Dell EMC Networking Campus Configuration and Administration

DELL EMC
NETWORKING CAMPUS
CONFIGURATION AND
ADMINISTRATION
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Dell Confidential and Proprietary
Copyright © 2019 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other
trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be
trademarks of their respective owners.
Dell EMC Networking Campus Configuration and Administration
© Copyright 2019 Dell Inc. Page i

Table of Contents
Course introduction.................................................................................. 1
Course Objectives...................................................................................................... 2
Course objectives ................................................................................................................ 3
Prerequisite skills ................................................................................................................. 4
Course agenda .................................................................................................................... 5
Introductions ........................................................................................................................ 6
Overview of Campus Network Design and Dell Networking Campus
Products .................................................................................................... 7
Overview ..................................................................................................................... 8
Enterprise Campus Network Design Considerations ............................................................ 9
Enterprise Campus Network Design Hierarchy .................................................................. 10
Enterprise Campus Network Design Methods .................................................................... 11
Dell Networking N-Series Switches ........................................................................ 13

Dell Networking N-Series Campus Design ......................................................................... 14
N1100 Series Models ......................................................................................................... 16
N1500 Series Models ......................................................................................................... 17
N2000 Series Models ......................................................................................................... 18
N3000 Series Models ......................................................................................................... 20
N4000 Series Models ......................................................................................................... 21
Module Summary ..................................................................................................... 22

Campus Network Design / Dell Networking Campus Products: Review
Questions ................................................................................................................. 23
Lab Environment Exploration ................................................................................. 24
Lab Environment Exploration ............................................................................................. 26
Page ii © Copyright 2019 Dell Inc.

Basic Switch Configuration ................................................................... 27
Switch Boot Process ............................................................................................... 28

N-Series Boot Process ....................................................................................................... 29
Boot Options ...................................................................................................................... 30
Reset Password ................................................................................................................. 31
Factory Reset .................................................................................................................... 32
Recover Password ............................................................................................................. 33
Stacking Initial Setup ......................................................................................................... 35
Switch Connections ................................................................................................. 38

Connection Methods .......................................................................................................... 39
Serial Connection Steps..................................................................................................... 40
Console Port: N-Series ...................................................................................................... 41
Console Connection: Cable Types ..................................................................................... 42
Connecting a Serial Cable ................................................................................................. 43
Terminal Applications: TeraTerm ....................................................................................... 44
Terminal Applications: PuTTY ............................................................................................ 45
Remote Management ........................................................................................................ 46
Connection Methods .......................................................................................................... 47
Telnet Connection .............................................................................................................. 48
SSH ................................................................................................................................... 49
Why Use Out-of-Band Management (OOB) ....................................................................... 50
Out-of-Band Management Interface ................................................................................... 51
Review Question ................................................................................................................ 52
Review Question ................................................................................................................ 53
Review Question ................................................................................................................ 54
CLI Switch Configuration ........................................................................................ 55

CLI: Overview .................................................................................................................... 56
CLI Modes ......................................................................................................................... 57
CLI - EXEC ........................................................................................................................ 58
CLI Mode – EXEC Privilege ............................................................................................... 59
© Copyright 2019 Dell Inc. Page iii

CLI Mode – CONFIGURATION.......................................................................................... 60
CLI: Keyboard Shortcuts .................................................................................................... 61
CLI: Filtered Commands .................................................................................................... 62
Simultaneously Configuring More Than One Interface ....................................................... 63
“?” Is for Help ..................................................................................................................... 64
Abbreviated Commands..................................................................................................... 65
Resetting Configuration Commands .................................................................................. 66
Useful and Time-Saving CLI Tools ..................................................................................... 68
Initial Configuration: Overview............................................................................................ 69
Initial Switch Configuration Using Command Line .............................................................. 70
Review Question ................................................................................................................ 72
Review Question ................................................................................................................ 73
Command Output Paging ........................................................................................ 74

Command Output Paging................................................................................................... 75
Understanding Error Messages.......................................................................................... 76
Recalling Commands from History Buffer .......................................................................... 77
Interface Types .................................................................................................................. 78
Interfaces ........................................................................................................................... 79
Ethernet Interfaces............................................................................................................. 81
Firmware Upgrades.................................................................................................. 82
Firmware Upgrades Overview ............................................................................................ 83
Firmware Upgrades - File Structure ................................................................................... 84
System Defaults ................................................................................................................. 85
Configuration Files ............................................................................................................. 86
Firmware Upgrades - TFTP ............................................................................................... 88
Firmware Upgrades – Boot Menu (XMODEM) ................................................................... 89
Firmware Upgrade - HTTP ................................................................................................. 90
Upgrade Process Documentation ...................................................................................... 91
Software Upgrade CLI Process-Download Firmware Image .............................................. 93
Software Upgrade Process -Activate and Reload............................................................... 94
Software Upgrade Process - Verify the Upgrade ................................................................ 95
Software Upgrade Process - Update bootcode .................................................................. 96
Page iv © Copyright 2019 Dell Inc.

Review Question ................................................................................................................ 97
Module Summary ..................................................................................................... 98

Review Questions: Basic Switch Configuration ................................................... 99
Lab: Basic Switch Configuration .......................................................................... 100
Lab: Basic Switch Configuration....................................................................................... 101
Virtual Local Area Networks (VLANs) ................................................. 102
VLANs ..................................................................................................................... 103

VLAN Overview ............................................................................................................... 104
VLAN Tagging ................................................................................................................. 106
Switch Port Modes ........................................................................................................... 108
Switch Filtering ................................................................................................................ 110
VLAN Configuration ......................................................................................................... 112
Troubleshooting VLANs ................................................................................................... 119
Module Summary ................................................................................................... 121

Review Questions: VLANs .................................................................................... 122
Lab: VLAN Configuration and Verification .......................................................... 123
Lab: VLAN Configuration and Verification ........................................................................ 124
Spanning Tree Protocol (STP) ............................................................. 125
Spanning Tree Protocol (STP) .............................................................................. 126

Overview .......................................................................................................................... 127
Issues Resolved with STP ............................................................................................... 129
STP Convergence............................................................................................................ 130
Bridge Protocol Data Units (BPDUs) ................................................................................ 132
Root Bridge ...................................................................................................................... 134
Port States ....................................................................................................................... 136
Costs ............................................................................................................................... 137
STP Enhancements ......................................................................................................... 139
© Copyright 2019 Dell Inc. Page v

DRC - Failover ................................................................................................................. 140
DRC - New Uplink ............................................................................................................ 142
Indirect Rapid Convergence ............................................................................................. 143
Rapid Spanning Tree Protocol (RSTP) ............................................................................ 146
RSTP Configuration ......................................................................................................... 148
Rapid Spanning Tree Protocol-Per VLAN (RSTP-PV) ......................................... 149

RSTP-PV Overview ......................................................................................................... 150
RSTP-PV Limitations ....................................................................................................... 152
RSTP-PV Configuration ................................................................................................... 153
Optional Features................................................................................................... 155

PortFast ........................................................................................................................... 156
BPDU Filtering ................................................................................................................. 157
BPDU Flooding ................................................................................................................ 158
Root Guard ...................................................................................................................... 159
Loop Guard ...................................................................................................................... 160
BPDU Protection .............................................................................................................. 161
Module Summary ................................................................................................... 162

Review Questions: Spanning-Tree Protocol—STP ............................................. 163
Lab: Spanning-Tree Protocol (STP)...................................................................... 164
Lab: Spanning-Tree Protocol (STP) ................................................................................. 165
Link Aggregation Group—LAG ............................................................ 166
LAG Overview ........................................................................................................ 167

Basic LAG Concepts ........................................................................................................ 168
Static Vs. Dynamic LAG ................................................................................................... 170
Supported Configurations ................................................................................................ 171
LAG Example 1—Supported or Unsupported?................................................................. 172
Page vi © Copyright 2019 Dell Inc.

Static LAG Configuration ...................................................................................... 176
Creating Static Port Channel ............................................................................................ 177
Command to Verify Static Port Channel Configuration ..................................................... 179
Dynamic LAG Configuration and LACP ............................................................... 181

How to Configure Dynamic Port Channel ......................................................................... 182
How to Verify Details for Specific Dynamic Port Channel ................................................. 184
How to Verify Details for Multiple Port Channels .............................................................. 185
LAG Hashing .......................................................................................................... 186

Overview of Hashing for Port Channels ........................................................................... 187
Configuring LAG Hashing Mode....................................................................................... 189
Common Deployment Scenarios .......................................................................... 191

Switch to Switch Link Aggregation ................................................................................... 192
Switch to Server Link Aggregation ................................................................................... 193
Spanning Tree Protocol and LAG .................................................................................... 194
Using LAGs with VLANs .................................................................................................. 196
Module Summary ................................................................................................... 197

Review Questions: Link Aggregation Group—LAG ............................................ 198
Lab: Link Aggregation Group (LAG) .................................................................... 199
Lab: VLAN Configuration and Verification ........................................................................ 200
Multi-Switch Link Aggregation Group (MLAG) ................................... 201
Multi-Switch Link Aggregation Group (MLAG) Overview ................................... 202

Introduction to MLAG ....................................................................................................... 203
LAG vs. MLAG ................................................................................................................. 204
MLAG Advantage............................................................................................................. 205
MLAG Components ......................................................................................................... 206
MLAG Peer Link .............................................................................................................. 208
MLAG Peers .................................................................................................................... 209
© Copyright 2019 Dell Inc. Page vii

Stacking vs. MLAG .......................................................................................................... 210
Dual Control Plane Detection Protocol ............................................................................. 211
MLAG Caveats ................................................................................................................ 212
MLAG Considerations ...................................................................................................... 213
More MLAG Considerations ............................................................................................. 214
MLAG Incompatibilities .................................................................................................... 215
MLAG Configuration and Validation..................................................................... 216

MLAG Configuration Overview ......................................................................................... 217
Enable and Verify MLAG Globally .................................................................................... 218
Configure vPC Domain .................................................................................................... 219
Configure Peer Link ......................................................................................................... 220
View Peer-Link Details ..................................................................................................... 221
View vPC Peer-Link Role ................................................................................................. 222
Configure vPC Member Interfaces ................................................................................... 223
View vPC Member Port Channel ...................................................................................... 224
View Members ................................................................................................................. 225
View DCPDP ................................................................................................................... 226
Debug VPC ...................................................................................................................... 227
Module Summary ................................................................................................... 228

Review Questions: MLAG ..................................................................................... 229
Lab: Multi-Switch Link Aggregation Group (LAG) .............................................. 230
Lab: Multi-Switch Link Aggregation Group (LAG) ............................................................. 231
Discovery Protocols ............................................................................. 232
Cisco Discovery Protocol ...................................................................................... 233

CDP Overview ................................................................................................................. 234
Internet Standard Discovery Protocol ............................................................................... 235
CDP Message Contents................................................................................................... 236
CDP Default Settings ....................................................................................................... 237
Troubleshooting Topology Errors ..................................................................................... 238
CDP Addressing .............................................................................................................. 239
Page viii © Copyright 2019 Dell Inc.

Industry Standard Discovery Protocol .............................................................................. 240
Link Layer Discovery Protocol ............................................................................. 242

Link Layer Discovery Protocol Overview .......................................................................... 243
LLDP Protocol Data Unit .................................................................................................. 245
TLV Field Value Definitions .............................................................................................. 247
LLDP Message Contents ................................................................................................. 249
LLDP Default Configuration ............................................................................................. 250
Disabling LLDP ................................................................................................................ 251
Viewing LLDP Interface State .......................................................................................... 252
Viewing LLDP Local-Data ................................................................................................ 253
Viewing LLDP Remote-Data ............................................................................................ 254
Module Summary ................................................................................................... 255

Review Questions: Discovery Protocols ............................................................. 256
Lab: Discovery Protocols ...................................................................................... 257
Lab: Discovery Protocols ................................................................................................. 258
Routing .................................................................................................. 259
Routing Overview................................................................................................... 260

Overview .......................................................................................................................... 261
Route Types .................................................................................................................... 262
Routing Table - DNOS 6 .................................................................................................. 264
Inter-VLAN Routing .......................................................................................................... 265
Static Routes .......................................................................................................... 266

Static Routes ................................................................................................................... 267
IP Route Command ......................................................................................................... 268
Default Static Route ......................................................................................................... 270
IP Route Command Example - Distribution ...................................................................... 271
IP Route Command: Example - Core ............................................................................... 273
IP Route—Next Hop Egress Interface AND IP ................................................................. 274
© Copyright 2019 Dell Inc. Page ix

IP Route—Next Hop Egress Interface Instead of IP? ....................................................... 276
Scaling Challenges with with Static Routing ..................................................................... 278
Open Shortest Path First Protocol ....................................................................... 280

OSPF Review .................................................................................................................. 281
OSPF Routing Calculations ............................................................................................. 282
OSPF Topologies and Router Types................................................................................ 283
Network and Interface Types ........................................................................................... 285
Broadcast Networks and Designated Routers .................................................................. 287
Link-State Advertisements (LSA) ..................................................................................... 288
LSA Types 1–3 ................................................................................................................ 291
LSA Types 4–7 ................................................................................................................ 292
Link-State Advertisements (LSAs) Used in Single Area Topology .................................... 294
Stub Area ......................................................................................................................... 295
Not-So-Stubby-Area (NSSA) ............................................................................................ 297
OSPF – Identification and Messaging .............................................................................. 298
Establishing Neighbor Adjacencies .................................................................................. 299
OSPF Packet Overview ................................................................................................... 302
Types of OSPF Packets ................................................................................................... 303
Type 1 Packet: Hello ........................................................................................................ 304
Type 2 Packet: Database Description .............................................................................. 305
Type 3 Packet: Link-State Request .................................................................................. 307
Type 4 Packet: Link-State Update (LSU) ......................................................................... 308
Type 5 Packet: Link-State Acknowledgement .................................................................. 309
OSPF Configuration ......................................................................................................... 311
Optional Configuration ..................................................................................................... 312
Optional Interface Configuration....................................................................................... 313
OSPF – Show Database and Neighbor ............................................................................ 314
OSPF – Show Interfaces.................................................................................................. 315
OSPF – Show IP Route ................................................................................................... 316
OSPF – Show Route Summary and Statistics.................................................................. 317
OSPF Troubleshooting – Process and Adjacencies ......................................................... 318
OSPF Troubleshooting – Routes ..................................................................................... 319
Page x © Copyright 2019 Dell Inc.

Module Summary ................................................................................................... 320
Review Questions: Routing .................................................................................. 321
Lab: Routing ........................................................................................................... 322
Lab: Routing .................................................................................................................... 323
Policy-Based Routing (PBR) ................................................................ 324
Introduction to Policy-Based Routing .................................................................. 325

Policy-Based Routing Overview ....................................................................................... 326
Comparing Standard Routing to PBR............................................................................... 327
Comparing Standard Routing to PBR (Contd.) ................................................................. 328
Using PBR to Enforce Specific Two-Site, Two Path Usage Scenario ............................... 329
Using PBR to Ensure Different Applications Use Different Network Paths ....................... 330
PBR Routing Policy Definition .......................................................................................... 331
PBR Operating Details ..................................................................................................... 332
PBR Actions..................................................................................................................... 333
PBR Routing Decision Criteria ......................................................................................... 334
Next-Hop Insert into Routing Table .................................................................................. 335
Policy-Based Routing Use Scenarios .................................................................. 336

Using PBR to Enforce Traffic Isolation ............................................................................. 337
Using PBR to Ensure Server Network Path Priority.......................................................... 338
Using PBR to Apply VLAN Redirection ............................................................................ 339
VLAN Redirection Using Packet Filtering ......................................................................... 340
PBR Configuration and Troubleshooting ............................................................ 341

Policy-Based Route Configuration Example ..................................................................... 342
Policy-Based Routing Validation Example ....................................................................... 344
Module Summary ................................................................................................... 345

Review Questions: Policy-Based Routing—PBR ................................................ 346
Lab: Policy-Based Routing ................................................................................... 347
© Copyright 2019 Dell Inc. Page xi

Lab: Policy-Based Routing ............................................................................................... 348
Virtual Router Redundancy Protocol - VRRP ..................................... 349
VRRP Overview ...................................................................................................... 350

VRRP Terms.................................................................................................................... 351
VRRP Overview ............................................................................................................... 353
VRRP Overview (Continued)............................................................................................ 355
VRRP Primary Function ................................................................................................... 356
VRRP Sample Scenario 1 ................................................................................................ 358
VRRP Router States ........................................................................................................ 361
Virtual Router MAC Address ............................................................................................ 362
VRRP Packet ................................................................................................................... 363
Master Failure Triggers Failover to Backup ...................................................................... 365
Master Uplink Failure Triggers Failover ............................................................................ 366
VRRP Interface Tracking ................................................................................................. 367
VRRP Configuration and Validation ..................................................................... 368

VRRP – Configuration Overview ...................................................................................... 369
VRRP Configuration......................................................................................................... 370
VRRP Verification ............................................................................................................ 372
VRRP Interface Tracking Configuration ........................................................................... 373
VRRP Configuration Options – Disable Preempt.............................................................. 374
VRRP Advertisement Interval .......................................................................................... 375
Configure VRRP Authentication ....................................................................................... 376
Module Summary ................................................................................................... 377

Review Questions: Virtual Router Redundancy Protocol - VRRP ..................... 378
Lab: Virtual Router Redundancy Protocol ........................................................... 379
Lab: Virtual Router Redundancy Protocol ........................................................................ 380
Page xii © Copyright 2019 Dell Inc.

VoIP and QoS ........................................................................................ 381
VoIP Overview ........................................................................................................ 382

Traditional Campus Phone System with PBX ................................................................... 383
Campus Phone System Using VoIP ................................................................................. 385
IP Phone Technology....................................................................................................... 387
Switch Requirements for VoIP .............................................................................. 388

Separate VLANs for Data and Voice ................................................................................ 389
Switchport Mode for Data and Voice ................................................................................ 390
QoS for VoIP Implementations ......................................................................................... 391
IEEE 802.1p and DSCP ................................................................................................... 393
Layer 2 QoS Classification ............................................................................................... 395
Layer 3 QoS Classification ............................................................................................... 396
Layer 3 QoS DSCP Fields ............................................................................................... 397
IP Phone AutoConfiguration ............................................................................................. 398
Link Layer Discovery Protocol—LLDP ............................................................................. 399
LLDP Example ................................................................................................................. 400
Industry Standard Discovery Protocol—ISDP .................................................................. 401
CDP/ISDP Considerations ............................................................................................... 402
How to Configure VoIP on Dell EMC N-Series Switches .................................... 403

N-Series Switch Default Configuration ............................................................................. 404
Voice VLAN Configuration ............................................................................................... 406
Voice VLAN Configuration Part 2 ..................................................................................... 408
Verification of VoIP Configuration ........................................................................ 410

Confirm Voice VLAN Globally Enabled ............................................................................ 411
Confirm VLAN Switchport Settings and HW Queue ......................................................... 412
Confirm HW Queue Scheduler Settings ........................................................................... 413
Module Summary ................................................................................................... 415

Review Questions: VoIP and QoS ........................................................................ 416
© Copyright 2019 Dell Inc. Page xiii

Dynamic Host Configuration Protocol—DHCP ................................... 417
DHCP Overview ...................................................................................................... 418

What Is DHCP? ............................................................................................................... 419
DHCP Client, Server, and Relay Roles ............................................................................ 420
How DHCP Works ........................................................................................................... 422
Information Distributed Through DHCP Server ................................................................ 423
DHCP Configuration .............................................................................................. 424

Configuring DHCP Server Dynamic IPv4 Address Pool ................................................... 425
Configuring DHCP Server with Static Addresses ............................................................. 427
Configuring DHCP Relay Agent ....................................................................................... 428
Verifying DHCP Address Pools ........................................................................................ 429
Verifying DHCP Relay Agent Configuration...................................................................... 430
Monitoring DHCP Server Statistics .................................................................................. 431
DHCP Server Verification................................................................................................. 432
Securing DHCP ...................................................................................................... 433

DHCP Snooping Feature ................................................................................................. 434
DHCP Snooping Commands ........................................................................................... 435
Verify DHCP Snooping Global Configuration ................................................................... 436
Verify DHCP Snooping Binding ........................................................................................ 437
Module Summary ................................................................................................... 438

Review Questions: Dynamic Host Configuration Protocol—DHCP................... 439
Lab: Dynamic Host Configuration Protocol—DHCP ........................................... 440
Lab: Dynamic Host Configuration Protocol—DHCP ......................................................... 441
IPv6 ........................................................................................................ 442
IPv6 Overview ......................................................................................................... 443

IPv6 Review – What is Internet Protocol Version 6? ........................................................ 444
Example IPv6 Address ..................................................................................................... 445
IPv6 Packet and Headers ................................................................................................ 447
Page xiv © Copyright 2019 Dell Inc.

Addresses Used with IPv6 ............................................................................................... 449
IPv6 Address Scopes ....................................................................................................... 450
Link Local Scope.............................................................................................................. 451
Unique Local Scope ......................................................................................................... 452
IPv6 Address Scopes – Global Address........................................................................... 453
IPv6 Review – ICMPv6 Message Types .......................................................................... 454
IPv6 Prefix Notation ......................................................................................................... 455
IPv6 Implementation .............................................................................................. 456

IPv6 Addressing Configuration, DNOS 6 .......................................................................... 457
invt IPv6 Connectivity Verification .................................................................................... 458
Review Questions ............................................................................................................ 459
Module Summary ................................................................................................... 460

Review Questions: IPv6 ......................................................................................... 461
Lab: IPv6 ................................................................................................................. 462
Lab: IPv6 ......................................................................................................................... 463
Power over Ethernet ............................................................................. 464
Power Over Ethernet Overview ............................................................................. 465

Supplying Electrical Power to End Devices ...................................................................... 466
Traditional Power Distribution .......................................................................................... 468
Power Over Ethernet Augments Traditional Power Distribution........................................ 470
Transmitting Electrical Power Through Ethernet Cables .................................................. 472
Phantom Power Transmission ......................................................................................... 474
PoE IEEE Standard ......................................................................................................... 475
PoE+ IEEE Standard ....................................................................................................... 476
How Does PoE Work? ..................................................................................................... 477
PoE Power Classification ................................................................................................. 478
High-Power PoE .............................................................................................................. 479
PoE+ Power Classification ............................................................................................... 480
© Copyright 2019 Dell Inc. Page xv

PoE Device Types .................................................................................................. 481
IP Telephones.................................................................................................................. 482
Wireless Access Points .................................................................................................... 483
IP Network Security and Surveillance Cameras ............................................................... 484
Environmental Sensors and Premises Access Controls ................................................... 485
Building and Industrial Controls........................................................................................ 486
Power Provisioning................................................................................................ 487

Applying PoE Power Standards ....................................................................................... 488
PoE Operating Standards and Types ............................................................................... 489
Power Over Ethernet Type 1 ............................................................................................ 490
Adding PoE to Non-PoE Network ..................................................................................... 494
Power Management Modes ............................................................................................. 495
Dell EMC N-Series Switch PoE Information ..................................................................... 496
Dell EMC N1100P Series PoE Support Characteristics.................................................... 497
Dell EMC N1500P Models PoE Power Budget Information .............................................. 499
PoE Configuration and Validation ........................................................................ 504

Dell EMC N-Series PoE+ Port Modes .............................................................................. 505
PoE+ Features for Dell N-Switches .................................................................................. 506
Dell EMC N3000 Models UPoE Capability ....................................................................... 507
LLDP Media Discovery Protocol....................................................................................... 508
LLDP-MED TLVs ............................................................................................................. 509
Configuring LLDP-MED.................................................................................................... 510
PoE Switch and Port Configuration .................................................................................. 511
Port Power Control........................................................................................................... 512
Page xvi © Copyright 2019 Dell Inc.

PoE Power Management ................................................................................................. 513
PoE End Device Description ............................................................................................ 516
Device Power Detection Mode ......................................................................................... 517
UPoE - High-Power Mode ................................................................................................ 518
Port Power Limit............................................................................................................... 519
Port Priority Setting .......................................................................................................... 520
Port Power Use Threshold ............................................................................................... 521
Port Power Reset ............................................................................................................. 522
Current PoE Configuration and Status ............................................................................. 523
PoE Controller Firmware Version Display ........................................................................ 524
Troubleshooting ..................................................................................................... 525

Troubleshooting Best Practice ......................................................................................... 526
Typical PoE Problems During Deployment....................................................................... 527
Preventing Inadequate Power Anomalies ........................................................................ 528
Switch and Port Power Management Checks .................................................................. 529
Power Usage and Prioritization ........................................................................................ 530
POE Concerns – Powering Devices ................................................................................. 531
Module Summary ................................................................................................... 532

Review Questions: Power over Ethernet—PoE ................................................... 533
Security ................................................................................................. 534
Access Control Lists (ACLs) ................................................................................. 535

Access Control List Overview........................................................................................... 536
ACL Configuration............................................................................................................ 539
Scenario - Server Admin Cannot FTP to New Server ....................................................... 544
Port Security........................................................................................................... 546

What Is Port Security? ..................................................................................................... 547
Why Port Security Is Needed? ......................................................................................... 548
Methods of Port Security .................................................................................................. 551
Port Security Commands ................................................................................................. 554
© Copyright 2019 Dell Inc. Page xvii

Authentication, Authorization, and Accounting (AAA) ....................................... 557
AAA Overview .................................................................................................................. 558
AAA Methods ................................................................................................................... 559
Local Authentication......................................................................................................... 561
RADIUS Authentication .................................................................................................... 567
Module Summary ................................................................................................... 569

Review Questions: Security .................................................................................. 570
Lab: Security .......................................................................................................... 571
Lab: Security .................................................................................................................... 572
Stacking................................................................................................. 573
Stacking Overview ................................................................................................. 574

Stacking Overview ........................................................................................................... 575
Why Stacking - Ease of Management .............................................................................. 576
Stacking for High Availability ............................................................................................ 577
Stack Management Roles ................................................................................................ 578
LAG vs Stack vs MLAG.................................................................................................... 580
Topology in Stacking ............................................................................................. 581

Cabling Best Practices ..................................................................................................... 582
N1500 Stacking ............................................................................................................... 583
N2000 Stacking ............................................................................................................... 584
N3000 Stacking ............................................................................................................... 585
N4000 Stacking ............................................................................................................... 586
Configure Stacking ................................................................................................ 587

Creating a Stack .............................................................................................................. 588
DNOS 6.x Stacking Features ........................................................................................... 589
Adding Member to a Stack ............................................................................................... 590
Removing Member Units from a Stack ............................................................................. 593
Managing Standby Unit .................................................................................................... 596
Mixed Stacking ................................................................................................................ 598
Page xviii © Copyright 2019 Dell Inc.

Stacking – General Guidelines ......................................................................................... 600
Module Summary ................................................................................................... 601

Review Questions: Stacking ................................................................................. 602
Lab: Security .......................................................................................................... 603
Lab: Stacking ................................................................................................................... 604
© Copyright 2019 Dell Inc. Page xix

Course introduction
© Copyright 2019 Dell Inc. Page 1

Course Objectives
Course Objectives
Page 2 © Copyright 2019 Dell Inc.

Course Objectives
Course objectives
By the end of this course, you will be able to:

 Describe Product Architectures.
 Understand concepts and navigation.
 List advanced configuration steps for various protocols/automation features.
 Perform advanced troubleshooting steps related to configuration tasks.

Course Objectives
Prerequisite skills

Course Objectives
Course agenda
Day 1 Day 2 Day 3 Day 4 Day 5
Introduction LAG Routing VoIP PoE

Basic Switch MLAG - Static DHCP Security
Configuration LLDP Routing IPv6 Stacking
VLAN - OSPF
STP - PBR
- VRRP

Course Objectives
Introductions

Overview of Campus Network Design and Dell
Networking Campus Products
Introduction
Upon completing this module, you will be able to:

 Implement Enterprise Campus Network design considerations.
 Determine how the N-series switches fit into the campus network design.
 Describe the N-series switches.

