Tree Protocol (STP)
Virtual routing interfaces
FIGURE 91
VLAN and virtual routing interface groups
Dynamic, static, and excluded port membership
Dynamic ports
FIGURE 92
FIGURE 93
Static ports
Excluded ports
Broadcast leaks
Super aggregated VLANs
Trunk group ports and VLAN membership
Summary of VLAN configuration rules
Multiple VLAN membership rules
Routing between VLANs
Virtual routing interfaces (Layer 3 Switches only)
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)
Dynamic port assignment (Layer 2 Switches and Layer 3 Switches)
Assigning a different VLAN ID to the default VLAN
Assigning different VLAN IDs to reserved VLANs 4091 and 4092
Viewing reassigned VLAN IDs for reserved VLANs 4091 and 4092
TABLE 77
Assigning trunk group ports
Configuring port-based VLANs
TABLE 77
FIGURE 94
Device
Layer 3 Switch
VLAN 222 Ports 1 - 8
VLAN 333 Ports 9 - 16
448 PowerConnect B-Series FCX Configuration Guide
Device Device-A Device-B Device-C
Configuring device-B
Configuring device-C
Modifying a port-based VLAN
Removing a port-based VLAN
Removing a port from a VLAN
Enable spanning tree on a VLAN
Configuring IP subnet, IPX network and protocol-based VLANs
FIGURE 96
Port25
Device
Layer 3 Switch
Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs
FIGURE 97
Device-A Device-B
Device
Device-C
Configuring device-B
Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs 13
Configuring device-C
Enter the following comma nds to configure device- C.
Configuring an IPv6 protocol VLAN
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)
FIGURE 98
Device-A
Device-B
Device-C
Device-C
Building 1 Building 2
Page
Page
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)
requires a new VLAN ID. The VLAN ID for this port-based VLAN is VLAN 7.
Configuration for device-B
Enter the following comma nds to configure device- B.
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) 13
Configuration for device-C
Enter the following comma nds to configure device- C.
Configuring protocol VLANs with dynamic ports
Aging of dynamic ports
Disabling membership aging of dynamic VLAN ports
Configuration guidelines
Configuring an IP, IPX, or AppleTalk Protocol VLAN with Dynamic Ports
Configuring an IP subnet VLAN with dynamic ports
Configuring an IPX network VLAN with dynamic ports
Configuring uplink ports within a port-based VLAN
Configuration syntax
Configuring the same IP subnet address on multiple port-based VLANs
FIGURE 99
Switch
FIGURE 100
Switch
Configuring VLAN groups and virtual routing interface groups
Configuring a VLAN group
Displaying information about VLAN groups
Configuring a virtual routing interface group
CLI syntax
Displaying the VLAN group and virtual routing interface group information
Allocating memory for more VLANs or virtual routing interfaces
Increasing the number of VLANs you can configure
Increasing the number of virtual routing interfaces you can configure
TABLE 78
Configuring super aggregated VLANs
FIGURE 101
PowerConnect B-Series FCX Configuration Guide 479
Configuring super aggregated VLANs 13
FIGURE 102
Configuring aggregated VLANs
Configuring aggregated VLANs on an edge device
Configuring aggregated VLANs on a core device
Verifying the configuration
Complete CLI examples
Commands for device A
Commands for device B
Configuring super aggregated VLANs 13
Commands for device C
Commands for device D
Commands for device E
Commands for device F
Configuring 802.1Q-in-Q tagging
FIGURE 103
Configuration rules
Enabling 802.1Q-in-Q tagging
Page
PowerConnect B-Series FCX Configuration Guide 487
Configuring 802.1Q-in-Q tagging 13
Example configuration
Figure 104 shows an example 802.1Q-in-Q configuration.
FIGURE 104
Configuring 802.1Q-in-Q tag profiles
Configuring private VLANs
FIGURE 105
FIGURE 106
Switch A Switch B
PVLAN-Trunk Port - carries traffic for VLAN 10, 20 and 100
PVLAN-Trunk Ports
Configuring the primary VLAN
Configuring an isolated or community PVLAN
Page
Enabling broadcast or unknown unicast traffic to the PVLAN
TABLE 80
Configuring private VLANs
CLI example for a general PVLAN network
To configure the PVLANs shown in Figure105 on page 489, enter the following commands.
CLI example for a PVLAN network with switch-switch link ports
PowerConnect B-Series FCX 2
Dual-mode VLAN ports
FIGURE 108
FIGURE 109
Displaying VLAN information
Displaying VLANs in alphanumeric order
Displaying system-wide VLAN information
Displaying global VLAN information
Displaying VLAN information for specific ports
Displaying a port VLAN membership
Displaying a port dual-mode VLAN membership
Displaying port default VLAN IDs (PVIDs)
Displaying PVLAN information
Configuring GARP VLAN Registration Protocol (GVRP)
GVRP overview
TABLE 81
Application examples
FIGURE 110
Dynamic core and fixed edge
Dynamic core and dynamic edge
Fixed core and dynamic edge
Fixed core and fixed edge
VLAN names
Configuration notes
Page
Configuring GVRP
Changing the GVRP base VLAN ID
Increasing the maximum configurable value of the Leaveall timer
Enabling GVRP
Disabling VLAN advertising
Disabling VLAN learning
Changing the GVRP timers
Timer configuration requirements
Changing the Join, Leave, and Leaveall timers
Resetting the timers to their defaults
Converting a VLAN created by GVRP into a statically-configured VLAN
Displaying GVRP information
Displaying GVRP configuration information
TABLE 82
To display detailed GVRP information for an individual port, enter a command such as the following.
TABLE 82
Displaying GVRP VLAN information
TABLE 83
Syntax: show gvrp vlan all | brief | <vlan-id> This display shows the following information.
Displaying GVRP statistics
To display GVRP statistics for a port, enter a command such as the following.
Syntax: show gvrp statistics all | ethernet <port>
TABLE 85
This display shows the following information for the port.
Page
Displaying GVRP diagnostic information
Clearing GVRP statistics
CLI examples
Dynamic core and fixed edge
Dynamic core and dynamic edge
Fixed core and dynamic edge
Fixed core and fixed edge
Page
Configuring MAC-based VLANs
Static and dynamic hosts
MAC-based VLAN feature structure
TABLE 87
Dynamic MAC-based VLAN
Configuration notes and feature limitations
TABLE 88
Configuration notes and feature limitations
The following example shows a MAC-based VLAN configuration.
TABLE 88
CLI command Description CLI level
Configuring MAC-based VLANs
Using MAC-based VLANs and 802.1X security on the same port
Configuring generic and Dell vendor-specific attributes on the RADIUS server
TABLE 89
Aging for MAC-based VLAN
TABLE 90
Disabling aging for MAC-based VLAN sessions
Globally disabling aging
Disabling the aging on interfaces
Configuring the maximum MAC addresses per port
Configuring a MAC-based VLAN for a static host
Configuring MAC-based VLAN for a dynamic host
Configuring dynamic MAC-based VLAN
Configuring MAC-based VLANs using SNMP
Displaying Information about MAC-based VLANs
Displaying the MAC-VLAN table
Displaying the MAC-VLAN table for a specific MAC address
Displaying allowed MAC addresses
Enter the following command to display information about successfully authenticated MAC addresses.
Displaying denied MAC addresses
Displaying detailed MAC-VLAN data
Page
Displaying Information about MAC-based VLANs 15
Displaying MAC-VLAN information for a specific interface
Enter the following command to display MAC-VLAN information for a specific interface.
The following table describes the information in this output.
Displaying MAC addresses in a MAC-based VLAN
Enter the following command to display a list of MAC addresses in a MAC-based VLAN.
Displaying MAC-based VLAN logging
Clearing MAC-VLAN information
Sample application
Sample application
FIGUR E 111
Sample application 15
The show table-mac-vlan command returns the following results for all ports in this configuration.
Page
Configuring Rule-Based IP Access Control Lists (ACLs)
Table 91 lists the individual Dell PowerConnect switches and ACL features they support.
