- Notes, cautions, and warnings
- About this guide
- Change history
- Getting Started with Dell EMC SmartFabric OS10
- CLI Basics
- CONFIGURATION mode
- Check device status
- Command help
- Candidate configuration
- Copy running configuration
- Restore startup configuration
- Reload system image
- Filter show commands
- Common OS10 commands
- boot
- commit
- configure
- copy
- delete
- dir
- discard
- do
- end
- exit
- hostname
- license
- lock
- management route
- move
- no
- ping
- ping6
- reload
- show boot
- show candidate-configuration
- show environment
- show inventory
- show ip management-route
- show ipv6 management-route
- show license status
- show running-configuration
- show startup-configuration
- show system
- show version
- start
- system
- system-cli disable
- system-user linuxadmin disable
- system identifier
- terminal
- traceroute
- unlock
- username password role
- write
- Advanced CLI tasks
- Dell EMC SmartFabric OS10 zero-touch deployment
- Dell EMC SmartFabric OS10 provisioning
- System management
- System banners
- User session management
- Telnet server
- Simple Network Management Protocol
- System clock
- Network Time Protocol
- Precision Time Protocol
- Supported platforms
- PTP installation scale and limits
- Configuration notes
- Configure Precision Time Protocol
- View PTP information
- Example: Configure boundary clock with L2 transport method
- Example: Configure boundary clock with IPv4 multicast transport method
- Example: Configure boundary clock with IPv4 unicast transport method
- Example: Configure end-to-end transparent clock
- Example: Configure boundary clock with IPv4 unicast transport method and L3 VLAN
- Example: Configure PTP in a multinode setup
- PTP commands
- clear ptp counters
- debug ptp
- master
- ptp announce
- ptp clock
- ptp delay-mechanism
- ptp delay-req-min-interval
- ptp domain
- ptp enable
- ptp local-priority
- ptp priority1
- ptp priority2
- ptp role
- ptp source
- ptp sync-interval
- ptp system-time enable
- ptp transport
- ptp vlan
- show ptp
- show ptp clock
- show ptp counters
- show ptp foreign-masters
- show ptp interface
- show ptp parent
- show ptp peer
- show ptp servo
- show ptp time-properties
- slave
- source
- Dynamic Host Configuration Protocol
- Packet format and options
- DHCP server
- Automatic address allocation
- Hostname resolution
- Manual binding entries
- View DHCP Information
- DHCP relay agent
- DHCP snooping
- System domain name and list
- DHCP commands
- DHCP relay commands
- DHCP server commands
- DHCP snooping commands
- arp inspection
- arp inspection-trust
- arp inspection violation logging
- clear ip arp inspection statistics
- clear ip dhcp snooping binding
- ip dhcp snooping (global)
- ip dhcp snooping (interface)
- ip dhcp snooping binding
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- show ip arp inspection database
- show ip arp inspection statistics
- show ip arp inspection logging
- show ip dhcp snooping binding
- DNS commands
- Containers
- Interfaces
- Ethernet interfaces
- Unified port groups
- Z9264F-ON port-group profiles
- Port-groups on S5200F-ON switches
- L2 mode configuration
- L3 mode configuration
- Fibre Channel interfaces
- Management interface
- VLAN interfaces
- User-configured default VLAN
- VLAN scale profile
- Loopback interfaces
- Port-channel interfaces
- Configure interface ranges
- Switch-port profiles
- Configure negotiation modes on interfaces
- Configure breakout mode
- Breakout auto-configuration
- Reset default configuration
- Forward error correction
- Energy-efficient Ethernet
- View interface configuration
- Digital optical monitoring
- Default MTU Configuration
- Interface commands
- channel-group
- default interface
- default vlan-id
- description (Interface)
- duplex
- enable dom
- enable dom traps
- feature auto-breakout
- fec
- interface breakout
- interface ethernet
- interface loopback
- interface mgmt
- interface null
- interface port-channel
- interface range
- interface vlan
- link-bundle-utilization
- mode
- mode l3
- mtu
- negotiation
