Dell MXL 10/40GbE Configuring IPSec

Configuring IPSec

The following sample configuration shows how to configure FTP and telnet for IPSec.

1. Define the transform set.

CONFIGURATION mode

crypto ipsec transform-set myXform-seta esp-authentication md5 esp-

encryption des

2. Define the crypto policy.

CONFIGURATION mode

crypto ipsec policy

myCryptoPolicy 10 ipsec-manual

transform-set myXform-set

session-key inbound esp 256

auth <key> encrypt <key>

session-key outbound esp 257

auth <key> encrypt <key>

match 0 tcp a::1 /128 0 a::2 /128 21

match 1 tcp a::1 /128 21 a::2 /128 0

match 2 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21

match 3 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0

3. Apply the crypto policy to management traffic.

CONFIGURATION mode

management crypto-policy

myCryptoPolicy

436 Internet Protocol Security (IPSec)

Contents

Main Notes, cautions, and warnings Contents Page Page Page 8 Bidirectional Forwarding Detection (BFD).................................................. 142 9 Border Gateway Protocol IPv4 (BGPv4).......................................................175 10 Content Addressable Memory (CAM).........................................................240 14 Dynamic Host Configuration Protocol (DHCP)........................................ 311 Page 19 Force10 Resilient Ring Protocol (FRRP).....................................................370 20 GARP VLAN Registration Protocol (GVRP)................................................383 21 Internet Group Management Protocol (IGMP).........................................388 Page Page Page 27 Intermediate System to Intermediate System..........................................481 28 Link Aggregation Control Protocol (LACP)...............................................510 30 Link Layer Discovery Protocol (LLDP)........................................................533 31 Microsoft Network Load Balancing............................................................ 557 32 Multicast Source Discovery Protocol (MSDP)...........................................560 33 Multiple Spanning Tree Protocol (MSTP)...................................................587 35 Open Shortest Path First (OSPFv2 and OSPFv3).......................................613 38 PIM Source-Specific Mode (PIM-SSM).......................................................679 41 Per-VLAN Spanning Tree Plus (PVST+).......................................................707 43 Routing Information Protocol (RIP)............................................................751 45 Rapid Spanning Tree Protocol (RSTP)........................................................770 Page 49 Simple Network Management Protocol (SNMP)......................................851 Page Page Page Page 59 Virtual Router Redundancy Protocol (VRRP).........................................1008 Page About this Guide Audience Conventions Information Symbols Related Documents Configuration Fundamentals Accessing the Command Line CLI Modes Page Navigating CLI Modes Page Page The do Command Undoing Commands Obtaining Help Entering and Editing Commands Command History Filtering show Command Outputs Multiple Users in Configuration Mode Page Getting Started Page Page External Serial Port with a USB Connector Accessing the CLI Interface and Running Scripts Using SSH Entering CLI commands Using an SSH Connection Executing Local CLI Scripts Using an SSH Connection Boot Process Page Default Configuration Configuring a Host Name Accessing the System Remotely Accessing the MXL Switch Remotely Configure the Management Port IP Address Configure a Management Route Configuring a Username and Password Configuring the Enable Password Configuration File Management Copy Files to and from the System Save the Running-Configuration Viewing Files View Configuration Files Managing the File System View the Command History Using HTTP for File Transfers Upgrading and Downgrading the Dell Networking OS Using Hashes to Validate Software Images Page Management Configuring Privilege Levels Creating a Custom Privilege Level Moving a Command from EXEC Privilege Mode to EXEC Mode Allowing Access to CONFIGURATION Mode Commands Customizing a Privilege Level Applying a Privilege Level to a Username Applying a Privilege Level to a Terminal Line Configuring Logging Audit and Security Logs Enabling Audit and Security Logs Displaying Audit and Security Logs Clearing Audit Logs Configuring Logging Format Setting Up a Secure Connection to a Syslog Server Display the Logging Buffer and the Logging Configuration Log Messages in the Internal Buffer Configuration Task List for System Log Management Disabling System Logging Sending System Messages to a Syslog Server Configuring a UNIX System as a Syslog Server Changing System Logging Settings Display the Logging Buffer and the Logging Configuration Configuring a UNIX Logging Facility Level Synchronizing Log Messages Enabling Timestamp on Syslog Messages File Transfer Services Configuration Task List for File Transfer Services Enabling the FTP Server Configuring FTP Server Parameters Configuring FTP Client Parameters Terminal Lines Denying and Permitting Access to a Terminal Line Configuring Login Authentication for Terminal Lines Setting Time Out of EXEC Privilege Mode Using Telnet to get to Another Network Device Lock CONFIGURATION Mode Viewing the Configuration Lock Status Limit Concurrent Login Sessions Restrictions for Limiting the Number of Concurrent Sessions Configuring Concurrent Session Limit Enabling the System to Clear Existing Sessions Track Login Activity Restrictions for Tracking Login Activity Configuring Login Activity Tracking Display Login Statistics Recovering from a Forgotten Password Recovering from a Forgotten Enable Password Recovering from a Failed Start Page 802.1X Page The Port-Authentication Process Page EAP over RADIUS RADIUS Attributes for 802.1 Support Configuring 802.1X Page Page Configuring Request Identity Re-Transmissions Configuring a Quiet Period after a Failed Authentication Forcibly