Overview
Overview
Introduction

Overview
Enterprise Campus Network Design Considerations
 Campus Network definition
 Overall Design:
The campus network represents any infrastructure between the user and the
applications in facilitating access
 Site:
A building or group of buildings that are connected into one enterprise
network that consists of one or more LANs
 Users:
Campus network users are employees, guests, and devices that connect to
applications and information using wired and wireless devices
 Interconnect:
Interconnect within Campus Networking means connecting the campus core
to the edge of the network and WAN portions of the network
 Switch Features:
The design should adhere to the architectural principles: Modularity,
resiliency, and flexibility

Overview
Enterprise Campus Network Design Hierarchy
Hierarchy: The campus is traditionally defined as a three-tier hierarchical model

comprising the core, distribution, and access layers as shown.
 Core Layer
Provides a limited set of services, is highly available, and operates in an
always-on mode. The core campus is the backbone that supports all the
elements of the campus architecture. It is that part of the network that provides
for connectivity between end devices, computing, and data storage services. It
is located within the data center—and other areas and services within the
network. On some designs, the distribution layer and core layer are collapsed
on a single layer.
Different environmental requirements (single building or multiple adjacent

buildings) can lead to a series of variations of the basic three layer approach.
 Distribution Layer
The distribution layer in the campus design acts as a services and control
boundary between the access and the core.
 Access Layer
The access layer is on the edge of the campus. It is the place where end
devices (PCs, printers, cameras, and wireless access points) attach to the wired
portion of the campus network.

Overview
Enterprise Campus Network Design Methods
Campus Design Features
Modularity Types - The modules of the system are the building blocks that are
assembled into the larger campus. The advantage of the modular approach is
failures that occur within a module can be isolated from the remainder of the
network. The campus network architecture is based on the use of two basic blocks
or modules that are connected together through the core of the network: Access-
distribution block and Services block.
 Access-Distribution Blocks
Access-distribution blocks are probably the most familiar element of the campus
architecture. It is the fundamental component of a campus design. Properly
designing the distribution block goes a long way to ensuring the success and
stability of the overall architecture. Access-distribution blocks consist of two of
the three hierarchical tiers within the campus architecture: The access and
distribution layers
 Services Block
The services block is a newer element in the campus design. Campus network
planners added services, and now several challenges must be solved. The
services include, dual stack IPv4/IPv6 environments, and moving to controller-
based wireless networks, and migrating towards Unified Communications
services. The services block is not necessarily a single entity. There might be
multiple services blocks depending on the scale of the network.

Overview
Resiliency Types - Resiliency is a basic principle that is made real by using many
related features and design choices. For example, enabling port security on the
access switch controls which frames are permitted inbound from the client.
Resiliency principles can be extended to QOS and routing protocols such as
OSPF.
 Resilient Power Supplies
 Multiple traffic paths create resiliency
 Routing protocols
Flexibility Methods - The control plane decides where the traffic goes. The data
plane moves the traffic in one interface and out another. The constant evolution of
campus network design requires an increasing degree of adaptability or flexibility.
The ability to modify portions of the network, or services, or capacity without going
through major upgrades are key to the effectiveness of campus designs. Key areas
where it is highly probable that networks evolve over the next few years are:
 Control Plane Flexibility—The ability to support and enable migration between
multiple routing, spanning tree, and other control protocols.
 Data Plane Flexibility—The ability to support the introduction and use of IPv6
as a parallel requirement alongside IPv4.
– User Group Flexibility—The ability to virtualize the network forwarding
capabilities and services within the campus fabric to support changes in
administrative structure of the enterprise. These changes could involve
acquisition, partnering, or outsourcing of business functions.
– Flexible Security Architecture—Increased security threats and changing
traffic patterns require a security architecture that can adapt to these
changing conditions.
 Traffic Management Flexibility—Unified communications, collaborative
business approaches, and software models continue to evolve—along with a
trend toward increased growth in peer-to-peer traffic flows. These fundamental
changes require campus designs that enable security, monitoring, and
troubleshooting tools available to support these new traffic patterns.

Dell Networking N-Series Switches

Dell Networking N-Series Campus Design
The Dell Networking N-Series is a family of energy-efficient and cost-effective 1

GbE and 10-GbE switches that are designed for modernizing and scaling network
infrastructure. The N4000 model supports 1 Gb and 10 GbE. All other N-Series
models feature autosensing (1Gb/100Mb/10Mb) ports and DNOS 6 technology.
 Power and Price
N-Series switches have the scale and performance to gracefully handle even
the most bandwidth-intensive applications for thousands of users at a fraction of
the cost. The Dell Networking N3048 has 90% more throughput, 62% more
fabric capacity, and costs half of the Cisco Catalyst 3750X-48T-S.
 DNOS6
DNOS 6 offers a single code base across all N-Series switches and further
simplifies deployments by applying and processing configurations identically
across the N-Series switch families.
 Power over Ethernet (PoE)
The 1RU footprint N1100, N1500, N2000, and N3000 Series PoE+ models
support PoE+.
 Stacking
The N1100 and N1500 can support up to a four-unit stack. The high-
performance stacking architecture of the N2000, N3000, N4000 can each
support 12-unit stacking using integrated stacking ports. Using the latest version
of code you can even mix models in the stack, see the release notes for details.

 Dual Power Supplies

For the aggregation and core tiers, dual hot-swappable power supply support is
available on the N3000 and N4000 Series.
 MLAG
Multiswitch LAG (MLAG) helps make high availability and full-bandwidth
utilization achievable in a redundant, loop-free network.

N1100 Series Models
The Dell Networking N1100 Series switch

 Up to 176-Gbps switch fabric capacity
 Support for up to 50 1GbE ports per switch and up 200 1GbE ports in a four-unit
stack
 Standard 10-GbE SFP+ transceivers and cables for cost-effective high
performance stacking at up to 40 Gbps
 Up to 48 ports of PoE+
 Up to 512 VLANs supported
 Advanced network security including highly configurable ACLs
 USB Rapid deployment expedites switch configuration
 Energy Efficient Ethernet (EEE) and lower power PHYs reduce power to
inactive ports and idle links

N1500 Series Models
The Dell Networking N1500 Series switch

 Up to 176-Gbps switch fabric capacity
 Support for up to 50 1GbE ports per switch and up 200 1GbE ports in a four-unit
stack
 Standard 10-GbE SFP+ transceivers and cables for cost-effective high
performance stacking at up to 40 Gbps
 Up to 48 ports of PoE+
 Up to 512 VLANs supported
 Advanced Layer 3 Lite functionality with up to 256 static routes
 Advanced network security including highly configurable ACLs
 USB rapid deployment expedites switch configuration
 Energy Efficient Ethernet (EEE) and lower power PHYs reduce power to
inactive ports and idle links

N2000 Series Models
 SFP+ Ports
N2000 Series
2x10G SFP+ ports
Transceiver Detection/Support
Dell-qualified SFP+ transceivers are sold separately.
Support SFP+ Transceivers
Support SFP+ copper Twinax
Operating at 10 Gb
Support SFP transceivers operating at 1 Gb.

 USB Storage
N2000 and N3000 Series
Details
Type-A, female USB port USB
2.0-compliant flash memory drive
Formatted as FAT-32
Copy configuration files and images between USB and switch
Move files between switches

Switch cannot delete files on USB drive

USB port does not support any other type of USB device

N3000 Series Models
 N3000 Series (not counting F model)

2x10G SFP+ ports
 N3000 Series F Model
The N3024F front panel provides 24-Gigabit Ethernet 100BASE-
FX/1000BASE-X SFP ports plus two 1000BASE-T combo ports.
 Transceiver Detection/Support
Dell-qualified SFP+ transceivers sold separately
 Support SFP+ Transceivers
Support SFP+ copper Twinax
Operating at 10 Gb
 Support SFP transceivers operating at 1 Gb

N4000 Series Models
Some key features of the Dell Networking N4000 series include:

 Up to 1.2Tbps switch fabric capacity
 Up to 64 line rate 10-GbE ports per switch
 Up to 672 10GbE ports in a 12-unit stack with front panel/user port stacking
bandwidth up to 320 Gbps
 Hot swap expansion module support including dual QSFP+ (8 x 10 GbE), Quad
10GBaseT and Quad SFP+
 Support for advanced Layer 3 functionality and iSCSI autoconfiguration and
optimization with Dell EqualLogic storage.
 Four models within the N4000 series: 24 and 48-port 10GBaseT (N4032,
N4064) and SFP+ equivalents (N4032F, N4064F)

Module Summary
Module Summary

Campus Network Design / Dell Networking Campus Products: Review Questions
Campus Network Design / Dell Networking Campus

Products: Review Questions
1. What N-series models are best for the aggregation and core layers of the
network?
N3000 and N4000 Series
2. Which two N1500 series switches offer Power over Ethernet plus capabilities?
N1524P and N1548P
3. What modules are available for the N30xx Series Switch?
Two modules are available: 2-port SFP+ Module, 2-port 10G Base-T
Module

Lab Environment Exploration


Refer to the student lab guide for instruction to complete the lab.

Basic Switch Configuration
Introduction

 Describe the normal boot process of an N-Series switch.
 Identify the proper cable required for first-time setup of the switch.
 Set a management IP, switch name, and credentials on an N-Series switch.
 Apply the steps for upgrading a switch firmware.
 Determine the initial setup requirements for a stand-alone switch in
comparison to a stack of switches.

Switch Boot Process
Switch Boot Process

Switch Boot Process
N-Series Boot Process
The N-series boot process acts a boot loader and provides users and channel
partners the ability to install the target network operating system (Dell Networking
OS6).
1. Power-ON Self-Test (POST)

2. BIOS hardware verification
3. CPU and Memory verification
4. Load Boot-loader
5. Load operating system DNOS6
6. Load Configuration file

Switch Boot Process
Boot Options
 Start Operational Code is what you select when you are done using the Boot
Menu.
 Select Baud Rate sets the serial port baud rate for any boot menu function.
 Retrieve Logs provides access to the Logs used especially when the
Operational Code does not boot.
 Load New Operation Code provides a way to load new code when you have
damaged operation code.
 Reboot causes the switch to reboot right now.
 Restore configuration to Factory Defaults wipes out any existing configuration
and starts as is the switch was received from the factory.
 Activate Backup Image lets you switch to a second image if you suspect the first
image is damaged.
 Start Password Recovery lets you into the switch to recover from forgetting the
password.

Switch Boot Process
Reset Password
 Open the Boot Menu

 Disable password checking
 Switch booting to the Privileged Exec Mode
 Enable the password
 Exit from Configuration Mode
 Save the configuration
 Reload the switch

Switch Boot Process
Factory Reset
Use the following procedure to reset the Dell N series switch to factory defaults:
1. Manually reboot your switch
2. While the switch is booting, wait for the “Dell Networking Boot Options” and
select option #2 (Display Boot Menu) within 3 s.
3. On the Boot Main Menu, enter choice number 10 Restore Configuration to
Factory Defaults. Then the enable password can be set as if it were a new
switch.

Switch Boot Process
Recover Password
 While the switch is booting, keep an eye on the boot up screen.

 When you see the Dell Networking Boot Options, type "2" and press "Enter" to
select within 3 s. If you miss this step, the switch must be powered on again.
 Once in the Boot Menu type "12" at the Enter Choice# prompt.
 The switch starts the operating system without the normal prompt for
username/password
 Once the switch has completed booting, you should create a
username/password and save the configuration.
Command Parameter
console# configuration Enter configuration mode.
console(config)# username admin password Command to create a user named

Dell1234 privilege 15 "admin" and password "Dell1234",
This password is an example. You
can use your own username and
password for proper switch access
security.
console(config)# end Leave configuration mode.

Switch Boot Process
console# copy running-config startup-config Save the configuration for any

possible restart of the switch.

Switch Boot Process
Stacking Initial Setup
Stacking Overview and Procedures
Stacking Review
 Stacking is a well-known networking concept of cabling similar devices together

into a cohesive unit that behaves as a single, larger switch.
 Stacking has one member that is in charge and is known as the master. It
maintains the running configuration, controls the CLI operations, and acts as the
Route Processor Module (RPM) for the stack. There is normally a standby

Switch Boot Process
switch which is the backup master. Stack-capable switches have stack

configuration references even in a standalone mode.
Creating a Stack
 How you cable the stack can vary from switch to switch.
 N4000 switches require stacking ports to be defined, do this before cabling
them together.
 From the factory each switch is setup as unit 1.
 Once a switch is Master it wants to stay master.
 When you power on the second switch the unit number will conflict with the
Master. The master will change the unit number of the second switch to unit 2.
When this happens any configuration on the switch will be lost.
 Each additional switch added will go through the same process.
 It is possible to change the unit number prior to stacking and the configuration
will then not be lost.

Switch Boot Process
Stack Master Selection
Once the switch unit has become Master, it always will try to stay Master. A unit
that powers up first will take on the Master Role. If two or more units power up for
the first time within the first few minutes of one another they will elect a Master
based on MAC Address. Once a Master unit fails the standby unit now becomes
Master, that unit is now the Master and will try to stay Master. If two devices think
they are Masters the higher MAC Address will become Master.
If both switches were set to unit 1 the switch that is not master will now be
setup as unit 2 any configuration on that unit is now lost.

Switch Connections
Switch Connections

Switch Connections
Connection Methods
 It is a good idea to be familiar with all the different methods that are used to
connect the switch. A connection to an N-Series switch can be established
through the serial console, Telnet, SSH, or web interface.
 The switch is not configured with a default user name, password, or IP address.
The initial configuration must use the console port.

Switch Connections
Serial Connection Steps
Serial connection steps:

1. Identify the switch console port.
2. Select and connect the appropriate cable and serial adapter if needed.
– If you are using USB to serial port cable, you must use a USB to serial
adapter and driver.
– If plugging directly into a personal computer serial port, an adapter is not
required.
3. Install drivers if applicable.
4. Start the terminal emulator, and select the appropriate serial port.
– Use the device manager in the personal computer in order to find the serial
port number.
5. Configure the management station serial port with the switch-specific settings.

Switch Connections
Console Port: N-Series
Console Port N-Series

Switch Connections
Console Connection: Cable Types
 The serial cable is used to connect the switch to a terminal or serial port on a
personal computer.
 Many other Dell switch models use this type of console port.

Switch Connections
Connecting a Serial Cable
 The command line of the N-Series switch can be accessed several ways.
 For the N1100 switches, use a supplied Micro USB to USB serial cable to
access the serial console. Connect the Micro USB end of the cable to the
serial console port and the USB connector to the personal computer USB
port. Download the adapter software and install to your personal computer.
Download and install the terminal emulation software on your personal
computer (for example, PuTTY). Access the serial console with the correct
settings (default setting is 9600 baud, 8 data bits, no parity bit, 1 stop bit,
and no flow control).
 For the N2000 switches, use a supplied RJ45 to DB9 serial cable to access
the serial console. Connect the RJ45 end of the cable to the serial console
port and the DB9 connector to your personal computer. Download and install
the terminal emulation software on your personal computer (for example,
PuTTY). Access the serial console with the correct settings (default setting
is 9600 baud, 8 data bits, no parity bit, 1 stop bit, and no flow control).
 Besides to the RJ45 serial port, the N3000 and N4000 series switches have
an out of band management port that is connected through an Ethernet
connection. The serial and out of band ports on the N4000 are on the back
of the switch. The serial cable cannot be connected on the Ethernet port and
the Ethernet port cannot be used for the initial configuration.

Switch Connections
Terminal Applications: TeraTerm
 TeraTerm is one of the tools that you can use to connect to a switch through the
serial console. It is a free download from Ayera Technologies and is compatible
with most Microsoft operating systems.

Switch Connections
Terminal Applications: PuTTY
PuTTY
 PuTTY is a free open-source terminal emulator application that can act as a
client for SSH, Telnet, rlogin, and raw TCP protocols. It also provides serial port
connection capability. Downloadable versions are available for both Windows
and Linux/Unix operating systems.
 For serial connections, You must turn off flow control to allow PuTTY to
establish a serial connection to a Dell switch.
– Latest version provides serial, Telnet, and SSH access

– Download from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
– Serial defaults to 9600/8/N/1/xon-xoff
– No option for Xmodem file transfer

Switch Connections
Remote Management
Telnet or SSH is used to provide remote access to the switch over an IP address.

Switch Connections
Connection Methods
 To perform any type of configuration on a switch, you must be familiar with the
different connection methods. A connection to a switch can be established
through the serial console, Telnet, SSH, or a web interface.
 Initially, you are required to connect to a switch through a serial connection to
configure it for other connection methods.

Switch Connections
Telnet Connection
 Telnet is a network protocol that is used on the Internet or local area networks
to provide bi-directional, interactive communications between computer systems
or devices. Typically, Telnet provides access to a CLI on a remote host over a
virtual terminal connection.

Switch Connections
SSH
 The operating system supports SSH for secure, remote connections to the CLI.
The SSH server can be enabled or disabled.
 SSH is used to create a secure remote connection using some of the sample
commands shown here.
 It is a good idea to disable Telnet once you have SSH turned on. That way you
funnel all your users through the encrypted remote access.

Switch Connections
Why Use Out-of-Band Management (OOB)
Isolation of the management function can be beneficial for several reasons.

 Isolating the management provides direct access to the switch CPU from the
management network.
 If the network is too busy to let you in, OOB management is still available
 It is hard to disconnect yourself from access.

Switch Connections
Out-of-Band Management Interface
 The N3000 and N4000 series switches have out of band interfaces, which
allows the administrator to configure a management network that is not
accessible through the switch.
 Configure a username and password.
Add the IP address and default gateway to the out of band interface.
 You do not have to configure an enable password to use an in-band interface,
but Dell EMC recommends it. The enable password is required to set up an out-
of-band interface.

Switch Connections
Review Question

Switch Connections
Review Question

Switch Connections
Review Question

CLI Switch Configuration

CLI: Overview
 The CLI on N-Series switches is used to control and define the many device
parameters and features. The CLI is hierarchically and modularly structured.
This way the user has better control and insight into the various commands and
levels of configuration. If all the CLI commands were located in one general
interface, the user would find it difficult to control and handle. For example, the
help command would produce an endless command list.
 A CLI command is a series of:
– Keywords: Mandatory words composing the command until the first
parameter, Keywords state a command.
– Parameters: specify configuration options, some are mandatory, and some
are optional. There are two types of parameters:
 Positional: Position of the parameter matters, parameters must be in a
specific order.
 Key: Position does not matter, order may be changed.
 In the command snmp-server community dellpvt rw, snmp-server and
community are keywords. Input dellpvt rw are key parameters, where dellpvt
specifies the community string and rw specifies the SNMP permissions.

CLI Modes
 Modes:
– Exec
– Exec Privileged
– Configuration
 The CLI is used to navigate between different privileges, protocols and
interfaces.
 Each mode has a different prompt.

CLI - EXEC
 The initial default mode supports basic commands.

 The prompt will end with a greater than symbol “>”.

CLI Mode – EXEC Privilege
 The enable command turns on Privilege Exec mode.

 The prompt ends with a hash symbol “#”.

CLI Mode – CONFIGURATION
 Config is the shortcut for configure. Cisco devices require configure terminal.
 The prompt will start with (config) and end with "#”.

CLI: Keyboard Shortcuts

CLI: Filtered Commands

Simultaneously Configuring More Than One Interface
 An interface range is a set of interfaces to which other commands may be

applied. It can be executed if there is at least one valid interface within the
range. Bulk configuration excludes it from configuration any nonexisting
interfaces from an interface range.
 The interface range command enables you to apply one or more configuration
commands to multiple interfaces simultaneously.
 The interface range prompt offers the interface (with slot and port information)
for valid interfaces. The maximum size of an interface range prompt is 32. If the
prompt size exceeds this maximum, it displays (...) at the end of the output.
 Note: Nonexisting interfaces are excluded from interface range prompt. When
creating an interface range, interfaces appear in the order they were entered
and are not sorted.
 The show range command is available under interface range mode. This
command allows you to display all interfaces that have been validated under the
interface range context.

“?” Is for Help
There are three ways to access Help.

 Enter help at the prompt in order to obtain a list of keywords and a brief
functional description of those keywords.
 Enter ? after a keyword into the prompt to display a list of possible keywords
containing those letters.
 Enter a keyword, followed by a space and ? to obtain a list of parameters that
can be used in the CLI. There always must be a space before the ? for this to
work.

Abbreviated Commands

Resetting Configuration Commands

 In this example, the IP Address for VLAN 10 is being removed. VLAN 10 is also
being removed. The example starts with a show run of VLAN 10 to display the
configuration of VLAN 10. The IP and VLAN are then removed to show the
usage of the no command. Then the show vlan command is used to show
VLAN 10 is removed from the configuration.
 For terminal monitor, you must enter the command run terminal no monitor
instead of no terminal monitor.

Useful and Time-Saving CLI Tools
Abbreviations must be long enough to uniquely identify the parameter from any
other of the parameters. Tab or space initiate the command completion to occur.
The DO command lets you complete a command from higher level without being at
that level.

Initial Configuration: Overview
Here is a list of steps that are required to set up the initial switch configuration.
1. Connect to the CLI through a serial console connection.

2. Configure the hostname.
3. Configure the enable password.
4. Create a user account and password for remote access.
5. Configure a VLAN interface for remote IP connectivity
 Out-of-Band interface
 VLAN Interface

Initial Switch Configuration Using Command Line
1. Connect to the CLI through a serial console connection.

2. Configure the switch hostname.
 console#config
console(config)#hostname N1
N1(config)#
 The prompt will now be the hostname.
3. Configure the enable password
 N1(config)#enable password Dell encrypted
 The password in the example is Dell.
4. Create a user account and password for remote access.
 N1(config)#username admin password Passw0rd privilege 15
– Level 0 Provides limited access to the switch no write capability
– Level 1 - User level cannot create other users
– Level 2 to 14 are user created levels
– Level 15 is the highest security level which is the admin level
5. Configure an interface for remote management. (Out of band used in this
example)

 N1(config)#interface out-of-band
N1(config-if)#ip address 192.168.1.1 /24
N1(config-if)#exit
 This configuration sets the out of band IP address to 192.168.1.1 with 24
bits for the network and 8 bits for host names.

Review Question

Review Question

Command Output Paging
This lesson covers Command Output Paging


 Lines are printed on the screen up to the configured terminal length limit (default
24). Use the space bar to show the next page of output or the carriage return to
show the next line of output. Setting the terminal length to zero disables paging.
Command output is displayed until no more output is available.

Understanding Error Messages
Understanding Error Messages

 After entering a command that the system does not recognize the following
messages are displayed:
 % Invalid input detected at '^‘ marker

Indicates that you entered an incorrect or unavailable command. The carat
(^) shows where the invalid text is detected. This message also is displayed
if any of the parameters or values are not recognized.
 Command not found /Incomplete command. Use? to list commands.
Indicates that you did not enter the required keywords or values.
 Ambiguous command
Indicates that you did not enter enough letters to uniquely identify the
command.

Recalling Commands from History Buffer
Recalling Commands from History Buffer
 The history buffer is enabled and stores the last 10 commands entered.
 These commands can be recalled, reviewed, modified, and reissued.
 The buffer is not preserved after the switch resets.
 Keyword: Uparrow key or <Ctrl>+<P>

– Effect: Recalls commands in the history buffer, beginning with the most
recent command. Repeats the key sequence to recall successively older
commands.
 Keyword: Down-arrow key or <Ctrl>+<N>
– Effect: Returns to more recent commands in the history buffer after
recalling commands with the uparrow key. Repeating the key sequence
recalls more recent commands in succession.

Interface Types
Interface types that are supported include the following:
Physical Interfaces
 The physical ports on the switch include the out-of-band (OOB) interface
(N3000 and N4000 only) and Ethernet switch ports.
Logical interfaces
 Port-based VLANs
 VLAN routing interfaces
 Link Aggregation Groups (LAGs), also called port channels)
 Tunnels
 Loopback interfaces

Interfaces
 Configured through Interface sub-mode

 In this mode, any commands entered will be applied to only the interface(s)
listed at the prompt.
 Refers to physical ports that are on line cards.
 Different interface types are available depending on the specific N-Series
product. The first four entries in the table are Ethernet port types.
 The 10 GB Ethernet and 40 GB Ethernet are found in the N4000 products.
 The 10- GB Ethernet, 21 GB Stacking, and Gigabit Ethernet are in the N2000
and N3000 switches.
 A loopback is a logical interface that is normally up, because it is not tied to any
hardware. The loopback interface allows the switch to have a stable IP address
that other network devices and protocols can use to reach the switch.
 .The loopback interface does not behave like a network switching port. This
behavior is because, there are no neighbors on a loopback interface; it is a
pseudodevice for assigning local addresses so that the other Layer 3 devices
can communicate with the switch by using the loopback IP address. The
loopback interface is always up unless administratively shutdown and can
receive traffic from any of the existing active interfaces. The address of the
loopback can be used to communicate with the switch through various services
such as Telnet and SSH. The IP address on a loopback behaves like any local

address of the VLAN routing interfaces in terms of the processing of incoming

packets
 The VLAN interface is used to define and configure the VLANs for isolating
broadcast zones.
 Out-of-band management is found in all but the N1100, N1500, and N2000
series. It enables you to create an IP interface that does not belong to the
switch network. It is a more secure way of accessing the switch.

Ethernet Interfaces
Ethernet interfaces use a naming scheme that identifies the link speed and its
location within the switch. The naming scheme is:
 <Interface Type> Unit#/Slot#/Port#—For example, gi2/0/10 identifies the
gigabit port 10 in slot 0 within the second unit on a nonmodular switch. The
table that follows lists the supported interface type tags.
 Unit #—The unit number is greater than 1 only in a stacking solution where
switches are stacked to form a virtual switch. In this case, the Unit# indicates
the logical position of the switch in a stack. The range is 1 through 12. The
unit value is 1 for stand-alone switches.
 Slot#—The slot number is an integer that is assigned to a particular slot.
Front panel ports have a slot number of 0. Rear panel ports are numbered
from 1 and can be identified by the Lexan on the rear panel. Use the show
slot command to retrieve information for a particular slot.
 Port # — The port number is an integer that is assigned to the physical port
on the switch and corresponds to the Lexan printed next to the port on the
front or back panel. Ports are numbered from 1 to the maximum number of
ports available on the switch, typically 24 or 48.

Firmware Upgrades
Firmware Upgrades

Firmware Upgrades
Firmware Upgrades Overview
Firmware updates can be performed by FTP, TFTP, XMODEM, or through the Web
Interface (GUI).
 Firmware updates can be performed by FTP, TFTP, XMODEM, or through the

Web Interface (GUI).
 Release notes or upgrade guide should be consulted because each upgrade
could have different requirements, Boot code or firmware or both could require
upgrades. It can also list require existing firmware version the system must be
at to upgrade from.

Firmware Upgrades
Firmware Upgrades - File Structure
The configuration installation files consist of the following files:

 Boot Image Files - Runs the initial hardware diagnostics and tests. Once these
tests have passed, it searches the flash chip for a valid Operating System
Image file to boot to. The Boot Image also provides a prom menu mode, which
allows some basic configuration before the Operating System Image is loaded.
 Operating System Image Files - System images are saved in two flash files
called images (image 1 and image 2). The active image stores the active copy,
while the other image stores a second copy. The device boots and runs from
the active image. If the active image is corrupt, the system automatically boots
from the nonactive image. Not using a corrupt image is a safety feature for
faults occurring during the software upgrade process.