- port mode Eth
- port-group
- profile
- scale-profile vlan
- show discovered-expanders
- show interface
- show interface transceiver “Tunable wavelength”
- show inventory media
- show link-bundle-utilization
- show port-channel summary
- show port-group
- show switch-port-profile
- show system
- show unit-provision
- show vlan
- shutdown
- speed (Fibre Channel)
- speed (Management)
- switch-port-profile
- switchport access vlan
- switchport mode
- switchport trunk allowed vlan
- unit-provision
- wavelength
- default mtu
- show default mtu
- PowerEdge MX Ethernet I/O modules
- Fibre Channel
- Fibre Channel over Ethernet
- Terminology
- Virtual fabric
- Fibre Channel zoning
- F_Port on Ethernet
- Pinning FCoE traffic to a specific port of a port-channel
- Multiswitch fabric (E Port)
- Configure multiswitch fabric (E Port)
- Verify multiswitch fabric (E Port) configuration
- Multiswitch fabric (E Port) CLI commands
- show fc fspf interface
- clear fc fabric statistics
- clear fc flow-control-statistics
- clear fc fspf statistics
- clear fc ns switch statistics
- domain-id
- e_d_tov
- fc port-mode F | E
- feature fc
- fspf cost
- fspf dead-interval
- fspf hello-interval
- fspf hold-time
- fspf retransmit-interval
- principal-priority
- r_a_tov
- show fc fabric
- show fc fabric interface
- show fc fabric statistics
- show fc flow-control-statistics
- show fc fspf database
- show fc fspf neighbor
- show fc fspf route
- show fc ns fabric
- show fc ns fabric brief
- show fc ns switch statistics
- show fc switch
- show interface fibre channel
- show vfabric
- show vfabric fspf
- Multi-hop FIP-snooping bridge
- Configuration guidelines
- NPIV Proxy Gateway cascading
- Support for untagged VLAN in FCoE
- Rebalance FC sessions (NPG)
- Load balancing after system reboot
- F_Port commands
- NPG commands
- F_Port and NPG commands
- FIP-snooping commands
- FCoE commands
- clear fcoe database
- clear fcoe statistics
- fcoe delay fcf-adv
- fcoe-pinned-port
- fcoe max-sessions-per-enodemac
- fcoe priority-bits
- lldp tlv-select dcbxp-appln fcoe
- re-balance fc npg sessions vfabric
- show fcoe enode
- show fcoe fcf
- show fcoe pinned-port
- show fcoe sessions
- show fcoe statistics
- show fcoe system
- show fcoe vlan
- Layer 2
- 802.1X
- Far-end failure detection
- Link Aggregation Control Protocol
- Link Layer Discovery Protocol
- Mandatory TLVs
- Optional TLVs
- Configure LLDP
- Example: Advertise TLVs configuration
- View LLDP configuration
- View LLDP neighbor advertisements
- LLDP-MED
- LLDP commands
- clear lldp counters
- clear lldp table
- lldp enable
- lldp holdtime-multiplier
- lldp med fast-start-repeat-count
- lldp med
- lldp med network-policy
- lldp med network-policy (Interface)
- lldp med tlv-select
- lldp port-description-tlv advertise
- lldp receive
- lldp reinit
- lldp timer
- lldp tlv-select basic-tlv
- lldp management-addr-tlv virtual-ip
- lldp tlv-select dot1tlv
- lldp tlv-select dot3tlv
- lldp transmit
- lldp vlan-name-tlv allowed vlan
- show lldp interface
- show lldp errors
- show lldp med
- show lldp neighbors
- show lldp timers
- show lldp tlv-select interface
- show lldp traffic
- show network-policy profile
- Media Access Control
- Spanning-tree protocol
- Introduction to STP
- Supported STP modes
- Change STP modes
- Mode specific functionality
- Enable and disable STP
- Backward compatibility and interoperability
- BPDU extensions
- Recover from BPDU guard violations
- MAC flush optimization
- Spanning-tree link type for rapid state transitions
- Dynamic path cost calculation
- Debug facilities
- EdgePort
- Common STP commands
- clear spanning-tree counters
- debug spanning-tree
- errdisable detect cause bpduguard
- errdisable recovery cause bpduguard
- errdisable recovery interval
- clear spanning-tree detected-protocol
- spanning-tree bpdufilter
- spanning-tree bpduguard
- spanning-tree disable
- spanning-tree guard
- spanning-tree link-type
- spanning-tree mac-flush-timer
- spanning-tree mode rstp
- spanning-tree port
- show errdisable
- show spanning-tree interface
- Rapid per-VLAN spanning-tree