Authorizing or Unauthorizing a Port Re-Authenticating a Port Configuring Timeouts Configuring Dynamic VLAN Assignment with Port Authentication Guest and Authentication-Fail VLANs Configuring a Guest VLAN Configuring an Authentication-Fail VLAN Page Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) Optimizing CAM Utilization During the Attachment of ACLs to VLANs Guidelines for Configuring ACL VLAN groups Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters Configuring ACL VLAN Groups Configuring FP Blocks for VLAN Parameters Viewing CAM Usage Allocating FP Blocks for VLAN Processes Page Access Control Lists (ACLs) IP Access Control Lists (ACLs) Implementing ACL on the Dell Networking OS ACLs and VLANs ACL Optimization Determine the Order in which ACLs are Used to Classify Traffic Example of the order Keyword to Determine ACL Sequence IP Fragment Handling IP Fragments ACL Examples Layer 4 ACL Rules Examples Configure a Standard IP ACL Configuring a Standard IP ACL Filter Configure an Extended IP ACL Configuring Filters with a Sequence Number Configuring Filters Without a Sequence Number Established Flag Configure Layer 2 and Layer 3 ACLs Assign an IP ACL to an Interface Applying an IP ACL Counting ACL Hits Configure Ingress ACLs Configure Egress ACLs Applying Egress Layer 3 ACLs (Control-Plane) IP Prefix Lists Configuration Task List for Prefix Lists Creating a Prefix List Creating a Prefix List Without a Sequence Number Viewing Prefix Lists Applying a Prefix List for Route Redistribution Applying a Filter to a Prefix List (OSPF) ACL Resequencing Resequencing an ACL or Prefix List Page Route Maps Configuration Task List for Route Maps Creating a Route Map Configure Route Map Filters Configuring Match Routes Configuring Set Conditions Configure a Route Map for Route Redistribution Configure a Route Map for Route Tagging Continue Clause Logging of ACL Processes Guidelines for Configuring ACL Logging Configuring ACL Logging Flow-Based Monitoring Support for ACLs Behavior of Flow-Based Monitoring Page Enabling Flow-Based Monitoring Page Bidirectional Forwarding Detection (BFD) How BFD Works BFD Packet Format Page BFD Sessions BFD Three-Way Handshake Session State Changes Page Configure BFD Configure BFD for Physical Ports Enabling BFD Globally Establishing a Session on Physical Ports Changing Physical Port Session Parameters Disabling and Re-Enabling BFD Configure BFD for Static Routes Establishing Sessions for Static Routes Changing Static Route Session Parameters Disabling BFD for Static Routes Configure BFD for OSPF Establishing Sessions with OSPF Neighbors Changing OSPF Session Parameters Disabling BFD for OSPF Configure BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors Changing OSPFv3 Session Parameters Disabling BFD for OSPFv3 Configure BFD for BGP Prerequisites Establishing Sessions with BGP Neighbors Page Disabling BFD for BGP Use BFD in a BGP Peer Group Displaying BFD for BGP Information Page Page Page Configure BFD for VRRP Establishing Sessions with All VRRP Neighbors Establishing VRRP Sessions on VRRP Neighbors Changing VRRP Session Parameters Disabling BFD for VRRP Configure BFD for VLANs Related Configuration Task Establish Sessions with VLAN Neighbors Changing VLAN Session Parameters Disabling BFD for VLANs Configure BFD for Port-Channels Establish Sessions on Port-Channels Changing Physical Port Session Parameters Disabling BFD for Port-Channels Configuring Protocol Liveness Troubleshooting BFD Border Gateway Protocol IPv4 (BGPv4) Autonomous Systems (AS) Page Page Establish a Session Peer Groups Route Reflectors Communities BGP Attributes Best Path Selection Criteria Best Path Selection Details Weight Local Preference Multi-Exit Discriminators (MEDs) Origin AS Path Next Hop Multiprotocol BGP Implement BGP with the Dell Networking OS Additional Path (Add-Path) Support Advertise IGP Cost as MED for Redistributed Routes Ignore Router-ID for Some Best-Path Calculations Four-Byte AS Numbers AS4 Number Representation Dynamic AS Number Notation Application Page AS Number Migration BGP4 Management Information Base (MIB) Page BGP Configuration Enabling BGP Page Page Configuring AS4 Number Representations Configuring Peer Groups Page Page Configuring BGP Fast Fail-Over Page Configuring Passive Peering Maintaining Existing AS Numbers During an AS Migration Allowing an AS Number to Appear in its Own AS Path Enabling Graceful Restart Enabling Neighbor Graceful Restart Filtering on an AS-Path Attribute Regular Expressions as Filters Page Redistributing Routes Enabling Additional Paths Configuring IP Community Lists Configuring an IP Extended Community List Filtering Routes with Community Lists Manipulating the COMMUNITY Attribute Changing MED Attributes Changing the LOCAL_PREFERENCE Attribute Changing the NEXT_HOP Attribute Changing the WEIGHT Attribute Enabling Multipath Filtering BGP Routes Filtering BGP Routes Using Route Maps Filtering BGP Routes Using AS-PATH Information Configuring BGP Route Reflectors Aggregating Routes Configuring BGP Confederations Enabling Route Flap Dampening Page Page Changing BGP Timers Enabling BGP Neighbor Soft-Reconfiguration Route Map Continue Match a Clause with a Continue Clause Set a Clause with a Continue Clause Enabling MBGP Configurations BGP Regular Expression Optimization Debugging BGP Storing Last and Bad PDUs PDU Counters Page Page Page Page Page Page Page Page Page Content Addressable Memory (CAM) CAM Allocation Test CAM Usage View CAM-ACL Settings CAM Optimization Control Plane Policing (CoPP) Configure Control Plane Policing Configuring CoPP for Protocols Page Configuring CoPP for CPU Queues Show Commands Page Data Center Bridging (DCB) Ethernet Enhancements in Data Center Bridging Priority-Based Flow Control Enhanced Transmission Selection Page Data Center Bridging Exchange Protocol (DCBx) Data Center Bridging in a Traffic Flow Enabling Data Center Bridging Configuring DCB Maps and its Attributes DCB Map: Configuration Procedure Applying a DCB Map on a Port Configuring PFC without a DCB Map Configuring