Firmware Upgrades
System Defaults
When the switch is first powered on, neither user or enable passwords are
configured. The hostname is console. No out-of-band or in-band management has
been set up. There are no protocols configured by default.

Firmware Upgrades
Configuration Files
 There are three files that are used for storing the switch configuration
information. The first is the startup-config. When the switch is reloaded, it uses
the startup-config to configure itself. If no startup-config is present, the reload
resets the switch to its default configuration. Deleting the startup-config and
reloading the switch is the procedure that is used for resetting a switch.
 There is a backup-config file where you can keep a copy of the startup-config, in
case you lose or corrupt the startup-config. Also, it is a good idea to keep an
extra backup by copying it to an off-switch location.

Firmware Upgrades
 The running-config file is used to keep the currently active switch configuration.
When the switch is reloaded, the running-config is built from the startup-config.
As the network administrator changes the configuration, the changes are
incorporated into the running-config, but not the startup-config. If the switch was
to reload before the changes in the running-config are copied to the startup-
config, the changes that are made by the administrator would be lost. It is
recommended that the running-config is copied to the startup config often. We
talked earlier about the copy running-config startup –config earlier as an
example of command line shortcuts. There is an even shorter way to do this
operation. The command write, which can be entered as write which executes
a copy running-config startup-config.
 Use the show running-config command to display the content of the running
configuration. There may be a lot of content to display, so the output can be
piped into a script capable of filtering the output.

Firmware Upgrades
Firmware Upgrades - TFTP
 The listed resources are needed to start the upgrade process.

– TFTP server
– CLI access to switch
– New firmware
– Connectivity between TFTP server and switch
 The typical steps for upgrading firmware using TFTP, your steps my vary based
on upgrade guide or release notes.
1. Configure and start TFTP server.
2. Back up running-config to TFTP server.
3. Copy firmware from TFTP server to switch.
4. Select new image for next boot.
5. Update boot code on the switch and reboot.
 Many switches also support FTP in addition to TFTP.
 The upgrade guide should always be consulted before an upgrade.

Firmware Upgrades
Firmware Upgrades – Boot Menu (XMODEM)
 Upgrading the firmware using the boot menu is a last resort option. This
method is used when the switch is unable to complete startup of the runtime
code. Using Xmodem is much slower than doing the upgrade via TFTP, which
is why TFTP is the preferred method when possible.
 Before performing an upgrade via Xmodem, you’ll want to set the terminal baud
rate to the highest speed possible, which in most cases is 115200 bps. If that
choice is not available, then 57600 or 38400 might be the highest you can set
the baud rate.
 Information on upgrading the firmware via Xmodem can be found on the
Upgrade via Boot Menu page in the Switch Administration and Management
module.

Firmware Upgrades
Firmware Upgrade - HTTP
 Another option for upgrading the firmware on Dell switches is via HTTP. This
method does not require additional software and works with Internet Explorer
and Firefox web browsers.
 Using this method, you can download or upload configuration files and
download software images.
 Only DNOS 6.0 uses a web interface.

Firmware Upgrades
Upgrade Process Documentation
 Always download and follow the firmware upgrade documents for the new
version of code as version specific restrictions, or upgrade path, or required
commands may be included on the upgrade instructions.
– Available for all current and past switch models on Dell.com

– Upgrade process is based on version requirements and/or switch model
– Includes steps to verify the boot code version and upgrade requirements

Firmware Upgrades
If your boot code version of the system is running with a version equal or higher
than the version mentioned, DO NOT proceed with the upgrade process. A
downgrade may be needed to include a switch on a existing stack already in
production. If you have questions regarding the boot code version for your system,
contact technical support.

Firmware Upgrades
Software Upgrade CLI Process-Download Firmware Image
The general procedure for upgrading the software is the same on the N2000 and
N3000 switches. The N4000 series is slightly different, but similar. The process is
documented in detail for each new release, and can be found on the Dell Network
website.
The process of upgrading the firmware is going to begin by saving the current
configuration, and as a best practice, copying it off the switch for safe keeping.
Then we copy the new version of the firmware to the switch into a file called
“backup.” Backup is a name used to refer to one of the “image” files in the switch’s
file system we saw earlier.
In the copy command: N4032-1#copy tftp //10.10.10.200/N300_N200v6.1.0.1.stk

backup
 copy
 tftp - we are using tftp to perform the copy
 //10.10.10.200/N3000_N2000v6.1.0.1.stk - The address of the source server
and the firmware code filename
 backup

Firmware Upgrades
Software Upgrade Process -Activate and Reload
The next step is to boot the system using the backup file that contains the new
firmware release you just downloaded. The boot process makes the backup file,
the active file, and makes the current active file the backup. So, if you want to boot
from the new code on the next boot the command is "boot system active". Always
do a "show version" to verify the OS you will be booting from.
Once the boot completes, you have to reload. You receive a warning about
unsaved changes, which you should respond to with “y”, and then again “y” again.
The reload continues using the startup-config.

Firmware Upgrades
Software Upgrade Process - Verify the Upgrade
To verify that the new firmware is installed, show the version again and make sure
the active configuration is the latest code. The previous release is the backup.

Firmware Upgrades
Software Upgrade Process - Update bootcode
 The last steps in the process are to issue bootcode command, then reload.
 The update bootcode command is not documented in the help files.
 If you are upgrading a stacked switch, the process is same, it just takes a lot
longer depending on the size of the stack.

Firmware Upgrades
Review Question

Module Summary
Module Summary

Review Questions: Basic Switch Configuration
Review Questions: Basic Switch Configuration
1. What is the number of interface types available with Dell Networking OS 6.X?
2. List the different CLI modes in Dell networking OS 6.X?

Lab: Basic Switch Configuration


Virtual Local Area Networks (VLANs)
Introduction
Upon completing this module, you will:

 Identify the characteristics of a VLAN and why they are used
 Compare tagged vs. untagged frames.
 Configure VLAN trunking.
 Determine a port VLAN membership.
 Troubleshoot a VLAN mismatch configuration.

VLANs
VLANs
Introduction

VLANs
VLAN Overview
VLAN Overview
A Virtual LAN (VLAN) is a group of PCs, Servers, and other network resources that
behave as if they were connected to a single network segment. Think of a VLAN as
a subnet. A VLAN is essentially its own broadcast domain.
VLANs provide greater network efficiency by reducing broadcast traffic, but also
enable you to make network changes without having to update IP addresses or IP
subnets. VLANs inherently provide a high level of network security since traffic
must pass through a Layer 3 switch or a router to reach a different VLAN.

VLANs
Trunk
(VLAN 1 & VLAN 2)
VLAN 1 VLAN 2 VLAN 1 VLAN 2
VLANs:
 Divides a network into smaller broadcast domains, reducing unnecessary
broadcasts, improving network performance
 Blocks traffic between VLANs, improving security
 Easier network management
 Inter-VLAN communications need Layer 3 routing process (network routers)
Dell Networking operating system 6.X switches support IEEE 802.1Q-compliant

virtual LANs (VLANs). This capability provides a highly efficient architecture for
establishing VLANs within a network and for controlling broadcast/multicast traffic
between workgroups. Central to this capability is an explicit frame tagging
approach for carrying VLAN information between interconnected network devices.
GARP VLAN Registration Protocol (GVRP) is a Layer 2 network protocol that is

used for automatic configuration of switches in a VLAN network. Each VLAN switch
is configured with the VLANs it is part of. GVRP spreads this information and
configures the additional GVRP enabled switches. Dynamically manage VLAN
memberships on trunk ports.

VLANs
VLAN Tagging
VLAN Tagging
VLAN tagging creates a logical separation between devices that are based on the
VLAN tags. The standards body of IEEE named the tags in the 802.1Q
specification for Ethernet framing. The VLAN ID is stored inside the 802.1Q tag.
With frame tagging, a four-byte data tag field is appended to frames that cross the
network. The tag identifies which VLAN the frame belongs to. The tag may be
added to the frame by the end station itself or by a network device, such as a
switch. The tag may also specify the relative priority of the frame in the network.
A VLAN is a broadcast domain and isolates a computer network at the Data Link
Layer. Traffic can only pass between VLANs at Layer 3.

VLANs
Destination Source 802.1 Q Ether Type/ Data

Preamble CRC/FCS
MAC MAC Header Size 46 - 1500
7 Bytes 4 Bytes
6 Bytes 4 Bytes 2 Bytes
6 Bytes Bytes
Tag 802.1p Canonical

Protocol Differentiated Format VLAN ID 12
Identifier Services Code Indicator 1 bits
2 Bytes Point (DSCP) bit

VLANs
Switch Port Modes
Switch Port Modes
 Access
 An access port connects to a single end station belonging to a single VLAN.
An access port is configured with ingress filtering enabled and accepts either
an untagged frame or a packet that is tagged with the access port VLAN.
Tagged packets received with a VLAN other than the access port VLAN are
discarded. An access port transmits only untagged packets.
 Trunk
 A trunk port connects two switches. A trunk port may belong to multiple
VLANs. A trunk port accepts only packets that are tagged with the VLAN IDs
of the VLANs to which the trunk is a member. If there is a native VLAN
configured on the port, it accepts untagged packets as well. A trunk port only
transmits tagged packets for member VLANs other than the native VLAN
and untagged packets for the native VLAN.

VLANs
 General
 Full 802.1Q support VLAN interface. A general mode port is a combination

of both trunk and access ports capabilities. It is possible to fully configure all
VLAN features on a general mode port. Both tagged and untagged packets
may be accepted and transmitted.

VLANs
Switch Filtering
Switch Filtering
During the process of a frame entering, flowing through, and exiting the switch,
filters are applied to narrow down the number of unnecessary frames. Three filters
are applied when a frame enters a switch port. If any of the conditions are not met,
the frame is dropped.
Acceptable Ingress Ingress Forwarding Egress

Port Interface Port Interface
Frame Filter Rules Filter Decision Filter
Switch
Fabric
Acceptable Ingress Ingress Forwarding Port

Port Interface Egress
Frame Filter Rules Filter Decision X Filter Interface
Acceptable Ingress Ingress Forwarding Egress

Port Interface Filter Decision Port Interface
Frame Filter Rules Filter
Ingress Process Egress
The filters can be applied:

 Acceptable Frame Filter - set to admit all or admit only tagged

VLANs
 Ingress Rules Filter – tagged or untagged

 Ingress Filter – forwards frames only if the tag VID of the frame is equal to the
VID of one of the VLANs configured on the port.
As the switch processes a frame, it applies two filters.
 Filtering Database
 Either static or dynamic entries
 Either unicast or multicast entries
 Forwarding Decisions
 Known MAC address frames – look up in Content Addressable Memory
(CAM) address table. Lookup key is based on both VLAN tag and
destination MAC address – leading to the required egress port
 Broadcast frames – lookup is done directly at the VLAN Port Table (flooding
to all ports of the VLAN)
 Unknown unicast frames – initial lookup in MAC forwarding table, when
entry is not found – flooding is performed based on the VLAN Port Table
 One rule is applied when a frame exits a switch port.
 Egress Rules Filter
 Forwards frames as tagged frames if the egress port is defined as VLAN

tagged (for that specific VLAN)
 Sends frames as untagged frames if the egress port is defined as VLAN
untagged (for that specific VLAN)

VLANs
VLAN Configuration
Creating VLANs
Command Description
console# configure Enter configuration mode
console(config)# vlan 100 Set the VLAN ID. This number

can be 2–4094 in this example
the VLAN ID is 100. The
default VLAN is 1.
console(config-vlan100)# name Configure a name of the

Engineering VLAN.
console(config)# show vlan Displays the VLAN information

VLANs
Multiple Access Ports Assigned to Same VLAN
Command Description
console(config)# interface Enter interface configuration

gigabitethernet 1/0/1 mode for the port. In this
example, port gi 1/0/1 is
used.
console(config-if-Gi1/0/1)# Configure and assign the

switchport access vlan 100 switch access port to a VLAN.
In this example, port gi
1/0/1 is assigned to VLAN
100.

VLANs
Multiple Access Ports Assigned to Different VLANs
Command Description

used.
console(config-if-Gi1/0/1)# Configure and assign a switch

switchport access vlan 100 access port to a VLAN. In this
assigned to VLAN 100.

VLANs
Port-Based VLAN Configuration - Trunk Port
Command Description

used.
console(config-if-Gi1/0/5)# Configure a trunk port to

switchport mode trunk enable multiple VLANs to be
carried on the port.
console(config)# show interfaces Display port configuration and

status gigabitethernet 1/0/5 confirm that port is in trunk
mode

VLANs
Switchport Mode General
Command Description
console(config-if-Gi1/0/6)# Configure a general port.

switchport mode general
console(config-if-Te1/0/6)# Configure port in switchport

switchport general allowed vlan add general mode and tag VLAN
400 tagged 400 on the port.
console(config-if-Te1/0/6)# Configure port in switchport

switchport general allowed vlan add general mode and untags
500 untagged VLAN 500 on the port.
console(config-if-Te1/0/6)# Configure the port VLAN ID.

switchport general pvid 500 Untagged traffic that enters the
switch through this port is
tagged with the PVID. The
selected PVID assignment
must be to an existing VLAN.
Entering a PVID value does not
remove the previous PVID
value from the list of allowed
VLANs.

VLANs
Viewing VLAN Membership Information
To view the VLAN membership of a specific port, use the show interfaces
switchport command.
 Console#show interfaces switchport <switchport>

VLANs

VLANs
Troubleshooting VLANs
Common Problems Encountered When Working with VLANs
 VLAN assignment
 Use the show vlan command to determine the VLANs created on the
switch and which ports are assigned to the VLANs.
 Switchport mode
 Use the show interfaces switchport <switchport> command to
display the complete switchport VLAN configuration for all possible switch
mode configurations of an interface. To confirm that the ports are in the
correct mode, review the VLAN membership mode.
 VLAN mismatch between switches
 Native VLAN mismatches - Trunk ports are configured with different native
VLANs.
 Trunk mode mismatches - One trunk port is configured with trunk mode off
and the other with trunk mode on.
 Allowed VLANs on trunks - The list of enabled VLANs on a trunk has not
been updated with the current VLAN trunking requirements.
1. Use the show vlan command to confirm the native VLAN and the other
created VLANs.

VLANs
2. Use the show interfaces switchport <switchport> command to

display the complete switchport VLAN configuration for all possible switch
configurations of an interface. When reviewing the output look for the
following:
 VLAN membership mode to confirm that the ports are in the correct
mode.
 Verify the native and tagged VLANs are configured correctly on the
interface.
3. Use the show mac address-table command to verify that the MAC
address is being learned in the proper VLAN. This method is useful when
there is an untagged VLAN mismatch between two switches.
4. Use the show interfaces trunk command to display active trunk
interface information. Confirm that all VLANs, including the native VLAN, are
configured properly.

Module Summary
Module Summary

Review Questions: VLANs
Review Questions: VLANs
1. Which switchport mode port transmits only untagged packets?
2. What three filters are applied to a frame when it enters a switch port?
3. Which commands can be used to troubleshoot a VLAN mismatch between

switches?

Lab: VLAN Configuration and Verification


Spanning Tree Protocol (STP)
Introduction
This module covers the Spanning Tree Protocol in a Dell EMC networking
environment.
In this module, you will become familiar with:

 Configuring and validating RSTP/RSTP-PV
 Configuring PortFast
 Manipulating spanning tree root bridge and port cost configurations
 Configuring STP Protection
 Interpreting the symptoms of a switching loop

Introduction
This lesson introduces the Spanning Tree Protocol.
This lesson covers the following topics:

 Overview of the Spanning Tree Protocol (STP)
 Bridge Protocol Data Units (BPDUs)
 Rapid Spanning Tree Protocol (RSTP)

Overview

Redundancy is built in to well-designed networks for

high-availability but is prone to switching loops where
two or more paths exist between stations.
Redundant switching topologies can create unicast
frame duplication and broadcast radiation (broadcast
storms) that continue indefinitely. There is no Time
to Live (TTL) value with Layer 2 frames, so they do
not expire.
Spanning Tree Protocol (STP) is a Layer 2 protocol

which provides a tree topology that is used to
provide redundancy. It enables a network of switches
to have redundant paths without the risk of network
loops. STP is now often called original or classic
STP. It differentiates this first, most basic version of
STP from others that evolved. Multipathing is a
requirement for high availability which is a design
guideline for networks. In such environment, loops
are created and STP is designed to prevent such
loops from clogging the networks with incessant
broadcast.
Rapid Spanning Tree Protocol (RSTP) is a Layer 2

protocol that evolved from STP. It provides faster
convergence and interoperability with switches that
are configured with STP. RSTP can recognize full-
duplex connectivity and ports which are connected to
end stations. Identifying and ignoring end station
ports results in rapid transitioning and the suppression of Topology Change
Notifications. RSTP is defined in the IEEE 802.1w standard in 2001.
Per VLAN RSTP (RSTP-PV) is the IEEE 802.1w (RSTP) standard that is
implemented per VLAN. The module covers RSTP-PV in more detail.
Switches in the network determine the root bridge and compute the port roles
which are called root, designated, or blocked. To ensure that each bridge has
enough information, the bridges use special data frames called Bridge Protocol
Data Units (BPDUs) to exchange STP information.

Issues Resolved with STP
STP elects a switch as the root to

achieve a loop free network. The
root election is based on the Bridge
ID which is a combination of the
switch priority (default value 32768)
and the MAC address. So, if the
default process is left alone, older
switches become the root which may
have an impact on performance. To
influence the election process,
modify the switch priority to the
lowest possible value (4096).
In the diagram, there is only a single

path to the root (switch 1) from the
other switch. Any alternate path is
blocked in virtue of the rules of STP
protocol.

STP Convergence
ROOT
BRIDGE
Lower MAC addres

than Switch C
Spanning Tree in a network converges which means the following have been
determined:
 Root Bridge (Switch)
 Designated Ports (Forwarding)

 Root Ports (Forwarding)

 Alternate Ports (Blocked)
 Backup Ports (Blocked)
Default STP Convergence – Larger Scale
Designated Port ROOT PORT
ROOT PORT
Switch A
Designated
Switch C
Port
Blocked Port
Backup Port
ROOT PORT
ROOT PORT
X
Blocked Port
ROOT BRIDGE
Switch D
PRI = 4096
Designated Port Designated

Port
Switch B
Designated
Port
Switch E
ROOT PORT
All ports on a root switch are designated ports and are always forwarding. The
same parameters have been met that were identified in the previous example.

Bridge Protocol Data Units (BPDUs)
An STP-enabled switch sends a Bridge Protocol Data Unit (BPDU) frame using the
unique MAC address of the port itself as a source address. The destination
address is set to the STP multicast address 01:80:C2:00:00:00. It enables all STP-
aware switches in the same LAN to receive the BPDU frame. BPDUs are
exchanged every 2 s by default and enable switches to track network changes.
When a device is first connected to a switch port, it will not immediately forward
data. Instead, it goes through several states while it processes BPDUs and
determines the topology of the network. The process begins the election of a root
bridge and takes about approximately 50 s.
Three types of BPDUs:

 Configuration BPDU (CBPDU)
 Topology Change Notification (TCN) BPDU)
 Topology Change Notification Acknowledgment (TCA)
The BPDU Frame contains the following fields:

 Protocol Identifier -- Contains the value zero.
 Version - Contains the value zero.

 Message Type - Contains the value zero.

 Flag – With STP, only the first 2 bits are used:
 The topology change (TC) bit signals a topology change.
 The topology change acknowledgment (TCA) bit is set to acknowledge
receipt of a configuration message with the TC bit set.
 Root ID - Identifies the root bridge by listing its 2-byte priority and 6-byte ID.
 Root Path Cost - Contains the cost of the path from the bridge sending the
configuration message to the root bridge.
 Bridge ID - Identifies the priority and ID of the bridge sending the message.
 Port ID - Identifies the port from which the configuration message was sent.
This field enables loops, that multiple attached bridges create, to be detected
and handled.
 Message Age - Specifies the amount of time since the root sent the
configuration message on which the current configuration message is based.
 Maximum Age - Indicates when the current configuration message should be
deleted.
 Hello Time - Provides the time period between root bridge configuration
messages.
 Forward Delay - Provides the length of time that bridges should wait before
transitioning to a new state after a topology change. (If a bridge transitions too
soon, not all network links might be ready to change their state, and loops can
result.)

Root Bridge
The root bridge of the spanning tree is the bridge with the lowest bridge ID and is
where all traffic aggregates. Each bridge has a unique identifier (ID) and a
configurable priority number. The bridge ID is a concatenation of these numbers.
The unique ID is the MAC address of the switch. Default priority is 32768. Best
practice suggests having the root bridge as close to the network gateway as
possible.
 Lowest MAC address determines root bridge by default.

 Change priority to assign static root bridge:
 Default priority is 32768

 Set in increments of 4096

o 0, 4096, 8192, 12288, 16384, 20470, 24576, 28672, 32768, 36864,
40960, 45056, 49152, 53248, 57344, 61440
 4096 is highest priority.
 Priority of 0 prevents root election participation.
If all switches have the default priority set, they defer to comparing their unique
MAC addresses. The switch with the lowest numerical MAC address becomes the
root by default. Use caution when enabling the switch tree to determine its own root
automatically. It is possible that the preferred switch does not become the root
switch.
To assign a static root switch, you must change the default bridge priority of 32768.
This value must be lowered to enable it to be assigned the root port role. This value
is changed in increments of 4096. Set the switch priority to 4096, as all the other
switches are set to 32768 and cause it to be elected the root switch. A bridge
priority of “0” prevents a switch from participating in the root election however not
all vendors observe this rule.

Port States
STP vs. RSTP States
STP States RSTP States
Forwarding Forwarding
Learning Learning
Listening
Blocking Discarding

Costs
Port cost is a value that is based on the interface type. The greater the port cost,
the less likely the port is selected to be a forwarding port. Port costs were modified
from the original bandwidth reference for 10 Mbps Ethernet from the 1970s. With
ever-increasing bandwidth, port costs had to be changed to remain relevant to
calculations in STP.
The forwarding port typically has the most bandwidth and is closest to the root
switch. The default port cost can be altered to enable the switch to select a specific
port to become a root port.
It is highly recommended to enable STP to determine which ports go into a

forwarding state to make troubleshooting easier. The lower the port cost increases
the chance that the port is in a forwarding state. The chart displays the default port
costs:
STP vs. RSTP Costs
Data rate STP Cost RSTP Cost
4 Mb/s 250 5,000,000
10 Mb/s 100 2,000,000
16 Mb/s 62 1,250,000

100 Mb/s 19 200,000
1 Gb/s 4 20,000
2 Gb/s 3 10,000
10 Gb/s 2 2,000

STP Enhancements
 DirectLink Group
 Root port.
 All ports that provide an alternate connection to root bridge.
 Ports that are self-looped are excluded.
 DirectLink Rapid Convergence (DRC)
 Typically used on access layer switches

 Enabled system wide (not per port)
 Requires “blocked” ports
 Enables immediate switch over to alternate port

DRC - Failover

DRC - Failover
 “Immediate” transition to forwarding state
 Violates IEEE standard behavior
 No listening/learning state transitions
 Floods dummy multicast packets on new uplink
 Source MAC address from FDB

 Destination MAC address is SSTP MAC
 Accelerates learning on upstream switches

DRC - New Uplink
New uplink brought on line

 If lower priority (higher numerical
value)
 No change as existing link is
“best”
 If higher priority (lower numerical
value)
 Hysteresis prevents
immediate transition
 Delay equal to 2 x forwarding
delay

Indirect Rapid Convergence

Indirect link failure:

 Indirect link means not directly connected
 Detected by tracking BPDUs
 Inferior BPDU from designated bridge
 Standard behavior is to ignore inferior BPDUs
 If inferior BPDU received, a failure has occurred on path to root
 At least one port must be aged out

When an inferior BPDU is received on a nondesignated port, phase 2 of IRC
processing starts. An RLQ PDU is transmitted on all nondesignated ports except
the port where the inferior BPDU was received and self-looped ports. This action is
intended to verify that the switch can still receive from the root on ports that should
have a path to the root. The switch port that receives the inferior BPDU is excluded
because it already failed. Self-looped and designated ports are eliminated as they
do not have a path to the root.

IRC Flow
When a port receives a negative RLQ response, it has lost connection to the root
and the switch ages out its BPDU. If all other nondesignated ports received a
negative answer, the switch has lost the root and restarts the STP calculation.
If the response confirms that the switch can still access the root bridge, it
immediately ages out the port on which the inferior BPDU was received.
If the switch only received responses with a root different from the original root, it
has lost the root port and restarts the STP calculation immediately.

Rapid Spanning Tree Protocol (RSTP)
The IEEE published the Rapid Spanning Tree Protocol (RSTP) standard as 802.1w
in 2001. RSTP is essentially the same as STP, however it provides faster
convergence and interoperability with switches that are configured with STP.
 RSTP achieves
approximately
90% faster
reconfiguration
time, and then the
reconfiguration
time of STP by:
 Reducing the
number of
state changes
before active
ports start
learning.
 Predefining an
alternate route
that can be
used when a node or port fails.

 Retaining the forwarding database for ports insensitive to changes in the

tree structure when reconfiguration occurs.
 If the port gets a BPDU from different switch, and then it is an alternate. If it gets
the BDPU from itself, and then it is a backup port.
When using RSTP:

 If the port gets a BPDU from a different switch other than the switch that has the
designated port, it is an alternate port.
 If it is a designated port that is discarding on the same bridge as the designated
port for the tree, it is a backup port.
 If the port gets a BPDU from different switch, the port is an alternate. If it gets
the BDPU from itself, it is a backup port.

RSTP Configuration
Command Description
console# configure Enter configuration mode.
console(config)# spanning-tree mode Configures the RSTP protocol

rstp on the switch.
console(config)# spanning-tree mode Configures the switch priority

priority <value> for the specified spanning tree
instance. The range for the
priority value is 0–61440.
console(config-if-Gi1/0/1)# spanning- Configures the externally

tree cost <value> advertised spanning-tree path
cost for a port. The range for
the cost is 0–200000000.
console(config)# show spanning-tree View information about

spanning tree and the
spanning tree configuration on
the switch.

Rapid Spanning Tree Protocol-Per VLAN (RSTP-PV)
Introduction

 Rapid Spanning Tree Protocol-Per VLAN (RSTP-PV)

RSTP-PV Overview
RSTP-PV is the IEEE 802.1w (RSTP) standard that is implemented per VLAN. A
single instance of rapid spanning tree (RSTP) runs on each configured VLAN. Each

RSTP instance on a VLAN has a root switch. The RSTP-PV protocol state
machine, port roles, port states, and timers are similar to the ones defined for
RSTP. RSTP-PV embeds the DirectLink Rapid Convergence (DRC) and
IndirectLink Fast Rapid Convergence (IRC) features, which cannot be disabled.
RSTP-PV is not compatible with protocol-based VLANs. Ensure that ports that are
enabled for per-VLAN spanning tree are not configured for protocol-based VLAN
capability.
The switch spanning tree configuration is global in nature. Enabling RSTP-PV

disables other spanning tree modes on the switch. The switch cannot operate with
some ports that are configured to operate in standard spanning tree mode and
others to operate in RSTP-PV mode. However, RSTP-PV has fallback modes for
compatibility with standards-based versions of spanning tree.
Dell EMC Networking N-Series switches support both Rapid Spanning Tree Per
VLAN (RSTP-PV) and Spanning Tree Per VLAN (STP-PV).

RSTP-PV Limitations
 64 VLAN instances are supported.

 Detection of port type inconsistency is not supported.
 Disabling of PV(R) STP on VLAN 1 is not enabled.
 When the UplinkFast feature is enabled in PVST mode, the system
performance depends on the number of the entries in the FDB table. UplinkFast
sends dummy frames for every entry in the table.
 State transitions based on detection of self-looped ports is not supported.