- RSTP/MSTP/Rapid-PVST Force Version
- Load balance and root selection
- Enable Rapid-PVST
- Select the root bridge
- Root assignment
- Global parameters
- Rapid-PVST commands
- show spanning-tree vlan
- spanning-tree vlan cost
- spanning-tree vlan disable
- spanning-tree vlan forward-time
- spanning-tree vlan force-version
- spanning-tree vlan hello-time
- spanning-tree vlan mac-flush-threshold
- spanning-tree vlan max-age
- spanning-tree vlan priority
- spanning-tree vlan priority (Interface)
- spanning-tree vlan root
- spanning-tree rapid-pvst force-version
- Rapid Spanning-Tree Protocol
- Multiple Spanning-Tree
- Configure MSTP
- Create instances
- Root selection
- Non-Dell EMC hardware
- Region name or revision
- Modify parameters
- Interface parameters
- MST commands
- instance
- name
- revision
- spanning-tree mst
- spanning-tree msti
- spanning-tree mst configuration
- spanning-tree mst disable
- spanning-tree mst force-version
- spanning-tree mst forward-time
- spanning-tree mst hello-time
- spanning-tree mst mac-flush-threshold
- spanning-tree mst max-age
- spanning-tree mst max-hops
- show spanning-tree mst
- show spanning-tree msti
- Introduction to STP
- Virtual LANs
- Port monitoring
- Layer 3
- Virtual routing and forwarding
- Configure management VRF
- Configure non-default VRF instances
- VRF configuration
- View VRF instance information
- Static route leaking
- VRF commands
- Bidirectional Forwarding Detection
- BFD session states
- BFD three-way handshake
- BFD configuration
- Configure BFD globally
- BFD for BGP
- BFD for OSPF
- BFD for Static routes
- Establishing BFD Sessions for IPv4 Static Routes
- Establishing BFD Sessions for IPv4 Static Routes in a non-default VRF instance
- Changing IPv4 static route session parameters
- Disabling BFD for IPv4 Static Routes
- Establishing BFD Sessions for IPv6 Static Routes
- Establishing BFD Sessions for IPv6 Static Routes in a non-default VRF instance
- Changing IPv6 static route session parameters
- Enable BFD for specific static routes
- Disabling BFD for IPv6 Static Routes
- BFD commands
- Border Gateway Protocol
- Sessions and peers
- Martian addresses
- Route reflectors
- Multiprotocol BGP
- Attributes
- Disable announcement of ASN values
- Selection criteria
- Weight and local preference
- Multiexit discriminators
- Origin
- AS path and next-hop
- Best path selection
- More path support
- Advertise cost
- 4-Byte AS numbers
- AS number migration
- Graceful restart
- Configure Border Gateway Protocol
- Enable BGP
- BGP over unnumbered interfaces
- Configure Dual Stack
- Configure administrative distance
- Peer templates
- Neighbor fall-over
- Configure password
- Fast external fallover
- Passive peering
- Local AS
- AS number limit
- Redistribute routes
- Additional paths
- MED attributes
- Local preference attribute
- Weight attribute
- Enable multipath
- Route-map filters
- Route reflector clusters
- Aggregate routes
- Confederations
- Route dampening
- Timers
- Neighbor soft-reconfiguration
- Redistribute iBGP route to OSPF
- Example - BGP in a VLT topology
- Example - Three-tier CLOS topology with eBGP
- Debug BGP
- BGP commands
- activate
- add-path
- address-family
- advertisement-interval
- advertisement-start
- aggregate-address
- allowas-in
- always-compare-med
- as-notation
- bestpath as-path
- bestpath med
- bestpath router-id
- clear ip bgp
- clear ip bgp *
- clear ip bgp dampening
- clear ip bgp flap-statistics
- connection-retry-timer
- confederation
- client-to-client
- cluster-id
- bgp dampening
- debug ip bgp
- description
- default-metric
- default-originate
- distance bgp
- distribute-list
- bgp default local-preference
- ebgp-multihop
- enforce-first-as
- fall-over
- fast-external-fallover
- graceful-restart
- inherit template
- listen
- local-as
- log-neighbor-changes
- maximum-paths
- maximum-prefix
- neighbor
- network
- next-hop-self
- non-deterministic-med
- outbound-optimization
- password
- redistribute
- remote-as
- remove-private-as
- route-map
- route-reflector-client
- router bgp