Lossless Queues Data Center Bridging: Default Configuration Interworking of DCB Map With DCB Buffer Threshold Settings Configuring Priority-Based Flow Control Configuring Lossless Queues Configuring the PFC Buffer in a Switch Stack Priority-Based Flow Control Using Dynamic Buffer Method Pause and Resume of Traffic Buffer Sizes for Lossless or PFC Packets Configure Enhanced Transmission Selection ETS Prerequisites and Restrictions Creating an ETS Priority Group ETS Operation with DCBx Configuring Bandwidth Allocation for DCBx CIN Hierarchical Scheduling in ETS Output Policies Applying DCB Policies with an ETS Configuration PFC and ETS Configuration Examples Using PFC and ETS to Manage Data Center Traffic Page PFC and ETS Configuration Command Examples Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack Applying DCB Policies in a Switch Stack Configure a DCBx Operation DCBx Operation DCBx Port Roles Page DCB Configuration Exchange Configuration Source Election Propagation of DCB Information Auto-Detection and Manual Configuration of the DCBx Version DCBx Example DCBx Prerequisites and Restrictions Configuring DCBx Configuring DCBx Globally on the Switch Page DCBx Error Messages Debugging DCBx on an Interface Verifying the DCB Configuration Page Page Page Page Page Page Page Page Page QoS dot1p Traffic Classification and Queue Assignment Configuring the Dynamic Buffer Method Page Debugging and Diagnostics Offline Diagnostics Running Offline Diagnostics Page Page Trace Logs Auto Save on Crash or Rollover Using the Show Hardware Commands Enabling Environmental Monitoring Page Recognize an Over-Temperature Condition Troubleshoot an Over-Temperature Condition Recognize an Under-Voltage Condition Troubleshoot an Under-Voltage Condition Troubleshooting Packet Loss Displaying Drop Counters Dataplane Statistics Display Stack Port Statistics Displaying Stack Member Counters Enabling Application Core Dumps Mini Core Dumps Enabling TCP Dumps Enabling Buffer Statistics Tracking Dynamic Host Configuration Protocol (DHCP) DHCP Packet Format and Options Page Assign an IP Address using DHCP Page Configure the System to be a DHCP Server Configuring the Server for Automatic Address Allocation Configuration Tasks Excluding Addresses from the Address Pool Specifying an Address Lease Time Specifying a Default Gateway Enabling the DHCP Server Configure a Method of Hostname Resolution Using DNS for Address Resolution Using NetBIOS WINS for Address Resolution Creating Manual Binding Entries Debugging the DHCP Server Using DHCP Clear Commands Configure the System to be a Relay Agent Page Configure the System to be a DHCP Client Configuring the DHCP Client System Page Page Page DHCP Client on a Management Interface DHCP Client Operation with Other Features Stacking Virtual Link Trunking (VLT) VLAN and Port Channels DHCP Snooping Configure Secure DHCP Option 82 DHCP Snooping Enabling DHCP Snooping Enabling IPv6 DHCP Snooping Adding a Static Entry in the Binding Table Adding a Static IPV6 DHCP Snooping Binding Table Clearing the Binding Table Clearing the DHCP IPv6 Binding Table Displaying the Contents of the Binding Table Displaying the Contents of the DHCPv6 Binding Table Debugging the IPv6 DHCP IPv6 DHCP Snooping MAC-Address Verification Drop DHCP Packets on Snooped VLANs Only Dynamic ARP Inspection Configuring Dynamic ARP Inspection Bypassing the ARP Inspection Source Address Validation Enabling IP Source Address Validation DHCP MAC Source Address Validation Enabling IP+MAC Source Address Validation Equal Cost Multi-Path (ECMP) ECMP for Flow-Based Affinity Enabling Deterministic ECMP Next Hop Link Bundle Monitoring Managing ECMP Group Paths Page FC FLEXIO FPORT FC FLEXIO FPORT Configuring Switch Mode to FCF Port Mode Name Server FCoE Maps Creating an FCoE Map Page Zoning Creating Zone and Adding Members Creating Zone Alias and Adding Members Creating Zonesets Activating a Zoneset Displaying the Fabric Parameters Page Page FCoE Transit Fibre Channel over Ethernet Ensure Robustness in a Converged Ethernet Network Page FIP Snooping on Ethernet Bridges Page Page FIP Snooping in a Switch Stack Using FIP Snooping Enabling the FCoE Transit Feature Enable FIP Snooping on VLANs Configure the FC-MAP Value Configure a Port for a Bridge-to-Bridge Link Configure a Port for a Bridge-to-FCF Link Impact on Other Software Features FIP Snooping Prerequisites FIP Snooping Restrictions Configuring FIP Snooping Displaying FIP Snooping Information Page Page Page Page Page FCoE Transit Configuration Example Page FIPS Cryptography Preparing the System Enabling FIPS Mode Generating Host-Keys Monitoring FIPS Mode Status Disabling FIPS Mode Page Force10 Resilient Ring Protocol (FRRP) Ring Status Ring Checking Ring Failure Ring Restoration Multiple FRRP Rings Member VLAN Spanning Two Rings Connected by One Switch Important FRRP Points Important FRRP Concepts Implementing FRRP FRRP Configuration Creating the FRRP Group Configuring the Control VLAN Configuring and Adding the Member VLANs Page Setting the FRRP Timers Clearing the FRRP Counters Viewing the FRRP Configuration Viewing the FRRP Information Troubleshooting FRRP Configuration Checks Sample Configuration and Topology Page GARP VLAN Registration Protocol (GVRP) Configure GVRP Enabling GVRP Globally Enabling GVRP on a Layer 2 Interface Configure GVRP Registration Configure a GARP Timer Page Internet Group Management Protocol (IGMP) IGMP Protocol Overview IGMP Version 2 Join a Multicast Group Leave a Multicast Group IGMP Version 3 Joining and Filtering Groups and Sources Leaving and Staying in Groups IGMP Snooping IGMP Snooping Implementation Information Configuring IGMP Snooping Enabling IGMP Immediate-Leave Disabling Multicast Flooding Specifying a Port as Connected to a Multicast Router Configuring the Switch as Querier Adjusting the Last Member Query Interval Fast Convergence after MSTP Topology Changes Designating a Multicast Router Interface Interfaces Basic Interface Configuration Advanced Interface Configuration Interface Types View Basic