- Notes, cautions, and warnings
- About this Guide
- Before You Start
- Configuration Fundamentals
- Getting Started
- Console Access
- Accessing the CLI Interface and Running Scripts Using SSH
- Boot Process
- Default Configuration
- Configuring a Host Name
- Configuring a Unique Host Name on the System
- Accessing the System Remotely
- Configuring the Enable Password
- Configuration File Management
- Managing the File System
- View the Command History
- Using HTTP for File Transfers
- Upgrading and Downgrading the Dell Networking OS
- Verify Software Images Before Installation
- Deploying FN I/O Module
- Management
- Configuring Privilege Levels
- Configuring Logging
- Display the Logging Buffer and the Logging Configuration
- Log Messages in the Internal Buffer
- Disabling System Logging
- Sending System Messages to a Syslog Server
- Changing System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configuring a UNIX Logging Facility Level
- Synchronizing Log Messages
- Enabling Timestamp on Syslog Messages
- Enabling Secure Management Mode
- File Transfer Services
- Terminal Lines
- Setting Time Out of EXEC Privilege Mode
- Using Telnet to get to Another Network Device
- Lock CONFIGURATION Mode
- Limit Concurrent Login Sessions
- Track Login Activity
- Recovering from a Forgotten Password
- Recovering from a Forgotten Enable Password
- Recovering from a Failed Start
- 802.1X
- Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
- Access Control
Lists (ACLs)
- IP Access Control Lists (ACLs)
- Implementing ACL on the Dell Networking OS
- ACLs and VLANs
- ACL Optimization
- Determine the Order in which ACLs are Used to Classify Traffic
- IP Fragment Handling
- IP Fragments ACL Examples
- Layer 4 ACL Rules Examples
- Configure a Standard IP ACL
- Configuring a Standard IP ACL Filter
- Configure an Extended IP ACL
- Configuring Filters with a Sequence Number
- Configuring Filters Without a Sequence Number
- Established Flag
- Configure Layer 2 and Layer 3 ACLs
- Assign an IP ACL to an Interface
- Applying an IP ACL
- Counting ACL Hits
- Configure Ingress ACLs
- Configure Egress ACLs
- Applying Egress Layer 3 ACLs (Control-Plane)
- IP Prefix Lists
- Configuration Task List for Prefix Lists
- Creating a Prefix List
- Creating a Prefix List Without a Sequence Number
- Viewing Prefix Lists
- Applying a Prefix List for Route Redistribution
- Applying a Filter to a Prefix List (OSPF)
- ACL Resequencing
- Resequencing an ACL or Prefix List
- Route Maps
- Important Points to Remember
- Configuration Task List for Route Maps
- Creating a Route Map
- Configure Route Map Filters
- Configuring Match Routes
- Configuring Set Conditions
- Configure a Route Map for Route Redistribution
- Configure a Route Map for Route Tagging
- Continue Clause
- Logging of ACL Processes
- Guidelines for Configuring ACL Logging
- Configuring ACL Logging
- Flow-Based Monitoring Support for ACLs
- Enabling Flow-Based Monitoring
- Bidirectional Forwarding Detection (BFD)
- Border Gateway
Protocol IPv4 (BGPv4)
- Autonomous Systems (AS)
- Sessions and Peers
- Route Reflectors
- BGP Attributes
- Multiprotocol BGP
- Implement BGP with the Dell Networking OS
- Configuration Information
- BGP Configuration
- Enabling BGP
- Configuring AS4 Number Representations
- Configuring Peer Groups
- Configuring BGP Fast Fail-Over
- Configuring Passive Peering
- Maintaining Existing AS Numbers During an AS Migration
- Allowing an AS Number to Appear in its Own AS Path
- Enabling Graceful Restart
- Enabling Neighbor Graceful Restart
- Filtering on an AS-Path Attribute
- Regular Expressions as Filters
- Redistributing Routes
- Enabling Additional Paths
- Configuring IP Community Lists
- Configuring an IP Extended Community List
- Filtering Routes with Community Lists