TABLE 91
Feature PowerConnect B-Series FCX
ACL overview
Types of IP ACLs
ACL IDs and entries
Numbered and named ACLs
Default ACL action
TABLE 92
How hardware-based ACLs work
How fragmented packets are processed
Hardware aging of Layer 4 CAM entries
Configuration considerations
Configuring standard numbered ACLs
Standard numbered ACL syntax
Page
Configuration example for standard numbered ACLs
Configuring standard named ACLs
Standard named ACL syntax
Configuration example for standard named ACLs
Configuring extended numbered ACLs
Extended numbered ACL syntax
Page
Page
Configuration examples for extended numbered ACLs
Page
Configuring extended named ACLs
Extended named ACL syntax
Page
Page
Configuration example for extended named ACLs
Preserving user input for ACL TCP/UDP port numbers
Managing ACL comment text
Adding a comment to an entry in a numbered ACL
Adding a comment to an entry in a named ACL
Deleting a comment from an ACL entry
Viewing comments in an ACL
Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN
Enabling ACL logging
Configuration Tasks
Example Configuration
Displaying ACL Log Entries
Enabling strict control of ACL filtering of fragmented packets
Enabling ACL support for switched traffic in the router image
Enabling ACL filtering based on VLAN membership or VE port membership
Applying an IPv4 ACL to specific VLAN members on a port (Layer 2 devices only)
Applying an IPv4 ACL to a subset of ports on a virtual interface (Layer 3 devices only)
Using ACLs to filter ARP packets
Configuring ACLs for ARP filtering
Displaying ACL filters for ARP
Clearing the filter count
Filtering on IP precedence and ToS values
TCP flags - edge port security
QoS options for IP ACLs
Configuration notes for PowerConnect B-Series FCX devices
Using an IP ACL to mark DSCP values (DSCP marking)
Combined ACL for 802.1p marking
Using an ACL to change the forwarding queue
DSCP matching
ACL-based rate limiting
ACL statistics
Using ACLs to control multicast features
Enabling and viewing hardware usage statistics for an ACL
Displaying ACL information
Troubleshooting ACLs
Policy-based routing (PBR)
Configuring a PBR policy
Configure the ACLs
Configure the route map
Enabling PBR
Configuration examples
Basic example
Setting the next hop
Setting the output interface to the null interface
Trunk formation
Configuring Quality of Service
Classification
Processing of classified traffic
TABLE 93
Determining the trust level of a packet
PowerConnect B-Series FCX Configuration Guide 593
Classification 17
FIGURE 112
Classification
TABLE 94
DSCP value 0123456789101112121415
TABLE 95
DSCP value 16171819202122232425262728293031
TABLE 96
QoS for stackable devices
QoS profile restrictions in an IronStack
QoS behavior for trusting Layer 2 (802.1p) in an IronStack
QoS behavior for trusting Layer 3 (DSCP) in an IronStack
QoS behavior on port priority and VLAN priority in an IronStack
QoS queues
Assigning QoS priorities to traffic
TABLE 98
Changing a port priority
Assigning static MAC entries to priority queues
Buffer allocation/threshold for QoS queues
802.1p priority override
Enabling 802.1p priority override
Marking
Configuring DSCP-based QoS
Application notes
Using ACLs to honor DSCP-based QoS
PowerConnect stackable devices
Configuring the QoS mappings
Default DSCP to internal forwarding priority mappings
TABLE 99
Changing the DSCP to internal forwarding priority mappings
TABLE 100
Changing the VLAN priority 802.1p to hardware forwarding queue mappings
TABLE 101
8 to 4 queue mapping
Scheduling
QoS queuing methods
TABLE 102
Selecting the QoS queuing method
Configuring the QoS queues
Renaming the queues
Changing the minimum bandwidth percentages of the WRR queues
TABLE 103
Configuration notes
Bandwidth allocations of the hybrid WRR and SP queues.
Viewing QoS settings
Viewing QoS settings
To display the QoS settings for all of the queues, enter the show qos-profiles command.
Viewing DSCP-based QoS settings
Syntax: show qos-tos Table 10 4 shows the output information for the show qos-tos command.
TABLE 10 4
Viewing DSCP-based QoS settings
TABLE 105
Priority-> Hardware Queue
Configuring Traffic Policies
Traffic policies overview
TABLE 106
Configuration notes and feature limitations
Maximum number of traffic policies supported on a device
TABLE 107
Setting the maximum number of traffic policies supported on a Layer 3 device
ACL-based rate limiting using traffic policies
Support for fixed rate limiting and adaptive rate limiting
Configuring ACL-based fixed rate limiting
Configuring ACL-based adaptive rate limiting
TABLE 108
Inspecting the 802.1p bit in the ACL for adaptive rate limiting
Specifying the action to be taken for packets that are over the limit
Dropping packets that exceed the limit
Permitting packets that exceed the limit
ACL statistics and rate limit counting
Enabling ACL statistics
Enabling ACL statistics with rate limiting traffic policies
Viewing ACL and rate limit counters
Clearing ACL and rate limit counters
TABLE 109
Viewing traffic policies
TABLE 110
Configuring Base Layer 3 and Enabling Routing Protocols
Adding a static IP route
TABLE 111
Adding a static ARP entry
Modifying and displaying layer 3 system parameter limits
PowerConnect IPv6 models
Displaying Layer 3 system parameter limits
Configuring RIP
The following shows an example output on a IPV6 device.
Configuring RIP
Enabling RIP
Enabling redistribution of IP static routes into RIP
Enabling redistribution
Enabling learning of default routes
Changing the route loop prevention method
Other layer 3 protocols
Enabling or disabling routing protocols
Enabling or disabling layer 2 switching
Page
Page
Configuring Port Mirroring and Monitoring
Configuring port mirroring and monitoring
TABLE 112
Page
Monitoring a port
Monitoring an individual trunk port
Configuring mirroring on an Ironstack
Example 1. Configuring mirroring for ports on different members in an IronStack
Example 2. Configuring mirroring for ports on the same stack member in an IronStack
ACL-based inbound mirroring
Creating an ACL-based inbound mirror clause for PowerConnect B-Series FCX devices
MAC address filter-based mirroring
Configuring MAC address filter-based mirroring
VLAN-based mirroring
Configuring VLAN-based mirroring
VLAN-based mirroring
Syntax: [no] monitor ethernet <port>
Displaying VLAN mirroring status
The show vlan command displays the VLAN mirroring status.
Page
Page
Configuring Rate Limiting and Rate Shaping on PowerConnect B-Series FCX Switches
Rate limiting overview
TABLE 114
Rate limiting in hardware
How Fixed rate limiting works
FIGURE 113
Configuring a port-based rate limiting policy
Configuring an ACL-based rate limiting policy
Displaying the fixed rate limiting configuration
Rate shaping overview
TABLE 115
Configuring outbound rate shaping for a port
Configuring outbound rate shaping for a specific priority
Configuring outbound rate shaping for a trunk port
Displaying rate shaping configurations
Configuring IP Multicast Traffic Reduction for PowerConnect B-Series FCX Switches
IGMP snooping overview
TABLE 116
Page
Page
Configuring queriers and non-queriers
VLAN specific configuration
Using IGMPv2 with IGMPv3
PIM SM traffic snooping overview
Application example
FIGURE 114
Configuring IGMP snooping
Global tasks
VLAN-specific tasks
Configuring the hardware and software resource limits
Enabling or disabling transmission and receipt of IGMP packets on a port
Configuring the global IGMP mode
Modifying the age interval
Modifying the query interval (active IGMP snooping mode only)
Configuring the global IGMP version
Configuring report control
Modifying the wait time before stopping traffic when receiving a leave message
Modifying the multicast cache age time
Enabling or disabling error and warning messages
Enabling or disabling PIM sparse snooping
Configuring the IGMP mode for a VLAN
Disabling IGMP snooping for the VLAN
Enabling PIM sparse mode snooping for the VLAN
Disabling PIM sparse mode snooping for the VLAN
Configuring the IGMP version for the VLAN
Configuring the IGMP version for individual ports
Configuring static groups to the entire VLAN or to specific ports
Configuring static router ports
Turning off static group proxy
Enabling IGMPv3 membership tracking and fast leave for the VLAN
Configuring fast leave for IGMPv2
Enabling fast convergence
Displaying IGMP snooping information
Displaying IGMP errors
Displaying IGMP group information
Displaying IGMP snooping mcache information
Displaying PIM sparse snooping information
Displaying software resource usage for VLANs
Displaying status of IGMP snooping traffic
To display status information for IGMP snooping traffic, enter the following command.