- router-id
- send-community
- sender-side-loop-detection
- show ip bgp
- show ip bgp dampened-paths
- show ip bgp flap-statistics
- show ip bgp ipv4 unicast
- show ip bgp ipv6 unicast
- show ip bgp neighbors
- show ip bgp peer-group
- show ip bgp summary
- show ip route
- show ipv6 route
- soft-reconfiguration inbound
- template
- timers
- update-source
- vrf
- weight
- Equal cost multi-path
- IPv4 routing
- IPv6 routing
- Enable or disable IPv6
- IPv6 addresses
- Stateless autoconfiguration
- Neighbor Discovery
- Duplicate address discovery
- Static IPv6 routing
- IPv6 destination unreachable
- IPv6 hop-by-hop options
- View IPv6 information
- IPv6 commands
- clear ipv6 neighbors
- clear ipv6 route
- ipv6 address
- ipv6 address autoconfig
- ipv6 address dhcp
- ipv6 enable
- ipv6 address eui-64
- ipv6 address link-local
- ipv6 hop-by-hop
- ipv6 nd dad
- ipv6 nd hop-limit
- ipv6 nd managed-config-flag
- ipv6 nd max-ra-interval
- ipv6 nd mtu
- ipv6 nd other-config-flag
- ipv6 nd prefix
- ipv6 nd ra-lifetime
- ipv6 nd reachable-time
- ipv6 nd retrans-timer
- ipv6 nd send-ra
- ipv6 route
- ipv6 unreachables
- show ipv6 neighbors
- show ipv6 route
- show ipv6 interface brief
- Open shortest path first
- Autonomous system areas
- Areas, networks, and neighbors
- Router types
- Designated and backup designated routers
- Link-state advertisements
- Router priority
- Shortest path first throttling
- OSPFv2
- Enable OSPFv2
- Enable OSPFv2 in a non-default VRF instance
- Assign router identifier
- Stub areas
- Passive interfaces
- Fast convergence
- Interface parameters
- Redistribute routes
- Default route
- Summary address
- Graceful restart
- OSPFv2 authentication
- Troubleshoot OSPFv2
- Debug OSPF
- OSPFv2 commands
- area default-cost
- area nssa
- area range
- area stub
- auto-cost reference-bandwidth
- clear ip ospf process
- clear ip ospf statistics
- debug ip ospfv2
- default-information originate
- default-metric
- fast-converge
- graceful-restart
- ip ospf area
- ip ospf authentication-key
- ip ospf cost
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf message-digest-key
- ip ospf mtu-ignore
- ip ospf network
- ip ospf passive
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log-adjacency-changes
- max-metric router-lsa
- maximum-paths
- redistribute
- router-id
- router ospf
- show ip ospf
- show ip ospf asbr
- show ip ospf database
- show ip ospf database asbr-summary
- show ip ospf database external
- show ip ospf database network
- show ip ospf database nssa external
- show ip ospf database opaque-area
- show ip ospf database opaque-as
- show ip ospf database opaque-link
- show ip ospf database router
- show ip ospf database summary
- show ip ospf interface
- show ip ospf routes
- show ip ospf statistics
- show ip ospf topology
- summary-address
- timers lsa arrival
- timers spf
- timers throttle lsa all
- OSPFv3
- Enable OSPFv3
- Enable OSPFv3 in a non-default VRF instance
- Assign Router ID
- Configure Stub Areas
- Enable Passive Interfaces
- Interface OSPFv3 Parameters
- Default route
- OSPFv3 IPsec authentication and encryption
- Troubleshoot OSPFv3
- OSPFv3 Commands
- area authentication
- area encryption
- area stub
- auto-cost reference-bandwidth
- clear ipv6 ospf process
- clear ipv6 ospf statistics
- debug ip ospfv3
- default-information originate
- ipv6 ospf area
- ipv6 ospf authentication
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf encryption
- ipv6 ospf hello-interval
- ipv6 ospf mtu-ignore
- ipv6 ospf network
- ipv6 ospf passive
- ipv6 ospf priority
- log-adjacency-changes
- maximum-paths
- redistribute
- router-id
- router ospfv3
- show ipv6 ospf
- show ipv6 ospf database
- show ipv6 ospf interface
- show ipv6 ospf neighbor
- show ipv6 ospf statistics
- timers spf (OSPFv3)
- Object tracking manager
- Policy-based routing
- Virtual Router Redundancy Protocol
- Virtual routing and forwarding
- Multicast
- Important notes
- Configure multicast routing
- Unknown multicast flood control
- Multicast Commands
- Internet Group Management Protocol
- Standards compliance