- Manipulating the COMMUNITY Attribute
- Changing MED Attributes
- Changing the LOCAL_PREFERENCE Attribute
- Changing the NEXT_HOP Attribute
- Changing the WEIGHT Attribute
- Enabling Multipath
- Filtering BGP Routes
- Configuring BGP Route Reflectors
- Aggregating Routes
- Configuring BGP Confederations
- Enabling Route Flap Dampening
- Changing BGP Timers
- Enabling BGP Neighbor Soft-Reconfiguration
- Route Map Continue
- Enabling MBGP Configurations
- Enabling BGP
- BGP Regular Expression Optimization
- Debugging BGP
- Sample Configurations
- Configuration Cloning
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- Data Center
Bridging (DCB)
- Ethernet Enhancements in Data Center Bridging
- Priority-Based Flow Control
- Enhanced Transmission Selection
- Data Center Bridging Exchange Protocol (DCBx)
- Creating a DCB Map
- Data Center Bridging: Default Configuration
- Data Center Bridging in a Traffic Flow
- Data Center Bridging: Auto-DCB-Enable Mode
- Configuring Priority-Based Flow Control
- Configuring Enhanced Transmission Selection
- Hierarchical Scheduling in ETS Output Policies
- DCBx Operation
- Verifying the DCB Configuration
- QoS dot1p Traffic Classification and Queue Assignment
- Troubleshooting PFC, ETS, and DCBx Operation
- Dynamic Host Configuration Protocol (DHCP)
- Equal Cost Multi-Path (ECMP)
- FC FPORT
- FCoE Transit
- Fibre Channel over Ethernet
- Ensure Robustness in a Converged Ethernet Network
- FIP Snooping on Ethernet Bridges
- FIP Snooping in a Switch Stack
- Using FIP Snooping
- Important Points to Remember
- Enabling the FCoE Transit Feature
- Enable FIP Snooping on VLANs
- Configure the FC-MAP Value
- Configure a Port for a Bridge-to-Bridge Link
- Configure a Port for a Bridge-to-FCF Link
- Impact on Other Software Features
- FIP Snooping Prerequisites
- FIP Snooping Restrictions
- Configuring FIP Snooping
- Displaying FIP Snooping Information
- FCoE Transit Configuration Example
- FIPS Cryptography
- Force10 Resilient Ring Protocol (FRRP)
- GARP VLAN Registration Protocol (GVRP)
- FIP Snooping
- Internet Group Management Protocol (IGMP)
- Interfaces
- Interface Types
- View Basic Interface Information
- Configuring the Default Interface
- Enabling a Physical Interface
- Physical Interfaces
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- VLAN Membership
- Port Channel
Interfaces
- Port Channel Definition and Standards
- Port Channel Benefits
- Port Channel Implementation
- 100/1000/10000 Mbps Interfaces in Port Channels
- Configuration Tasks for Port Channel Interfaces
- Creating a Port Channel
- Adding a Physical Interface to a Port Channel
- Reassigning an Interface to a New Port Channel
- Configuring the Minimum Oper Up Links in a Port Channel
- Adding or Removing a Port Channel from a VLAN
- Assigning an IP Address to a Port Channel
- Deleting or Disabling a Port Channel
- Load Balancing through Port Channels
- Changing the Hash Algorithm
- Server Ports
- Bulk Configuration
- Defining Interface Range Macros
- Monitoring and Maintaining Interfaces
- Splitting QSFP Ports to SFP+ Ports
- Configuring wavelength for 10–Gigabit SFP+ optics
- Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port
- Layer 2 Flow Control Using Ethernet Pause Frames
- Configure MTU Size on an Interface
- Port-Pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- Enhanced Control of Remote Fault Indication Processing
- Internet Protocol Security (IPSec)
- IPv4 Routing
- IP Addresses
- IPv4 Path MTU Discovery Overview
- Using the Configured Source IP Address in ICMP Messages
- Configuring the Duration to Establish a TCP Connection
- Enabling Directed Broadcast
- Resolution of Host Names
- ARP
- ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configuring ARP Retries
- ICMP
- UDP Helper