Displaying IGMP snooping information by VLAN
Displaying querier information
Active interface with no other querier present
Passive interface with no other querier present
Active interface with other querier present
Passive interface with other querier present
Clear IGMP snooping commands
Syntax: clear ip multicast mcache
Clear IGMP counters on VLANs
To clear IGMP snooping on error and traffic counters for all VLANs, enter the following command.
Syntax: clear ip multicast counters
Page
Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets
Using FDP
Configuring FDP
Enabling FDP globally
Enabling FDP at the interface level
Specifying the IP management address to advertise
Changing the FDP update timer
Changing the FDP hold time
Displaying FDP information
Displaying neighbor information
TABLE 118
Using FDP
Displaying FDP entries
To display the detailed neighbor information for a specific device, enter a command such as the
TABLE 119
TABLE 118
Displaying FDP information for an interface
Clearing FDP and CDP information
Clearing FDP and CDP neighbor information
Clearing FDP and CDP statistics
Reading CDP packets
Enabling interception of CDP packets globally
Enabling interception of CDP packets on an interface
Displaying CDP information
Displaying neighbors
Reading CDP packets
Displaying CDP entries
To display CDP entries for all neighbors, enter the following command.
To display CDP entries for a specific device, specify the device ID. Here is an example.
Syntax: show fdp entry * | <device-id>
Displaying CDP statistics
Clearing CDP information
Page
Configuring LLDP and LLDP-MED
TABLE 12 0
Terms used in this chapter
LLDP overview
FIGURE 115
Benefits of LLDP
LLDP-MED overview
FIGURE 116
Benefits of LLDP-MED
LLDP-MED class
General operating principles
Operating modes
Transmit mode
Receive mode
LLDP packets
FIGURE 117
TLV support
LLDP TLVs
LLDP-MED TLVs
Mandatory TLVs
TABLE 121
FIGURE 118
TABLE 12 2
FIGURE 119
MIB support
Syslog messages
Configuring LLDP
TABLE 12 3
Configuration notes and considerations
Enabling and disabling LLDP
TABLE 12 3
Enabling support for tagged LLDP packets
Changing a port LLDP operating mode
Page
Specifying the maximum number of LLDP neighbors
Per device
Per port
Enabling LLDP SNMP notifications and syslog messages
Specifying the minimum time between SNMP traps and syslog messages
Changing the minimum time between LLDP transmissions
Changing the interval between regular LLDP transmissions
Changing the holdtime multiplier for transmit TTL
Changing the minimum time between port reinitializations
LLDP TLVs advertised by the Dell PowerConnect device
General system information
Page
Page
802.1 capabilities
802.3 capabilities
Configuring LLDP-MED
Enabling LLDP-MED
TABLE 124
Enabling SNMP notifications and syslog messages for LLDP-MED topology changes
Changing the fast start repeat count
Defining a location id
Coordinate-based location
Page
Civic address location
Configuring LLDP-MED
TABLE 12 5
Configuring LLDP-MED 24
TABLE 12 5
Configuring LLDP-MED
Emergency call services
TABLE 12 5
Defining an LLDP-MED network policy
Page
LLDP-MED attributes advertised by the Dell PowerConnect device
LLDP-MED capabilities
Displaying LLDP statistics and configuration settings
LLDP configuration summary
LLDP-MED attributes advertised by the Dell PowerConnect device 24
LLDP statistics
Syntax: show lldp statistics
LLDP-MED attributes advertised by the Dell PowerConnect device 24
LLDP neighbors
LLDP neighbors detail
LLDP configuration details
Page
Resetting LLDP statistics
Clearing cached LLDP neighbor information
Page
Configuring IP Multicast Protocols
Overview of IP multicasting
TABLE 12 6
IPv4 multicast group addresses
Mapping of IPv4 Multicast group addresses to Ethernet MAC addresses
Supported Layer 3 multicast routing protocols
Suppression of unregistered multicast packets
Multicast terms
Changing global IP multicast parameters
Changing dynamic memory allocation for IP multicast groups
Increasing the number of IGMP memberships
Defining the maximum number of DVMRP cache entries
Defining the maximum number of PIM cache entries
Changing IGMP V1 and V2 parameters
Modifying IGMP (V1 and V2) query interval period
Modifying IGMP (V1 and V2) membership time
Modifying IGMP (V1 and V2) maximum response time
Adding an interface to a multicast group
PIM Dense
Initiating PIM multicasts on a network
Pruning a multicast tree
PowerConnect B-Series FCX Configuration Guide 735
PIM Dense 25
FIGURE 120
...
... ...
FIGURE 121
Grafts to a multicast Tree
... ...
PIM DM versions
...
Configuring PIM DM
Enabling PIM on the router and an interface
Modifying PIM global parameters
Page
Page
Failover time in a multi-path topology
Modifying the TTL
Dropping PIM traffic in hardware
PIM Sparse
FIGURE 122
PIM Sparse switch types
RP paths and SPT paths
Configuring PIM Sparse
Limitations
Configuring Global PIM Sparse parameters
Globally enabling and disabling PIM without deleting the multicast configuration
Configuring PIM interface parameters
Configuring BSRs
Configuring RPs
Changing the Shortest Path Tree (SPT) threshold
Changing the PIM join and prune message interval
Dropping PIM traffic in hardware
Displaying PIM Sparse configuration information and statistics
Displaying basic PIM Sparse configuration information
Displaying a list of multicast groups
PIM Sparse interface information
TABLE 127
Displaying BSR information
TABLE 12 8
Displaying Pim resources
TABLE 12 9
PIM Sparse
TABLE 13 0
Displaying candidate RP information
Displaying RP-to-group mappings
TABLE 131
Displaying RP information for a PIM Sparse group
Displaying the RP set list
TABLE 13 2
TABLE 13 3
This display shows the following information.
Displaying multicast neighbor information
Syntax: show ip pim nbr This display shows the following information.
TABLE 13 4
TABLE 13 5
Displaying information about an upstream neighbor device
Displaying the PIM flow cache
TABLE 13 6
TABLE 13 5
Displaying the PIM multicast cache
To display the PIM multicast cache, enter the following command at any CLI level.
Syntax: show ip pim mcache This display shows the following information.
TABLE 137
TABLE 137
Displaying PIM traffic statistics
Displaying and clearing PIM errors
TABLE 13 8
PIM Passive
Passive multicast route insertion
Configuring an IP tunnel
FIGURE 123
Using ACLs to control multicast features
Using ACLs to limit static RP groups
Page
Using ACLs to limit PIM RP candidate advertisement
Disabling CPU processing for select multicast groups
TABLE 13 9
CLI command syntax
Viewing disabled multicast addresses
TABLE 13 9
Displaying the multicast configuration for another multicast router
IGMP V3
Default IGMP version
Compatibility with IGMP V1 and V2
Globally enabling the IGMP version
Enabling the IGMP version per interface setting
Enabling the IGMP version on a physical port within a virtual routing interface
Enabling membership tracking and fast leave
Setting the query interval
Setting the group membership time
Setting the maximum response time
IGMP V3 and source specific multicast protocols
Enabling SSM
Displaying IGMP V3 information on Layer 3 Switches
Displaying IGMP group status
TABLE 140
IGMP V3
Displaying the IGMP status of an interface
Syntax: show ip igmp interface [ ve | ethernet <number> <group-address>]
This report is available on Layer 3 Switches.
TABLE 140
Displaying IGMP traffic status
TABLE 141
TABLE 142
Clearing IGMP statistics
IGMP Proxy
TABLE 142
Configuring IGMP Proxy
Displaying IGMP Proxy traffic
IP multicast protocols and IGMP snooping on the same device
Page
CLI commands
IP multicast protocols and IGMP snooping on the same device
3. Configure the neighboring device.
Configuring IP
Table 14 3 lists the individual Dell PowerConnect switches and the IP features they support.
TABLE 143
Basic configuration
Full Layer 3 support
IP interfaces
Layer 3 Switches
FIGURE 126
Layer 2 Switches
Page
ARP cache and static ARP table
IP route table
- -
IP forwarding cache
Layer 4 session table
IP route exchange protocols
IP multicast protocols
IP interface redundancy protocols
Access Control Lists and IP access policies
Basic IP parameters and defaults Layer 3 Switches
- - -
When parameter changes take effect
IP global parameters Layer 3 Switches
Basic IP parameters and defaults Layer 3 Switches 26
TABLE 144
Basic IP parameters and defaults Layer 3 Switches
IP interface parameters Layer 3 Switches
Table 14 5 lists the interface-level IP parameters for Layer 3 Switches.