RSTP-PV Configuration
Command Description
console# configure Enter configuration mode.
console(config)# spanning-tree mode Enables RSTP-PV on the

rapid-pvst switch.
console(config)# spanning-tree vlan Set bridge-priority for each

<vlan id> priority <value> VLAN instance. The range for
the VLAN ID is 1–4093. The
range for the priority value is
0–61440.
console(config-if-Gi1/0/1)# spanning- Configures the externally

tree cost <value> advertised spanning-tree path
cost for a port. The range is 0–
200000000. Default values
used unless cost is manually
configured per-instance.

console(config)# spanning-tree port- Per-instance port priority -

priority <value> preference between ports that
have otherwise identical cost.
The range is 0–240 in
increments of 16.
console(config)# show spanning-tree Display the spanning tree

<vlan id> information per VLAN and also
list out the port roles and
states as well as port cost.

Optional Features
Optional Features
Introduction
This lesson covers the following optional STP features that are supported on the
Dell EMC Networking N-Series switches:
 PortFast
 BPDU filtering
 BPDU flooding
 Root guard
 Loop guard
 BPDU protection

Optional Features
PortFast
The PortFast feature reduces the STP convergence time by enabling edge ports to
transition to the forwarding state without going through the listening and learning
states.
 Allows immediate transition to forwarding state

 Port still participates in STP
 Used for non-switch devices:
 Client
 Server
 Printer
 Prevents unnecessary timeouts from DHCP servers

Optional Features
BPDU Filtering
Ports that have PortFast enabled continue to transmit BPDUs. The BPDU filtering
feature prevents PortFast-enabled ports from sending BPDUs.
If BPDU filtering is configured globally on the switch, the feature is automatically

enabled on all operational PortFast-enabled ports. These ports are typically
connected to hosts that drop BPDUs. However, if an operational edge port receives
a BPDU, the BPDU filtering feature disables PortFast and enables the port to
participate in the spanning tree calculation.
Enabling BPDU filtering on a specific port prevents the port from sending BPDUs
and enables the port to drop any BPDUs it receives.

Optional Features
BPDU Flooding
The BPDU flooding feature determines the behavior of the switch when it receives
a BPDU on a port that is disabled for spanning tree. If BPDU flooding is configured,
the switch floods the received BPDU to all the ports on the switch which are
similarly disabled for spanning tree.

Optional Features
Root Guard
Root guard is another way of controlling the spanning-tree topology other than
setting the bridge priority or path costs. Root guard ensures that a port does not
become a root port or a blocked port. A switch that is elected as root bridge has all
ports set as designated ports. If the switch receives a superior STP BPDU on a
root-guard enabled port, the root guard feature moves the port to a root-
inconsistent spanning-tree state. No traffic is forwarded across the port, but it
continues to receive BPDUs, discards received traffic, and is added to the active
topology. Essentially, it is equivalent to the IEEE 802.1D listening state. By not
transitioning the port on which the superior BPDU has been received to the
forwarding state, root guard helps maintain the existing spanning-tree topology.

Optional Features
Loop Guard
Loop guard protects a network from forwarding loops that are induced by BPDU
packet loss. The reasons for failing to receive packets are numerous, including
heavy traffic, software problems, incorrect configuration, and unidirectional link
failure. When a nondesignated port no longer receives BPDUs, the spanning tree
algorithm considers the link as loop free and transitions the link from blocking to
forwarding. Once in the forwarding state, the link may create a loop in the network.
Enabling loop guard prevents such accidental loops. When a port is no longer
receiving BPDUs and the max age timer expires, the port is moved to a loop-
inconsistent blocking state. In the loop-inconsistent blocking state, traffic is not
forwarded so the port behaves as if it is in the blocking state. It discards received
traffic, does not learn MAC addresses, and is not part of the active topology. The
port remains in this state until it receives a BPDU. It transitions through the normal
spanning tree states that are based on the information in the received BPDU.
NOTE: Loop Guard should be configured only on nondesignated ports. These

include ports in alternate or backup roles. Root ports and designated ports should
not have loop guard enabled so that they can forward traffic.

Optional Features
BPDU Protection
When the switch is used as an access layer device, most ports function as edge
ports. The port has a single, direct connection and is configured as an edge port to
implement the fast transition to a forwarding state. When the port receives a BPDU
packet, the system sets it to nonedge port and recalculates the spanning tree,
which causes network topology flapping. In normal cases, these ports do not
receive any BPDU packets. However, someone may forge BPDU to maliciously
attack the switch and cause network flapping.
BPDU protection can be enabled in RSTP to prevent such attacks. When BPDU
protection is enabled, the switch disables an edge port that has received BPDU
and notifies the network manager about it.

Module Summary
Module Summary

Review Questions: Spanning-Tree Protocol—STP
Review Questions: Spanning-Tree Protocol—STP
1. How does RSTP determine the root bridge if all the switches have the same
priority value?
2. What command is used to enable RSTP?
3. How many VLAN instances are supported with RSTP-PV?
4. What optional feature ensures that a port does not become a root port or a
blocked port?

Lab: Spanning-Tree Protocol (STP)


Link Aggregation Group—LAG
Introduction
This module introduces Link Aggregation Groups, or LAGs on Dell EMC N-Series
switches. How to configure and monitor LAGs and various LAG implementations is
also covered.

 Define a Link Aggregation Group, or LAG, and discuss why it is needed in a
campus network environment.
 Demonstrate commands that configure and verify a static LAG.
 Demonstrate commands that configure and verify a dynamic LAG.
 Describe how hashing is used to modify traffic distribution on a LAG.
 Describe common deployment scenarios in which LAGs are used in a
campus environment.

LAG Overview
LAG Overview
Introduction
This lesson explains what a Link Aggregation Group or LAG is, related terminology,
the two types of LAGs and their supported configurations.

 Basic LAG Concepts
 Static vs Dynamic LAG
 Supported configurations

LAG Overview
Basic LAG Concepts
Basic LAG Concepts
A Link Aggregation Group, or LAG, provides a way to create a single logical

network link with two or more parallel physical links. IEEE 802.3ad is the standard
that specifies how a LAG operates. Dell EMC network switches define a LAG as a
port channel, and the two terms are used interchangeably.
A LAG or port channel has the following characteristics:

 Increased bandwidth
Using multiple Ethernet cables and ports in parallel increases the link speed
beyond the speed of any single physical link. For example, if a port channel is
created from four 10-Gbps Ethernet links, the port channel has a combined
maximum bandwidth of 40 Gbps. However a single I/O flow is still limited to the
bandwidth of one link, 10 Gbps in this case. Each I/O flow is assigned to a
separate link in the LAG, according to a hashing algorithm. Depending on traffic
patterns, a LAG may or may not increase performance.
 Increased availability
Since a LAG operates as a single logical link, all the physical links remain active
and carry traffic. If one link in the LAG fails, traffic that is previously carried over
the failed link is moved to the remaining links. Keep in mind that a failed link
changes the STP link cost for the LAG. To prevent this change, the

LAG Overview
administrator can statically set the STP cost of the LAG. Use the spanning-
tree cost command on the port channel, to statically set the STP cost.
 Load sharing
Network traffic is balanced across a LAG. User configurable hashing algorithms
are used to optimize load balancing across the physical links in a LAG.

LAG Overview
Static Vs. Dynamic LAG
Static Vs. Dynamic LAG
There are two different methods to configure a LAG or port channel.
 A static LAG is set up only once. An administrator can add or remove links
manually. It is the responsibility of the administrator to see that both ends of the
link are configured correctly. If the links are not configured correctly, there is no
underlying protocol to detect errors.
 A dynamic LAG uses Link Aggregation Control Protocol—LACP to exchange
information between link endpoints.
 LACP is specified in the IEEE standard 802.3ad. It provides a standardized

means for dynamically exchanging information between two switches to
configure and maintain link aggregation groups automatically.
o Active LAGs transmit LACP frames enabling each end of the port
channel to verify correct configuration before bringing links online.
o Physical links that fail are removed dynamically with LACP. But if there is
one active physical link, the port channel remains online to upper level
protocols.
Dynamic LAGs are the preferred option because of LACP verification.

LAG Overview
Supported Configurations
Supported Configurations
 Physical connections
 A physical interface can belong to only one port channel.
 All interfaces in the port channel must operate at the same speed.
 Only those interfaces that match the speed of the first interface in the port
channel are enabled.
 A port channel is "UP" when at least one member link is up.
 Port configuration
 All the physical ports in the link aggregation group must reside on the same
switch. If a virtual switch is created out of stacked switches, the port channel
interfaces may come from any switch in the stack. Stacked switches provide
high availability by spreading the port channel interfaces across multiple
switches in a single virtual switch.
 The port channel must be configured the same on each switch. For
example, a static port channel is configured as static on both switches that
are connected to the link.

LAG Overview
LAG Example 1—Supported or Unsupported?
Dedicated ports are used between each switch, using a static LAG between switch
B and C and a LACP lag between switches A and B.
Within the industry, both LACP and static lags are described as IEEE LAGs. IEEE
defines both types of LAG in its standards. However, only LACP includes the
standardized control protocol.

LAG Overview
This example is not valid for the following reason: Switch A is configured for static,
and switch B is configured for LACP. In this case, the port channel does not come
up.
 On switch A, the links are aggregated to form static logical port channel 1, or
po1. A show interface po1 command displays the interface as both
administratively up and operationally up. This condition is due to the individual
links being up.
 Switch B po1 would not group and would remain in an administratively up,
operationally down state.
 Since the port channel does not fully come online, there are implications for
performance as STP blocks the highest numbered interfaces that are
redundant.

LAG Overview
The main thing to make note of here, is that a single LAG CANNOT be split
between three switches. Depending on which links came up first, two members
would be UP while the other two links would be down. This condition is due to the
different received SYSTEM MAC addresses within the LACP PDUs.
A different feature, such as an MLAG, is required to create a link aggregation group

between three switches. For details, see the MLAG lesson.

LAG Overview
The main thing to note for this example, is that the LAG shows up active on each
device but WILL NOT work properly. A LAG between a dual-NIC server and a
switch is valid, and is discussed later. But trying to aggregate links between
switches and links between a switch and a server is not valid.

Static LAG Configuration
Introduction
This lesson displays and describes the commands that are used to create a static
port channel.

 CLI port channel commands used to create static LAGs between N-Series
switches
 Interface verification and monitoring commands

Creating Static Port Channel
Creating Static Port Channel
The same configuration must be implemented on each switch that is connected to

the port channel.
Notes on commands
 The interface range command that is displayed on this slide groups switch
ports 1, 2, 6 and 7, and then modifies their configuration as one group. The
ports are each 10-Gbps Ethernet interfaces. Notice how the prompt changes
(config ==> config-if) after entering this command. This new prompt indicates
that the next command applies to the group of interfaces specified in the
previous command.
 The channel-group command creates the port channel from the interfaces
that are specified in the previous command. The 1 in the command specifies the
creation of port channel 1, or Po1. The on parameter specifies that Po1 is a
static port channel.
Remember that these commands must be run on both switches that attach to the
port channel.


Command to Verify Static Port Channel Configuration
Command to Verify Static Port Channel Configuration
This screen displays information for a different port channel than created on the
previous slide.
Notes on the show interfaces port-channel 1 command that is displayed

on this slide:
 This port channel is abbreviated as Po1.
 The active ports that are included are GigE ports 3 and 4.
 This example shows a static port channel.
 Load balancing is done using enhanced hashing type 7. Hashing algorithms
are shown at the bottom of the display and are explained in more detail in the
LAG Hashing lesson.
 A minimum number of physical links for a viable port channel can be specified
with the min-links command. If min-links=1, the port channel is operational
when there are one or more active links.
 Local preference is disabled.
Note on local preference setting

What if a LAG contains links that are distributed across stacking units? The default
behavior is to distribute locally received ingress traffic across all LAG links in the
stack per the selected hashing algorithm. When local is enabled, traffic is
forwarded only on LAG interfaces attached. Forwarding is disabled to LAG
interfaces on other stacking units. Forwarding paths are reduced through restricting
LAG hashing to only select egress links on the stack unit where the traffic
ingresses.
CAUTION: If the capacity of the local egress LAG links is exceeded, traffic is
discarded. Use of the local option should be carefully considered before enabling.
The operator must ensure that sufficient egress bandwidth is available in the LAG
links on every stack member to avoid excessive discards.
By default, the local-preference mode for a port channel is disabled.

Dynamic LAG Configuration and LACP
Introduction
This lesson displays and describes the commands that are used to configure and
verify dynamic port channels.

 Dynamic LAG configuration commands
 LAG verification and monitoring commands

How to Configure Dynamic Port Channel
How to Configure Dynamic Port Channels
Instructor Note: Present the commands used to create a dynamic

port channel.
The commands used to configure a dynamic port channel are similar to the
commands used to configure a static port channel.
 The interface range command groups ports 1, 2, 6 and 7 and modifies

their configuration as a group. These interfaces are all 10-Gbps Ethernet ports.
Notice how the prompt changes (config ==> config-if) after entering this
command. This new prompt indicates that the next command applies to the
group of interfaces specified in the previous command.
 The channel-group command creates the port channel from the interfaces
that are specified in the previous command. The 1 in the command specifies the
creation of port channel 1, or Po1. The mode Active parameter specifies that
this port channel is dynamic. The passive parameter is not available in DNOS
6.

Remember that these commands must be run on both switches that attach to the
port channel.

How to Verify Details for Specific Dynamic Port Channel
How to Verify Details for Specific Dynamic Port Channel
This screen displays information for a different port channel than created on the
previous slide.
Notes on the show interfaces port-channel 1 command that is displayed

on this slide:
 This port channel is abbreviated as Po1.
 The active interfaces that are included are Ten-GigE ports 1, 2, 6 and 7.
 This LAG is a dynamic port channel.
 Load balancing is done using enhanced hashing type 7. Hashing algorithms
are shown at the bottom of the display and are explained in more detail in the
LACP Hashing lesson.
 A minimum number of physical links for a viable port channel can be specified
with the min-links command. If min-links=1, the port channel is operational
when there are one or more active links.
 Local preference is disabled.

How to Verify Details for Multiple Port Channels
How to Verify Details for Multiple Port Channels
This example displays information for multiple port channels.
 When the show interfaces port-channel command is issued without

specifying a specific port channel, all port channels are displayed.
Other helpful commands:
 show lacp gigabitethernet

 show lacp gigabitethernet statistics
 show statistics port-channel

LAG Hashing
LAG Hashing
Introduction
Introduce LAG hashing and explain the ways that traffic is distributed across the
multiple links in a port channel.

 Overview of hashing choices
 Displaying and configuring the hashing mode

LAG Hashing
Overview of Hashing for Port Channels
Overview of Hashing for Port Channels
Dell EMC Networking N-Series switches support configuration of hashing

algorithms for each port channel interface. The hashing algorithm is used to
distribute traffic load among the physical ports of the port channel while preserving
the per-flow packet order. A flow is a conversation between two end points. For
example, a conversation between servers A and B is a different flow from a
conversation between servers A and C. The hashing algorithm ensures that traffic
can be spread across multiple links in the port channel, while maintaining the per-
flow packet order of each conversation.
Hashing algorithms ensure that there are no out-of-order packets by assigning

each flow to a separate physical link. For example, the conversation between
servers A and B would be assigned to one physical link in the port channel. A
different conversation between servers A and C can be assigned to a different
physical link. The assignment is based on hashing criteria such as source and
destination addresses.
This diagram shows flows in one direction only. Response to these I/O flows
traveling in the other direction from the switch on the right may use a different link
on the LAG. Each switch calculates hashing independently.

LAG Hashing
Enhanced hashing mode is the recommended and default hashing mode for Dell
EMC Networking N-Series switches.
The various hashing algorithms use some variation of the following information
from the MAC and IP header:
 Source or destination MAC address
 Source or destination IP address
 Source or destination TCP or UDP port number
 EtherType
 Source switch module and port ID
It is possible that traffic may not be balanced across the links, depending on which
hashing mode is used. For example, if most traffic is directed at a single IP
address, all of that traffic would traverse a single link if the hashing mode is set to
destination IP address. It is important to understand traffic patterns when setting
the hashing mode.

LAG Hashing
Configuring LAG Hashing Mode
Configuring LAG Hashing Mode
There are seven LAG hashing modes. They are displayed using the hashing-
mode ? command. Mode 7 - Enhanced hashing mode is recommended and set by
default because it has the best load balancing performance usually.
To set the hashing mode:

 Enter port channel configuration mode. The correct configuration mode is
indicated with a prompt of config-if-PoX, where X is the port channel
number.
 Enter the command hashing-mode <mode>. The mode value is a number
from 1 to 7. The numbers correspond to the following algorithms:
1. Source MAC, VLAN, EtherType, source module, and port ID
2. Destination MAC, VLAN, EtherType, source module, and port ID
3. Source IP and source TCP/UDP port
4. Destination IP and destination TCP/UDP port
5. Source/destination MAC, VLAN, EtherType, and source MODID/port
6. Source/destination IP and source/destination TCP/UDP port

LAG Hashing
7. Enhanced hashing mode

 Use the no hashing-mode command to set the hashing algorithm on port
channels to the default.
Note: Enhanced hashing mode has the following characteristics:
 MODULO-N operation based on the number of ports in the LAG

 Packet attributes selection based on the packet type:
– For L2 packets, Source and Destination MAC address are used for hash
computation
– For IP packets, Source IP, Destination IP address, TCP/UDP ports are used
 Non-Unicast traffic and Unicast traffic are hashed using a common hash
algorithm

Common Deployment Scenarios
Introduction
This lesson covers common deployment scenarios in which LAGs are used in a
campus environment.

 Switch to switch link aggregation
 Switch to server link aggregation
 Using LAGs with STP
 Using LAGs with VLANs

Switch to Switch Link Aggregation
Switch to Switch Link Aggregation
This scenario is the primary use case for link aggregation.
Considerations for successfully bringing a port channel online:

 All physical links must be the same operational speed. If ports auto-negotiate, it
is possible that they do not come up at the same speed. If a link auto-negotiates
at a different speed, it does not become part of the active port channel.
 Dissimilar ports do not become active in the LAG if their operational settings do
not match the settings of the first member of the LAG. If a switch reboots, it is
possible the first port that comes up in the LAG could be a slow port that
previously was not active. In that case, the faster links do not become active
because the speed does not match the first port that comes up in the LAG. To
avoid this scenario, use the lacp port-priority command to select one or
more primary links to lead the formation of the aggregation group.
 Copper and optic ports may operate at the same speed. But, it is not a good
idea to mix them in the same LAG because copper ports have higher latencies.

Switch to Server Link Aggregation
Switch to Server Link Aggregation
Links can also be aggregated between a switch and a server.
Requirements:
 The server must have a Network Interface Card—NIC teaming configuration.
NIC teaming enables multiple Ethernet network interface adapter ports on the
server to act as a single virtual network adapter port.
 NIC teaming only provides load balancing and failover when multiple
network adapter cards are used.
 The NIC team uses the MAC address of the primary NIC team member.
LACP is configured to provide dynamic link aggregation and to communicate
with LACP running on the switch.
 Switches should have LACP enabled and use dynamic port channels.

Spanning Tree Protocol and LAG
Spanning Tree Protocol and LAG
In a network environment, redundant links cause network loops. Network loops

cause broadcast storms and other negative conditions. Spanning Tree Protocol—
STP blocks ports to prevent network loops and their negative effects. Link
aggregation provides a way to use redundant links to increase bandwidth between
switches, without creating network loops.
Link aggregation works with STP in the following ways:

 Broadcast frames are transmitted out every switch port except for the port the
frame was received on. However, a broadcast frame is only transmitted out one
physical port in the LAG. The LAG hashing algorithm determines which port to
use.
 The LAG prevents network loops, even though there are redundant paths. STP
treats all interfaces within the LAG as a single logical port. For this reason, STP
does not block any of the physical ports in the LAG.
 Spanning tree does not maintain state for members of a LAG, but does maintain
state for the LAG interface as a whole.
 As far as STP is concerned, members of a LAG do not have individual link
state. Internally, the STP state of the LAG interface is replicated for the member
links.

 When members are deleted from a LAG they become normal links, and
spanning tree maintains their individual link state information.
 If there is more than one LAG between two switches, STP blocks one of them to
prevent network loops. This is the same behavior as for non-LAG interfaces.
STP causes the switch to select the path cost based on the link speed. The default
cost values are:
 40G Port path cost—500

 10G Port path cost—2000
 1000 Mbps (giga)—20,000
 100 Mbps—200,000
 10 Mbps—2,000,000
 Port Channel—200,000,000 divided by the sum of the unidirectional link speed
(in Mbps) of each active member multiplied by 10. This calculation is based on
section 13.6.1 of the IEEE 802.1s standard. A failed link in a port channel
results in a new STP cost calculation.

Using LAGs with VLANs
Using LAGs with VLANs
VLANs treat the port channel as a single interface, not as multiple individual
interfaces.
Features such as VLAN trunking apply to the port channel, not to the individual
paths that make up the port channel.
 The LAG interface as a whole can be a member of a VLAN complying with
IEEE 802.1Q.
 When members are added to a LAG, they are removed from all existing VLAN
membership. LAG members assume the VLAN membership of the LAG.
 When members are removed from a LAG, they are added back to the VLANs
that they were previously members of as per the configuration file. The VLAN
membership for a port still can be configured when it is a member of a LAG.
However this configuration is only applied when the port leaves the LAG.

Module Summary
Module Summary

Review Questions: Link Aggregation Group—LAG
Review Questions: Link Aggregation Group—LAG
1. What benefits are provided through port channels or LAGs?
2. How is a dynamic port channel different from a static port channel?
3. How is a static port channel configured?
4. How is a dynamic port channel configured?

Lab: Link Aggregation Group (LAG)


Multi-Switch Link Aggregation Group (MLAG)
Introduction

 Describe what Multi-Switch Link Aggregation Groups (MLAGs) are and
discuss how they are used in a campus network environment.
 Identify the components of MLAG and their function.
 List the supported MLAG configurations and limitations.
 Configure and verify an MLAG environment.
 Debug MLAG using debug commands and modifiers.

Multi-Switch Link Aggregation Group (MLAG) Overview
Introduction
This lesson introduces the Multi-switch Link Aggregation Group or MLAG feature,
and compares it to LAG and stacking, explains basic operation, and discusses
limitations.

 MLAG feature overview
 Components of MLAG
 Comparison of MLAG to LAG and stacking
 MLAG advantates
 MLAG limitations

Introduction to MLAG
An MLAG enables a port channel from a single switch to connect with two MLAG
peer switches. The peer switches must have a peer link between them.

LAG vs. MLAG
A LAG has multiple connections that act as one larger point-to-point connection. An
MLAG enables two switches to act like one switch from a point-to-point LAG
prospective. The ability of two switches to act like a single switch is an MLAG. This
feature enables a switch to create a LAG to two separate switches for physical
diversity, while still acting like a single bundled interface to manage.

MLAG Advantage
 STP Blocking
STP is deployed to avoid packet storms due to loops in the network. STP sets
ports to blocking state. These ports do not carry traffic. When a topology
change occurs, STP reconverges.
 MLAG
MLAG acts as one switch not two so a loop is not created. None of the links are
blocked. Traffic can flow over both links.

MLAG Components
MLAG components
 MLAG switches
– MLAG-aware switches run Dell Network operating system switch firmware.
No more than two MLAG-aware switches can pair to form one end of the
LAG.
– Stacked switches do not support MLAGs. SW1 and SW2 are MLAG peer
switches. The switches form a single logical end point for the MLAG from the
perspective of Switch A.
 MLAG interfaces
– MLAG functionality is a property of port channels.
– Port-channels configured as MLAGs are called MLAG interfaces.
– Administrators can configure multiple instances of MLAG interfaces on the
peer MLAG switches.
– Port-channel limitations and capabilities like min-links and maximum number
of ports that are supported per LAG also apply to MLAG interfaces.
 MLAG member ports
– Ports on the peer MLAG switches that are part of the MLAG interface (P1 on
SW1 and S1 on SW2).
 Non-redundant ports

– Ports on either of the peer switches that are not part of the MLAG (ports P4
and S4). MLAG interfaces and non-redundant ports cannot be members of
the same VLAN. A VLAN may contain MLAG interfaces, or a VLAN may
contain non-redundant ports, but not both.
 MLAG peer-link
– A link connects two MLAG peer switches (ports P2, P3, S2, S3). Only one
peer-link can be configured per device.
– The peer-link is crucial for the operation of the MLAG component.
– A port channel must be configured as the peer-link.
– All VLANs configured on MLAG interfaces must be configured on the peer-
link as well.
 MLAG dual control plane detection link
– A virtual link that is used to advertise the Dual Control Plane Detection
Protocol (DCPDP) packets between the two MLAG switches. DCPDP is
optional and should be used cautiously.
– The protocol is used as a secondary means of detecting the presence of the
peer switch in the network.
– Do not configure the DCPDP protocol on MLAG interfaces.

MLAG Peer Link
 MLAG requires a peer-link to operate

 Peer status
 Synchronization of Forwarding Data Base (FDB) and other data
 Backup link if one MLAG peer becomes disconnected
 Can optionally use a routed link to obtain secondary peer status
 Peer link
 Must be a LAG
o Dynamic LAGs are recommended not static LAGs
 Must disable spanning tree
 Peer link should be configured as a trunk port
o Can only support MLAG VLANs
o Must remove non-MLAG VLANs
 Peer link should have multiple links to carry the bandwidth of the LAG
partner

MLAG Peers
MLAG Peers:
 MLAG supports two Switches Only, not 1, not 3.
 No Stacking, switches that are part of a stack cannot also perform MLAG
functions.
 Switches elect a primary and secondary switch.
 Primary switch handles LACP and STP protocols for redundant interfaces.
 Each switch handles their own Non-redundant interfaces.
 Forwarding Database (FDB) synchronized between switches.
 If there is a failure, FDB accelerates recovery.

Stacking vs. MLAG
Stacking vs MLAG
Stacking and MLAG can provide similar functions. The difference is in how the
stack is managed:
 Stacking has a consolidated management structure.
 Master controls the configuration of the whole stack.
 If the stack needs a firmware upgrade, the whole stack must be upgraded
simultaneously. Upgrades require scheduled down time to reboot each
switch after a firmware upgrade.
 MLAG has an independent management structure.
 MLAG requires two points of management one for each switch.

 MLAG switches each have their own management. Each switch can be
upgraded independently from the other switches, so no scheduled down
time is required.
Some customers will choose stacking over MLAG for its single management
solution. Other customers choose MLAG so that firmware upgrades can be
performed independently for maximum uptime no required reboot. It is
recommeneded switches in MLAG run the same version even though each switch
can be independently upgraded.

Dual Control Plane Detection Protocol
Dual Control Plane Detection Protocol
An optional MLAG component called Dual Control Plane Detection Protocol

(DCPDP) is used to detect the presence of the peer switch. DCPDP is independent
of the keep-alive protocol running on the peer link.
DCPDP is a UDP-based L3 protocol. It may be configured on a routed VLAN that

does not contain any MLAG port channel interfaces. When enabled, the DCPDP
sends an L3 control plane detection message to the peer once every second. The
message is unidirectional and contains the senders MAC address in the payload.
The state of the primary and secondary MLAG switches is maintained on both
MLAG peers. DCPDP runs over an IP interface when enabled.
Configuring dual control plane detection protocol is optional, and not necessary,
because keep-alive messages that are sent through MLAG peer-link are sufficient
for setting up MLAG.
DCPDP implements a backup connection between MLAG peers. This connection

avoids a split brain scenario where both switches act like they are the Master
MLAG when an interswitch link fails. This protocol uses the IP layer to send dual
control plane detection messages to the peer once every second.

MLAG Caveats
 DCPDP (in 6.0) can cause split brain scenario.