Interface Information Page Enabling a Physical Interface Physical Interfaces Configuration Task List for Physical Interfaces Overview of Layer Modes Configuring Layer 2 (Data Link) Mode Configuring Layer 2 (Interface) Mode Configuring Layer 3 (Network) Mode Configuring Layer 3 (Interface) Mode Management Interfaces Configuring Management Interfaces on the MXL Switch VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Port Channel Definition and Standards Port Channel Benefits Port Channel Implementation 100/1000/10000 Mbps Interfaces in Port Channels Configuration Tasks for Port Channel Interfaces Creating a Port Channel Adding a Physical Interface to a Port Channel Page Reassigning an Interface to a New Port Channel Configuring the Minimum Oper Up Links in a Port Channel Adding or Removing a Port Channel from a VLAN Assigning an IP Address to a Port Channel Deleting or Disabling a Port Channel Load Balancing through Port Channels Load-Balancing Method Hash Algorithm Server Ports Default Configuration without Start-up Config Bulk Configuration Interface Range Bulk Configuration Examples Create a Single-Range Create a Multiple-Range Exclude Duplicate Entries Exclude a Smaller Port Range Defining Interface Range Macros Define the Interface Range Choosing an Interface-Range Macro Monitoring and Maintaining Interfaces Maintenance Using TDR Splitting QSFP Ports to SFP+ Ports Merging SFP+ Ports to QSFP 40G Ports Configure the MTU Size on an Interface Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port Example Scenarios Layer 2 Flow Control Using Ethernet Pause Frames Enabling Pause Frames Configure MTU Size on an Interface Port-Pipes Auto-Negotiation on Ethernet Interfaces Setting the Speed and Duplex Mode of Ethernet Interfaces Page Set Auto-Negotiation Options Adjusting the Keepalive Timer View Advanced Interface Information Configuring the Interface Sampling Size Dynamic Counters Clearing Interface Counters Enhanced Validation of Interface Ranges Enhanced Control of Remote Fault Indication Processing Internet Protocol Security (IPSec) Configuring IPSec IPv4 Routing IP Addresses Configuration Tasks for IP Addresses Assigning IP Addresses to an Interface Configuring Static Routes Configure Static Routes for the Management Interface IPv4 Path MTU Discovery Overview Using the Configured Source IP Address in ICMP Messages Configuring the ICMP Source Interface Configuring the Duration to Establish a TCP Connection Enabling Directed Broadcast Resolution of Host Names Enabling Dynamic Resolution of Host Names Specifying the Local System Domain and a List of Domains Configuring DNS with Traceroute ARP Configuration Tasks for ARP Configuring Static ARP Entries Enabling Proxy ARP Clearing ARP Cache ARP Learning via Gratuitous ARP ARP Learning via ARP Request Configuring ARP Retries ICMP Configuration Tasks for ICMP Enabling ICMP Unreachable Messages UDP Helper Configure UDP Helper Enabling UDP Helper Configurations Using UDP Helper UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses UDP Helper with No Configured Broadcast Addresses Troubleshooting UDP Helper Page IPv6 Addressing Extended Address Space Stateless Autoconfiguration IPv6 Headers IPv6 Header Fields Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) Extension Header Fields Hop-by-Hop Options Header Addressing Link-local Addresses Static and Dynamic Addressing Implementing IPv6 with the Dell Networking OS Page Page ICMPv6 Path MTU Discovery IPv6 Neighbor Discovery IPv6 Neighbor Discovery of MTU Packets Configuring the IPv6 Recursive DNS Server Debugging IPv6 RDNSS Information Sent to the Host Displaying IPv6 RDNSS Information IPv6 Multicast Secure Shell (SSH) Over an IPv6 Transport Configuration Task List for IPv6 Adjusting Your CAM-Profile Assigning an IPv6 Address to an Interface Assigning a Static IPv6 Route Configuring Telnet with IPv6 SNMP over IPv6 Showing IPv6 Information Showing an IPv6 Interface Showing IPv6 Routes Showing the Running-Configuration for an Interface Clearing IPv6 Routes iSCSI Optimization iSCSI Optimization Overview Page Monitoring iSCSI Traffic Flows Information Monitored in iSCSI Traffic Flows Detection and Auto-Configuration for Dell EqualLogic Arrays Configuring Detection and Ports for Dell Compellent Arrays iSCSI Optimization: Operation Default iSCSI Optimization Values Displaying iSCSI Optimization Information Page Intermediate System to Intermediate System IS-IS Protocol Overview IS-IS Addressing Multi-Topology IS-IS Transition Mode Interface Support Adjacencies Graceful Restart Timers Configuration Tasks for IS-IS Enabling IS-IS Page Configuring Multi-Topology IS-IS (MT IS-IS) Configuring IS-IS Graceful Restart Page Changing LSP Attributes Configuring the IS-IS Metric Style Page Configuring the IS-IS Cost Configuring the Distance of a Route Changing the IS-Type Controlling Routing Updates Distribute Routes Applying IPv4 Routes Applying IPv6 Routes Redistributing IPv4 Routes Redistributing IPv6 Routes Configuring Authentication Passwords Setting the Overload Bit Debugging IS-IS Page IS-IS Metric Styles Configure Metric Values Maximum Values in the Routing Table Change the IS-IS Metric Style in One Level Only Page Leaks from One Level to Another Page Page Page Page Page Link Aggregation Control Protocol (LACP) Introduction to Dynamic LAGs and LACP LACP Modes Configuring LACP Commands LACP Configuration Tasks Creating a LAG Configuring the LAG Interfaces as Dynamic Setting the LACP Long Timeout Monitoring and Debugging LACP Shared LAG State Tracking Configuring Shared LAG State Tracking Page Important Points about Shared LAG State Tracking LACP Basic Configuration Example Configure a LAG on ALPHA Page Page Page Page Page Page Page Page Layer 2 Manage the MAC Address Table Clearing the MAC Address Table Setting the Aging Time for Dynamic Entries Configuring a Static MAC Address MAC Learning Limit Setting the MAC Learning Limit mac learning-limit Dynamic mac learning-limit station-move Learning Limit Violation Actions Setting Station Move Violation Actions Recovering