TABLE 145
Basic IP parameters and defaults Layer 2 Switches 26
Basic IP parameters and defaults Layer 2 Switches
Table 14 6 lists the IP global parameters for Layer 2 Switches.
Layer 2 Switches also provide IP multicast forwarding, which is enabled by default.
IP global parameters Layer 2 Switches
Configuring IP parameters Layer 3 Switches
Configuring IP addresses
TABLE 147
TABLE 146
Assigning an IP address to an Ethernet port
Assigning an IP address to a loopback interface
Assigning an IP address to a virtual interface
Configuring IP follow on a virtual routing interface
Deleting an IP address
Configuring Domain Name Server (DNS) resolver
FIGURE 127
Defining a domain name
Defining DNS server addresses
Defining a domain list
Using a DNS name to initiate a trace route
Configuring packet parameters
-
Changing the encapsulation type
Changing the Maximum Transmission Unit (MTU)
Changing the router ID
- - -
Configuring ARP parameters
How ARP works
Rate limiting ARP packets
Changing the ARP aging period
Enabling proxy ARP
Enabling local proxy ARP
Creating static ARP entries
Configuring forwarding parameters
Changing the TTL threshold
Enabling forwarding of directed broadcasts
TABLE 148
Disabling forwarding of IP source-routed packets
Enabling support for zero-based IP subnet broadcasts
Disabling ICMP messages
Page
Disabling ICMP Redirect Messages
Configuring static routes
Static route types
Static IP route parameters
Multiple static routes to the same destination provide load sharing and redundancy
Static route states follow port states
FIGURE 128
Configuring a static IP route
Configuring a Null route
Configuring load balancing and redundancy using multiple static routes to the same destination
Configuring standard static IP routes and interface or null static routes to the same destination
FIGURE 129
X
FIGURE 130
Configuring a default network route
Configuring a default network route
Configuring IP load sharing
How multiple equal-cost paths enter the IP route table
How IP load sharing works
TABLE 149
Response to path state changes
Changing the maximum number of ECMP (load sharing) paths
Configuring IRDP
TABLE 15 0
Enabling IRDP globally
Enabling IRDP on an individual port
Configuring RARP
How RARP Differs from BootP/DHCP
Disabling RARP
Creating static RARP entries
Changing the maximum number of static RARP entries supported
Configuring UDP broadcast and IP helper parameters
Enabling forwarding for a UDP application
Configuring an IP helper address
Configuring BootP/DHCP relay parameters
BootP/DHCP relay parameters
Configuring an IP helper address
Configuring the BOOTP/DHCP reply source address
Changing the IP address used for stamping BootP/DHCP requests
Changing the maximum number of hops to a BootP relay server
DHCP Server
DHCP Option 82 support
DHCP Server options
PowerConnect B-Series FCX Configuration Guide 843
FIGURE 131
Configuring DHCP Server on a device
Default DHCP server settings
Table 15 1 shows the default DHCP server settings.
This section describes the CLI commands that are available in the DHCP Server feature.
DHCP server CLI commands
TABLE 151
TABLE 15 3
Command Description
Removing DHCP leases
Enabling DHCP Server
Disabling DHCP Server on the management port
TABLE 15 3
Setting the wait time for ARP-ping response
Creating an address pool
Enabling relay agent echo (Option 82)
Configuring the IP address of the DHCP server
Page
Specify addresses to exclude from the address pool
Configure the NetBIOS server for DHCP clients
Configure the subnet and mask of a DHCP address pool
Configure a next-bootstrap server
Displaying DHCP server information
Display active lease entries
Display address-pool information
TABLE 15 4
Display lease-binding information in flash memory
TABLE 15 5
Display summary DHCP server information
TABLE 15 6
DHCP Client-Based Auto-Configuration and Flash image update
TABLE 157
TABLE 15 8
FIGURE 132
How DHCP Client-Based Auto-Configuration and Flash image update works
PowerConnect B-Series FCX Configuration Guide 857
FIGURE 133
IP Address Validation and Lease Negotiation
Legend: Typical process (may change depending on environment)
Existing Device New Device Other Possible Events
TFTP Configuration Download and Update
Page
Supported Options for DHCP Servers
Disabling or re-enabling Auto-Configuration
Disabling or re-enabling Auto-Update
Displaying DHCP configuration information
The following example shows a base Layer 3 device configuration as a result of the show run
Configuring IP parameters Layer 2 Switches
DHCP Log messages
The following DHCP notification messages are sent to the log file.
Configuring IP parameters Layer 2 Switches
The following sections describe how to configure IP parameters on a Layer 2 Switch.
Configuring the management IP address and specifying the default gateway
Configuring Domain Name Server (DNS) resolver
Defining a DNS entry
Using a DNS name To initiate a trace route
FIGURE 134
Changing the TTL threshold
Configuring DHCP Assist
[
FIGURE 135
How DHCP Assist works
FIGURE 136
FIGURE 137
Configuring DHCP Assist
Displaying IP configuration information and statistics
Changing the network mask display to prefix format
Displaying IP information Layer 3 Switches
Displaying global IP configuration information
TABLE 15 9
Global settings
Static routes
Policies
Displaying CPU utilization statistics
TABLE 15 9
Displaying IP interface information
TABLE 160
Displaying ARP entries
TABLE 160
TABLE 161
TABLE 161
Displaying the forwarding cache
TABLE 162
TABLE 163
Displaying the IP route table
TABLE 163
Page
Clearing IP routes
TABLE 164
To clear route 209.157.22.0/24 from the IP routing table, enter the following command.
Displaying IP traffic statistics
To display IP traffic statistics, enter the following command at any CLI level.
The show ip traffic command displays the following information.
TABLE 165
IP statistics
ICMP statistics
UDP statistics
TCP statistics
Displaying IP information Layer 2 Switches
You can display the following IP configuration information statistics on Layer 2 Switches:
RIP statistics
TABLE 165
Displaying global IP configuration information
Displaying ARP entries
TABLE 166
Syntax: show arp
Displaying IP traffic statistics
Syntax: show ip traffic
To display IP traffic statistics on a Layer 2 Switch, enter the following command at any CLI level.
TABLE 167
The show ip traffic command displays the following information.
TABLE 168
IP statistics
ICMP statistics
UDP statistics
TCP statistics
Page
Configuring Multicast Listening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches
TABLE 169
Page
Page
Configuring queriers and non-queriers
VLAN specific configuration
Using MLDv1 with MLDv2
Configuring MLD snooping
Configuring the hardware and software resource limits
Disabling transmission and receipt of MLD packets on a port
Configuring the global MLD mode
Modifying the age interval
Modifying the query interval (Active MLD snooping mode only)
Configuring the global MLD version
Configuring report control
Modifying the wait time before stopping traffic when receiving a leave message
Modifying the multicast cache (mcache) aging time
Disabling error and warning messages
Configuring the MLD mode for a VLAN
Disabling MLD snooping for the VLAN
Configuring the MLD version for the VLAN
Configuring the MLD version for individual ports
Configuring static groups to the entire VLAN or to individual ports
Configuring static router ports
Turning off static group proxy
Enabling MLDv2 membership tracking and fast leave for the VLAN
Configuring fast leave for MLDv1
Enabling fast convergence
Displaying MLD snooping information
Displaying MLD snooping error information
Displaying MLD group information
Displaying MLD snooping mcache information
Configuring MLD snooping
Displaying software resource usage for VLANs
To display information about the software resources used, enter the following command.
Configuring MLD snooping 27
Displaying status of MLD snooping traffic
To display status information for MLD snooping traffic, enter the following command.