 With updates in 6.1, if there is a peer-link failure, secondary ports are
blocked.
 Split brain is having both switches act like they are the Master MLAG
because they cannot communicate with the other switch.
 LACP is recommended to avoid split brain scenarios, such as dual peer-link and
DCPDP failures.
 Primary/secondary switches have unique MAC addresses.
 The primary switch handles STP for both switches. The secondary spanning
tree is running but has no active ports. It shows as root.
 The MLAG election is nonpreemptive.
 Once enabled, MLAG switches contest in an election to select the Primary
and Secondary switch.
 Modifications to priority and timeout interval are effective only before the keep-
alive protocol is enabled.
 Only one domain is supported.
 Multiple MLAG partners, each with unique vpc id.

MLAG Considerations
 Peer switches must be the same model. For example, both switches are N3048.
 Peer switches must be the same series. For example, 6.1.
 N2000 and N4000 series cannot be peers because of different table sizes.
 No stacking: MLAG is formed with two stand-alone switches only.
 Upgrade scenario is minimally disruptive (not hitless)
 Reconvergence equivalent to spanning-tree
 Link failover has momentary packet loss
 2 secs
 Momentary LAG flap on MLAG partners
 Primary switch failure
 ~14 seconds
 Reconvergence equivalent to spanning-tree

More MLAG Considerations
 RSTP-PV/STP-PV not supported with MLAG.

 RSTP or MSTP only
 Static routing is not supported internally (within MLAG VLAN) in VPC in a two-
tier topology (supported externally only). MLAG is a L2 only solution
 Peer link requires a native VLAN.
 Two VRRP masters:
o VRRP master negotiation occurs over a directly connected routed link.
But there is no support in MLAG for packets to cross the peer link except
in cases of MLAG uplink/downlink failure
 Can only shut down VPC port channel from primary
 Shutting down port channel on primary shuts down port channel on primary and
secondary

MLAG Incompatibilities
Dell Networking MLAG is not compatible with other solutions

 Virtual Switching System (VSS) from Cisco IOS
 Virtual Port Channel (vPC) from Cisco NX-OS
– Even though Dell Networking Operating System 6 uses the feature vpc
command to enable MLAG, the feature is not compatible with Cisco vPC.
 Virtual Link Trunking (VLT) from Dell Networking Operating System 9

MLAG Configuration and Validation

MLAG Configuration Overview
1. Enable MLAG globally.

2. Configure the vPC domain:
 Optional: To specify the primary and secondary MLAG peer, configure a
vPC priority on each MLAG peer switch.
 Optional: Configure the timeout interval.
 Optional: Configure the virtual link.
 Optional: Enable Dual Control Plane Detection Protocol (DCPDP).
 Enable peer-keepalive.
3. Configure the MLAG peer-link:
 Create LAG that will be used to pass data traffic between the MLAG peer
switches.
 Disable spanning tree on the peer-link.
 Enable trunking on peer-link.
4. Configure the MLAG partner interfaces:
 Configure a LAG with matching vPC ID on each MLAG peer switch.

Enable and Verify MLAG Globally
To enable MLAG globally, go to configure mode and issue the feature vpc
command. Verify it is enabled with the show vpc brief command.
Console# configure Enter configuration mode.
console(config)# feature vpc Enable MLAG globally.

Configure vPC Domain
console# show vpc brief
VPC admin status............................... Enabled

Keep-alive admin status........................ Enabled
VPC operational status......................... Disabled
Self role...................................... None
Peer role...................................... None
Peer detection admin status.................... Disabled
Example showing results of configuring vPC domain

Configure Peer Link
The peer-link is crucial for MLAG operation. The peer-link must be configured on a
port channel interface. Only one peer-link aggregation group is enabled per peer
switch. All instances of MLAG running on the two peer switches share the peer-link.
The peer-link must NOT have the spanning tree feature enabled.
The peer-link is used for the following purposes:

 To transport keep-alive messages to the peer.
 To sync FDB entries learned on MLAG interfaces between the two MLAG peer
switches.
 To forward STP BPDUs and LACPDUs received on secondary MLAG member
ports to the primary MLAG switch.
 To send interface events that are related to MLAG interface and member ports
that occur on the secondary switch to the primary switch.
 To transfer MLAG control information between the primary and secondary
MLAG switches.
 Support a redundant forwarding plane in the case that all member ports of an
MLAG interface are down on an MLAG peer. In this case, traffic received on the
peer switch that is destined to the MLAG peer with the downed ports is sent
over the peer-link. The peer MLAG switch forwards traffic to the partner switch.

View Peer-Link Details
MLAG requires a peer-link to operate:

 Peer status
 Synchronization of FDB and other data
 Backup link if one MLAG peer becomes disconnected
 Can optionally use a routed link to obtain secondary peer status Peer link
 Must be a LAG
 Recommend dynamic LAGs
 Must have the spanning tree feature disabled
 Recommended it be a trunk port
 Can only carry MLAG VLANs
 Must remove non-MLAG VLANs
 Recommended it have multiple links
 Recommended peer link has sufficient bandwidth to carry LAG partner traffic

View vPC Peer-Link Role
Control Plane Election in MLAG Switches

 The MLAG component peer link uses the keep-alive protocol to select a primary
and a secondary switch. The keep-alive protocol is mandatory. The selection of
the primary switch is nonpreemptive and is not configurable.
 Once the primary switch is elected, it owns the MLAG member ports on the
secondary device. It handles the control plane functionality of supported
protocols for the MLAG member ports on the secondary switch. Protocol status
is not sent from the primary to the secondary switch. To examine the MLAG
status, always use the management interface on the primary switch.
Peer-Link Keep Alive

 MLAG peers exchange keep-alive packets over the peer-link. The keep-alive
protocol is L2-based. Keep-alive messages are used for electing roles and to
inform the MLAG peer that the MLAG switch is alive and functioning properly.
The keep-alive protocol sends messages with an Ether-type of 0x88E8
addressed to destination MAC 01:00:B5:00:00:00.

Configure vPC Member Interfaces
N1# configure Enter configuration mode.
N1(config)# interface range Gi Enter interface configuration mode.

1/0/1-2
N1(config-if)# channel-group 2 Enable LACP mode.

mode active
N1(config)# interface port Configure the port channel.

channel 2
N1(conf-if-Po2)# switchport Enable trunking on peer-link.

mode trunk
N1(conf-if-Po2)# vpc 1 Assign to vPC.

View vPC Member Port Channel

View Members
Role: Primary Role: Secondary

Local member is displayed Local member is displayed
Peer members are displayed Peer members are NOT displayed
console# show vpc brief console# show vpc brief
Local Members Status Local Members Status

----------------- ------ ----------------- ------
Gi1/0/1 Up Gi1/0/1 Up
Gi1/0/2 Up Gi1/0/2 Up
Peer Members Status Peer Members Status

---------------- ------ ---------------- ------
Gi1/0/1 Up Gi1/0/1 Up
Gi1/0/2 Up Gi1/0/2 Up

View DCPDP

Debug VPC
 (no) debug vpc {peer-keepalive | peer-link {control-message | data-

message} |
peer detection | core}
 peer-keepalive—Displays the debug traces for the keepalive state machine
transitions.
 peer-link—In error cases, enables the debug traces for the control messages
or data messages that are exchanged between the MLAG devices on the peer
link.
 peer detection—Enables the debug traces dual control plane detection
protocol. Traces are seen when the DCPDP transmits/receives detection
packets to/from the peer MLAG switch.
 core—Displays the MLAG core messages.

Module Summary
Module Summary

Review Questions: MLAG
Review Questions: MLAG
1. How many peers can be linked together to form an MLAG?
2. What is the DCPDP, and what is it used for?
3. What other virtual solutions is MLAG compatible with?
4. What characteristics are required for links that connect MLAG peers?

Lab: Multi-Switch Link Aggregation Group (LAG)


Discovery Protocols
Introduction
Introduce and show how to configure and discovery protocols on Dell EMC N-
Series switches.

 Describe the use of discovery protocols
 Differentiate between different discovery protocols
 Employ discovery protocols in the lab environment on Dell EMC N-Series
switches
 Describe the process in which discovery protocols provide information to
other network protocols and technologies

Cisco Discovery Protocol
Introduction
This lesson covers the proprietary Layer 2 discovery protocol of Cisco Systems—
Cisco Discovery Protocol, or CDP. It also covers a non-Cisco discovery protocol,
that is compatible with CDP, Industry Standard Discovery Protocol (ISDP.) Dell
EMC switches use ISDP because it is compatible with CDP.

 CDP message contents
 Internet Standard Discovery Protocol
 CDP default settings
 Troubleshooting topology errors

CDP Overview
CDP is a Cisco proprietary, Layer 2 protocol that is used to gather information

about directly connected devices. CDP is beneficial for the discovery of topology
and troubleshooting. Some higher layer technologies like VoIP and DCB use the
data that CDP collects.
CDP can be enabled globally or on a per-interface basis. It is possible to enable

CDP on a switch at the global level and disable it on certain interfaces. It is not
possible to disable CDP on a switch at the global level and enable it on certain
interfaces.

Internet Standard Discovery Protocol
The show cdp neighbors command is used on Cisco IOS to show the data that
CDP collects.
The screenshot shows a Dell device N3024 detected from local port Gi 1/0/7
and Gi 1/0/7.
From this output alone, you cannot be certain it is the same device (though
hostname is the same).
Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network

protocol which interoperates with Cisco network equipment. It is used to share
information between neighboring devices in a heterogeneous network.
ISDP commands are similar to CDP, such as show isdp neighbor.

CDP Message Contents
The image shows an example of a packet capture of a CDP packet.

CDP Default Settings
By default, the CDP version 2 is enabled and all interfaces transmit and receive
CDP advertisements in 60-second intervals.
 As a Layer 2 protocol, CDP does not require IP addressing to function. It sends

CDP updates out to each active and enabled interface.
 CDP enabled switches store received CDP updates for 180 s.
 CDP messages are sent to a multicast address of 01-00-0C-CC-CC-CC.

Troubleshooting Topology Errors
CDP can sometimes cause confusion in multivendor environments. In the example,

an intermediate Dell switch (S4820) that is not running CDP would propagate the
CDP updates. They would forward the multicast packets through all ports. The user
may incorrectly believe that 3560A & 2901B are directly connected. One way to
solve the problem is to use LLDP between all devices.

CDP Addressing
The destination address of 01-00-0C-CC-CC-CC is used for CDP, VLAN Trunking

Protocol, Dynamic Trunking Protocol, Port Aggregation Protocol, and Unidirectional
Layer Detection protocol. Wireshark may automatically present these frames as
“CDP/VTP/DTP/PAgP/UDLD” based on the detected destination MAC address.

Industry Standard Discovery Protocol
Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network

protocol which interoperates with Cisco network equipment. It is used to share
information between neighboring devices. Dell EMC Networking switches
participate in the ISDP protocol and share information with the devices that support
the Cisco Discovery Protocol (CDP). ISDP is based on CDP, which is a precursor
to LLDP.
ISDP Command Purpose
show isdp Displays ISDP timers (including how often ISDP

updates are being sent and how long they are stored)
show isdp Shows a list of directly connected CDP-enabled devices

neighbors
show isdp Shows detailed information of directly connected CDP-

neighbors detail enabled devices (including IP addressing)
show isdp entry Shows detailed information for the identified CDP
<Device ID> neighbor

show isdp Shows detailed information for the identified interface

interface <Device
ID>
isdp timer Configures the interval between CDP updates.

<seconds>
isdp holdtime Configures the interval for storing CDP data without an
<seconds> update.
no isdp run Disables ISDP globally on the switch
no isdp enable Disables ISDP on an interface

Link Layer Discovery Protocol
Introduction
This lesson covers how to configure, disable, and monitor Link Layer Discovery
Protocol (LLDP).

 Fields contained in an LLDP packet
 LLDP type-length-value structure (TLV)
 Configuring LLDP on DNOS 6
 Viewing collected LLDP data

Link Layer Discovery Protocol Overview
Link Layer Discovery Protocol (LLDP) is based on the IEEE 802.1AB standard. The
standard defines the protocol, managed objects, and their definitions. The objects
and definitions enable the discovery of the physical topology and the connection
end-point information from neighboring devices on Ethernet networks. It uses a
network management information architecture in the form of a Management
Information Base (MIB) for compiling and storing information about devices on the
LAN. The network administrators access this information using the Simple Network
Management Protocol (SNMP) to query the MIB data of each device.
LLDP is a one-way protocol—there are no request/response sequences.
LLDP enables devices on the network to:

 Advertise connectivity and management information about the device to
adjacent devices on the same LAN
 Receive network management information from adjacent devices on the same
LAN
 Share connectivity and management information with management stations.
These stations are used in the monitoring and administration of the network

Port Device Info
Discovery MIB 6/ Switch

2
2/ IP-PBX
6
Port Device Info 10 IP-
/1 Phone
1/ Switch 10 Computer
14 /8
1/ Computer
8
1/ IP-Phone
7 PSTN
1/ Compute
13 r

LLDP Protocol Data Unit
As with Spanning-Tree and other Link Layer protocols, LLDP relies on special
protocol data units, or PDUs, to exchange operational information between
participants. Similarly, LLDP PDUs are encapsulated inside the Ethernet frames for
transport. LLDP PDU frames are sent at 30-second intervals from each
participating device port.
When used for an LLDP PDU, an Ethernet frame has its Destination MAC address
set to one of three of the LLDP multicast addresses. These MAC addresses are
used to help switches and routers to process the frames locally that they received
and prohibit them from forwarding it. The MAC addresses are:
 01:80:c2:00:00:00
 01:80:c2:00:00:02
 01:80:c2:00:00:0e
The EtherType field is set to 0x88cc. This value indicates that the Ethernet frame is
transporting an LLDP PDU.
Each device sends specific type, length, and value (TLV) information about itself to
directly connected neighboring devices. The information is organized into TLVs and
carried inside the special fields in the Ethernet frames.

The LLDP PDU portion of the frame starts with the following mandatory TLVs:
Chassis ID, Port ID, and Time-to-Live. The mandatory TLVs precede any optional
TLVs. The Ethernet frame ends with a TLV, which is named as "end of LLDPDU."
This TLV is always zero for both the type and length field.
The administrator configures the inclusion of the optional TLVs in the management
set. By default, they are not included.

TLV Field Value Definitions
Each TLV field carries a specific device information. The table sorts the information
by TLV type and displays the information that is contained in the TLV fields. Not all
devices support all the available TLV values. Device vendors choose which
optional TLVs to support. Scroll down to view the entire table.
 TLV types 0–3 are mandatory - they must be included in each LLDP packet.
 TLV types 4–8 are optional.
 Type 127 can be used to transmit custom information.
TLV TLV Name Description Use

Type Requirement
0 End of LLDP PDU Marks the end of an LLDP data unit. Mandatory
1 Chassis ID TLV Identifies the LLDP agent. Mandatory
2 Port ID TLV Identifies a port through which TLVs Mandatory

are sent and received.

3 Time-to-Live Specifies how long (in seconds) LLDP Mandatory

PDU information that is received from
the neighbor is retained as valid in the
MIB. (Range is 0–65535 s.)
4 Port Description Optional TLV that advertises the Optional

specific configuration information
described.
5 System Name Optional TLV that advertises the Optional

specific configuration information
described.
6 System Optional TLV that advertises the Optional

Description specific configuration information
described.
7 System Optional TLV that advertises the Optional

Capabilities specific configuration information
described.
8 Management Optional TLV that advertises the Optional

Address specific configuration information
described.
9– Reserved Optional TLV that advertises the N/A

126 specific configuration information
described.
127 Organizationally Optional TLV that advertises the Optional

Specific TLVs and specific configuration information
Custom TLVs described.

LLDP Message Contents
The Wireshark capture shows the details of the LLDP frame. The Enabled
Capabilities TLV shows that the remote port supports bridging and routing.
TLV TLV Name Value

Type
1 Chassis ID TLV 00:1a:e2:0d:e3:88
2 Port ID TLV Fa0/6
3 Time-to-Live 120 s
4 Port Description FE to SRV1
5 System Name dls1.tshoot.net
6 System Description Cisco IOS software...
7 System Capabilities Bridge, Router

LLDP Default Configuration
By default, LLDP is enabled for Dell EMC switches running DNOS 6. All ports are
configured to transmit and receive LLDP.
In this example, a cable connects the Te1/0/7 ports of switches N1 and N2.
These ports are not yet configured as switchports.
Since the ports transmit and receive LLDP packets by default, N1 has received
data from N2 through its own Te1/0/7 port. The LLDP transmission from N2
included the values for the default TLVs.
TLV Type TLV Name Value
1 Chassis ID TLV F8:B1:56:77:FA:B3
2 Port ID TLV Te1/0/7
3 Time-to-live The show

lldp command does not
display by the value for
this TLV
4 Port Description Te1/0/7

Disabling LLDP
Since the LLDP service is enabled by default, and there is no command to disable
it. To prevent a switch from participating in LLDP, disable all ports from transmitting
and receiving the protocol.
Use these commands at the interface configuration level for each interface:
 no lldp transmit – Use the no lldp transmit command in Interface
Configuration mode to enable the LLDP advertise transmit capability. To re-
enable local data transmission, remove the no from this command.
 no lldp receive – Use the no lldp receive command in Interface
Configuration mode to enable the LLDP advertise receive capability. To re-
enable local data transmission, remove the no from this command.

Viewing LLDP Interface State
show lldp interface {gigabitethernet unit/slot/port |

tengigabitethernet unit/slot/port | fortygigabitethernet
unit/slot/port| all}
Use the show lldp interface command to display the current LLDP interface
state. In this example, the command returns the configuration of all the interfaces. It
includes the transmit and receive states, and the TLVs that are being advertised.

Viewing LLDP Local-Data
Use the show lldp local-device command to display the LLDP data that may
be transmitted. This command can display summary information or detail for each
interface. The example shows the detail local device data for an interface. t shows
values from TLV1 to TLV8, except TLV3(Time -to-live). The TTL TLV is specific to
each LLDP PDU that is transmitted. Although the eight TLV values are listed in the
output, only the mandatory TLVs, 1–3, are transmitted by default.
show lldp local-device {detail interface | interface | all}
 detail—includes a detailed version of the local data

 interface—specifies a valid Ethernet interface on the device. Specify either
gigabitethernet unit/slot/port or tengigabitethernet unit/slot/port or
fortygigabitethernet unit/slot/port.
 all—shows LLDP local device information about all interfaces

Viewing LLDP Remote-Data
Use the show lldp remote-device command to display the LLDP data that is
received on any of the interfaces of the system. This command can display
summary information or details for each interface. The example shows the detail
remote device data that is received on an interface. It shows values for TLVs 1–7.

Module Summary
Module Summary

Review Questions: Discovery Protocols
Review Questions: Discovery Protocols

Lab: Discovery Protocols


Routing
Introduction
This module provides a review of routing concepts and shows how to configure
routing on Dell EMC N-Series switches.

 Utilize a gateway of last resort.
 Implement inter-VLAN routing.
 Configure Dell EMC N-Series switches as OSPF internal routers.
 Troubleshoot OSPF routing issues.

Routing Overview
Routing Overview
Introduction
This lesson provides a review of the routing table and illustrates how to enable
routing on an N-Series switch

 Routing table
 Route types
 Enabling routing

Routing Overview
Overview
IP routing is the process of transporting an IP packet to its destination, as specified

in the IP header. If the source and destination address are on the same IP subnet,
no routing is needed. If they are not, the packet must travel from its source through
one or more IP routers to its final destination.
Historically, specialized devices that are called routers performed most IP routing,
although the routing logic is now possible using Layer 3 or multilayer switches.
The routing process uses a routing table to determine where to forward packets to
the next hop towards their final destination. The next routing process in the path
and then checks its routing table and forwards the packet to the next hop. This
process continues until the packet reaches its destination.

Routing Overview
Route Types
Directly Connected—The IP routing table contains entries for each IP network to

which the router is directly connected. These entries differ from other entries in that
there is no next hop address for these entries.
In the example:
 Router r1 is directly connected to two networks:
 Interface Fe1 is connected to network 192.168.1.0 /24
 Router r2 is directly connected to two networks:

Static—Static routes are ones that added to the routing table manually by the
router administrator. They are called static because they remain unchanged in the
routing table until the administrator changes or removes them.
Dynamic—Dynamic routes are ones that are added automatically to the routing
table by a routing protocol. Routers use routing protocols to communicate with
each other, distributing route information with each other. It enables the routers to
automate the process of determining routes between any two nodes on the IP
network.

Routing Overview
The use of routing protocols is suggested. As the network grows or if hardware

failures occur, the routing table of each router is updated to reflect the changes and
keep traffic moving.
Default—The default route is a routing entry that specifies where to send a packet
that does not match any other routing entry. The default route is often used to
direct traffic bound for the Internet. The next hop is set to the IP address of the
router that connects the network to the Internet. The default route is either a static
route or a dynamic route. In the diagram, the static route is also a default route.

Routing Overview
Routing Table - DNOS 6
Use the following command to display the current state of the routing table:
show ip route [[ip-address [mask | prefix-length] [longer-

prefixes] [static]
 ip-address—Specifies the command to show the best matching route for the
address.
 mask—Specifies the subnet mask of the IPv4 address in dotted quad notation.
 prefix-length—Specifies the length of the prefix, in bits. Must be preceded
with a forward slash (/). (0–32 bits.)
 longer-prefixes—Indicates that the ip-address and subnet-mask pair
becomes the prefix, and the command displays the routes to the addresses that
match that prefix.
 static—Display statically configured routes
The output of the command also displays the IPv4 address of the default gateway
and the default route that is associated with the gateway.

Routing Overview
Inter-VLAN Routing
In DNOS 6, the routing process is disabled by default. To enable it, use the ip
routing command. Once enabled, the no ip routing command turns it off.
Inter-VLAN routing is performed on the N-Series switches. Each VLAN must have a
switched virtual interface that is created for it. To create them, enter Configuration
mode and use the interface vlan <vlan-id> command. Routing between
the SVIs occurs automatically—the switch is directly connected to each SVI, so no
additional routing table entries are needed.

Static Routes
Static Routes
Introduction
This lesson covers how to configure static routes.

 ip route command
 Static route examples
 Default route

Static Routes
Static Routes
The Administrator can create a static route for each destination network. They are
stored in the switch configuration.
There is no ability to manipulate metric/cost of a route.
The administrative distance is set to 1 by default and can be changed from 2 to

255.
They are useful for routes that do not change or in switches that do not support
certain routing protocols. They are also useful for handling traffic to unknown
destinations, such as the Internet.

Static Routes
IP Route Command
The ip route command is used to set static routes in Global Configuration

mode. In its most common form, the ip route command has three parameters:
 networkaddr—Specifies the IP of the destination address for the route.

 networkmask—Specifies the network mask of the network. The network mask
and network address are used together to determine the IP network for this
routing entry.
 nexthopip—Packets that match the destination route are forwarded to the
next hop IP address.
The table contains all parameters of the ip route command:
Argument Description Mandatory/Optional
networkaddr IP address of destination interface. Mandatory
subnetmask A 32-bit dotted-quad subnet mask. Mandatory (either

Enabled bits in the mask indicate the subnetmask or
corresponding bits of the network prefixlength)
address are significant. Enabled bits in
the mask must be contiguous.

Static Routes
prefix- A forward slash and an integer number Mandatory (either

length in the range 1–32 (for example, /24). subnetmask or
The integer number indicates the prefixlength)
number of significant bits in the address
beginning with the leftmost (most
significant) bit.
nexthopip The next-hop IPv4 address is specified Mandatory (either

in the nexthopip argument. Packets nexthopip or Null0)
matching the destination route are
forwarded to the next hop IP address.
Null0 The optional Null0 keyword indicates Mandatory (either

that packets matching the route are nexthopip or Null0)
dropped. This capability enables the
administrator to purposefully discard
selected traffic.
vlan-id A configured VLAN routing interface.
preference Also known as administrative distance, Optional

of an individual static route. The default
value is 1. Preference value can be set
in the range 1-255.
text The administrator can assign a textual Optional

name to the route. It may be up to 32
characters in length.

Static Routes
Default Static Route
The default route is a route statement that indicates no bits have to match (/0).
Packets always use a route with the most matching bits:
 10.1.2.3 goes to 10.0.3.2 – the first 16 bits match the first statement.
 10.2.4.7 goes to 10.0.3.2 – the first 16 bits match the second statement.
 10.3.4.7 goes to 10.0.3.2 – the first 16 bits matched the 3rd routing statement.
 11.3.4.5 goes to 10.0.3.14 – no bits match the first three statements. 0.0.0.0 /0
matches all packets – it uses this default route.
The default route is also called the route of last resort. Any route that matches 1-24
bits will be a better match. Only destination addresses that have not matched any
other route are compared to the default route.

Static Routes
IP Route Command Example - Distribution
Consider the following topology:

 Distribution layer routers are connected to access layer switches located
throughout a single building. Each distribution layer switch is the router for 255
/24 networks. The networks are conveniently sequential and can be
summarized into 10.x.0.0/16. The number X represents is different for each
building.
 The distribution routers route to a central core router which interconnects the
buildings and offers them a connection to the WAN.
 The routed connections between routers are all point-to-point networks. Each
network uses a /30 subnet to specify a network containing only two hosts.
The icons that are used in this diagram are most readily identified as routers.
However, as discussed in previous modules, there is reason to differentiate
between a router and Layer 3 switch for Ethernet routing. Within the industry, it is
not uncommon for Layer 3 switches to be diagramed as routers.
The distribution routers are directly connected to each IP subnet within their
building. No static routes are needed to access the directly connected segments.

Static Routes
Static routes can be used to access the networks in the other two buildings. The
example illustrates two examples of static routes for Building A. The possible static
route entries shown are:
 Use a static route entry for each building:
 Building B – ip route 10.1.0.0 /16 10.0.3.2
 Building C – ip route 10.2.0.0 /16 10.0.3.2
 Use one static route that matches both buildings:
 Building B and Building C – ip route 10.0.0.0 /24 10.0.3.2

Static Routes
IP Route Command: Example - Core
The core switch requires 3 static routes between core and distribution
switches/routers. There is one static route for each building.

Static Routes
IP Route—Next Hop Egress Interface AND IP
When next hop IP addresses are used without an egress interface, the router must
use the routing table lookup process twice.
Consider the scenario:

 Packet arrives at the switch with a destination IP address of 10.2.3.4.
 Using the static route in the routing table used previously (next hop IP only)
 It finds the next hop IP of 10.3.0.9
 Now it must ARP for 10.3.0.9 MAC address to route the packet.
 Which interface should it use to reach 10.3.0.9?
 Have to use the routing table a 2nd time (known as a recursive lookup)
 This time that it finds 10.3.0.8/30 is directly connected to its vlan200 interface –
it knows where to send the ARP for 10.3.0.9.
If using these longer static route entries with both egress interface and next hop IP:
 Packet arrives at Core router with a destination IP address of 10.2.3.4.
 Using static route entry that it learns next hop IP and which interface to send
ARP for that IP
 Now it must ARP for 10.3.0.9 MAC address to route the packet

Static Routes
Routes that specify the next hop egress interface and IP are the most efficient
static route entries.
Drawbacks include the fact that if the Layer 3 egress interface changes, they do not
recover automatically. They also introduce another layer of human error into the
process. The correct next hop IP is chosen but incorrect egress interface.
Important: DNOS 6 only uses egress VLAN interfaces (only SVI can
be L3 in DNOS 6).