- Configurations Using UDP Helper
- Troubleshooting UDP Helper
- IPv6 Routing
- iSCSI Optimization
- Intermediate
System to Intermediate System
- IS-IS Protocol Overview
- IS-IS Addressing
- Multi-Topology IS-IS
- Graceful Restart
- Implementation Information
- Configuration
Information
- Configuration
Tasks for IS-IS
- Enabling IS-IS
- Configuring Multi-Topology IS-IS (MT IS-IS)
- Configuring IS-IS Graceful Restart
- Changing LSP Attributes
- Configuring the IS-IS Metric Style
- Configuring the IS-IS Cost
- Configuring the Distance of a Route
- Changing the IS-Type
- Controlling Routing Updates
- Distribute Routes
- Configuring Authentication Passwords
- Setting the Overload Bit
- Debugging IS-IS
- Configuration
Tasks for IS-IS
- IS-IS Metric Styles
- Configure Metric Values
- Sample Configurations
- Isolated Networks for Aggregators
- Link Aggregation
- How the LACP is Implemented on an Aggregator
- Link Aggregation Control Protocol (LACP)
- Configuring Auto LAG
- Configuring the Minimum Number of Links to be Up for Uplink LAGs to be Active
- Optimizing Traffic Disruption Over LAG Interfaces On IOA Switches in VLT Mode
- Preserving LAG and Port Channel Settings in Nonvolatile Storage
- Enabling the LACP link fallback member
- Enabling the Verification of Member Links Utilization in a LAG Bundle
- Monitoring the Member Links of a LAG Bundle
- Verifying LACP Operation and LAG Configuration
- Multiple Uplink LAGs with 10G Member Ports
- Layer 2
- Link Layer Discovery
Protocol (LLDP)
- Protocol Data Units
- Configure LLDP
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Advertising TLVs
- Optional TLVs
- LLDP Operation
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring a Time to Live
- Clearing LLDP Counters
- Debugging LLDP
- Relevant Management Objects
- Microsoft Network Load Balancing
- Multicast Source
Discovery Protocol (MSDP)
- Anycast RP
- Implementation Information
- Configure the Multicast Source Discovery Protocol
- Enabling MSDP
- Manage the Source-Active Cache
- Accept Source-Active Messages that Fail the RFP Check
- Specifying Source-Active Messages
- Limiting the Source-Active Messages from a Peer
- Preventing MSDP from Caching a Local Source
- Preventing MSDP from Caching a Remote Source
- Preventing MSDP from Advertising a Local Source
- Logging Changes in Peership States
- Terminating a Peership
- Clearing Peer Statistics
- Debugging MSDP
- MSDP with Anycast RP
- Configuring Anycast RP
- MSDP Sample Configurations
- Multiple Spanning
Tree Protocol (MSTP)
- Spanning Tree Variations
- Implementation Information
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Creating Multiple Spanning Tree Instances
- Influencing MSTP Root Selection
- Interoperate with Non-Dell Networking OS Bridges
- Changing the Region Name or Revision
- Modifying Global Parameters
- Enable BPDU Filtering Globally
- Modifying the Interface Parameters
- Configuring an EdgePort
- Flush MAC Addresses after a Topology Change
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configurations
- Multicast Features
- Open Shortest
Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- OSPF with the Dell Networking OS
- Configuration
Information
- Configuration
Task List for OSPFv2 (OSPF for IPv4)
- Enabling OSPFv2
- Assigning a Router ID
- Assigning an OSPFv2 Area
- Enable OSPFv2 on Interfaces
- Configuring Stub Areas
- Configuring LSA Throttling Timers
- Enabling Passive Interfaces
- Enabling Fast-Convergence
- Changing OSPFv2 Parameters on Interfaces
- Enabling OSPFv2 Authentication
- Enabling OSPFv2 Graceful Restart
- Creating Filter Routes
- Applying Prefix Lists
- Redistributing Routes
- Troubleshooting OSPFv2
- Configuration
Task List for OSPFv2 (OSPF for IPv4)
- Configuration
Task List for OSPFv3 (OSPF for IPv6)
- Enabling IPv6 Unicast Routing