from Learning Limit and Station Move Violations NIC Teaming Page MAC Move Optimization Link Layer Discovery Protocol (LLDP) 802.1AB (LLDP) Overview Protocol Data Units Optional TLVs Management TLVs Organizationally Specific TLVs IEEE Organizationally Specific TLVs Page TIA-1057 (LLDP-MED) Overview TIA Organizationally Specific TLVs Page LLDP-MED Capabilities TLV LLDP-MED Network Policies TLV Extended Power via MDI TLV Configure LLDP LLDP Compatibility CONFIGURATION versus INTERFACE Configurations Enabling LLDP Disabling and Undoing LLDP Advertising TLVs Viewing the LLDP Configuration Viewing Information Advertised by Adjacent LLDP Agents Configuring LLDPDU Intervals Configuring Transmit and Receive Mode Configuring a Time to Live Debugging LLDP Relevant Management Objects Page Page Page Page Page Page Microsoft Network Load Balancing NLB Unicast Mode Scenario NLB Multicast Mode Scenario Limitations With Enabling NLB on Switches Benefits and Working of Microsoft Clustering Enable and Disable VLAN Flooding Configuring a Switch for NLB Multicast Source Discovery Protocol (MSDP) Page Anycast RP Configure the Multicast Source Discovery Protocol Page Page Page Enabling MSDP Manage the Source-Active Cache Viewing the Source-Active Cache Limiting the Source-Active Cache Clearing the Source-Active Cache Enabling the Rejected Source-Active Cache Accept Source-Active Messages that Fail the RFP Check Page Page Page Specifying Source-Active Messages Limiting the Source-Active Messages from a Peer Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Logging Changes in Peership States Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP Configuring Anycast RP Reducing Source-Active Message Flooding Specifying the RP Address Used in SA Messages Page Page MSDP Sample Configurations Page Page Multiple Spanning Tree Protocol (MSTP) Spanning Tree Variations Configure Multiple Spanning Tree Protocol Enable Multiple Spanning Tree Globally Creating Multiple Spanning Tree Instances Influencing MSTP Root Selection Interoperate with Non-Dell Networking OS Bridges Changing the Region Name or Revision Page Enable BPDU Filtering Globally Modifying the Interface Parameters Page Flush MAC Addresses after a Topology Change MSTP Sample Configurations Router 1 Running-Configuration Router 2 Running-Configuration Router 3 Running-Configuration SFTOS Example Running-Configuration Debugging and Verifying MSTP Configurations Page Page Multicast Features Enabling IP Multicast First Packet Forwarding for Lossless Multicast Multicast Policies IPv4 Multicast Policies Limiting the Number of Multicast Routes Preventing a Host from Joining a Group Page Page Page Rate Limiting IGMP Join Requests Preventing a PIM Router from Forming an Adjacency Preventing a Source from Registering with the RP Page Page Preventing a PIM Router from Processing a Join Open Shortest Path First (OSPFv2 and OSPFv3) Autonomous System (AS) Areas Area Types Networks and Neighbors Router Types Page Area Border Router (ABR) Internal Router (IR) Designated and Backup Designated Routers Link-State Advertisements (LSAs) LSA Throttling Router Priority and Cost OSPF with the Dell Networking OS Graceful Restart Fast Convergence (OSPFv2, IPv4 Only) Multi-Process OSPFv2 (IPv4 only) Processing SNMP and Sending SNMP Traps RFC-2328 Compliant OSPF Flooding Enabling RFC-2328 Compliant OSPF Flooding OSPF ACK Packing Setting OSPF Adjacency with Cisco Routers Configuration Task List for OSPFv2 (OSPF for IPv4) Enabling OSPFv2 Assigning a Router ID Enabling Multi-Process OSPF (OSPFv2, IPv4 Only) Assigning an OSPFv2 Area Enable OSPFv2 on Interfaces Configuring Stub Areas Configuring LSA Throttling Timers Enabling Passive Interfaces Enabling Fast-Convergence Changing OSPFv2 Parameters on Interfaces Page Enabling OSPFv2 Authentication Enabling OSPFv2 Graceful Restart Page Creating Filter Routes Applying Prefix Lists Redistributing Routes Troubleshooting OSPFv2 Page Sample Configurations for OSPFv2 Basic OSPFv2 Router Topology OSPF Area 0 Gl 1/1 and 1/2 OSPF Area 0 Gl 3/1 and 3/2 OSPF Area 0 Gl 2/1 and 2/2 Configuration Task List for OSPFv3 (OSPF for IPv6) Enabling IPv6 Unicast Routing Assigning IPv6 Addresses on an Interface Assigning Area ID on an Interface Assigning OSPFv3 Process ID and Router ID Globally Configuring Stub Areas Configuring Passive-Interface Redistributing Routes Configuring a Default Route Enabling OSPFv3 Graceful Restart Displaying Graceful Restart OSPFv3 Authentication Using IPsec OSPFv3 Authentication Using IPsec: Configuration Notes Configuring IPsec Authentication on an Interface Configuring IPsec Encryption on an Interface Configuring IPSec Authentication for an OSPFv3 Area Configuring IPsec Encryption for an OSPFv3 Area Displaying OSPFv3 IPsec Security Policies Page Troubleshooting OSPFv3 Viewing Summary Information Page Policy-based Routing (PBR) Page Implementing Policy-based Routing with Dell Networking OS Configuration Task List for Policy-based Routing Page Page PBR Exceptions (Permit) Page Page Sample Configuration Create the Redirect-List GOLD Assign Redirect-List GOLD to Interface 2/11 View Redirect-List GOLD Page Page Page PIM Sparse-Mode (PIM-SM) Requesting Multicast Traffic Refuse Multicast Traffic Send Multicast Traffic Important Point to Remember Configuring PIM-SM Enable PIM-SM Page Configuring S,G Expiry Timers Configuring a Static Rendezvous Point Overriding Bootstrap Router Updates Configuring a Designated Router Creating Multicast Boundaries and Domains Enabling PIM-SM Graceful Restart PIM Source-Specific Mode (PIM-SSM) Configure PIM-SMM Enabling PIM-SSM Use PIM-SSM with IGMP Version 2 Hosts Configuring PIM-SSM with IGMPv2 Page Port Monitoring Configuring Port Monitoring Page Enabling Flow-Based Monitoring Remote Port Mirroring Remote Port Mirroring Example Configuring Remote Port Mirroring Configuration Notes Restrictions Displaying Remote-Port Mirroring Configurations Configuring the Sample Remote Port Mirroring Page Page Configuring the Encapsulated Remote Port Mirroring Configuration steps for ERPM