This field Displays
Displaying MLD snooping information by VLAN
Clear MLD snooping commands
Page
Page
Configuring RIP (IPv4)
RIP overview
TABLE 170
RIP parameters and defaults
RIP global parameters
TABLE 171
RIP parameters and defaults 28
RIP interface parameters
TABLE 172
Parameter Description Default Reference
TABLE 171
Configuring RIP parameters
Enabling RIP
Configuring metric parameters
Changing the cost of routes learned on a port
Configuring a RIP offset list
Changing the administrative distance
Configuring redistribution
Configuring redistribution filters
Changing the redistribution metric
Enabling redistribution
Removing a RIP redistribution deny filter
Configuring route learning and advertising parameters
Changing the update interval for route advertisements
Enabling learning of RIP default routes
Configuring a RIP neighbor filter
Changing the route loop prevention method
Suppressing RIP route advertisement on a VRRP or VRRPE backup interface
Configuring RIP route filters
Applying a RIP route filter to an interface
Displaying RIP filters
Displaying CPU utilization statistics
Displaying CPU utilization statistics
TABLE 173
Route filters
Neighbor filters
Page
Page
Configuring OSPF Version 2 (IPv4)
TABL E 174
Overview of OSPF
TABL E 174
FIGURE 138
OSPF point-to-point links
Designated routers in multi-access networks
Designated router election in multi-access networks
FIGURE 139
FIGURE 140
- - -
X
Reduction of equivalent AS External LSAs
FIGURE 141
Algorithm for AS External LSA reduction
Support for OSPF RFC 2328 Appendix E
Dynamic OSPF activation and configuration
Dynamic OSPF memory
OSPF graceful restart
Configuring OSPF
Configuration rules
OSPF parameters
Global parameters:
Interface parameters:
Enabling OSPF on the router
Note regarding disabling OSPF
Resetting OSPF
Assigning OSPF areas
-
-
Assigning a totally stubby area
Assigning a Not-So-Stubby Area (NSSA)
FIGURE 142
Page
Assigning an area range (optional)
Assigning interfaces to an area
Modifying interface defaults
OSPF interface parameters
Page
Changing the timer for OSPF authentication changes
- - -
Block flooding of outbound LSAs on specific OSPF interfaces
Configuring an OSPF non-broadcast interface
Assigning virtual links
FIGURE 143
Modifying virtual link parameters
Virtual link parameter descriptions
Page
Changing the reference bandwidth for the cost on OSPF interfaces
Interface types to which the reference bandwidth does not apply
Changing the reference bandwidth
Defining redistribution filters
FIGURE 144
Page
Preventing specific OSPF routes from being installed in the IP route table
Using a standard ACL as input to the distribution list
Using an extended ACL as input to the distribution list
Page
Modifying the default metric for redistribution
Enabling route redistribution
Example using a route map
Disabling or re-enabling load sharing
FIGURE 145
Device
Configuring external route summarization
Configuring default route origination
Modifying SPF timers
Modifying the redistribution metric type
Modifying the administrative distance
Configuring administrative distance based on route type
Configuring OSPF group Link State Advertisement (LSA) pacing
Usage guidelines
Changing the LSA pacing interval
Modifying OSPF traps generated
Specifying the types of OSPF Syslog messages to log
Modifying the OSPF standard compliance setting
Modifying the exit overflow interval
Configuring an OSPF point-to-point link
Configuration notes and limitations
Viewing configured OSPF point-to-point links
Configuring OSPF graceful restart
Clearing OSPF information
Clearing OSPF neighbor information
Clearing OSPF topology information
Clearing redistributed routes from the OSPF routing table
Clearing information for OSPF areas
Displaying OSPF information
Displaying general OSPF configuration information
Syntax: show ip ospf config
To display general OSPF configuration information, enter the following command at any CLI level.
Page
Displaying OSPF area information
Displaying OSPF neighbor information
TABLE 175
TABLE 176
Displaying OSPF interface information
To display OSPF interface information, enter the following command at any CLI level.
TABLE 176
Page
Displaying OSPF route information
To display OSPF route information for the router, enter the following command at any CLI level.
TABLE 178
TABLE 177
Displaying the routes that have been redistributed into OSPF
Displaying OSPF external link state information
TABLE 179
Displaying OSPF link state information
Displaying the data in an LSA
TABLE 179
Displaying OSPF virtual neighbor information
Displaying OSPF virtual link information
Displaying OSPF ABR and ASBR information
Displaying OSPF trap status
Displaying OSPF graceful restart information
Table 1 80 defines the fields in the show output.
TABLE 18 0
Page
Configuring BGP4 (IPv4)
TABLE 181
Overview of BGP4
FIGURE 146
Relationship between the BGP4 route table and the IP route table
How BGP4 selects a path for a route
BGP4 message types
OPEN message
UPDATE message
KEEPALIVE message
NOTIFICATION message
BGP4 graceful restart
Basic configuration and activation for BGP4
Note regarding disabling BGP4
BGP4 parameters
When parameter changes take effect
Immediately
After resetting neighbor sessions
After disabling and re-enabling redistribution
Memory considerations
Memory configuration options obsoleted by dynamic memory
Basic configuration tasks
Enabling BGP4 on the router
Changing the router ID
Setting the local AS number
Adding a loopback interface
Adding BGP4 neighbors
Page
Page
Page
Page
Encryption of BGP4 MD5 authentication keys
Page
Adding a BGP4 peer group
Peer group parameters
Configuration rules
Page
Configuring a peer group
Applying a peer group to a neighbor
Administratively shutting down a session with a BGP4 neighbor
Optional configuration tasks
Changing the Keep Alive Time and Hold Time
Changing the BGP4 next-hop update timer
Enabling fast external fallover
Changing the maximum number of paths for BGP4 load sharing
How load sharing affects route selection
How load sharing works
Changing the maximum number of shared BGP4 paths
Customizing BGP4 load sharing
Specifying a list of networks to advertise
Specifying a route map name when configuring BGP4 network information
Changing the default local preference
Using the IP default route as a valid next hop for a BGP4 route
Advertising the default route
Changing the default MED (Metric) used for route redistribution
Enabling next-hop recursion
Example when recursive route lookups are disabled
Example when recursive route lookups are enabled
Page
Enabling recursive next-hop lookups
Changing administrative distances
Requiring the first AS to be the neighbor AS
Disabling or re-enabling comparison of the AS-Path length
Enabling or disabling comparison of the router IDs
Configuring the Layer 3 Switch to always compare Multi-Exit Discriminators (MEDs)
Treating missing MEDs as the worst MEDs
Configuring route reflection parameters
Page
FIGURE 147
Support for RFC 2796
Configuration procedures
Page
FIGURE 148
Configuring a BGP confederation
Page
Aggregating routes advertised to BGP4 neighbors
Configuring BGP4 graceful restart
Configuring BGP4 graceful restart
Configuring timers for BGP4 graceful restart (optional)
Configuring the restart timer for BGP4 graceful restart
BGP null0 routing
FIGURE 149
Configuration steps
Configuration examples
BGP null0 routing 30
Show commands
Modifying redistribution parameters
Redistributing connected routes
Redistributing RIP routes
Redistributing OSPF external routes
Redistributing static routes
Disabling or re-enabling re-advertisement of all learned BGP4 routes to all BGP4 neighbors
Redistributing IBGP routes into RIP and OSPF
Filtering
Filtering specific IP addresses
Page
Filtering AS-paths
Defining an AS-path filter
Defining an AS-path ACL
Using regular expressions
TABLE 18 2
Character Operation
Filtering communities
TABLE 18 2
Defining a community filter
Defining a community ACL
Defining IP prefix lists
Defining neighbor distribute lists
Defining route maps
Entering the route map into the software
Specifying the match conditions
Match examples using ACLs
Page
Setting parameters in the routes
Page
Using a table map to set the rag value
Configuring cooperative BGP4 route filtering
Enabling cooperative filtering
Sending and receiving ORFs
Displaying cooperative filtering information
Configuring route flap dampening
Globally configuring route flap dampening
Using a route map to configure route flap dampening for specific routes
Using a route map to configure route flap dampening for a specific neighbor
Removing route dampening from a route
Removing route dampening from a neighbor routes suppressed due to aggregation
Page
Displaying and clearing route flap dampening statistics
Displaying route flap dampening statistics
Clearing route flap dampening statistics
Generating traps for BGP
TABLE 18 3
Displaying BGP4 information
Displaying summary BGP4 information
Table 1 84 lists the field definitions for the command output.
TABLE 18 4
Page
Displaying the active BGP4 configuration
TABLE 18 4
Page
Displaying summary neighbor information
TABLE 18 5
Displaying BGP4 neighbor information
Page
Page
Page
Page
Page
Displaying route information for a neighbor
TABLE 187
Displaying peer group information
Displaying summary route information
Syntax: show ip bgp routes summary Table 1 88 lists the field definitions for the command output.