- Important notes
- Supported IGMP versions
- Query interval
- Last member query interval
- Maximum response time
- IGMP immediate leave
- Select an IGMP version
- View IGMP-enabled interfaces and groups
- IGMP snooping
- IGMP commands
- clear ip igmp groups
- ip igmp immediate-leave
- ip igmp last-member-query-interval
- ip igmp query-interval
- ip igmp query-max-resp-time
- ip igmp snooping enable
- ip igmp snooping
- ip igmp snooping fast-leave
- ip igmp snooping last-member-query-interval
- ip igmp snooping mrouter
- ip igmp snooping querier
- ip igmp snooping query-interval
- ip igmp snooping query-max-resp-time
- ip igmp version
- show ip igmp groups
- show ip igmp interface
- show ip igmp snooping groups
- show ip igmp snooping interface
- show ip igmp snooping mrouter
- Multicast Listener Discovery Protocol
- MLD snooping
- MLD snooping commands
- ipv6 mld snooping
- ipv6 mld snooping enable
- ipv6 mld snooping fast-leave
- ipv6 mld snooping last-member-query-interval
- ipv6 mld snooping mrouter
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld query-max-resp-time
- ipv6 mld version
- show ipv6 mld snooping groups
- show ipv6 mld snooping groups detail
- show ipv6 mld snooping interface
- show ipv6 mld snooping mrouter
- Protocol Independent Multicast
- PIM terminology
- Standards compliance
- PIM-SM
- PIM-SSM
- Configure expiry timers for S, G entries
- Configure static rendezvous point
- Configure dynamic RP using the BSR mechanism
- Configure designated router priority
- PIM commands
- clear ip pim tib
- ip multicast-routing
- ip pim bsr-candidate
- ip pim bsr-candidate-timers
- ip pim bsr-timeout
- ip pim dr-priority
- ip pim query-interval
- ip pim rp-address
- ip pim rp-candidate
- ip pim rp-candidate-timers
- ip pim sparse-mode
- ip pim sparse-mode sg-expiry-timer
- ip pim ssm-range
- show ip pim bsr-router
- show ip pim interface
- show ip pim mcache
- show ip pim neighbor
- show ip pim rp
- show ip pim ssm-range
- show ip pim summary
- show ip pim tib
- show ip rpf
- PIM-SM sample configuration
- PIM-SSM sample configuration
- Multicast VRF sample configuration
- VLT multicast routing
- VXLAN
- VXLAN concepts
- VXLAN as NVO solution
- Configure VXLAN
- L3 VXLAN route scaling
- DHCP relay on VTEPs
- View VXLAN configuration
- VXLAN MAC addresses
- VXLAN commands
- hardware overlay-routing-profile
- interface virtual-network
- ip virtual-router address
- ip virtual-router mac-address
- member-interface
- nve
- remote-vtep
- show hardware overlay-routing-profile mode
- show interface virtual-network
- show nve remote-vtep
- show nve remote-vtep counters
- show nve vxlan-vni
- show virtual-network
- show virtual-network counters
- show virtual-network interface counters
- show virtual-network interface
- show virtual-network vlan
- show vlan (virtual network)
- source-interface loopback
- virtual-network
- virtual-network untagged-vlan
- vxlan-vni
- VXLAN MAC commands
- clear mac address-table dynamic nve remote-vtep
- clear mac address-table dynamic virtual-network
- show mac address-table count extended
- show mac address-table count nve
- show mac address-table count virtual-network
- show mac address-table extended
- show mac address-table nve
- show mac address-table virtual-network
- Example: VXLAN with static VTEP
- BGP EVPN for VXLAN
- BGP EVPN compared to static VXLAN
- VXLAN BGP EVPN operation
- Configure BGP EVPN for VXLAN
- VXLAN BGP EVPN routing
- BGP EVPN with VLT
- VXLAN BGP commands
- VXLAN EVPN commands
- Example: VXLAN with BGP EVPN
- Example: VXLAN BGP EVPN — Multiple AS topology
- Example: VXLAN BGP EVPN — Centralized L3 gateway
- Example: VXLAN BGP EVPN — Border leaf gateway with asymmetric IRB
- Example: VXLAN BGP EVPN—Symmetric IRB
- Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering
- Example: Migrating from Asymmetric IRB to Symmetric IRB
- Controller-provisioned VXLAN
- UFT modes
- Security
- Switch security
- User management
- User accounts
- Privilege levels
- Passwords for user accounts
- User management commands
- disable
- enable