Page ERPM Behavior on a typical Dell Networking OS Decapsulation of ERPM packets at the Destination IP/ Analyzer Page Private VLANs (PVLAN) Private VLAN Concepts Using the Private VLAN Commands Creating PVLAN ports Creating a Primary VLAN Creating a Community VLAN Creating an Isolated VLAN Private VLAN Configuration Example Inspecting the Private VLAN Configuration Page Page Per-VLAN Spanning Tree Plus (PVST+) Configure Per-VLAN Spanning Tree Plus Enabling PVST+ Disabling PVST+ Influencing PVST+ Root Selection Page Modifying Global PVST+ Parameters Modifying Interface PVST+ Parameters Page PVST+ in Multi-Vendor Networks Enabling PVST+ Extend System ID PVST+ Sample Configurations Page Enable BPDU Filtering globally Page Quality of Service (QoS) Page Port-Based QoS Configurations Setting dot1p Priorities for Incoming Traffic Honoring dot1p Priorities on Ingress Traffic Priority-Tagged Frames on the Default VLAN Configuring Port-Based Rate Policing Configuring Port-Based Rate Shaping Guidelines for Configuring ECN for Classifying and Color- Marking Packets Sample configuration to mark non-ecn packets as yellow with Multiple traffic class Classifying Incoming Packets Using ECN and Color-Marking Page Sample configuration to mark non-ecn packets as yellow with single traffic class Page Policy-Based QoS Configurations DSCP Color Maps Creating a DSCP Color Map Displaying DSCP Color Maps Displaying a DSCP Color Policy Configuration Classify Traffic Creating a Layer 3 Class Map Creating a Layer 2 Class Map Determining the Order in Which ACLs are Used to Classify Traffic Setting DSCP Values for Egress Packets Based on Flow Displaying Configured Class Maps and Match Criteria Page Create a QoS Policy Creating an Input QoS Policy Configuring Policy-Based Rate Policing Setting a DSCP Value for Egress Packets Setting a dot1p Value for Egress Packets Creating an Output QoS Policy Configuring Policy-Based Rate Shaping Allocating Bandwidth to Queue Configure a Scheduler to Queue Setting DSCP Values for Egress Packets Based on Flow Specifying WRED Drop Precedence Create Policy Maps Creating Input Policy Maps Applying a Class-Map or Input QoS Policy to a Queue Applying an Input QoS Policy to an Input Policy Map Honoring DSCP Values on Ingress Packets Honoring dot1p Values on Ingress Packets Enabling Fall Back to Trust Diffserve or dot1p Mapping dot1p Values to Service Queues Guaranteeing Bandwidth to dot1p-Based Service Queues Applying an Input Policy Map to an Interface Creating Output Policy Maps Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Weighted Random Early Detection Creating WRED Profiles Applying a WRED Profile to Traffic Displaying Default and Configured WRED Profiles Displaying WRED Drop Statistics Displaying egress-queue Statistics Classifying Layer 2 Traffic on Layer 3 Interfaces Classifying Packets Based on a Combination of DSCP Code Points and VLAN IDs Page Routing Information Protocol (RIP) RIPv1 RIPv2 Enabling RIP Globally Configure RIP on Interfaces Controlling RIP Routing Updates Adding RIP Routes from Other Instances Assigning a Prefix List to RIP Routes Setting the Send and Receive Version Generating a Default Route Summarize Routes Controlling Route Metrics Debugging RIP RIP Configuration Example RIP Configuration on Core2 Core 2 RIP Output Page RIP Configuration on Core3 Core 3 RIP Output RIP Configuration Summary Page Remote Monitoring (RMON) Fault Recovery Setting the rmon Alarm Configuring an RMON Event Configuring RMON Collection Statistics Configuring the RMON Collection History Enabling an RMON MIB Collection History Group Example of the rmon collection history Command Rapid Spanning Tree Protocol (RSTP) Configuring Rapid Spanning Tree Configuring Interfaces for Layer 2 Mode Enabling Rapid Spanning Tree Protocol Globally Page Page Adding and Removing Interfaces Page Enable BPDU Filtering Globally Modifying Interface Parameters Page Influencing RSTP Root Selection SNMP Traps for Root Elections and Topology Changes Configuring Fast Hellos for Link State Detection Page Security AAA Accounting Configuration Task List for AAA Accounting Enabling AAA Accounting Suppressing AAA Accounting for Null Username Sessions Configuring Accounting of EXEC and Privilege-Level Command Usage Configuring AAA Accounting for Terminal Lines Monitoring AAA Accounting AAA Authentication Configuration Task List for AAA Authentication Configure Login Authentication for Terminal Lines Configuring AAA Authentication Login Methods Enabling AAA Authentication Enabling AAA Authentication RADIUS Server-Side Configuration AAA Authorization Privilege Levels Overview Configuration Task List for Privilege Levels Configuring a Username and Password Configuring the Enable Password Command Configuring Custom Privilege Levels Page Specifying LINE Mode Password and Privilege Enabling and Disabling Privilege Levels RADIUS RADIUS Authentication and Authorization Idle Time ACL Configuration Information Auto-Command Setting Access to Privilege Levels through RADIUS Configuration Task List for RADIUS Defining a AAA Method List to be Used for RADIUS Applying the Method List to Terminal Lines Specifying a RADIUS Server Host Setting Global Communication Parameters for all RADIUS Server Hosts Monitoring RADIUS TACACS+ Configuration Task List for TACACS+ Choosing TACACS+ as the Authentication Method Page Monitoring TACACS+ TACACS+ Remote Authentication and Authorization Specifying a TACACS+ Server Host Command Authorization Protection from TCP Tiny and Overlapping Fragment Attacks Enabling SCP and SSH Using SCP with SSH to Copy a Software Image Removing the RSA Host Keys and Zeroizing Storage Configuring When to Re-generate an SSH Key Configuring the SSH Server Key Exchange Algorithm Configuring the HMAC Algorithm for the SSH Server Configuring the SSH Server Cipher List Secure Shell Authentication Enabling SSH Authentication by Password Using RSA Authentication of SSH Configuring Host-Based SSH Authentication Using Client-Based SSH Authentication Troubleshooting SSH Telnet VTY Line and