- Assigning IPv6 Addresses on an Interface
- Assigning Area ID on an Interface
- Assigning OSPFv3 Process ID and Router ID Globally
- Configuring Stub Areas
- Configuring Passive-Interface
- Redistributing Routes
- Configuring a Default Route
- Enabling OSPFv3 Graceful Restart
- Displaying Graceful Restart
- OSPFv3 Authentication
Using IPsec
- OSPFv3 Authentication Using IPsec: Configuration Notes
- Configuring IPsec Authentication on an Interface
- Configuring IPsec Encryption on an Interface
- Configuring IPSec Authentication for an OSPFv3 Area
- Configuring IPsec Encryption for an OSPFv3 Area
- Displaying OSPFv3 IPsec Security Policies
- Troubleshooting OSPFv3
- Viewing Summary Information
- Policy-based Routing (PBR)
- PIM Sparse-Mode (PIM-SM)
- PIM Source-Specific Mode (PIM-SSM)
- Port Monitoring
- Private VLANs (PVLAN)
- Per-VLAN Spanning Tree Plus (PVST+)
- Quality of Service
(QoS)
- Implementation Information
- Port-Based QoS Configurations
- Guidelines for Configuring ECN for Classifying and Color-Marking Packets
- Policy-Based
QoS Configurations
- DSCP Color Maps
- Classify Traffic
- Create a QoS
Policy
- Creating an Input QoS Policy
- Configuring Policy-Based Rate Policing
- Setting a DSCP Value for Egress Packets
- Setting a dot1p Value for Egress Packets
- Creating an Output QoS Policy
- Configuring Policy-Based Rate Shaping
- Allocating Bandwidth to Queue
- Configure a Scheduler to Queue
- Setting DSCP Values for Egress Packets Based on Flow
- Specifying WRED Drop Precedence
- Create Policy
Maps
- Creating Input Policy Maps
- Applying a Class-Map or Input QoS Policy to a Queue
- Applying an Input QoS Policy to an Input Policy Map
- Honoring DSCP Values on Ingress Packets
- Honoring dot1p Values on Ingress Packets
- Enabling Fall Back to Trust Diffserve or dot1p
- Mapping dot1p Values to Service Queues
- Guaranteeing Bandwidth to dot1p-Based Service Queues
- Applying an Input Policy Map to an Interface
- Creating Output Policy Maps
- Applying an Output QoS Policy to a Queue
- Specifying an Aggregate QoS Policy
- Applying an Output Policy Map to an Interface
- Enabling QoS Rate Adjustment
- Enabling Strict-Priority Queueing
- Weighted Random Early Detection
- Routing Information Protocol (RIP)
- Remote Monitoring (RMON)
- Rapid Spanning
Tree Protocol (RSTP)
- Protocol Overview
- Configuring Rapid Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Rapid Spanning Tree Protocol Globally
- Adding and Removing Interfaces
- Modifying Global Parameters
- Enable BPDU Filtering Globally
- Modifying Interface Parameters
- Configuring an EdgePort
- Influencing RSTP Root Selection
- SNMP Traps for Root Elections and Topology Changes
- Configuring Fast Hellos for Link State Detection
- Security
- Service Provider Bridging
- sFlow
- Simple Network
Management Protocol (SNMP)
- Implementation Information
- Configuring the Simple Network Management Protocol
- Reading Managed Object Values
- Displaying the Ports in a VLAN using SNMP
- Fetching Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-Channels
- Entity MIBS
- SNMP Traps for Link Status
- Standard VLAN MIB
- MIB Support to Display the Available Memory Size on Flash
- MIB Support to Display the Software Core Files Generated by the System
- Stacking
- Storm Control
- Broadcast Storm Control
- Spanning Tree
Protocol (STP)
- Protocol Overview
- Configure Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling Port Fast
- Global BPDU Filtering
- Selecting STP Root
- STP Root Guard
- SNMP Traps for Root Elections and Topology Changes
- Displaying STP Guard Configuration
- System Time and Date
- Tunneling
- Uplink Failure
Detection (UFD)
- Feature Description
- How Uplink Failure Detection Works
- UFD and NIC Teaming
- Important Points to Remember