- enable password priv-lvl
- password-attributes
- password-attributes max-retry lockout-period
- privilege
- service simple-password
- service obscure-password
- show users
- show privilege
- show running-configuration privilege
- system-user linuxadmin password
- system-user linuxadmin disable
- userrole inherit
- username password role
- AAA
- Boot security
- Switch management access
- SSH server
- RESTCONF API
- Restrict SNMP access
- Limit concurrent login sessions
- Virtual terminal line ACLs
- Switch management access
- ip ssh server enable
- ip ssh server challenge-response-authentication
- ip ssh server cipher
- ip ssh server hostbased-authentication
- ip ssh server kex
- ip ssh server mac
- ip ssh server password-authentication
- ip ssh server port
- ip ssh server pubkey-authentication
- ip ssh server vrf
- show ip ssh
- show crypto ssh-key
- username sshkey
- username sshkey filename
- crypto ssh-key generate
- login concurrent-session limit
- line vty
- ipv6 access-class
- ip access-class
- Switch management statistics
- X.509v3 certificates
- X.509v3 concepts
- Public key infrastructure
- Manage CA certificates
- Certificate revocation
- Request and install host certificates
- Self-signed certificates
- Security profiles
- Cluster security
- Example: Configure RADIUS over TLS with X.509v3 certificates
- X.509v3 commands
- certificate
- cluster security-profile
- crypto ca-cert delete
- crypto ca-cert install
- crypto cdp add
- crypto cdp delete
- crypto cert delete
- crypto cert generate
- crypto cert install
- crypto crl delete
- crypto crl install
- crypto fips enable
- crypto security-profile
- peer-name-check
- revocation-check
- show crypto ca-certs
- show crypto cdp
- show crypto cert
- show crypto crl
- User management
- Network security
- Access control lists
- DHCP snooping
- 802.1X port access control
- Port security
- Port security commands
- clear mac address-table secure
- errdisable recovery cause
- errdisable reset cause
- mac-learn
- mac-learn limit violation
- mac-move allow
- mac-move violation
- mac address-table static
- show switchport port-security
- switchport port-security (interface)
- switchport port-security (global)
- sticky
- aging
- show mac address-table secure
- show errdisable
- show mac address-table count
- Port security commands
- Switch security
- OpenFlow
- OpenFlow logical switch instance
- OpenFlow controller
- OpenFlow version 1.3
- Ports
- Flow table
- Group table
- Meter table
- Instructions
- Action set
- Action types
- Counters
- OpenFlow protocol
- Connection setup TCP
- Supported controllers
- Flow table modification messages
- Message types
- Flow match fields
- Action structures
- Capabilities supported by the data path
- Multipart message types
- Switch description
- Property type
- Group configuration
- Controller roles
- Packet-in reasons
- Flow-removed reasons
- Error types from switch to controller
- OpenFlow use cases
- Configure OpenFlow
- OpenFlow commands
- OpenFlow-only mode commands
- Access Control Lists
- IP ACLs
- MAC ACLs
- Control-plane ACLs
- IP fragment handling
- L3 ACL rules
- Assign sequence number to filter
- Delete ACL rule
- L2 and L3 ACLs
- Assign and apply ACL filters
- Ingress ACL filters
- Egress ACL filters
- VTY ACLs
- SNMP ACLs
- Clear access-list counters
- IP prefix-lists
- Route-maps
- Match routes
- Set conditions
- Continue clause
- ACL flow-based monitoring
- Enable flow-based monitoring
- View ACL table utilization report
- ACL logging
- ACL commands
- clear ip access-list counters
- clear ipv6 access-list counters
- clear mac access-list counters
- deny
- deny (IPv6)
- deny (MAC)
- deny icmp
- deny icmp (IPv6)
- deny ip
- deny ipv6
- deny tcp
- deny tcp (IPv6)
- deny udp
- deny udp (IPv6)
- description
- ip access-group
- ip access-list
- ip as-path access-list
- ip community-list standard deny
- ip community–list standard permit
- ip extcommunity-list standard deny
- ip extcommunity-list standard permit
- ip prefix-list description
- ip prefix-list deny
- ip prefix-list permit