Access-Class Configuration VTY Line Local Authentication and Authorization VTY Line Remote Authentication and Authorization VTY MAC-SA Filter Support Role-Based Access Control Overview of RBAC Privilege-or-Role Mode versus Role-only Mode Configuring Role-based Only AAA Authorization System-Defined RBAC User Roles User Roles Creating a New User Role Modifying Command Permissions for Roles Page Adding and Deleting Users from a Role AAA Authentication and Authorization for Roles Configure AAA Authentication for Roles Configure AAA Authorization for Roles Page Configuring TACACS+ and RADIUS VSA Attributes for RBAC Role Accounting Configuring AAA Accounting for Roles Applying an Accounting Method to a Role Displaying Active Accounting Sessions for Roles Display Information About User Roles Displaying User Roles Displaying Role Permissions Assigned to a Command Displaying Information About Users Logged into the Switch Page Service Provider Bridging VLAN Stacking Page Configure VLAN Stacking Creating Access and Trunk Ports Enable VLAN-Stacking for a VLAN Configuring the Protocol Type Value for the Outer VLAN Tag Configuring Options for Trunk Ports Debugging VLAN Stacking VLAN Stacking in Multi-Vendor Networks VLAN Stacking Page Page Page VLAN Stacking Packet Drop Precedence Enabling Drop Eligibility Honoring the Incoming DEI Value Marking Egress Packets with a DEI Value Dynamic Mode CoS for VLAN Stacking Mapping C-Tag to S-Tag dot1p Values Layer 2 Protocol Tunneling Page Page Enabling Layer 2 Protocol Tunneling Specifying a Destination MAC Address for BPDUs Setting Rate-Limit BPDUs Debugging Layer 2 Protocol Tunneling Provider Backbone Bridging sFlow Enabling and Disabling sFlow Enabling and Disabling sFlow on an Interface Enabling sFlow Max-Header Size Extended sFlow Show Commands Displaying Show sFlow Global Displaying Show sFlow on an Interface Displaying Show sFlow on a Stack Unit Configuring Specify Collectors Changing the Polling Intervals Changing the Sampling Rate Sub-Sampling Back-Off Mechanism sFlow on LAG ports Enabling Extended sFlow Page Simple Network Management Protocol (SNMP) Configuration Task List for SNMP SNMPv3 Compliance With FIPS Set up SNMP Creating a Community Setting Up User-Based Security (SNMPv3) Page Reading Managed Object Values Writing Managed Object Values Configuring Contact and Location Information using SNMP Subscribing to Managed Object Value Updates using SNMP Enabling a Subset of SNMP Traps Page Enabling an SNMP Agent to Notify Syslog Server Failure Copy Configuration Files Using SNMP Page Copying a Configuration File Copying Configuration Files via SNMP Copying the Startup-Config Files to the Running-Config Copying the Startup-Config Files to the Server via FTP Copying the Startup-Config Files to the Server via TFTP Copying a Binary File to the Startup-Configuration Additional MIB Objects to View Copy Statistics MIB Support to Display the Available Memory Size on Flash Viewing the Available Flash Memory Size MIB Support to Display the Software Core Files Generated by the System Viewing the Software Core Files Generated by the System Obtaining a Value for MIB Objects Manage VLANs using SNMP Creating a VLAN Assigning a VLAN Alias Displaying the Ports in a VLAN Add Tagged and Untagged Ports to a VLAN Enabling and Disabling a Port using SNMP Fetch Dynamic MAC Entries using SNMP Page Deriving Interface Indices Monitor Port-Channels BMP Functionality Using SNMP SET Entity MIBS Physical Entity Containment Tree Example of the Entity MIBS Outputs Troubleshooting SNMP Operation Stacking Stacking MXL 10/40GbE Switches Stack Management Roles Stack Master Election Failover Roles MAC Addressing Stacking LAG Supported Stacking Topologies Example 1: Dual-Ring Stack Across Multiple Chassis Page Page Configuring a Switch Stack Stacking Prerequisites Master Selection Criteria Configuring Priority and stack-group Cabling Stacked Switches Cabling Restrictions Cabling Redundancy Cabling Procedure Accessing the CLI Configuring and Bringing Up a Stack Assigning a Priority to Stacked Switches Renumbering a Stack Unit Provisioning a Stack Unit Converting 4x10GbE Ports to 40GbE for Stacking Removing a Port from the Stacking Mode Removing a Switch from a Stack Adding a Stack Unit Merging Two Stacks Splitting a Stack Managing Redundant Stack Management Resetting a Unit on a Stack Verify a Stack Configuration Using Show Commands Page Troubleshooting a Switch Stack Page Failure Scenarios Stack Member Fails Unplugged Stacking Cable Master Switch Fails Stack-Link Flapping Error Master Switch Recovers from Failure Stack Unit in Card-Problem State Due to Incorrect Dell Networking OS Version Stack Unit in Card-Problem State Due to Configuration Mismatch Upgrading a Switch Stack Upgrading a Single Stack Unit Page Storm Control Configure Storm Control Configuring Storm Control from INTERFACE Mode Configuring Storm Control from CONFIGURATION Mode Spanning Tree Protocol (STP) Configure Spanning Tree Page Configuring Interfaces for Layer 2 Mode Enabling Spanning Tree Protocol Globally Page Page Adding an Interface to the Spanning Tree Group Removing an Interface from the Spanning Tree Group Modifying Interface STP Parameters Enabling PortFast Prevent Network Disruptions with BPDU Guard Page Global BPDU Filtering Interface BPDU Filtering Selecting STP Root STP Root Guard Root Guard Scenario Configuring Root Guard SNMP Traps for Root Elections and Topology Changes Displaying STP Guard Configuration System Time and Date Network Time Protocol Protocol Overview Implementation Information Configure the Network Time Protocol Enabling NTP Configuring NTP Broadcasts Disabling NTP on an Interface Configuring a Source IP Address for NTP Packets Configuring NTP Authentication Page Dell Networking OS Time and Date Setting the Time and Date for the Switch Software Clock Setting the Timezone Set Daylight Saving Time Setting Daylight Saving Time Once Setting Recurring Daylight Saving Time Page Page Tunneling Configuring a Tunnel Configuring Tunnel keepalive Configuring the ip and ipv6 