Static Routes
IP Route—Next Hop Egress Interface Instead of IP?
When egress interfaces are used, they rely on the next hop router identifying itself
as able to route packets for that network.
Consider: The switch receives a packet that is destined for 10.2.3.4.
If the route statement uses next hop IP as shown earlier, it will send an ARP
request for the next hop IP address. The switch use that destination MAC address
on the frame for the 10.2.3.4 packet and sent it out interface the VLAN 200 – to the
router.
However, if using an egress interface as the next hop parameter – the core does
not know which router on VLAN 200 can route packets for 10.2.3.4.
Instead the core sends an ARP for 10.2.3.4 out of the link VLAN 200. Keep in mind
10.2.3.4 is NOT on this link. However, the distribution router is on this link, and has
a route table entry for 10.2.0.0/16. It knows where it is. The ip proxy arp is
enabled by default, and distribution router in building C answers the ARP for
10.2.3.4 – with its own MAC address. The core will use the destination MAC
address on the frame for the 10.2.3.4 MAC address – like it would with next hop IP
address.
The only key difference in the process is that the router must have IP proxy ARP
enabled – it is by default. It must analyze its routing table and decide that it knows

Static Routes
how to get to 10.2.3.4.
Either method can be used.
IP proxy ARP is enabled by default on DNOS 6.
On DNOS 6 the destination interface is the VLAN, not physical interface, since
DNOS 6 must use SVI.
On DNOS 9, you can use SVI or physical interface as egress interface.

Static Routes
Scaling Challenges with with Static Routing
This configuration is common:

 Redundancy in the distribution layer, and redundancy in the core
 Most environments which have grown organically over time would likely not
have this degree of summarization. Multiple smaller routes must be created.
In this example, each distribution layer router has two destination routes for each
remote route - a route to each of the core routers. Each core router has two
destination routes for each remote route - 2 routes to each campus building.
If a link fails, there is no auto healing of routes – which would be present in a

routing protocol.
There is no equal cost multipathing which would be present in some routing

protocols.
There is no detection of ‘best links’ based on link speed, as there would be in some
routing protocols.
As the number of links increase the chance for human error in CLI entries increase.
There are 12 static routes that are shared between the 2 core switches, and 12
static routes split among the distribution routers.
24 static routes in this ideally summarized environment.

Static Routes
Each core has two routes for each 10.x.0.0/16 network (2*three networks = 6
routes per core).
Each core has one route each for 0.0.0.0/0 network (one route per core).Seven
routes * two core = 14 static routes.
Each distribution has one route for each link to the core 0.0.0.0/0 route.

Open Shortest Path First Protocol
Introduction
In this lesson you will learn how to configure, monitor, and troubleshoot the Open
Shortest Path First (OSPF) protocol.

 OSPF review
 OSPF configuration
 OSPF validation
 OSPF troubleshooting

OSPF Review
OSPF is considered to a be part of the Interior Gateway Routing protocol family

because it routes within an Autonomous System (AS).
OSPF is a link-state protocol. It identifies all the network destinations and applies
the Shortest Path First algorithm to select the best routes. It uses three tables:
Neighbor (Adjacency database), Topology (LSDB database), and Routing. The
routers communicate with each other by exchanging packets - used to discover
neighboring routers and also to exchange routing information. The packets are:
hello packets, database description packets, link-state Request, link-state update,
and acknowledgments.
OSPF is scalable by using a multiarea topology which supports large networks.

Also, efficiency is achieved in each area by limiting the impact of network topology
change due to network failures.

OSPF Routing Calculations
OSPF link costs are arbitrary and have only three restrictions:
1. Link cost value can be 1–65,535
2. More preferred links have lower cost
3. Costs are additive - it is the sum of the costs of all hops that make up the route
Every link in the switch has an associated cost.
Routing table entries are constructed from the network destinations and their
associated link costs.

OSPF Topologies and Router Types
OSPF Topologies
Simple Topology—When there are only a few routers, the entire AS is managed
as a single entity. All the routers function as peers. Each router contains status
information for each of the other routers in its link-state database. The size of the
LSDB increases on each router for every router added to the topology. There is a
limit to the size of a network that should use a simple topology.
OSPF areas divide OSPF networks into smaller subnetworks. Because each
OSPF area contains fewer IP networks, each router has a more manageable
LSDB. A network that only needs one area is known as a simple topology.
Each OSPF area has a number assigned to it—the first OSPF area is area 0. The
configuration of each participating interface contains the area number in which it is
participating.
Hierarchical Topology—As the network grows, the link-state database grows.

Network traffic during network changes has the potential to cause instability in the
large network. The solution is to partition the network by creating two or more
OSPF areas. A general practice is to partition the network into areas that contain
50 routers or less.

In a hierarchical topology, one area is known as the backbone area. The backbone
area must be area 0. All other OSPF areas must be connected to the backbone.
OSPF Router Types
OSPF routers can be classified in relation to the OSPF areas in which they are
contained. They are one of four types:
 Internal Router – Internal routers are routers whose interfaces all belong to the
same OSPF Area. They have only one Link-State Database
 Area Border Router (ABR) – ABRs connect one or more areas to the
backbone area. ABRs are gateways for intra-area traffic. They must have at
least one interface in area 0. They require more RAM and computing resources
than internal routers, for they have an LSDB for each of their connected areas.
ABRs summarize the topological information for each area and forward it to
their neighbors into the other area.
 Backbone Router – backbone routers are any router that has at least one
interface in area 0. A backbone router can be an internal router of area 0, or an
ABR.
 Autonomous System Boundary Router (ASBR) – ASBRs are gateways to
other network domains using other routing protocols. A common example is an
OSPF router that connects the autonomous system to the Internet using the
Border Gateway Protocol (BGP.) ASBRs may also redistribute static routes into
the OSPF domain, and routes from other IGPs such as Intermediate System to
Intermediate System (IS-IS) or Enhanced Interior Gateway Routing Protocol
(EIGRP.)
Important: Dell EMC N-Series switches should only be configured as

Internal or Backbone routers.

Network and Interface Types
Activate OSPF on an IP network segment by configuring it on one or more router

interfaces. The behavior of OSPF differs between the different interface and
network types. The different OSPF interface and network types are defined in this
table:
Interface/Network Description
Type
Broadcast LAN interface, such as Ethernet, in which data is broadcast,

and it is up to the destination node to recognize and accept
the data.
Non-broadcast Network type where multiple nodes are reachable on the

multiple access network, but there is no broadcast that is supported.
(NBMA) Examples include technologies such as frame relay, ATM, and
X.25.
Point-to-point A point-to-point interface provides a connection between a

single source and a single destination. An example would be a
WAN T1 connection between two routers.

Point-to-multipoint A point-to-multipoint interface provides a connection between

a single source and multiple destinations. An example is fixed
wireless data communications through radio or microwave
frequencies.
Demand Demand networks are often pay-for-use communication,

where the cost of using the circuit increases as the uptime for
the circuit increases.

Broadcast Networks and Designated Routers
OSPF routers exchange link-state information with their adjacent neighbors. As

broadcast networks may have many routers, they may consume a great deal of
bandwidth with routing protocol traffic.
To reduce this amount of traffic, every broadcast network has a Designated Router
(DR) and a Backup Designated Router (BDR). Each router on the network
exchanges link-state information (synchronizes databases and forms an adjacency)
only with the DR and BDR.
The DR generates network link-state advertisements on behalf of the network and

floods this advertisement throughout the area.
If the DR fails, the BDR takes its place.

Link-State Advertisements (LSA)
Link-state advertisements, or LSAs, describe the local state of a router or network.

The LSA includes the state of the router interfaces and adjacencies. Each link-state
advertisement is flooded throughout the routing domain.
Each OSPF router is responsible for describing its local piece of the routing
topology through the transmission of link-state advertisements.
In case the router have been lost or corrupted in the tables of a neighboring router,
it retransmits its LSA information in 30-minute intervals.
All LSAs begin with a common 20-byte header. This header contains enough
information to uniquely identify the LSA using link-state type, link-state ID, and
Advertising Router. Multiple instances of the LSA may exist in the routing domain
simultaneously. Then, it is necessary to determine which instance is more recent. It
is accomplished by examining the LS age, LS sequence number, and LS
checksum fields that are also contained in the LSA Header.
The LS Age field contains a value representing the number of seconds since the
LSA was originated. If the LSA reaches 1800 seconds (30 minutes), the originating
router refreshes the LSA by flooding a new instance. If the LSA reaches 1 hour, it is
deleted from the database.
OSPF requires the incrementation of the LS Age field at each hop during flooding.

The increment breaks any flooding loop by causing the Age field of the looping LSA
to reach the maximum value.
The LS Type represents which type of LSA created the entry. Each LSA type has a
separate advertisement format. The LS Types that are defined in RFC 2178 are
Types 1, 2, 3, 4, 5 and 7 which
are discussed in detail later.
Every OSPF router transmits a single router-LSA describing its active interfaces
and neighbors.
When OSPF receives an LSA of an unknown LS Type, Option bits may be set,
indicating acceptance of the protocol extension. Otherwise, an OSPF router does
not store or forward the unknown LSA. The Options field identifies the LSAs that
router forwards and which to keep.
The link-state ID is a unique identification that describes a router in the OSPF

routing domain. The link-state ID of an Autonomous System-external-LSA equals
the IP address of the externally reachable IP network being imported into the OSPF
routing domain. In this way, LSAs of the same type are differentiated by their LS-
ID.
Advertising Router is the Router ID of the router that originated the LSA. For
example, in network-LSAs this field is equal to the Router ID of the DR.
By default, the router ID defaults to the largest IP address assigned to any of its
interfaces when OSPF was enabled. It is manually configurable and follows the
four-octet template of an IP address.
LS Sequence Number: A linear sequence number that is used to compare a new

LSA with an old LSA.
The LSA instance having the larger LS Sequence Number is considered to be

more recent Link-state sequence numbers are signed 32-bit integers. The first time
an OSPF router originates an LSA, it sets the sequence number to the smallest
negative value (0x80000001). Subsequent transmissions are incremented
monotonically until the maximum positive value is reached (0x7fffffff). If the
maximum value is reached, approximately 600 years, the router starts again from
the minimum value. Before it can happen, the router deletes the LSA with the

maximum sequence number from the routing domain. Then, it floods the new LSA
with the minimum sequence number.

LSA Types 1–3
The LSA types are as follows:

Type 1 – Router LSA
The router lists the links to other routers or networks in the same area, together
with the metric. Type 1 LSAs are flooded across their own area only. The link-state
ID of the type 1 LSA is the originating router ID.
Type 2 – Network LSA

The designated router on a broadcast segment, such as Ethernet, lists the routers
are members of segment. Type 2 LSAs are flooded across their own area only. The
link-state ID of the type 2 LSA is the IP interface address of the DR.
Type 3 – Summary LSA

An ABR takes information that it has learned on one of its attached areas and
summarizes it. Then, it sends a Type 3 Summary LSA out to the other connected
areas. This summarization provides scalability by removing detailed topology
information for other areas - their routing information is summarized into an
address prefix and metric. The summarization process can be configured to
remove detailed address prefixes and replace them with a single summary prefix,
also helping scalability. The link-state ID is the destination network number for
Type 3 LSAs.

LSA Types 4–7
Type 4 - ASBR-Summary LSA

The Type 4 LSA is needed because Type 5 External LSAs flood to all areas and
detailed next-hop information may not be available in those areas. An ABR floods
information for the router where the Type 5 LSA originated. Link-state ID is the
router ID of described ASBR for type 4 LSAs.
Type 5 - External LSA

These LSAs contain information that is imported into OSPF from other routing
processes. They are flooded to all areas (except stub areas). For External Type 1
LSAs, routing decisions are made by adding the OSPF metric to the ASBR and the
external metric from there on. For External Type 2 LSAs, only the external metric is
used. Link-state ID of the Type 5 LSA is the external network number. An ASBR
generates it to describe routes redistributed into the area. These routes are
displayed as E1 or E2 in the routing table. E2 (default) uses a static cost
throughout the OSPF domain. E1 uses an accumulation of the cost that is reported
into the OSPF domain at redistribution plus the local ASBR cost.
Type 6 - Group Membership LSA

This was defined for Multicast extensions to OSPF (MOSPF), a multicast routing
protocol which is not in general use.
Type 7 - Not So Stubby Area LSA

Routers in an NSSA do not receive external LSAs from ABRs, but are enabled to

send external routing information for redistribution. They use type 7 LSAs to tell the
ABRs about the external routes. An ABR translates to Type 5 external LSAs and
floods as normal to the rest of the OSPF network. An ASBR inside an NSSA
generates them to describe routes redistributed into the NSSA. LSA 7 is translated
into LSA 5 as it leaves the NSSA. Routes are displayed as N1 or N2 in the IP
routing table inside the NSSA. Like LSA 5, N2 is a static cost while N1 is a
cumulative cost that includes the cost up to the ASBR.

Link-State Advertisements (LSAs) Used in Single Area

Topology
Link-State Advertisements (LSAs) used in a Single Area Topology:

 Type 2 – Network LSAs – These are media dependent and present where
broadcast multi access networks (Ethernet) exist.
 Type 5 – External LSAs – present when devices redistribute non-native OSPF
routes into OSPF

Stub Area
OSPF enables certain areas to be configured as "stub areas." A stub area is

connected to only one other area. The area that connects to a stub area must be
the backbone area. External route information is not distributed into stub areas.
Stub areas are used to reduce memory and computation requirements on OSPF
routers.
AS-external link-state advertisements are not flooded into/throughout stub areas.

These advertisements carry routing information about all IP subnets that are not
part of the stub area. Route information to these AS-external destinations is
replaced with a default route. The use of one route reduces the link-state database
size, and the memory requirements, for the ABR of the stub area.
One or more area border routers of the stub area must advertise a default route
into the stub area using summary-LSAs. These summary default routes are used
for any destination that is not explicitly reachable by an intra-area or inter-area
path. An area can be configured as a stub when there is a single exit point from the
area. Also, use a stub area when the choice of exit point need not be made on a
per-external-destination basis.
The OSPF protocol ensures that all routers belonging to an area agree on whether
the area has been configured as a stub. It guarantees that no confusion arises in
the flooding of AS-external-LSAs. There are a couple of restrictions on the use of

stub areas. Virtual links cannot be configured through stub areas. Also, AS
boundary routers cannot be placed internal to stub areas.

Not-So-Stubby-Area (NSSA)
NSSAs are similar to the existing OSPF stub area configuration option, but have
the following two more capabilities:
 External routes originating from an ASBR connected to the NSSA can be
advertised within the NSSA.
 External routes originating from the NSSA can be propagated to other areas,
including the backbone area.
 Stub, NSSA, totally stub, and totally NSSA all implement a default route towards
area 0.

OSPF – Identification and Messaging
OSPF routers learn about their neighboring routers or detect any failed links
through the periodic exchange of Hello Packets.
Each OSPF router within an AS learns about the active interfaces and their
associated costs of its neighbor routers through the exchange of LSAs.
LSAs are exchanged through the unique mechanism called Reliable Flooding. The
router compiles LSAs into the link-state database. In a stable OSPF network, every
router has a database identical with its neighbors.
An OSPF router derives its route table by applying an algorithm to the information
in the LSDB. Then, it calculates the lowest-cost path from the router to every
known destination. When represented graphically, it would look like a tree diagram
with the subject router at the root of the tree.
Routers that are responsible for the exchange of information between logical areas
pass summary information. The ABRs can aggregate the internal routes of a
member area into a single destination route.

Establishing Neighbor Adjacencies
Note: A larger version of the slide graphic appears at the bottom of this notes
section.
Once neighboring routers have exchanged Hello Packets and have established bi-
directional communication, they form adjacencies with the DR and BDR. If they are
the DR or BDR for a given subnet, and then they form adjacencies with every
router on the segment of the interface. Routers first become adjacent with their
neighbor to facilitate the exchange of LSAs and synchronize Link-State Databases.
Once the LSDBs have been synchronized, they are said to have established FULL
Adjacency.
Neighbor States
ExStart - Start adjacency process

In this step, a decision must be made as to which router is the Master and which is
the Slave for the Exchange process. The Master initiates the first Database
Description (DD) packet to the neighboring router. The Master also determines the
Sequence Number of the DD packet. If this router is joining an already established
network, or rejoining it, this Sequence Number is only used as a starting point. The
Sequence Number of the network that the router is joining eventually overrides the
one provided by the joining router. If this router is starting a new network, this
Sequence Number becomes the base for the LSAs. At this stage, if there is an
MTU mismatch, the router does not advance to the next state.

Exchange - Exchange Link-State Information

In this state, the router is describing its entire LSDB by sending DD packets to the
neighbor. Each DD packet is acknowledged by an empty DD, sent back to the
requester. Only one DD is enabled outstanding at a time. LSRs may be sent during
this state to request more recent LSAs. Routers in this state and higher participate
in Reliable Flooding and can send and receive all types of OSPF packets.
Loading - Gathering LSAs

In this state, a router is gathering LSAs from its neighbors. It sends LSRs to
request more recent LSAs it has seen the headers for, but has not received yet.
Full Adjacency
Routers can be in this state in Type-1 and Type-2 LSAs. If it is the initial phase, the
SPF Algorithm runs next.
Neighbor Events
SeqNumberMismatch
A DD packet has been received that has one of three issues:

 Unexpected DD Sequence Number
 The INIT bit is set
 An Options field differing from the Options field received in a DD packet
This event signals an error in the adjacency establishment process. The packet is
ignored, and the interface transitions to the ExStart state.
BadLSReq
An LSR has been received for an LSA not contained in the LSDB. It indicates an
error in the LSDB Exchange process.
BadLSReq is really a continuation from the Hello Protocol, events that may cause a
transition other lower states are also valid and may apply. These include 1Way,
KillNbr, inactivityTimer, LLDown, and AdjOK.

Neighbor Neighbor
State State
Init Init
Hello, Seen [null], RID 192.168.1.1
2-way
Hello, Seen [192.168.1.1], RID 192.168.2.1
2-way
Hello, Seen [192.168.1.1, 192.168.2.1], RID 192.168.1.1
DR
Hello, DR=z.z.z.z DR
Election* Election*
ExStart DD (LSA Headers)
ExStart
DD (LSA Headers)
Exchange Exchange
DD (LSA Headers)
LSR, LSU, LSAck (Full LSAs)

Loading Loading
Full Full
*If Required

OSPF Packet Overview
OSPF Packets:
 Communicate directly over IP, using IP protocol 89.
 Should be given preference over regular IP data traffic
 Sent over adjacencies
 Sent to multicast address:
 224.0.0.6 (DR/BDR)
 224.0.0.5 (all other OSPF routers)
 Utilize a common protocol header

Types of OSPF Packets
Types of OSPF packets
Type 1: Hello - Used for neighbor discovery and maintenance
Type 2: Database Description - Describes the contents of the Link-State Database

(LSDB) of an area, which must be synchronized between all OSPF routers
Type 3: Link-State Request - Sent to a neighbor when a router detects a difference

in the LSDB contents
Type 4: Link-State Update - Contains one or more Link-State Advertisements (LSA)
Type 5: Link-State Acknowledgement

Type 1 Packet: Hello
A router discovers neighbors by sending OSPF Hello packets out to all its
interfaces.
By default, a router sends Hellos every 10 s. If subsequent Hello packets are not
received within 40 s, neighbor relationship is terminated. They are only recognized
by routers that are attached to the same subnet with same subnet mask.
It contains information about parameters for: Hello Interval and Router Dead
Interval. A router learns the existence of a neighboring router when it receives the
OSPF Hello from its neighbor.
Failure is detected when a router does not receive a Hello from a neighbor within
40 s.
The Hello protocol ensures that neighboring routers agree on timing parameters
and can aid in link failure detection. A fault is detected way before this time by the
absence of Hello packets.
In a broadcast environment, it contains the OSPF router IDs of all routers the
sender has heard up to the point of transmission. The overhead of sending multiple
Hellos is eliminated.

Type 2 Packet: Database Description
The collection of all OSPF LSAs is called the link-state database. Each OSPF
router has an identical link-state database. It gives a complete description of the
network including the routers, the network segments, and how they are
interconnected.
Link-state databases are exchanged between neighboring routers soon after the
routers have discovered each other. The link-state databases are maintained
through a procedure called reliable flooding.
Upon initialization, each router transmits a link-state advertisement (LSA) on each

of its interfaces. Each router collects LSAs and enters them into its Link-State
Database. OSPF uses flooding to distribute LSAs between routers. Any change in
routing information is sent to all routers in the network. All of the routers within an
area have the exact same LSDB.
Database synchronization in a link-state protocol is crucial. Like wide area switches

synchronization protects the network as a whole from corrupt information. Of the
five OSPF protocol packet types, four are used for database synchronization.
The routers use this procedure to synchronize their databases once the hello
protocol determines a bi-directional connection between router neighbors.

During synchronization, the neighbor routers do three things:

 Forward current LSA headers
 Compare the header received to the LSDB
 Request the full LSA for new or newer headers

Type 3 Packet: Link-State Request
 When a router detects that portions of its LSDB are out of date, it sends a link-
state request packet to a neighbor. It is a request for a precise instance of the
database entry.
 It consists of the OSPF header plus fields that uniquely identify the database
information that the router is seeking.

Type 4 Packet: Link-State Update (LSU)
 It is used to deliver Link-State Advertisements (LSA).

 LSAs contain information about neighbors and path costs for certain
destinations.
 Sometimes synonymous with each other, LSUs contain multiple LSAs of
different types.

Type 5 Packet: Link-State Acknowledgement
 Acknowledgment is accomplished through the sending and receiving of Link-

State Acknowledgment packets.
- Multiple link-state advertisements can be acknowledged in a single Link-State

Acknowledgment packet.
 Depending on the state of the sending interface and the source of the
advertisements being acknowledged, a Link-State Acknowledgment packet can
be unicast or multicast.
 LSUs are explicitly acknowledged to maintain Reliable Flooding.
Link Acknowledgements must be acknowledged. Multiple advertisements can be

acknowledged with a Link State Acknowledgement.

Student Note:
Write down any key points that will support your understanding.
____________________________________________
____________________________________________
____________________________________________

OSPF Configuration
1. Enable routing – use the ip routing command

2. Configure at least one interface:
 IP address
 Assign interface to OSPF area – use the ip ospf area command
 Enable interface
3. Enable at least one OSPF process – use the router ospf command
4. Configure OSPF:
 Configure the router-id

 Add subnets of local L3 interfaces and the OSPF area to which they belong

Optional Configuration
Optional configuration
 Configure the OSPF Router ID by setting the OSPF Router ID to a loopback
address reachable from the routed network. Enabled loopbacks are always
reachable. If the Router ID is set to an IP address that is down, it interrupts
OSPF operations.
 Redistribute routes from other processes to OSPF.
 Configure passive interfaces. If there is no other OSPF on a network, it is a
good practice to make the interface passive, preventing hackers from entering
the OSPF network.
 Configure stub areas and virtual links.
 Configure virtual links to OSPF areas that cannot be physically connected to the
backbone (Area 0).
 Propagate the default route to other devices.

Optional Interface Configuration
Optionally, the hello and dead interval can be changed on VSI interfaces to match
the intervals of connected neighbors. If the intervals do not match, adjacencies do
not form. The default hello interval is 10 s, and the default dead interval is 40 s.
 Enter the VLAN interface configuration mode
 Adjust the hello and dead intervals.

OSPF – Show Database and Neighbor
Verify OSPF operation of the local device by OFPF process ID. Verify OSPF
neighbors and status.
Student Note:
Write down any key points that will support your understanding.
____________________________________________
____________________________________________
____________________________________________

OSPF – Show Interfaces
Verify OSPF information for all interfaces within an OSPF process.

OSPF – Show IP Route
Verify that OSPF-derived IP routes are displayed in the routing table.

OSPF – Show Route Summary and Statistics
Verify OSPF routes and statistics.

OSPF Troubleshooting – Process and Adjacencies

OSPF Troubleshooting – Routes

Module Summary
Module Summary

Review Questions: Routing
Review Questions: Routing
1. Using more and more Static Routes becomes more risky because there is more
likelihood of human error. True or False?
2. What number MUST be assigned to the OSPF backbone area?
3. On an Ethernet segment which router synchronizes its Link State Database with
all other routers on the segment?
4. To which OSPF area must all ABR routers be connected?

Lab: Routing
Lab: Routing

Lab: Routing
Lab: Routing

Policy-Based Routing (PBR)
Introduction
This module covers the application of Policy-Based Routing in a Dell EMC N-Series
networking environment.

 Describe the rationale and basic operations of policy-Based Routing
 Identify typical Policy-Based Routing use cases
 Define how to configure Policy-Based Routing on Dell EMC N-Series
switches and validate routing
 Performing basic Policy-Based Routing troubleshooting

Introduction to Policy-Based Routing
Introduction
This lesson introduces Policy-Based Routing as a way to implement packet routing

based on organizational policies instead of the standard routing protocols.
 An overview of Policy-Based Routing

 How Policy-Based Routing works

Policy-Based Routing Overview
In contemporary internetworks, network administrators must often implement

packet routing according to specific organizational policies. Policy-Based Routing -
PBR - enables this requirement.
Policy-based routing can be used to change the next hop IP address for traffic
matching certain criteria. This tool can be useful to override the standard routing
table for certain traffic types.
PBR is used in parallel with route determination through standard routing protocols.
Several departments in a company typically share large networks using VLANs,
which increases efficiency. With the use of Policy-Based Routing, another layer of
control is introduced. PBR enables administrators to evaluate incoming traffic on a
switch, and apply rules to each packet that override standard routing protocols.

Comparing Standard Routing to PBR
With standard routing, when a router receives a packet, its route is determined
using the destination IP address. The router uses this information and determines
the next hop for the packet that is based on the routing or forwarding table. Also
known as the Routing Information Base, the routing table contains a list of the best
routes from each routing protocol. The router uses the routing table to modify the
source and destination MAC addresses of the packet, and then forwards it to the
next hop.

Comparing Standard Routing to PBR (Contd.)
PBR is the process of altering the path of a packet, using criteria other than the
standard routing criteria. Besides the standard protocols, PBR can be used to
condition routers to consider different parameters for routing packets. PBR may
consider application, transport, network, and link layer data information contained
in the packet. PBR is often implemented using special rules which, when triggered,
assign or mark the packet to a specific routing table with unique route entries.

Using PBR to Enforce Specific Two-Site, Two Path Usage

Scenario
Consider an organization that has two network links between its two primary
locations. One link is a high bandwidth, low latency high-cost link, and the other a
low bandwidth, higher latency, lower-cost link. Using standard routing protocols
such as EIGRP or OSPF, the higher bandwidth link would get most of the network
traffic. Routing decisions are based solely on the metric calculations that are based
on bandwidth and/or latency characteristics. PBR gives the ability to intentionally
route higher priority traffic over the high bandwidth/low latency link. Also, lower
priority traffic may be sent over The low bandwidth/higher latency link.
PBR enables administrators to shape traffic to traverse the best route for the type
of data it carries. This option ensures that forwarding decisions are made that yield
optimized network traffic performance compared with link utilization costs. For
many power network users, PBR is the most cost-effective way of consistently
meeting performance expectations at the lowest cost possible. This method is far
better than enabling the standard routing protocols to send most or all traffic over
the highest-performing available paths.

Using PBR to Ensure Different Applications Use Different

Network Paths
In this use case example, the network administrator wants different applications to
use different network paths. A routing policy that supports this requirement could
be configured to inspect packet source and protocol information such as a
destination TCP port number. In this example, a routing policy has been created to
redirect HTTP traffic that connects to TCP port 80. The routing policy also redirects
FTP traffic that connects to TCP Ports 20 and 21 based on specific source
addresses.