- ip prefix-list seq deny
- ip prefix-list seq permit
- ipv6 access-group
- ipv6 access-list
- ipv6 prefix-list deny
- ipv6 prefix-list description
- ipv6 prefix-list permit
- ipv6 prefix-list seq deny
- ipv6 prefix-list seq permit
- mac access-group
- mac access-list
- permit
- permit (IPv6)
- permit (MAC)
- permit icmp
- permit icmp (IPv6)
- permit ip
- permit ipv6
- permit tcp
- permit tcp (IPv6)
- permit udp
- permit udp (IPv6)
- remark
- seq deny
- seq deny (IPv6)
- seq deny (MAC)
- seq deny icmp
- seq deny icmp (IPv6)
- seq deny ip
- seq deny ipv6
- seq deny tcp
- seq deny tcp (IPv6)
- seq deny udp
- seq deny udp (IPv6)
- seq permit
- seq permit (IPv6)
- seq permit (MAC)
- seq permit icmp
- seq permit icmp (IPv6)
- seq permit ip
- seq permit ipv6
- seq permit tcp
- seq permit tcp (IPv6)
- seq permit udp
- seq permit udp (IPv6)
- show access-group
- show access-lists
- show acl-table-usage detail
- show ip as-path-access-list
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- show logging access-list
- Route-map commands
- continue
- match as-path
- match community
- match extcommunity
- match interface
- match ip address
- match ip next-hop
- match ipv6 address
- match ipv6 next-hop
- match metric
- match origin
- match route-type
- match tag
- route-map
- set comm-list add
- set comm-list delete
- set community
- set extcomm-list add
- set extcomm-list delete
- set extcommunity
- set local-preference
- set metric
- set metric-type
- set next-hop
- set origin
- set tag
- set weight
- show route-map
- Quality of service
- Configure quality of service
- Ingress traffic classification
- Egress traffic classification
- Policing traffic
- Mark Traffic
- Color traffic
- Modify packet fields
- Shaping traffic
- Bandwidth allocation
- Strict priority queuing
- Rate adjustment
- Buffer management
- Congestion avoidance
- Storm control
- RoCE for faster access and lossless connectivity
- Port to port-pipe and MMU mapping
- QoS commands
- bandwidth
- buffer-statistics-tracking
- class
- class-map
- clear qos statistics
- clear qos statistics type
- control-plane
- control-plane-buffer-size
- flowcontrol
- hardware deep-buffer-mode
- match
- match cos
- match dscp
- match precedence
- match queue
- match vlan
- mtu
- pause
- pfc-cos
- pfc-max-buffer-size
- pfc-shared-buffer-size
- pfc-shared-headroom-buffer-size
- police
- policy-map
- priority
- priority-flow-control mode
- qos-group dot1p
- qos-group dscp
- qos-map traffic-class
- qos-rate-adjust
- queue-limit
- queue bandwidth
- queue qos-group
- queue qos-group (Z9332F-ON)
- random-detect (interface)
- random-detect (queue)
- random-detect color
- random-detect ecn
- random-detect ecn
- random-detect pool
- random-detect weight
- service-policy
- set cos
- set dscp
- set qos-group
- shape
- show class-map
- show control-plane buffers
- show control-plane buffer-stats
- show control-plane info
- show control-plane statistics
- show hardware deep-buffer-mode
- show interface priority-flow-control
- show qos interface
- show policy-map
- show qos control-plane
- show qos egress buffers interface
- show qos egress buffer-statistics-tracking
- show qos egress buffer-stats interface
- show qos headroom-pool buffer-statistics-tracking
- show qos ingress buffers interface
- show qos ingress buffer-statistics-tracking
- show qos ingress buffer-stats interface
- show qos maps
- show qos maps (Z9332F-ON)
- show qos port-map details
- show qos-rate-adjust
- show qos service-pool buffer-statistics-tracking
- show qos system
- show qos system buffers
- show qos wred-profile
- show queuing statistics
- system qos
- trust dot1p-map
- trust dscp-map
- trust-map
- wred
- Virtual Link Trunking
- Terminology
- VLT domain
- VLT interconnect
- Graceful LACP with VLT
- Configure VLT
- Configure VRRP Active-Active mode
- Migrate VMs across data centers with eVLT
- View VLT information
- VLT commands
- backup destination
- delay-restore
- discovery-interface
- peer-routing
- peer-routing-timeout
- primary-priority
- show running-configuration vlt
- show spanning-tree virtual-interface