unnumbered Configuring the Tunnel allow-remote Configuring the Tunnel Source Anylocal Uplink Failure Detection (UFD) Feature Description How Uplink Failure Detection Works UFD and NIC Teaming Configuring Uplink Failure Detection Page Clearing a UFD-Disabled Interface Displaying Uplink Failure Detection Page Sample Configuration: Uplink Failure Detection Page Upgrade Procedures Get Help with Upgrades Virtual LANs (VLANs) Default VLAN Port-Based VLANs VLANs and Port Tagging Creating a Port-Based VLAN Assigning Interfaces to a VLAN Page Moving Untagged Interfaces Assigning an IP Address to a VLAN Configuring Native VLANs Enabling Null VLAN as the Default VLAN Virtual Link Trunking (VLT) Multi-domain VLT VLT Terminology Configure Virtual Link Trunking Configuration Notes Page Page Page RSTP and VLT VLT Bandwidth Monitoring VLT and IGMP Snooping VLT Port Delayed Restoration PIM-Sparse Mode Support on VLT VLT Multicast Configuring VLT Multicast VLT Unicast Routing Configuring VLT Unicast Non-VLT ARP Sync RSTP Configuration Preventing Forwarding Loops in a VLT Domain Sample RSTP Configuration Configure RSTP on VLT Peers to Prevent Forwarding Loops (VLT Peer 1) Configure RSTP on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Configuring VLT Configuring a VLT Interconnect Configuring a VLT Backup Link Configuring a VLT Port Delay Period Reconfiguring the Default VLT Settings (Optional) Connecting a VLT Domain to an Attached Access Device (Switch or Server) Configuring a VLT VLAN Peer-Down (Optional) Configure Multi-domain VLT (mVLT) (Optional) Page Page Verifying a VLT Configuration Page Page Connecting a VLT Domain Page Page Page Page PVST+ Configuration Sample PVST+ Configuration mVLT Configuration Example In Domain 1, configure the VLT domain and VLTi on Peer 1 Configure mVLT on Peer 1 Add links to the mVLT port-channel on Peer 1 Next, configure the VLT domain and VLTi on Peer 2 Configure mVLT on Peer 2 PIM-Sparse Mode Configuration Example Additional VLT Sample Configurations Configuring Virtual Link Trunking (VLT Peer 1) Configuring Virtual Link Trunking (VLT Peer 2) Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch) Troubleshooting VLT Page Specifying VLT Nodes in a PVLAN Association of VLTi as a Member of a PVLAN MAC Synchronization for VLT Nodes in a PVLAN PVLAN Operations When One VLT Peer is Down PVLAN Operations When a VLT Peer is Restarted Interoperation of VLT Nodes in a PVLAN with ARP Requests Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN Configuring a VLT VLAN or LAG in a PVLAN Creating a VLT LAG or a VLT VLAN Associating the VLT LAG or VLT VLAN in a PVLAN Proxy ARP Capability on VLT Peer Nodes Working of Proxy ARP for VLT Peer Nodes Configuring VLAN-Stack over VLT Page Page Page Virtual Router Redundancy Protocol (VRRP) VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Creating a Virtual Router Configuring the VRRP Version for an IPv4 Group Assign Virtual IP addresses Configuring a Virtual IP Address Page Setting VRRP Group (Virtual Router) Priority Configuring VRRP Authentication Disabling Preempt Changing the Advertisement Interval Track an Interface or Object Tracking an Interface Setting VRRP Initialization Delay VRRP for an IPv4 Configuration Page Page Standards Compliance IEEE Compliance RFC and I-D Compliance General Internet Protocols General IPv4 Protocols Border Gateway Protocol (BGP) Open Shortest Path First (OSPF) Routing Information Protocol (RIP) Network Management Page Page MIB Location FC Flex IO Modules FC Flex IO Modules Understanding and Working of the FC Flex IO Modules FC Flex IO Modules Overview Page FC Flex IO Module Capabilities and Operations Guidelines for Working with FC Flex IO Modules Page Port Numbering for FC Flex IO Modules Installing the Optics Processing of Data Traffic Operation of the FIP Application Operation of the NPIV Proxy Gateway Page Page Installation Unpacking the Switch Interconnectivity of FC Flex IO Modules with Cisco MDS Switches Page Ethernet Enhancements in Data Center Bridging Priority-Based Flow Control Enhanced Transmission Selection Configuring DCB Maps and its Attributes DCB Map: Configuration Procedure Applying a DCB Map on a Port Configuring PFC without a DCB Map Configuring Lossless Queues Data Center Bridging Exchange Protocol (DCBx) Data Center Bridging in a Traffic Flow Enabling Data Center Bridging QoS dot1p Traffic Classification and Queue Assignment Configure Enhanced Transmission Selection ETS Operation with DCBx Configuring Bandwidth Allocation for DCBx CIN Configure a DCBx Operation DCBx Operation DCBx Port Roles Page DCB Configuration Exchange Configuration Source Election Propagation of DCB Information Auto-Detection and Manual Configuration of the DCBx Version DCBx Example DCBx Prerequisites and Restrictions Configuring DCBx Configuring DCBx Globally on the Switch Page DCBx Error Messages Debugging DCBx on an Interface Verifying the DCB Configuration Page Page Page Page Page Page Page Page Page Page Page PFC and ETS Configuration Command Examples Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack Interworking of DCB Map With DCB Buffer Threshold Settings Fibre Channel over Ethernet for FC Flex IO Modules NPIV Proxy Gateway for FC Flex IO Modules NPIV Proxy Gateway Configuration on FC Flex IO Modules NPIV Proxy Gateway Operations and Capabilities NPIV Proxy Gateway Operation NPIV Proxy Gateway: Protocol Services NPIV Proxy Gateway Functionality NPIV Proxy Gateway: Terms and Definitions Page Page Configuring an NPIV Proxy Gateway Enabling Fibre Channel Capability on the Switch Creating a DCB Map Page Applying a DCB Map on Server-facing Ethernet Ports Creating an FCoE VLAN Creating an FCoE Map Applying an FCoE Map on Server-facing Ethernet Ports Applying an FCoE Map on Fabric-facing FC Ports Sample Configuration Displaying NPIV Proxy Gateway Information show interfaces status Command Example show fcoe-map Command Examples show qos dcb-map Command Examples show npiv devices brief Command Example show npiv devices Command Example show fc switch Command Example