TABLE 18 8
Displaying the BGP4 route table
TABLE 18 8
Displaying the best BGP4 routes
Displaying the best BGP4 routes that are not in the IP route table
Displaying BGP4 routes whose destinations are unreachable
Displaying information for a specific route
These displays show the following information.
TABLE 18 9
Displaying route details
TABLE 18 9
Page
Displaying BGP4 route-attribute entries
TABLE 19 0
Displaying the routes BGP4 has placed in the IP route table
TABLE 191
Displaying route flap dampening statistics
Displaying the active route map configuration
TABLE 19 2
Displaying BGP4 graceful restart neighbor information
Updating route information and resetting a neighbor session
Using soft reconfiguration
Enabling soft reconfiguration
Placing a policy change into effect
Displaying the filtered routes received from the neighbor or peer group
Displaying all the routes received from the neighbor
Dynamically requesting a route refresh from a BGP4 neighbor
Dynamically refreshing routes
-
-
-
Displaying dynamic refresh information
Closing or resetting a neighbor session
Clearing and resetting BGP4 routes in the IP route table
Clearing traffic counters
Clearing route flap dampening statistics
Removing route flap dampening
Clearing diagnostic buffers
Page
Configuring VRRP and VRRPE
TABLE 19 3
Overview of VRRP
FIGURE 150
FIGURE 151
Virtual Router ID (VRID)
Virtual router MAC address
Virtual router IP address
Master negotiation
Hello messages
Track ports and track priority
Suppression of RIP advertisements for backed up interfaces
Authentication
Independent operation of VRRP alongside RIP, OSPF, and BGP4
Overview of VRRPE
Page
FIGURE 152
Configuration note
Comparison of VRRP and VRRPE
VRRP
VRRPE
Architectural differences
Management protocol
VRRP and VRRPE parameters
TABLE 19 4
VRRP and VRRPE parameters 31
TABLE 19 4
VRRP and VRRPE parameters
Configuring basic VRRP parameters
Configuring the Owner
Configuring a Backup
Configuration rules for VRRP
Note regarding disabling VRRP or VRRPE
Configuring additional VRRP and VRRPE parameters
Authentication type
Router type
Suppression of RIP advertisements on Backup routers for the Backup interface
Hello interval
Dead interval
Backup Hello message state and interval
Track port
Track priority
Backup preempt
Changing the timer scale
VRRP-E slow start timer
Forcing a Master router to abdicate to a standby router
Displaying VRRP and VRRPE information
Displaying summary information
Displaying detailed information
TABLE 19 5
This example is for a VRRP Owner. Here is an example for a VRRP Backup.
Here is an example for a VRRPE Backup.
Syntax: show ip vrrp brief | ethernet [<slotnum>/]<portnum> | ve <num> | stat
TABLE 19 6
Displaying detailed information for an individual VRID
TABLE 197
TABLE 19 6
Displaying statistics
TABLE 197
TABLE 19 8
Clearing VRRP or VRRPE statistics
TABLE 19 8
Configuration examples
VRRP example
Configuring Router1
Configuring Router2
VRRPE example
Configuring Router1
Configuring Router2
Page
Securing Access to Management Functions
Securing access methods
TABLE 19 9
Securing access methods
TABLE 20 0
Access method How the access method is secured by default
Ways to secure the access method See page
Restricting remote access to management functions 32
Restricting remote access to management functions
TABLE 20 0
Ways to secure the access method See page
Access method How the access method is secured by default
Using ACLs to restrict remote access
Using an ACL to restrict Telnet access
Using an ACL to restrict SSH access
Using an ACL to restrict Web management access
Using ACLs to restrict SNMP access
Defining the console idle time
Restricting remote access to the device to specific IP addresses
Restricting Telnet access to a specific IP address
Restricting SSH access to a specific IP address
Restricting Web management access to a specific IP address
Restricting SNMP access to a specific IP address
Restricting access to the device based on IP or MAC address
Restricting Telnet connection
Restricting SSH connection
Restricting HTTP and HTTPS connection
Defining the Telnet idle time
Changing the login timeout period for Telnet sessions
Specifying the maximum number of login attempts for Telnet access
Changing the login timeout period for Telnet sessions
Restricting remote access to the device to specific VLAN IDs
Restricting Telnet access to a specific VLAN
Restricting Web management access to a specific VLAN
Designated VLAN for Telnet management sessions to a Layer 2 Switch
Device management security
SSHv2
SNMP
Web management through HTTP
Web management through HTTPS
Disabling specific access methods
Disabling Telnet access
Disabling Web management access
Disabling SNMP access
Disabling TFTP access
Setting passwords
Setting a Telnet password
Suppressing Telnet connection rejection messages
Setting passwords for management privilege levels
Augmenting management privilege levels
Recovering from a lost password
Displaying the SNMP community string
Disabling password encryption
Specifying a minimum password length
Setting up local user accounts
Enhancements to username and password
Enabling enhanced user password combination requirements
Enabling user password masking
Enabling user password aging
Configuring password history
Enhanced login lockout
Setting passwords to expire
Requirement to accept the message of the day
Configuring a local user account
Local user accounts with no passwords
Local user accounts with unencrypted passwords
Local accounts with encrypted passwords
Create password option
Changing a local user password
Configuring SSL security for the Web Management Interface
Enabling the SSL server on the Dell PowerConnect device
Specifying a port for SSL communication
Changing the SSL server certificate key size
Support for SSL digital certificates larger than 2048 bytes
Importing digital certificates and RSA private key files
Generating an SSL certificate
Deleting the SSL certificate
Configuring TACACS/TACACS+ security
How TACACS+ differs from TACACS
TACACS/TACACS+ authentication, authorization, and accounting
Configuring TACACS/TACACS+ for devices in a Dell IronStack
TACACS authentication
TACACS+ authentication
TACACS+ authorization
TACACS+ accounting
AAA operations for TACACS/TACACS+
AAA security for commands pasted into the running-config
TACACS/TACACS+ configuration considerations
TACACS configuration procedure
TACACS+ configuration procedure
Enabling TACACS
Identifying the TACACS/TACACS+ servers
Specifying different servers for individual AAA functions
Setting optional TACACS/TACACS+ parameters
Setting the TACACS+ key
Setting the retransmission limit
Setting the timeout parameter
Configuring authentication-method lists for TACACS/TACACS+
Entering privileged EXEC mode after a Telnet or SSH login
TABLE 201
Configuring enable authentication to prompt for password only
Telnet/SSH prompts when the TACACS+ Server is unavailable
Configuring TACACS+ authorization
Configuring exec authorization
Page
Configuring command authorization
TABLE 20 2
Configuring TACACS+ accounting
Configuring TACACS+ accounting for Telnet/SSH (Shell) access
Configuring TACACS+ accounting for CLI commands
Configuring TACACS+ accounting for system events
Configuring an interface as the source for all TACACS/TACACS+ packets
Configuring TACACS/TACACS+ security
Displaying TACACS/TACACS+ statistics and configuration information
The following table describes the TACACS/TACACS+ information displayed by the show aaa
The show web connection command displays the privilege level of Web Management Interface users.
TABLE 20 3
Configuring RADIUS security
RADIUS authentication, authorization, and accounting
RADIUS authentication
RADIUS authorization
RADIUS accounting
AAA operations for RADIUS
AAA security for commands pasted Into the running-config
RADIUS configuration considerations
RADIUS configuration procedure
Configuring Dell-specific attributes on the
Configuring RADIUS security
TABLE 20 4
Enabling SNMP to configure RADIUS
To enable SNMP access to RADIUS MIB objects on the device, enter a command such as the
TABLE 20 4
Attribute name Attribute ID Data type Description
Identifying the RADIUS server to the Dell PowerConnect device
Specifying different servers for individual AAA functions
Configuring a RADIUS server per port
Configuration example and command syntax
Mapping a RADIUS server to individual ports
Configuration example and command syntax
Setting RADIUS parameters
Setting the RADIUS key
Setting the retransmission limit
Setting the timeout parameter
RADIUS over IPv6
Configuring authentication-method lists for RADIUS
Entering privileged EXEC mode after a Telnet or SSH login
Configuring enable authentication to prompt for password only
TABLE 20 5
Configuring RADIUS authorization
Configuring exec authorization
Configuring command authorization
Command authorization and accounting for console commands
Configuring RADIUS accounting
Configuring RADIUS accounting for Telnet/SSH (Shell) access
Configuring RADIUS accounting for CLI commands
Configuring RADIUS accounting for system events
Configuring an interface as the source for all RADIUS packets
Displaying RADIUS configuration information
Configuring RADIUS security 32
The following table describes the RADIUS information displayed by the show aaa command.