- show vlt
- show vlt backup-link
- show vlt mac-inconsistency
- show vlt mismatch
- show vlt role
- show vlt vlt-port-detail
- vlt-domain
- vlt-port-channel
- vlt-mac
- vrrp mode active-active
- Uplink Failure Detection
- Converged data center services
- sFlow
- Telemetry
- RESTCONF API
- Troubleshoot Dell EMC SmartFabric OS10
- Diagnostic tools
- Recover Linux password
- Recover OS10 user name password
- Restore factory defaults
- SupportAssist
- Important notes
- Configure SupportAssist
- Set company name
- Set contact information
- Schedule activity
- View status
- View warranty information
- View SupportAssist logs
- List of country names and codes
- SupportAssist commands
- Support bundle
- System monitoring
- Log into OS10 device
- Frequently asked questions
- Support resources
Dell EMC SmartFabric OS10 User Guide Release 10.5.1
SSH server
In OS10, the secure shell server allows an SSH client to access an OS10 switch through a secure, encrypted connection. The SSH server authenticates remote clients using RADIUS challenge/response, a trusted host file, locally-stored passwords, and public keys.
Configure SSH server
- The SSH server is enabled by default. You can disable the SSH server using the no ip ssh server enable command.
- Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response-authentication command.
- Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command.
- Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command.
- Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command.
- Password-less login is disabled by default. To enable, use the username sshkey or username sshkey filename commands.
- Configure the list of cipher algorithms using the ip ssh server cipher cipher-list command.
- Configure key exchange algorithms using the ip ssh server kex key-exchange-algorithm command.
- Configure hash message authentication code (HMAC) algorithms using the ip ssh server mac hmac-algorithm command.
- Configure the SSH server listening port using the ip ssh server port port-number command.
- Configure the SSH server to be reachable on the management VRF using the ip ssh server vrf command.
- Configure the SSH login timeout using the ip ssh server login-grace-time seconds command, from 0 to 300; default 60. To reset the default SSH prompt timer, use the no ip ssh server login-grace-time command.
- Configure the maximum number of authentication attempts using the
ip ssh server max-auth-tries
number command, from 0 to 10; default 6. To reset the default, use the
no ip ssh server max-auth-tries command.
The max-auth-tries value includes all authentication attempts, including public-key and password. If you enable both, public-key based authentication and password authentication, the public-key authentication is the default and is tried first. If it fails, the number of max-auth-tries is reduced by one. In this case, if you configured ip ssh server max-auth-tries 1, the password prompt does not display.
Regenerate public keys
When enabled, the SSH server generates public keys by default and uses them for client authentication:
- A Rivest, Shamir, and Adelman (RSA) key using 2048 bits.
- An Elliptic Curve Digital Signature Algorithm (ECDSA) key using 256 bits
- An Ed25519 key using 256 bits
NOTE: RSA1 and DSA keys are not supported on the OS10 SSH server.
An SSH client must exchange the same public key to establish a secure SSH connection to the OS10 switch. If necessary, you can regenerate the keys used by the SSH server with a customized bit size. You cannot change the default size of the Ed25519 key. The
crypto key generate command is available only to the
sysadmin and
secadmin roles.
- Regenerate keys for the SSH server in EXEC mode.
crypto ssh-key generate {rsa {2048|3072|4096} | ecdsa {256|384|521} | ed25519} - Enter
yes at the prompt to overwrite an existing key.
Host key already exists. Overwrite [confirm yes/no]:yes Generated 2048-bit RSA key
- Display the SSH public keys in EXEC mode.
show crypto ssh-key
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\