- Uplink Failure Detection (SMUX mode)
- Configuring Uplink Failure Detection (PMUX mode)
- Clearing a UFD-Disabled Interface (in PMUX mode)
- Displaying Uplink Failure Detection
- Sample Configuration: Uplink Failure Detection
- PMUX Mode of
the IO Aggregator
- I/O Aggregator (IOA) Programmable MUX (PMUX) Mode
- Configuring and Changing to PMUX Mode
- Configuring the Commands without a Separate User Account
- Virtual Link Trunking (VLT)
- NPIV Proxy Gateway
- Upgrade Procedures
- Virtual LANs (VLANs)
- Virtual Link
Trunking (VLT)
- Overview
- VLT Terminology
- Configure Virtual Link Trunking
- RSTP Configuration
- Preventing Forwarding Loops in a VLT Domain
- Sample RSTP Configuration
- Configuring VLT
- Configuring a VLT Interconnect
- Configuring a VLT Backup Link
- Configuring a VLT Port Delay Period
- Reconfiguring the Default VLT Settings (Optional)
- Connecting a VLT Domain to an Attached Access Device (Switch or Server)
- Configuring a VLT VLAN Peer-Down (Optional)
- Configure Multi-domain VLT (mVLT) (Optional)
- Verifying a VLT Configuration
- Connecting a VLT Domain
- PVST+ Configuration
- mVLT Configuration Example
- PIM-Sparse Mode Configuration Example
- Additional VLT Sample Configurations
- Troubleshooting VLT
- Specifying VLT Nodes in a PVLAN
- Configuring a VLT VLAN or LAG in a PVLAN
- Proxy ARP Capability on VLT Peer Nodes
- Configuring VLAN-Stack over VLT
- Virtual Router
Redundancy Protocol (VRRP)
- VRRP Overview
- VRRP Benefits
- VRRP Implementation
- VRRP Configuration
- Configuration Task List
- Setting VRRP Initialization Delay
- Sample Configurations
- Debugging and Diagnostics
- Standards Compliance
- FC Flex IO Modules
- FC Flex IO Modules
- Understanding and Working of the FC Flex IO Modules
- Data Center
Bridging (DCB)
- Ethernet Enhancements in Data Center Bridging
- Enabling Data Center Bridging
- QoS dot1p Traffic Classification and Queue Assignment
- Configure Enhanced Transmission Selection
- Configure a DCBx Operation
- Verifying the DCB Configuration
- PFC and ETS Configuration Examples
- Using PFC and ETS to Manage Data Center Traffic
- Fibre Channel over Ethernet for FC Flex IO Modules
- NPIV Proxy Gateway for FC Flex IO Modules
Dell PowerEdge FN I/O Module Configuration Guide 9.10(0.0)
Choosing TACACS+ as the Authentication Method
One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
To use TACACS+
to authenticate users, specify at least one TACACS+ server for the
system to communicate with and configure TACACS+ as one of your authentication
methods.
To select TACACS+ as the login authentication method, use the following commands.
Example of a Failed Authentication
To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege mode.If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method.
First bold line: Server key purposely changed to incorrect value.
Second bold line: User authenticated using the secondary method.
Dell(conf)#
Dell(conf)#do show run aaa
!
aaa authentication enable default tacacs+ enable
aaa authentication enable LOCAL enable tacacs+
aaa authentication login default tacacs+ local
aaa authentication login LOCAL local tacacs+
aaa authorization exec default tacacs+ none
aaa authorization commands 1 default tacacs+ none
aaa authorization commands 15 default tacacs+ none
aaa accounting exec default start-stop tacacs+
aaa accounting commands 1 default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
Dell(conf)#
Dell(conf)#do show run tacacs+
!
tacacs-server key 7 d05206c308f4d35b
tacacs-server host 10.10.10.10 timeout 1
Proporcione calificaciones (1 a 5 estrellas).
Proporcione calificaciones (1 a 5 estrellas).
Proporcione calificaciones (1 a 5 estrellas).
Seleccione si el artículo fue útil o no.
Los comentarios no pueden contener estos caracteres especiales: <>"(", ")", "\"