The show web connection command displays the privilege level of Web Management Interface users.
Configuring authentication-method lists
Configuration considerations for authentication- method lists
Examples of authentication-method lists
TCP Flags - edge port security
TABLE 207
Using TCP Flags in combination with other ACL features
Configuring SSH2 and SCP
SSH version 2 support
TABLE 20 8
Tested SSH2 clients
Supported features
Unsupported features
AES encryption for SSH2
Configuring SSH2
Recreating SSH keys
Generating a host key pair
Providing the public key to clients
Configuring DSA challenge-response authentication
Importing authorized public keys into the Dell PowerConnect device
Enabling DSA challenge-response authentication
Setting optional parameters
Setting the number of SSH authentication retries
Deactivating user authentication
Enabling empty password logins
Setting the SSH port number
Setting the SSH login timeout value
Designating an interface as the source for all SSH packets
Configuring the maximum idle time for SSH sessions
Filtering SSH access using ACLs
Terminating an active SSH connection
Displaying SSH connection information
TABLE 20 9
Using Secure copy with SSH2
Enabling and disabling SCP
Example file transfers using SCP
Copying a file to the running config
Copying a file to the startup config
Copying the running config file to an SCP-enabled client
Copying the startup config file to an SCP-enabled client
Copying a software image file to flash memory
Copying a Software Image file from flash memory
Page
Configuring 802.1X Port Security
IETF RFC support
TABLE 210
How 802.1X port security works
Device roles in an 802.1X configuration
FIGURE 153
Communication between the devices
FIGURE 154
Controlled and uncontrolled ports
FIGURE 155
Message exchange during authentication
FIGURE 156
Setting the IP MTU size
EAP pass-through support
Support for RADIUS user-name attribute in access-accept messages
Authenticating multiple hosts connected to the same port
FIGURE 157
How 802.1X Multiple-host authentication works
Configurable hardware aging period for denied client dot1x-mac-sessions
802.1X port security and sFlow
802.1X accounting
Configuring 802.1X port security
Configuring an authentication method list for 802.1X
Setting RADIUS parameters
Supported RADIUS attributes
Specifying the RADIUS timeout action
Allow user access to a restricted VLAN after a RADIUS timeout
Configuring dynamic VLAN assignment for 802.1X ports
Automatic removal of dynamic VLAN assignments for 802.1X ports
Dynamic multiple VLAN assignment for 802.1X ports
Saving dynamic VLAN assignments to the running-config file
Considerations for dynamic VLAN assignment in an 802.1X multiple-host configuration
Using dynamic VLAN assignment with the MAC port security feature
Dynamically applying IP ACLs and MAC address filters to 802.1X ports
Disabling and enabling strict security mode for dynamic filter assignment
Dynamically applying existing ACLs or MAC address filters
Notes
Configuring per-user IP ACLs or MAC address filters
Enabling 802.1X port security
Setting the port control
Configuring periodic re-authentication
Re-authenticating a port manually
Setting the quiet period
Setting the wait interval for EAP frame retransmissions
Setting the maximum number of EAP frame retransmissions
Setting the wait interval for EAP frame retransmissions
Setting the maximum number of EAP frame retransmissions
Specifying a timeout for retransmission of messages to the authentication server
Initializing 802.1X on a port
Allowing access to multiple hosts
Configuring 802.1X multiple-host authentication
Page
Defining MAC address filters for EAP frames
MAC address filters for EAPS on most devices
Configuring VLAN access for non-EAP-capable clients
Configuring 802.1X accounting
802.1X Accounting attributes for RADIUS
TABLE 211
Displaying 802.1X information
Displaying 802.1X configuration information
Displaying 802.1X information
TABLE 212
Displaying 802.1X information 34
Syntax: show dot1x config ethernet <port>
TABLE 213
Displaying 802.1X statistics
TABLE 214
TABLE 213
Clearing 802.1X statistics
Displaying dynamically assigned VLAN information
TABLE 214
Displaying information about dynamically applied MAC address filters and IP ACLs
Displaying user-defined MAC address filters and IP ACLs
Displaying dynamically applied MAC address filters and IP ACLs
Displaying the status of strict security mode
Displaying 802.1X multiple-host authentication information
Displaying 802.1X multiple-host configuration information
TABLE 215
Displaying information about the dot1x MAC sessions on each port
TABLE 216
Displaying 802.1X information 34
Syntax: show dot1x mac-session Table 217 lists the new fields in the display.
Displaying information about the ports in an 802.1X multiple-host configuration
TABLE 217
Sample 802.1X configurations
TABLE 218
Sample 802.1X configurations 34
Point-to-point configuration
FIGURE 158
The following commands configure the Dell PowerConnect device in Figure158
Hub configuration
FIGURE 159
802.1X Authentication with dynamic VLAN assignment
FIGURE 160
Using multi-device port authentication and 802.1X security on the same port
Using the MAC Port Security Feature
TABLE 219
Local and global resources
Configuring the MAC port security feature
Enabling the MAC port security feature
Setting the maximum number of secure MAC addresses for an interface
Setting the port security age timer
Specifying secure MAC addresses
On an untagged interface
On a tagged interface
Autosaving secure MAC addresses to the startup-config file
Specifying the action taken when a security violation occurs
Dropping packets from a violating address
Disabling the port for a specified amount of time
Clearing port security statistics
Clearing restricted MAC addresses
Clearing violation statistics
Displaying port security information
Displaying port security settings
Displaying the secure MAC addresses
TABLE 22 0
TABLE 221
Displaying port security statistics
TABLE 22 2
TABLE 221
Displaying restricted MAC addresses on a port
TABLE 22 3
Page
Configuring Multi-Device Port Authentication
TABLE 22 4
How multi-device port authentication works
RADIUS authentication
Authentication-failure actions
Supported RADIUS attributes
Support for dynamic VLAN assignment
Support for dynamic ACLs
Support for authenticating multiple MAC addresses on an interface
Support for source guard protection
Using multi-device port authentication and 802.1X security on the same port
Configuring Dell-specific attributes on the
TABLE 22 5
Configuring multi-device port authentication
Enabling multi-device port authentication
Globally enabling multi-device port authentication
Enabling multi-device port authentication on an interface
Specifying the format of the MAC addresses sent to the
Specifying the authentication-failure action
Generating traps for multi-device port authentication
Defining MAC address filters
Configuring dynamic VLAN assignment
Configuring a port to remain in the restricted VLAN after a successful authentication attempt
Configuring the RADIUS server to support dynamic VLAN assignment
Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires
Saving dynamic VLAN assignments to the running-config file
Dynamically applying IP ACLs to authenticated MAC addresses
Multi-device port authentication with dynamic IP ACLs and ACL-per-port-per-VLAN
Configuration considerations and guidelines
Configuring the RADIUS server to support dynamic IP ACLs
Enabling source guard protection
Viewing the assigned ACL for ports on which source guard protection is enabled
Clearing authenticated MAC addresses
Disabling aging for authenticated MAC addresses
Globally disabling aging of MAC addresses
Disabling the aging of MAC addresses on interfaces
Changing the hardware aging period for blocked MAC addresses
Specifying the aging time for blocked MAC addresses
Specifying the RADIUS timeout action
Permit User access to the network after a RADIUS timeout
Deny User access to the network after a RADIUS timeout
Allow user access to a restricted VLAN after a RADIUS timeout
Multi-device port authentication password override
Limiting the number of authenticated MAC addresses
Displaying multi-device port authentication information
Displaying authenticated MAC address information
Displaying multi-device port authentication configuration information
TABLE 22 6
Displaying multi-device port authentication information for a specific MAC address or port
TABLE 227
TABLE 22 8
Displaying the authenticated MAC addresses
Displaying the non-authenticated MAC addresses
TABLE 22 8
Displaying multi-device port authentication information for a port
Displaying multi-device port authentication settings and authenticated MAC addresses
TABLE 22 9
Displaying multi-device port authentication information
The following table describes the information displayed by the show auth-mac-addresses detailed
TABLE 23 0
Displaying multi-device port authentication information 36
Displaying the MAC authentication table for PowerConnect B-Series FCX devices
TABLE 23 0
Example configurations
Multi-device port authentication with dynamic VLAN assignment
FIGURE 161
Example 2
FIGURE 162
Example 1
FIGURE 163
Example 2
FIGURE 164
Page
Page
Configuring Web Authentication
TABLE 231
Configuration considerations
FIGURE 165
Configuration tasks
Page
Enabling and disabling web authentication
Configuring the web authentication mode
Using local user databases
Configuration steps
Creating a local user database
Adding a User record to a local user database
Deleting a user record from a local user database
Deleting All user records from a local user database
Creating a text file of user records
Importing a text file of user records from a TFTP server
Using a RADIUS server as the web authentication method
Setting the local user database authentication method
Setting the web authentication failover sequence
Assigning a local user database to a web authentication VLAN
Using passcodes
Configuration steps
Creating static passcodes
Enabling passcode authentication
Configuring the length of dynamically-generated passcodes
Configuring the passcode refresh method
Configuring a Grace Period for an expired passcode
Flushing all expired passcodes that are in the grace period
Disabling and re-enabling passcode logging
Re-sending the passcode log message
Manually refreshing the passcode
Using automatic authentication
Configuring web authentication options
Enabling RADIUS accounting for web authentication
Changing the login mode (HTTPS or HTTP)
Specifying trusted ports
Specifying hosts that are permanently authenticated
Configuring the re-authentication period
Defining the web authentication cycle
Limiting the number of web authentication attempts
Clearing authenticated hosts from the web authentication table
Setting and clearing the block duration for web authentication attempts
Manually blocking and unblocking a specific host
Limiting the number of authenticated hosts
Filtering DNS queries
Forcing re-authentication when ports are down
Forcing re-authentication after an inactive period
Defining the web authorization redirect address
Deleting a web authentication VLAN
Web authentication pages
FIGURE 166
Page
Page
FIGURE 172
Displaying text for web authentication pages
Customizing web authentication pages
FIGURE 173
Page
Displaying web authentication information
Displaying the web authentication configuration
Displaying web authentication information
The display shows the following information.