PBR Routing Policy Definition
PBR is set up and configured using a match/set process. PBR traffic is matched
against a special access control list - ACL - using the match command. ACL
statements are called clauses. The traffic path parameters are changed using a set
command. PBR uses the ACL with Route Map information to define the policy.
Route maps enable routing policy definition for the traffic, causing a packet to be
forwarded to a predetermined next-hop interface. Each entry in a route map
statement contains a combination of match and set statements. A route map
specifies the match criteria that correspond to ACLs, and then a set statement
specifying an action if a match clause is met. Multiple match and next-hop
specifications can be defined for the same interface. When a PBR policy has
multiple next hops to a destination, PBR selects the first operational next hop that
is specified in the policy. If none of the direct routes or next hops in a policy is
available, the packets are forwarded as per the standard routing table.
PBR policies are defined, and routing decisions made using the Access List and
Route Map:
 PBR uses Access Lists and Route Maps to selectively route an IP packet
 PBR uses a match/set process to find and make routing decisions
 Traffic is matched against clauses in a Route Map using a match command
 After a clause match, PBR changes traffic network path or parameters using a
set command

PBR Operating Details
Routing must be enabled in the switch. The Time To Live - TTL - counter is
decremented for PBR routed packets. The destination MAC is rewritten in PBR
routed packets. ARP lookups are sent when required for unresolved next hop
addresses. Policy-routed packets are routed using routing table entries. Ensure
that routes exist in the routing table for PBR next-hop and default next-hop rules.
Configuring PBR consists of installing a route-map with match and set commands,
and then applying the corresponding route-map to the interface. IP routing must be
enabled both globally and on each routed interface.

PBR Actions
SET commands must be formed correctly to ensure proper and consistent policy-
based routing. Here is information about the SET commands function in PBR.

PBR Routing Decision Criteria
Policy-Based Routing decisions are taken in the following order:
 List of next hop IP addresses

The IP address can specify the adjacent next-hop router in the path toward the
destination to which the packets should be forwarded. The first IP address that
is associated with an active ARP entry is used to route the packets. ARP
resolution is initiated for inactive IP addresses.
 List of default next hop IP addresses
If there is no explicit route for the destination address in the routing table,
packets are routed to an address on this list. A default route in the routing table
is not considered an explicit route for an unknown destination address.
 IP Precedence
A numeric value can be specified to set the precedence in the IP packets being
forwarded. The IP precedence value is the 4-bit Type of Service - ToS - field in
the IP packet header.

Next-Hop Insert into Routing Table
This feature causes the router to compare all incoming packets on the VLAN
interface against the route-map, to match certain criteria in the route-map. An
interface can only have one route-map tag, but an administrator can have multiple
route-map entries with different sequence numbers. If the criteria for a single entry
matches the incoming packet, the entry is chosen and its SET statements are
performed. If two or more entries match the criteria, the one with the lowest
sequence number is chosen and its SET statements are performed. If there is no
match, packets are routed as usual. A route-map statement that is used for PBR is
configured as permit or deny. If the statement is marked as deny, traditional
destination-based routing is performed on the packet meeting the match criteria. If
the statement is marked as permit, and if the packet meets all the match criteria,
the set commands in the route-map statement are applied. If no match is found in
the route-map, the packet is not dropped. Sometimes, there can be a match in an
ACL permit clause with a deny in the route-map. There may also be a match in an
ACL deny clause with a permit in the route-map. Either of these scenarios results in
the packet being routed using the destination-based routing protocol. The
difference is that the former increments the route-map counter while the latter does
not.

Policy-Based Routing Use Scenarios
Introduction
This lesson presents three major use cases that benefit from policy-based routing.

 Traffic Isolation
 Server Priority
 VLAN Redirection

Using PBR to Enforce Traffic Isolation
An organization has several work groups that include the Human Resources and
Accounting departments. Each group is assigned its own IP address range within
the same subnet. There is a requirement to route HR traffic through ISP A only,
while Accounting department traffic is routed through ISP B only. The switch that
routes the traffic for the work groups can use policy-based routing to configure and
enforce the required segregation. PBR can isolate HR traffic to ISP A and
Accounting traffic to ISP B. PBR uses a route-map, where a match statement is
configured based on the IP address range of each group. Equal access, and
Source IP address-sensitive routing is achieved using this technique. Two access
control lists, one each for accounting and HR, are created to associate each packet
to its corresponding work group. Packets coming from one range of IP addresses
are associated with the Accounting group. Packets from another range of IP
addresses are associated with the HR group. The route-map is used to determine
the group that each packet belongs to and directs it through the wanted interface
using a “default next-hop” statement.

Using PBR to Ensure Server Network Path Priority
A primary database server on VLAN 30 is backed up every Thursday beginning at

1:00 AM. It is imperative that the backup completes by 5:00 AM, which is the
maximum allotted time window. To ensure that the backup window is met, the
backup data path to the NAS storage server must be over the 10Gb path only. The
switch that routes the backup traffic for the server can use policy-based routing to
ensure that this requirement is met. An access list is created to determine the IP
address to filter on. A priority queue is specified, and the time and duration of when
the PBR takes effect is configured. The route-map routes all packets from the
specified IP address over the 10Gb path only during the backup window. PBR on
the N3048 switch assigns the highest QOS queue to the server from 1:00 AM to
5:00 AM every Thursday morning. During that time, PBR routes the traffic across
the 10Gb path through switch B.

Using PBR to Apply VLAN Redirection
Remote servers X, Y, and Z are cached hourly to local servers A, B, and C. Users
on VLAN 10 use the local cache servers most of the time. But periodically the users
must access the most current data directly from servers X, Y, and Z. These servers
are located at a remote office and accessed over a dedicated WAN. Traffic on the
path between the local and remote servers is oversubscribed, often using 90% of
the available bandwidth. A Policy-Based Route is used to minimize delays between
the user workstations on VLAN 10 and avoid the bottleneck that is depicted with
the red arrow.

VLAN Redirection Using Packet Filtering

PBR Configuration and Troubleshooting
Introduction
This lesson covers configuration and troubleshooting on Dell EMC N-Series

switches.

 The steps to configure Policy-Based Routing on N-Series switches using the
CLI
 Validation and basic Troubleshooting of PBR operations

Policy-Based Route Configuration Example
In this example, PBR is used to route packets from host 192.168.5.5 in VLAN 5 to
host 192.168.10.10 in VLAN 10. The router uses the next-hop IP address of
192.168.15.15 in VLAN 15. Using these commands configures PBR to bypass
normal routing through VLAN 10 with a next-hop IP address of 192.168.10.10. The
configuration is validated by inspecting the Route Map for accuracy.
Command Description
ip routing Enable L3 routing mode.
ip access-list allow_192.168.5.5 Create ACL list entries.
permit ip host 192.168.5.5 host Create permit or deny filter

192.168.10.10 statements.
route-map POLICY_redirect Create and name the PBR

Route Map.
match ip address allow_192.168.5.5 Create the match statement

to match the host or network
declared in the ACL.

set ip next-hop 192.168.5.5 Create the set statement,

specifying the next hop IP
address.
interface vlan 10 Enter the interface-specific

mode.
ip policy route-map POLICY_redirect Apply the new PBR policy to

the outbound VLAN
interface.
show route-map POLICY_redirect Validate by displaying the

route-map policies and
statistics and the number of
packets the routing policy
has redirected since it was
enabled.

Policy-Based Routing Validation Example
Also use these and other show commands to help in validating PBR functionality
along with its coexistence alongside standard routing.
Command Description
show ip policy To display the route maps used for policy-

based routing on the router interfaces, use
this show command in Privileged EXEC
mode.
show ip access-lists To display an IP ACL and time-range

parameters, use this show command in
Privileged EXEC mode.

Module Summary
Module Summary

Review Questions: Policy-Based Routing—PBR
Review Questions: Policy-Based Routing—PBR
1. What type of process used when it it setup and configured?
2. What type of entries are used to route policy-routed packets?
3. What commands can be used to validate PBR functionality?

Lab: Policy-Based Routing


Virtual Router Redundancy Protocol - VRRP
Introduction

 Describe the basic operation of VRRP.
 Identify the components of VRRP.
 Explain the function of VRRP Priorities.
 Compare Preempt and no Preempt.
 Configure and Validate VRRP configurations.

VRRP Overview
VRRP Overview
Introduction

VRRP Overview
VRRP Terms
VRRP Router - A router running the Virtual Router Redundancy Protocol. It may
participate in one or more virtual routers.
Virtual Router - An abstract object that VRRP manages. The virtual router acts as
a default router for hosts on a shared LAN. It consists of a Virtual Router Identifier
and associated IP addresses across a common LAN. A VRRP Router may back up
one or more virtual routers.
IP Address Owner - The VRRP router that has the IP addresses of the real
interfaces for the virtual router. This router responds to packets addressed for
ICMP pings, TCP connections, and so on.
Primary IP Address - An IP address selected from the set of real interface

addresses. One possible selection algorithm is to always select the first address.
VRRP advertisements are always sent using the primary IP address as the source
of the IP packet.
Virtual Router Master - The VRRP router that is assuming the responsibility of
forwarding packets that are sent to the IP addresses associated with the virtual
router. The virtual router master also answers ARP requests for these IP
addresses. If the IP address owner is available, it always becomes the Master.

VRRP Overview
Virtual Router Backup - The set of VRRP routers available to assume the
forwarding responsibility for a virtual router, should the current Master fail.

VRRP Overview
VRRP Overview
Consider a typical network configuration using VRRP. Hosts on the network could
be configured with the IP address of Router 1, 2, 3 or 4 as the default gateway.
Instead, the virtual IP address that is configured for the VRRP Group is used.
When any host on the LAN segment wants to access the Internet, it sends packets
to the IP address of the virtual gateway.
To understand VRRP, first examine the issue that it resolves. When internal
networks require highly available access to external networks like the Internet, one
approach is to install duplicate sets of equipment that do not interact. That
separation provides connectivity, but at a higher than necessary cost. VRRP is an
alternative where existing network equipment for external access can be grouped.
The group of devices provide a single virtual address that internal users access for
external communications.
VRRP Groups are routers that are on a common subnet and share a group
number. There is a group master that owns the common (shared) virtual IP address
and virtual MAC address for the group. All group members have the same virtual IP
address or have that address as one their interfaces.
VRRP uses the Virtual Router Identifier-VRID to identify each virtual router
configured. VRRP packets are transmitted with the virtual router MAC address as

VRRP Overview
the source MAC address. The MAC address uses this format: 00-00-5E-00-01-
{VRID}. The first three octets are unchangeable. The next two octets (00 and 01)
indicate the address block that is assigned to the VRRP protocol, and are
unchangeable. The final octet changes depending on the VRRP Virtual Router
Identifier and enables up to 255 VRRP routers on a network.
VRRP specifies a MASTER router for end stations on a LAN. The MASTER router
is chosen from the virtual routers by an election process and forwards packets to
the next hop IP address. If the MASTER router fails, VRRP begins the election
process to choose a new MASTER router and that new MASTER continues routing
traffic. The other routers that are represented are BACKUP routers.
Other VRRP features include:

 Capability to monitor (track) external facing, nongroup interfaces
 Setting preemption to enable higher Master priority routers to takeover when
joining a group
 Accepting pings (accept-data) which the VRRP specification does not support.

VRRP Overview
VRRP Overview (Continued)
VRRP specifies a MASTER router that owns the next hop IP and MAC address for
end stations on a LAN.
An election process chooses the MASTER router, which forwards packets that are
sent to the next hop IP address. If the MASTER router fails, VRRP begins the
election process to choose a new MASTER router and that new MASTER
continues routing traffic.
VRRP uses the Virtual Router Identifier (VRID) to identify each virtual router
configured. The IP address of the MASTER router is used as the next hop address
for all end stations on the LAN. The other routers are BACKUP routers.

VRRP Overview
VRRP Primary Function
Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point

of failure in a routed network.
A default gateway is the router that provides you access to other networks, to the
rest of the world, to the Internet.
Redundancy means that there is another option when the acting default gateway
fails, or when the link connecting that router to the Internet fails.
If three keep alive messages are missed (from the Master), the backup router
assumes role as the Master.
IETF RFC 5798 defines VRRP.
If the static default IP gateway fails, VRRP prevents loss of network connectivity to
end hosts. By implementing VRRP, you can designate routers as backup routers if
the default master router fails. VRRP fully supports Virtual Local Area Networks
(VLANs) and stacked VLANs (S-VLANs).
If the master router fails, VRRP dynamically shifts the packet-forwarding

responsibility to a backup router. VRRP creates a redundancy scheme that enables
hosts to keep a single IP address for the default gateway. The IP address is
mapped to a well-known virtual MAC address. VRRP provides this redundancy
without user intervention or extra configuration at the end hosts.

VRRP Overview
A redundancy group of VRRP routers share responsibility for forwarding packets.

VRRP routers share the IP address corresponding to the default gateway
configured on the hosts. One of the VRRP routers acts as the master, and the
other VRRP routers act as backup routers. If the master router fails, a backup
router becomes the new master. In this way, router redundancy is always provided,
enabling traffic on the LAN to be routed without relying on a single router.

VRRP Overview
VRRP Sample Scenario 1
In this simple VRRP scenario, the end-hosts have a default gateway route to the IP
address 172.16.0.1 and both routers run VRRP. The router on the left becomes the
Master for the virtual router (VRID 1). The router on the right is the Backup for the
virtual router. If the router on the left should fail, the other router takes over the
virtual router and its IP address. Having a backup and provides uninterrupted
service for the hosts. If the Router is the owner of the Virtual address, the priority
must be set to 255 with no preempt.

VRRP Overview
In this scenario you have two virtual routers, VRID 1 and 201. This configuration
not only enables redundancy, but also for load balancing between the routers.
Half of the hosts are configured with a default gateway of 172.16.0.1, and the other
half are set up with 172.16.0.201 as the default gateway.

VRRP Overview
In this scenario, half of the hosts install a default gateway route to virtual router
172.16.0.1. The other half of the hosts install a default gateway route to virtual
router 172.16.0.201. In this configuration, router 172.16.0.211 is the Backup router
for both Virtual Routers. No traffic is being sent through this middle router until one
of the Master routers of either Virtual Routers fails. This configuration provides full
redundancy for the Master routers, although the Backup router may become
overloaded if both Master Routers fail simultaneously.

VRRP Overview
VRRP Router States
VRRP Master is in charge of all routing functions. The backup does nothing for the
subnet it is backing up, other than check that the Master is alive. The Master only
advertises a single subnet. Protocols that are supported include Ethernet, Token
Ring, and MPLS using IPv4 or IPv6.

VRRP Overview
Virtual Router MAC Address
VRRP packets are transmitted with the virtual router MAC address as the source
MAC address.
 The MAC address is in the following format: 00-00-5E-00-01-{VRID}
– The first three octets (00-00-5E) are unchangeable and are the
Organizationally Unique Identifier (OUI). The Internet Assigned Numbers
Authority (IANA) assigns this number.
– The next two octets (00 and 01) indicate the address block that is assigned
to the VRRP protocol and are unchangeable.
– The final octet changes depending on the VRRP Virtual Router Identifier and
enables up to 255 VRRP routers on a network.

VRRP Overview
VRRP Packet
VRRP Packet Format

 IP Field Description:
– Source Address - the primary IP address of the interface the packet is
being sent from.
– Destination Address - the IP multicast address that is assigned through the
IANA for VRRP is: 224.0.0.18. This address is a link local scope multicast
address. Routers do not forward a datagram with this destination address
regardless of its TTL.
– Time To Live (TTL) MUST be set to 255. A VRRP router receiving a packet
with the TTL not equal to 255 discards the packet.
– Protocol - the IP protocol number that IANA assigned for VRRP is 112
(decimal).
 VRRP Field Descriptions
– Version - the version field specifies the VRRP protocol version of this
packet. All N-series switches use version 2.
– Type - the type field specifies the type of this VRRP packet. The only packet
type that is defined in this version of the protocol is: 1 - ADVERTISEMENT.
A packet with unknown type is discarded.

VRRP Overview
– Priority - The priority field specifies the sending of VRRP router priority for
the virtual router. Higher values equal higher priority. The priority value for
the VRRP router that owns the IP addresses associated with the virtual
router is 255 (decimal). VRRP routers backing up a virtual router use priority
values from 1 to 254 (decimal). The default priority value for VRRP routers
backing up a virtual router is 100 (decimal). The priority value zero (0) has
special meaning indicating that the current Master has stopped participating
in VRRP. This number is used to trigger Backup routers to quickly transition
to Master without having to wait for the current Master to time out. This
method is a clean way to transition the Master responsibilities with minimal
delay.
– Count IP Addrs - The number of IP addresses contained in this VRRP
advertisement.
– Authentication Type - the authentication type field identifies the
authentication method being used. Authentication type is unique on a per
interface basis. A packet with unknown authentication type or that does not
match the locally configured authentication method is discarded.
The defined authentication methods are:
– No Authentication
– Simple Text Password (there is no default password)
– IP Authentication Header
– Adver Int - the Advertisement interval indicates the time interval (in seconds)
between ADVERTISEMENTS. The default is 1 second.
– Checksum - the checksum field is used to detect data corruption in the VRRP
message.
– IP Addresses - One or more IP addresses that are associated with the virtual
router. The number of addresses that are included is specified in the "Count IP
Addrs" field.
– Authentication Data - the authentication string is only used for simple text
authentication, similar to the simple text authentication found in SPF

VRRP Overview
Master Failure Triggers Failover to Backup
If the primary cluster interface fails or is disconnected, the backup master uses the
health index of the backup master. This event triggers failover of the cluster master.

VRRP Overview
Master Uplink Failure Triggers Failover
After the primary router loses all uplink connectivity, it will trigger the backup router
to immediately transition to the master.

VRRP Overview
VRRP Interface Tracking
To monitor an interface and use VRRP tracking, use the following command:
track interface [priority-cost cost]
Cost Range: 1-254

Default: 10
INTERFACE -VRID
In this example, if the upstream connection to the Internet from R1 fails, then the
priority for R1 becomes: 200–150 = 50. This new priority results in R2 being elected
as the new master (as its priority is 100).
The lowered priority of the VRRP group may trigger an election, because the
Master/Backup VRRP routers are selected based on the VRRP priority of the
group. Tracking features ensure that the best VRRP router is the Master for that
group. The sum of all the costs of all the tracked interfaces should not exceed the
configured priority on the VRRP group. If the VRRP group is configured as Owner
router (priority 255), tracking for that group is disabled.

VRRP Configuration and Validation

VRRP – Configuration Overview

VRRP Configuration
The N-series VLAN interfaces are assigned IP addresses. The VRRP configuration
focuses on assigning the VLAN to the VRRP group.
Command Description
N1# configure enter configure mode
N1(config)# ip routing enable routing
N1(config)# ip vrrp enable VRRP
N1(config)# interface vlan 121 specify configuration on VLAN

121
N1(config-if-vlan121)# vrrp 1 specify VLAN 121 as VRID 1
N1(config-if-vlan121)# vrrp 1 specify Virtual router IP address

192.168.121.111
N1(config-if-vlan121)# vrrp 1 mode activate VRRP

N1(config-if-vlan121)# vrrp 1 Specify priority for Master

priority 150 election as 150 (Range 1–254).

VRRP Verification
To verify the VRRP configuration, run the show vrrp command. The output
shows that the administrative state of the router is Master, the configured priority is
150, and VLAN group membership is VLAN 121.

VRRP Interface Tracking Configuration
The tracked interface command is linked to the VLAN interface with the
decrement option. The priority is set to 150. If the tracked interface loses
connectivity, it decrements the priority by 110. (150 - 110 = 40 If the backup router
has a higher priority than the current Master. The backup now assumes the Master
role.

VRRP Configuration Options – Disable Preempt
You can disable preemption for a VRRP group member. If you disable preemption,
a higher-priority backup router does not take over for a lower-priority master router.
 The preempt command is enabled by default. If another router with a higher

priority comes online, it forces the system to change the MASTER router.
 To prevent the BACKUP router with the higher priority from becoming the
MASTER router, issue the command no preempt.
 As preemption can cause a temporary network disruption, the no preempt
option is available.
 All virtual routers in the VRRP group must be configured the same: All
configured with preempt enabled or configured with no preempt.
 When preempt is enabled, it does not display in the show commands, because
it is a default setting.

VRRP Advertisement Interval
By default, the MASTER router transmits a VRRP advertisement to all members of

the VRRP group every second. This advertisement indicates that the router is
operational and it is the MASTER router. If the VRRP group misses three
consecutive advertisements (keepalives), the election process begins and the
BACKUP virtual router with the highest priority transitions to MASTER. Increase the
VRRP advertisement interval to a value higher than the default value of 1 second,
to avoid throttling VRRP advertisement packets.
If you do change the time interval between VRRP advertisements on one router,
you must change it on all participating routers.

Configure VRRP Authentication
Virtual router group number for which authentication is being configured. The group
number is configured with the vrrp ip command.

Module Summary
Module Summary

Review Questions: Virtual Router Redundancy Protocol - VRRP
Review Questions: Virtual Router Redundancy Protocol

- VRRP
1. What is the benefit of VRRP?
2. What determines which router is the Master in a VRRP group?
3. What are two failure scenarios that trigger an election to a new Master
Gateway?
4. How does Interface Tracking trigger a new Master Election?

Lab: Virtual Router Redundancy Protocol


VoIP and QoS
Introduction
This module covers Voice over IP (VoIP) in a Dell EMC networking environment.
The technology and concepts that enable voice traffic on the campus network are
introduced. Switch requirements, Quality of Service (QoS), use cases,
configuration, and validation steps are also covered.

 Describe the basic operation of VoIP
 Identify the configuration requirements to support VoIP devices
 Explain the process of an IP Phone obtaining its configuration
 Identify the N-Series predefined VoIP policy
 Configure quality of service for voice traffic

VoIP Overview
VoIP Overview
Introduction
This lesson introduces VoIP and compares it to a traditional campus phone system.
Common telephony components are introduced, and terminology is defined.

 Traditional campus phone system with PBX
 Campus phone system using VoIP
 IP phone technology

VoIP Overview
Traditional Campus Phone System with PBX
PBX systems are at the core of circuit-switched telephone networks. These

networks require dedicated point-to-point connections for the entire duration of a
phone call. Circuit-switched networks were first designed in 1878, with human
operators providing the circuit-switching function by physically plugging in cables to
complete end-to-end connections. As technology improved, automated switching
equipment replaced human operators. Circuit-switched networks have good voice
quality and low latency. However, they are more expensive and less efficient than
modern packet-switched networks.
Explanation of terms:
 PBX—Private Branch Exchange
This hardware is required at every site. PBX systems are at the core of circuit
switched telephone systems. In circuit switched systems, resources are
dedicated to individual phone calls. Dedicated resources result in good audio
quality, but is less efficient, and more expensive than packet-switched networks,
such as VoIP.
 PSTN—Public Service Telephone Network
Telephone service from a provider like AT&T, or Quest in the U.S., and other
telecommunication companies throughout the world.
 ACD—Automatic Call Distribution system

VoIP Overview
A system that automatically distributes calls to a specific group of phones within

an organization. For example, when calling a phone number to obtain product
help, the ACD routes the call to the next available service representative.
 IVR—Interactive Voice Response system
Technology that enables a computer to interact with a human by using voice
and tones from the phone keypad.
 Call Recorder
A system that provides call recording technology.
 T1
A T1 is a digital line that is provided in the USA. T1 includes 23 voice channels

and one delta channel for setting up and taking down calls, and providing caller
ID, and other services. E1 is a similar technology that is offered outside of the
USA. E1 has 31 voice channels and 1 delta channel.

VoIP Overview
Campus Phone System Using VoIP
The LAN is at the center of a packet-switched VoIP network. With packet-switching,

dedicated point-to-point connections are not needed for each call. Packet-switching
leads to lower cost and higher efficiencies for phone networks. However
administrators must configure the network with quality assurance guarantees to
ensure that network latency is kept low.
Features for VoIP phone systems:

 The corporate LAN must be reliable, secure, have QoS guarantees, and provide
power for handsets.
 Standard phone systems have an average latency of 45 ms. That means that
when a person begins speaking, it takes an average of 45 ms until the listener
hears the voice. VoIP networks should have latency of no greater than 100 ms.
 The VoIP server includes the Call Manager—CM, voicemail, call recorder, ACD,
and IVR functions.
Explanation of terms:
 SIP—Session Initiation Protocol—used for voice and video in a unified
communications solution. A SIP trunk is provided over a public or private
Internet connection through a SIP provider.
 MPLS—Multi Protocol Label Switching—forward packets based on MPLS “tags”
instead of by IP addresses. This switching method enables forwarding one type

VoIP Overview
of traffic, such as voice, differently than other types of traffic. MPLS makes
virtual circuits possible.
 ITSP—Internet Telephony Service Provider—provides SIP trunk for external
VoIP traffic.
 POE—Power over Ethernet—IP telephone handsets require power. This power
is provided over the Ethernet cable. So VoIP capable network switches must
deliver power to attached handsets.
 UPS—Uninterruptible Power Supply—used to ensure continuous power to the
phone network when there is a building power outage.

VoIP Overview
IP Phone Technology
The IP phone includes an internal 3-port Layer 2 switch to go with the phone
hardware. The IP phone has two external connections. There is a network
connection that also provides power to the phone. There is also a place to plug in a
desktop or laptop.
The IP phone includes an internal L2 switch. The switch has three ports:
 A trunk port connects the phone to the L2 LAN switch. A trunk port carries traffic
for both the voice VLAN and the data VLAN
 Port for voice traffic to and from the internal phone hardware
 Port for data traffic between the phone and an attached desktop or laptop

Switch Requirements for VoIP
Introduction
Description: This lesson covers the network switch features that are necessary to
support VoIP in a campus environment.

 Separate VLANs for data and voice
 Switchport mode for data and voice
 QoS for VoIP implementations
 IEEE 802.1p and Differentiated Services Code Point—DSCP
 IP phone autoconfiguration
 Link Layer Discovery Protocol—LLDP
 LLDP Example
 Industry Standard Discovery Protocol—ISDP
 CDP/ISDP Considerations

Separate VLANs for Data and Voice
Voice data is transported through a VLAN that is separate from VLANs that carry
normal traffic. Devices such as IP phones and voice servers send packets for voice
traffic over the voice VLAN.
Considerations for VoIP traffic:

 Voice data is time sensitive.
 Packets of voice data need quality-of-service guarantees to provide reliable
voice calls in the presence of data traffic on the network. For this reason, QoS is
required for the voice VLAN.
 IP phones must be configured to know which VLAN is used for voice traffic.
 For N-Series switches, the best way to configure a VLAN for voice traffic is to
use the voice VLAN feature. Enabling the voice VLAN feature enables switch
ports to carry voice traffic with the required QoS priority settings.
The VoIP phone is configured to generate tagged packets for the voice VLAN. The
personal computer generates untagged packets. The untagged VLAN is the native
VLAN for the port.

Switchport Mode for Data and Voice
Ports on N-Series switches can be set to operate in one of three modes: access,
trunk, or general. Switch ports connected to IP phones should operate in general
mode. The switchport mode general command enables a port to support
multiple VLANs but not have to be configured as a trunk port.
 Switchport mode should be set to general mode to support both voice and data
VLANs on the same interface.
 A switch port set to general mode accepts both VLAN tagged traffic, for voice,
and untagged traffic from a personal computer attached to an IP phone.

QoS for VoIP Implementations
VoIP operates as one of many data streams on the network. To ensure that calls
have good quality, voice data packets must be prioritized and delivered in a timely
manner. Standard circuit-switched phone systems have an average latency of 45
ms. This latency is the delay between speaking into the phone, and hearing the
voice at the other end of the line. VoIP aims to have an average latency of 75 to
100 ms. Quality of Service—QoS settings ensure that voice data is prioritized in the
presence of other network traffic, to meet this latency target.
Providing QoS includes the following operations:

 Classification is used to identify the type of traffic entering an interface.
 Prioritization is used to give one class of traffic faster service that other traffic
classes.
 Marking is the way traffic on one network segment is tagged so that it is treated
the same way on another network segment. When marked traffic is passed to
upstream devices, it continues to receive the same priority service.
 Policing and shaping are the mechanisms that are used to control the
bandwidth for a specific traffic type.
The egress port is the port that transmits frames out of the switch. Each switch port
interface has a transmit buffer that is divided into several queues. Each queue is
configured with a scheduling policy to determine the order in which frames are
transmitted onto the network. Higher priority traffic is placed in high priority queues

that are serviced before other queues.
How do other networks know if a packet of voice data should be prioritized?