Displaying web authentication information 37
Syntax: show webauth allowed-list
Displaying a list of authenticated hosts
Enter the following command to display a list of hosts that are currently authenticated.
The displays shows the following information.
Displaying web authentication information
Displaying a list of hosts attempting to authenticate
The report shows the following information.
Enter the following command to display a list of hosts that are trying to authenticate.
The report shows the following information.
Syntax: show webauth authenticating-list
Displaying a list of local user databases
Syntax: show local-userdb
Displaying a list of users in a local user database
The following command displays a list of all users in a particular local user database.
Displaying passcodes
Protecting Against Denial of Service Attacks
Protecting against Smurf attacks
FIGU RE 174
TABLE 23 2
Avoiding being an intermediary in a Smurf attack
Avoiding being a victim in a Smurf attack
Protecting against TCP SYN attacks
TCP security enhancement
Protecting against a blind TCP reset attack using the RST bit
Protecting against a blind TCP reset attack using the SYN bit
Protecting against a blind injection attack
Displaying statistics about packets dropped because of DoS attacks
Page
Inspecting and Tracking DHCP Packets
Dynamic ARP inspection
ARP poisoning
TABLE 23 3
How DAI works
FIGURE 175
ARP entries
Configuring DAI
Configuring an inspection ARP entry
Enabling DAI on a VLAN
Enabling trust on a port
Displaying ARP inspection status and ports
Displaying the ARP table
DHCP snooping
How DHCP snooping works
FIGURE 176
FIGURE 177
DHCP binding database
About client IP-to-MAC address mappings
System reboot and the binding database
Configuring DHCP snooping
Enabling DHCP snooping on a VLAN
Clearing the DHCP binding database
Displaying DHCP snooping status and ports
Displaying the DHCP snooping binding database
Displaying DHCP binding entry and status
DHCP snooping configuration example
DHCP relay agent information (DHCP Option 82)
FIGURE 178
FIGURE 179
DHCP Option 82 sub-options
+
Sub-option 1 circuit id
FIGURE 180
Sub-option 2 Remote ID
FIGURE 181
Sub-option 6 - subscriber id
Configuring DHCP option 82
Disabling and re-enabling DHCP option 82 processing on an individual interface
Changing the forwarding policy
Enabling and disabling subscriber ID processing
Viewing information about DHCP option 82 processing
Viewing the circuit Id, remote id, and forwarding policy
Viewing the ports on which DHCP option 82 is disabled
TABLE 23 4
IP source guard
Page
Enabling IP source guard on a port
Defining static IP source bindings
Enabling IP source guard per-port-per-VLAN
Enabling IP source guard on a VE
Displaying learned IP addresses
Page
Securing SNMP Access
SNMP overview
Establishing SNMP community strings
Encryption of SNMP community strings
Adding an SNMP community string
Page
Displaying the SNMP community strings
Using the user-based security model
Configuring your NMS
Configuring SNMP version 3 on Dell PowerConnect devices
Defining the engine id
Defining an SNMP group
Defining an SNMP user account
Page
Defining SNMP views
SNMP version 3 traps
Defining an SNMP group and specifying which view is notified of traps
Defining the UDP port for SNMP v3 traps
Trap MIB changes
Backward compatibility with SMIv1 trap format
Specifying an IPv6 host as an SNMP trap receiver
SNMP v3 over IPv6
Restricting SNMP Access to an IPv6 Node
Specifying an IPv6 host as an SNMP trap receiver
Viewing IPv6 SNMP server addresses
Displaying SNMP Information
Displaying the Engine ID
Displaying SNMP groups
Displaying user information
Interpreting varbinds in report packets
SNMP v3 Configuration examples 40
Varbind object Identifier Description
SNMP v3 Configuration examples
The following sections present examples of how to configure SNMP v3.
Simple SNMP v3 configuration
More detailed SNMP v3 configuration
Page
Using Syslog
TABLE 237
Displaying Syslog messages
Enabling real-time display of Syslog messages
Enabling real-time display for a Telnet or SSH session
Show log on all terminals
Configuring the Syslog service
Displaying the Syslog configuration
TABLE 23 8
Static and dynamic buffers
TABLE 23 8
Time stamps
Disabling or re-enabling Syslog
Specifying a Syslog server
Specifying an additional Syslog server
Disabling logging of a message level
Changing the number of entries the local buffer can hold
Changing the log facility
Displaying Interface names in Syslog messages
Displaying TCP or UDP port numbers in Syslog messages
Retaining Syslog messages after a soft reboot
Clearing the Syslog messages from the local buffer
Syslog messages
TABLE 23 9
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Appendix
A
Network Monitoring
Basic management
Viewing system information
TABLE 24 0
Viewing configuration information
Viewing port statistics
TABLE 241
Basic management
Statistics
TABLE 241
Viewing STP statistics
Clearing statistics
TABLE 241
Basic management
Viewing egress queue counters on PowerConnect B-Series FCX devices
Clearing the egress queue counters
RMON support
Maximum number of entries allowed in the RMON control table
TABLE 24 2
Statistics (RMON group 1)
TABLE 24 3
RMON support A
History (RMON group 2)
Alarm (RMON group 3)
Event (RMON group 9)
sFlow
sFlow version 5
sFlow support for IPv6 packets
Extended router information
Extended gateway information
Hardware support
CPU utilization
Source address
Sampling rate
Port monitoring and sFlow
Configuring and enabling sFlow
Specifying the collector
Changing the polling interval
Changing the sampling rate
Page
Enabling sFlow forwarding
Configuring sFlow version 5 features
Egress interface ID for sampled broadcast and multicast packets
Specifying the sFlow version format
Specifying the sFlow agent IP address
Specifying the version used for exporting sFlow data
Specifying the maximum flow sample size
Exporting CPU and memory usage information to the sFlow collector
Exporting CPU-directed data (management traffic) to the sFlow collector
Displaying sFlow information
sFlow
sFlow A
Syntax: show sflow This command shows the following information.
TABLE 24 4
Clearing sFlow statistics
Configuring a utilization list for an uplink port
TABLE 24 4
Displaying utilization percentages for an uplink
Page
Appendix
B
The following table lists the RFCs supported by Dell PowerConnect devices.
Software Specifications
IEEE compliance
Dell PowerConnect devices support the following standards.
TABLE 24 6
Page
Page
Page
Page
Page
Internet drafts