Answer: the packet is marked, as shown in the next slide.

IEEE 802.1p and DSCP
Voice traffic on the network is marked at either the Data Link Layer—Layer 2, or at
the network layer—Layer 3. Ethernet operates at Layer 2. IEEE defines 802.1p,
sometimes called dot-one-p, which is a standard for marking CoS for Ethernet. It is
used at the Data Link Layer. IP, at the network layer, uses Differentiated Services
Code Point—DSCP to mark traffic for CoS.
Two common ways to mark voice traffic on a network are:

 IEEE 802.1p - This standard specifies a 3-bit Class-of-Service—CoS field in
the 802.11q VLAN Tag in the header of an Ethernet data frame.
 000 (0 decimal) = routine or best effort
 101 (5 decimal) = Critical – used for voice
 DSCP - This standard is also called diffserv for Differentiated Services Code
Point. DSCP is an alternative to 802.1p and is the most common way of
marking voice traffic.
 DSCP marking uses 6 bits of the 8-bit Type of Service—ToS field in the IP
header. DSCP provides up to 64 classes, or code points, for traffic.
 Voice uses the DSCP value of 10 1110 (46 decimal) – which means High
Priority, Expedited Forwarding—EF.

Dell Networking N-Series switches can be configured to trust the DSCP marking of
incoming packets. DSCP is used to apply a scheduling policy to ensure priority for
voice traffic.

Layer 2 QoS Classification
Layer 2 Ethernet header - 802.1Q tag fields:

 16-bit Type field: 0x8100 means that 802.1q tag is used.
 3-bit Priority field: Defines CoS 0 through 7 as indicated in the slide. The default
priority is zero, which means best effort priority. CoS=5 is used for VoIP traffic.
 DE = Discard Eligible - During high traffic conditions, frames with DE=1 are
candidates for being discarded before frames with DE=0.
 VLAN ID is a 12-bit field identifying the VLAN the frame belongs to.

Layer 3 QoS Classification
The IPv4 header has a 1-byte Type of Service (ToS) field as shown. The first 3 bits
are called IP Precedence and can be mapped to CoS values.
To enable more granularity, the DiffServ model uses the first 6 bits. This byte is
now called the Differentiated Services field.

Layer 3 QoS DSCP Fields
This table lists the drop precedence for the various DSCP values.
Class selector names:

 Class 0—Best effort
 Class 1 through 4—Assured Forwarding (AF)
 Class 5—Expedited Forwarding (EF)—very unlikely to be dropped—used for
voice traffic
 Classes 6 and 7—network control traffic such as routing protocols, STP, and so
forth
For each class, the Drop Precedence value gives further control on which packets
to drop. Higher Drop Precedence means more likely to be dropped.

IP Phone AutoConfiguration
IP phones throughout the network must be configured so they are using the same
VLAN and the same DSCP and 802.1p values. Manually configuring phones can
be labor-intensive. Switches can be configured to automatically send configuration
information to each attached phone.
Configuration information is sent using one of the following protocols:

 Link Layer Discovery Protocol—LLDP
 Industry Standard Discovery Protocol —ISDP
 Cisco Discovery Protocol—CDP
 CDP is a Cisco proprietary protocol. Cisco phones that request CDP can be
configured using ISDP, which is an open protocol that is compatible with
CDP.
 N-Series switches use ISDP to communicate with Cisco phones.

Link Layer Discovery Protocol—LLDP
LLDP-MED for Media Endpoint Devices is an extension to LLDP. LLDP-MED

operates between endpoint devices such as IP phones and network devices such
as switches. LLDP-MED passes the voice VLAN ID and the QoS marking
information to IP phones attached to network switches. It supports VoIP
applications and provides TLVs for capabilities discovery, network policy, Power
over Ethernet (PoE), and inventory management.
Using LLDP-MED TLV and a feature that is known as “Voice VLAN” switches can
pass the following configuration information to phones:
 VLAN ID used for voice traffic
 802.1p or DSCP marking values for voice traffic
Phones that are compatible with the LLDP-MED TLV reconfigure their settings to
match those settings received from the switch.
LLDP-MED is an extension of LLDP. So LLDP frames may contain LLDP-MED TLV

values. By default, the switch only sends LLDP packets until it receives LLDP-MED
packets from the end device. After receiving LLDP-MED packets, the switch sends
LLDP-MED TLVs as well. When the LLDP-MED entry has been aged out, it sends
LLDP packets again.

LLDP Example
This screen image shows a Wireshark capture of an LLDP TLV from the switch to
each handset. When the voice VLAN is enabled and added to an interface, the
switch port automatically begins transmitting LLDP-MED TLV “network policy.”
The following settings are shown in the example:

 Tag voice traffic
 VLAN ID 10 for voice traffic
 Not using 802.1p CoS marking for Layer 2 traffic - 000 = best effort
 Mark voice traffic with DSCP value 101 110 = 46 decimal. The value 46 means
High Priority Expedited Forwarding. The equivalent IP Precedence Value is 101
= Critical. DSCP=46 is the normal marking value that is used for Voice RTP
traffic.
RTP is Real-Time Transport Protocol, a network protocol for delivering audio and
video over IP networks. RTP is used for streaming media such as telephony, video
teleconference applications, and so forth.

Industry Standard Discovery Protocol—ISDP
Industry Standard Discovery Protocol—ISDP is a proprietary Layer 2 network

protocol. It interoperates with Cisco network equipment and is used to share
information between neighboring devices. Dell EMC Networking switches
participate in the ISDP protocol. These switches can both discover and be
discovered by devices that support CDP, including IP phones. ISDP is based on
CDP, which is a precursor to LLDP.
Some Cisco phones may only have the ability to learn configuration through CDP.
 DNOS 6 implements ISDP, a CDP compatible protocol
 ISDP can transmit configuration information to CDP phones:
 VLAN ID used for voice traffic

 802.1p or DSCP values for voice traffic

CDP/ISDP Considerations
There are occasional support issues with using CDP. For this reason, if given a
choice between LLDP and ISDP/CDP, use LLDP. LLDP is an industry standard
and is more reliable than ISDP/CDP.
 Cisco IP phones transmit CDP to discover the neighboring switch. They may
also support LLDP for discovery.
 Typically if a phone supports both LLDP and ISDP it is MORE reliable to use
LLDP.
 Occasionally once a Cisco phone receives CDP, it does not respond to or
attempt further LLDP discovery.
 Consider turning off ISDP on switch interfaces that are connected to phones
that support both LLDP and ISDP.

How to Configure VoIP on Dell EMC N-Series Switches
Introduction
Description: This lesson covers the N-Series switch default configuration, and CLI
commands that are used to configure the voice VLAN.

 N-Series switch default configuration
 The CLI commands used to globally enable and create a voice VLAN, add it to
an interface, and configure DSCP trust.
 The CLI commands used to disable 802.1p authentication, add voice and data
VLANs to an interface, and change the hardware queue which processes voice
traffic.

N-Series Switch Default Configuration
N-Series switches have a default configuration that should be modified to carry

voice traffic.
 Voice VLAN
 Create both voice and data VLANs. Enable the voice VLAN. Add the voice
and data VLANs to the switch interfaces that carry that traffic.
 LLDP settings
 LLDP is enabled by default. But to have LLDP fully share all VoIP related
parameters, set the following per interface:
o lldp transmit-tlv port-desc sys-name sys-desc sys-cap
lldp transmit-mgmt
lldp notification
lldp med confignotification
 Switchport mode
 Set switchport mode to general to enable hybrid mode.
Configuration Default setting

parameter
VLAN All switchport interfaces belong to the native VLAN, VLAN 01.

Voice VLAN The Voice VLAN is not enabled. Once enabled it provides high
priority for voice traffic using a DSCP value of 46.
ISDP Enabled by default
LLDP Enabled by default. However the settings Transmit Management

Information and Notification Mode are disabled. They should be
enabled if using LLDP instead of ISDP.
LLDP-MED Config notification mode is disabled. LLDP-MED should be

enabled if using LLDP instead of ISDP.
Switchport Switchport mode is set by default to access mode. Any switch

mode interfaces that connect to a phone should be set to switchport
general mode. This mode supports both tagged voice traffic and
untagged traffic for a personal computer that is attached to the IP
phone.

Voice VLAN Configuration
Shown are example commands that are used to enable and configure the voice
VLAN using DNOS 6.5.2. Note that some of the commands are different in earlier
versions of DNOS.
 Create VLAN 10 for data, and VLAN 20 for voice, using the vlan commands.
 Use the switchport voice vlan command to globally enable the Voice
VLAN feature on the switch. Prior to DNOS 6.5.2, the voice vlan command
was used.
 The older voice vlan command was deprecated with DNOS 6.5.2.
 Enter the interface configuration mode with the interface command. The
interface range command may be used to configure a group of interfaces.
 The switchport mode general command enables the interface to service
both tagged voice traffic and untagged data traffic.
 The switchport general allowed VLAN command adds a VLAN to an
interface. The tagged parameter sets the interface to transmit tagged traffic for
a VLAN. The untagged parameter sets the interface to transmit untagged
traffic. Untagged is the default.
In this example, untagged data traffic defaults to VLAN 10, while voice traffic is
tagged with VLAN 20. This is configured with the commands shown:

 Dell(config-if)# switchport general pvid 10
 Dell(config-if)# switchport general allowed vlan add 10

untagged
 Dell(config-if)# switchport general allowed vlan add 20

tagged
Untagged data arriving on the switch is processed on the default or dynamically
assigned PVID of the port.

Voice VLAN Configuration Part 2
This slide shows more configuration commands.
 The voice VLAN authentication feature is optional. Administrators may disable

voice VLAN 802.1X authentication - unless phones are expected to
authenticate.
 Disable voice vlan 802.1X authentication with the command: switchport
voice vlan override-authentication, unless phones will
authenticate. Prior to DNOS 6.5.2 the command was voice vlan auth
disable
 In this example, Voice VLAN traffic is transmitted and received tagged on VLAN
20 using IEEE 802.1p user priority 5. Background traffic is carried on the default
VLAN. The 802.1p user priority 5 tagged packets are mapped onto internal CoS
queue 2. CoS queue 2 is additionally configured as strict priority to ensure that
the latency-sensitive voice traffic is transmitted first.
Configure the switch to tell the IP phone to use VLAN 20 for voice traffic, and to
tag the voice packets with 802.1p priority 5. The RADIUS server must also be
configured to identify the phone as a voice device and to send the Voice VLAN
in the RADIUS Access-Accept.
 N1(config-if)# switchport voice vlan 20
 N1(config-if)# switchport voice vlan dot1p 5

 Enable IEEE 802.1p trust mode for the Voice VLAN-tagged packets. The
802.1p priority in the tagged voice packets will be honored.
 N1(config-if)# switchport voice vlan priority extend 5
trust
 The minimum bandwidth setting on the CoS queues comes into effect only
when there is congestion. Configure internal CoS queue 2 as strict priority to
ensure that egressing voice traffic is transmitted first on this interface. This
reduces latency for transmitted voice traffic.
The last two commands that are shown in the example, manipulate the
processing of the switch hardware queues. These queues map to DSCP or
802.1p tags. CoS queue 2 is used for voice traffic. The min-bandwidth
parameter shows all of the CoS queues, and the minimum bandwidth for each if
there is congestion. In this example, queue 2 is set to have a minimum of 50%
of switch port bandwidth. Queues are numbered 0-7.

Verification of VoIP Configuration
Introduction
Description: This lesson introduces CLI commands that are used to confirm a voice
VLAN configuration.

 How to confirm that the Voice VLAN is enabled globally
 How to confirm VLAN switchport settings and hardware queues
 How to confirm hardware queue scheduler settings

Confirm Voice VLAN Globally Enabled
Use the show voice vlan command to verify that the voice VLAN is enabled
and that the correct settings are configured for the voice VLAN on the interface.
This slide shows how to:

 Confirm that the voice VLAN is globally enabled using the show voice vlan
command.
 Display the voice VLAN settings on an interface with the show voice vlan
interface command.
 In this example, the voice VLAN ID is 20.

 DSCP is most common protocol that is used for marking voice traffic. The
standard DSCP value for voice traffic is 46.
 The 802.1p priority marking protocol is a less common alternative to DSCP.
 Confirm voice VLAN ID # assignment per interface.

Confirm VLAN Switchport Settings and HW Queue
 Use the show interface switchport <interface> command to display

and confirm the current VLAN and switchport settings on an interface. In this
case, the data VLAN for untagged traffic is VLAN 10 and the voice VLAN is
VLAN 20.
 Use the show classofservice trust command to display the trust setting
for the switch. In this example, the switch trusts DSCP settings of connected IP
phones.
 Use the show classofservice ip-dscp command to display which
hardware queue is used for packets with DSCP setting = 46. In this case, it is
hardware queue 2.

Confirm HW Queue Scheduler Settings
The show interfaces cos-queue command displays the strict/weighted

scheduling and minimum bandwidth settings for each hardware queue.
 Use this command to confirm switch hardware queue scheduler settings.
 Confirm that the switch is either using strict scheduling or minimum

bandwidth settings. In this example, a minimum bandwidth of 50% is set for
queue 2, which is the hardware queue that is used for voice traffic.
There are two ways to manage the queues for an interface. Strict priority
scheduling or weighted priority scheduling. This example shows weighted priority
scheduling, with a minimum of 50% of the total interface bandwidth assigned to the
queue for VoIP traffic—queue 2.
 Strict priority queues are serviced first before any weighted queues. The highest
numbered queue sends data first, and then the next highest strict queue, until
all queues have been serviced.

 The weighted queue scheduler type selects packets for transmission, based on
weights that are assigned to each queue. The default weight for each queue is
equal to the Queue ID + 1. These weights are used to calculate the total
number of bytes, not packets that are transmitted. The transmit buffers of each
interface are composed of these queues.
 CoS hardware queue settings can be set globally, or per interface. If the show
command for all interfaces does not provide correct values, try a specific
interface.

Module Summary
Module Summary

Review Questions: VoIP and QoS
Review Questions: VoIP and QoS
1. For a good quality of service, what is the minimum latency for voice traffic?
2. What is the difference between switchport access mode and general mode?
3. What is LLDP-MED used for?
4. What command is used to enable the Voice VLAN feature on the switch?

Dynamic Host Configuration Protocol—DHCP
Introduction
This module reviews the functionality of DHCP and shows how to configure both
DHCP server and DHCP relay on Dell EMC N-Series networking switches.

 Describe the basic operation of DHCP
 Configure and verify DHCP server and relay on an N-Series switch
 Identify the options to secure DHCP from attacks

DHCP Overview
DHCP Overview
Introduction
This lesson reviews basic DHCP concepts for those persons configuring DHCP
features on Dell EMC campus networking switches.

 What is DHCP?
 DHCP client, server, and relay roles
 Information that the DHCP server distributes

DHCP Overview
What Is DHCP?
Dynamic Host Configuration Protocol—DHCP is used to centrally manage and

allocate IP addresses to hosts that are connected to a computer network. DHCP
saves administrators from the repetitive task of configuring each individual host
with IP network addresses. DHCP servers also pass along other network
configuration parameters, such as the addresses for DNS servers.

DHCP Overview
DHCP Client, Server, and Relay Roles
There are three different roles in the DHCP protocol:

 DHCP client
Devices act in the role of DHCP clients to automatically obtain a network IP
address from the DHCP server. Clients also obtain addresses of other network
devices from the DHCP server. These addresses include the address of the
network gateway, DNS servers, and SNTP servers.
 DHCP server
The DHCP server assigns network addresses and subnet masks to DHCP
clients. The DHCP server passes along other network information such as the
addresses for the default gateway, DNS servers, and SNTP servers. The DHCP
server manages pools of addresses. There is one pool for each subnet that
uses the services of the DHCP server. It leases addresses to clients for a
specific amount of time and renews the leases as needed. It can reclaim
expired leases that are no longer used and put them back in the unallocated
pool. Using a DHCP server enables an administrator to manage network
addresses from one centralized server.
 DHCP relay agent
The DHCP relay agent enables a DHCP server to assign addresses to clients
that are not located within its own directly connected broadcast domains. The
DHCP relay agent intercepts DHCP broadcast requests and sends the packet
to the DHCP server as unicast traffic. The DHCP relay agent reduces the

DHCP Overview
amount of broadcast traffic on the network. Packets that are received from the
DHCP server are relayed to the DHCP client. The DHCP relay agent is
configured using ip helper-address on L3 interfaces.

DHCP Overview
How DHCP Works
DHCP follows a standardized protocol to automatically distribute IP addresses.
The steps for a DHCP client to obtain an IP address from a DHCP server are as
follows:
1. DHCP client software requests an IP address lease in a discover message. The
discover message is broadcast to all possible DHCP servers.
2. All available DHCP servers respond with a unicast offer message.
3. Client accepts the first offer message that it receives, then broadcasts a request
message in response. The request message verifies the offered address.
4. DHCP server sends a unicast ACK frame to acknowledge that the address is
leased to the client.

DHCP Overview
Information Distributed Through DHCP Server
Dell EMC N-Series campus networking switches can be configured as DHCP

servers to serve IPv4 or IPv6 addresses to DHCP clients in the network. DHCP
servers may manage addresses for several subnets. An address pool is assigned
for each subnet.
Each address pool may be configured with the following information:

 Address pool subnet and mask
 Client domain name
 Client default router
 Client DNS server
 NetBIOS WINS Server
 Client address lease time
Administrators may also manually configure static IP address bindings for clients
using the host command in DHCP Pool Configuration mode. Static IP addresses
are most often used for DHCP clients for which the administrator wants to reserve
an IP address. For example, a computer server or a printer may need an address
that never changes. A DHCP pool can contain automatic or dynamic address
assignments or a single static address assignment.

DHCP Configuration
DHCP Configuration
Introduction
This lesson shows how to configure and verify the DHCP server feature on Dell
EMC N-Series switches

 Configuring DHCP server with a dynamic address pool
 Configuring DHCP server with static addresses
 Configuring a DHCP relay agent
 Verifying DHCP server IP address pools
 Verifying DHCP relay agent configuration
 Monitoring DHCP server statistics
 DHCP server verification

DHCP Configuration
Configuring DHCP Server Dynamic IPv4 Address Pool
This example demonstrates how to configure the switch that is labeled N2 as a

DHCP server.
Steps for configuring a DHCP server with a dynamic address pool:

1. Enable the local IPv4 DHCP server on the switch with the service dhcp
command. The no form of the command disables the service. Enable the local
IPv6 server on the switch with the service dhcpv6 command.
2. Configure the IP address pool that is assigned to clients. This example
demonstrated how to configure the Engineering pool in the diagram. Use the ip
dhcp pool command in Global Configuration mode to define a DHCP IPv4
address pool that can be used to supply addressing information to DHCP
clients. Upon successful completion, this command puts the user into DHCP
Pool Configuration mode. To remove an address pool definition, use the no
form of the command. Use the ipv6 dhcp pool command to define a DHCP
IPv6 address pool.
3. Configure the default gateway address for the DHCP server to provide to
clients. Use the default-router command in DHCP Pool Configuration
mode to set the IPv4 address of one or more routers for the DHCP client to use.
To remove the default router configuration, use the no form of the command.

DHCP Configuration
4. Configure the network addresses and subnet mask for the address pool. Use
the network command in IP DHCP Pool Configuration mode to define a pool of
IPv4 addresses for distributing to clients.
5. Use the domain-name command in IP DHCP Pool Configuration mode to set
the DNS domain name which is provided to a DHCP client by the DHCP server.
The DNS name is an alphanumeric string up to 255 characters in length. To
remove the domain name, use the no form of the command.
6. Use the dns-server Command in IP DHCP Pool Configuration mode to set
the IP DNS server address which is provided to a DHCP client by the DHCP
server.
7. Configure optional settings:
 Exclude IP addresses from the IP address pool - In this example, IP

addresses 192.168.10.2 through 192.168.10.30 are excluded from the
address pool. This command is typed at the config prompt, not in DHCP
Pool Configuration mode.
 Configure the IP address lease time with the lease command in DHCP
Pool Configuration mode.

DHCP Configuration
Configuring DHCP Server with Static Addresses
This example displays the differences between configuring static address pools
and dynamic address pools.
The major differences from the example on the previous slide are:
 Use the hardware-address command in DHCP Pool Configuration mode to
specify the MAC address to attach to a manually assigned IP address. To
remove the MAC address assignment, use the no form of the command.
 Use the host command to specify a manual binding between an IP address
and the MAC address that is specified in the preceding hardware-address
command. To remove the manual binding, use the no form of the command.
In this example, the MAC address 00:50:56:92:12:bb is bound to IP address

192.168.12.19.

DHCP Configuration
Configuring DHCP Relay Agent
The DHCP relay agent role is configured using an IP helper address. These
examples demonstrate how to configure the IP helper address globally on each
switch acting in the role of a DHCP relay agent.
The IP helper address may also be configured on a specific L3 interface on the

switch. The following commands show how to define an IP helper address on a
specific L3 interface:
Command Explanation
Dell# conf Enter configuration mode.
Dell(conf)# interface vlan 20 Enter interface configuration mode.
Dell(conf-if-vl-20)# ip address Set the interface to L3 mode with an

192.168.20.1 /24 IP address and enable the interface.
Dell(conf-if-vl-20)# no shutdown
Dell(conf-if-vl-20)# ip helper- Specify the IP address of the DHCP

address 192.168.2.1 server.

DHCP Configuration
Verifying DHCP Address Pools
Use the show ip dhcp pool all command to view the information for each of
the address pools on the switch with the DHCP server enabled.
This example shows two address pools:

 Pool: CEO
 MAC address 0050.5692.12BB is statically mapped to host IP address
192.168.12.19
 Lease expires and must be renewed every 24 hours
 DNS server address is 192.168.77.1
 Default router is at 192.168.1.41
 Domain name is ceo.dell.com
 Pool: Engineering
 Dynamic address pool for the 192.168.10.0 network

 Leases for all addresses expire and must be renewed after 24 hours
 DNS server address is 192.168.77.1
 Default router is at 192.168.1.37
 Domain name is engineering.dell.com

DHCP Configuration
Verifying DHCP Relay Agent Configuration
Use the show ip interface vlan command to see if an IP helper address has
been configured for DHCP.
This example displays the information for switch N3. The IP interface for VLAN 109
has a helper address of 192.168.1.41 defined.

DHCP Configuration
Monitoring DHCP Server Statistics
Use the show ip dhcp server statistics command to monitor the

operation of the DHCP server on a switch.

DHCP Configuration
DHCP Server Verification
The commands that are shown are used to verify additional information for the
DHCP server configuration on a switch.
 Use the show ip dhcp global configuration command to verify that

the DHCP server is enabled.
 The show IP dhcp binding command is used to see which IP addresses
are bound to host MAC addresses, and when the leases expire.
 Use the show ip dhcp conflict command to detect IP network address
conflicts. A conflict could occur if a user manually configures a host with an IP
address that has already been assigned through a DHCP server.

Securing DHCP
Securing DHCP
Introduction
This lesson covers the DHCP snooping feature and how it is used to enhance
network security.

 DHCP snooping feature
 DHCP snooping commands

Securing DHCP
DHCP Snooping Feature
DHCP Snooping is a security feature that monitors DHCP messages between a

DHCP client and DHCP server. It filters harmful DHCP messages and builds a
bindings database of MAC addresses, IP addresses, VLAN IDs, and port IDs that
are authorized. DHCP snooping can be enabled globally and on specific VLANs.
For example, suppose that a malicious DHCP client is plugged into the network. It
could try to send a DHCP Release message for an authorized DHCP client in an
attempt to steal the identity. The DHCP snooping feature compares the DHCP
release message to the DHCP snooping database and see that the MAC address
and port do not match. So, the DHCP server logs the event and drops the
malicious DHCP release message.
The DHCP snooping feature is used for untrusted interfaces.

Securing DHCP
DHCP Snooping Commands
The table shows commands to implement the DHCP snooping feature on a switch
with a DHCP server enabled.
Default DHCP snooping values:
Parameter Default value
DHCP snooping mode Disabled
DHCP snooping VLAN mode Disabled on all VLANs
Interface trust state Disabled - untrusted
DHCP logging invalid packets Disabled

Securing DHCP
Verify DHCP Snooping Global Configuration
Use the show ip dhcp snooping command to display the DHCP snooping
global configuration.

Securing DHCP
Verify DHCP Snooping Binding
Use the show ip dhcp snooping binding command to display the DHCP
snooping binding entries.

Module Summary
Module Summary

Review Questions: Dynamic Host Configuration Protocol—DHCP
Review Questions: Dynamic Host Configuration

Protocol—DHCP
1. What are the three roles of the DHCP protocol?
2. How can a DHCP Server on one network supply addresses to a different

network?
3. What security feature monitors DHCP messages between a DHCP client and
DHCP server?

Lab: Dynamic Host Configuration Protocol—DHCP


IPv6
Introduction
This module is an overview of the basic addressing of IPv6.
Upon completing this module, you are able to:

 Define IPv6 address types
 Define EUI64
 Define ipv6 auto-configuration

IPv6 Overview
IPv6 Overview
Introduction

 Describe IPv6 characteristics.
 Describe the differences between IPv4 and IPv6.
 Configure DNOS 6 and for IPv6 supported devices.

IPv6 Overview
IPv6 Review – What is Internet Protocol Version 6?
IPv6 addresses the main problem of IPv4, that is, the exhaustion of addresses to
connect computers or host in a packet-switched network. IPv6 has a very large
address space and consists of 128 bits as compared to 32 bits in IPv4.
IPv6 uses 128 binary bits to create a single unique address on the network. An
IPv6 address is expressed by eight groups of hexadecimal numbers separated by
colons. Therefore, it is now possible to support 2^128 unique IP addresses, a
substantial increase in number of computers that can be addressed with the help of
IPv6 addressing scheme. This theoretically allows for as many as
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. In addition,
this addressing scheme will also eliminate the need of network address translation
(NAT) that causes several networking problems (such as hiding multiple hosts
behind a pool of IP addresses) in end-to-end nature of the internet.
ICMPv6 carries out the tasks of conveying multicast group membership

information, a function that was previously performed by the IGMP protocol in IPv4
and address resolution, previously performed by ARP.

IPv6 Overview
Example IPv6 Address
The IPv6 address model is specified in RFC 4291 IP Version 6 Addressing

Architecture. IPv6 uses a 128-bit address instead of the 32-bit address of IPv4.
Even when used with the same efficiency as today's IPv4 address space, that still
allows for 50,000 addresses per square meter of land on Earth.
The IPv6 address provides flexibility and scalability:

 It allows multilevel subnetting and allocation from a global backbone to an
individual subnet within an organization.
 It improves multicast scalability and efficiency through scope constraints.
 It adds a new address for server node clusters, where one server can respond
to a request to a group of nodes.
IPv6 addresses are represented in the form of eight hexadecimal numbers divided
by colons as in the following:
2001:cdba:0000:0000:0000:0000:3257:9652
To shorten the notation of addresses, leading zeroes in any of the groups can be
omitted, for example:
2001:cdba:0:0:0:0:3257:9652

IPv6 Overview
Finally, a group of all zeroes, or consecutive groups of all zeroes, can be

substituted by a double colon, for example:
2001:cdba::3257:9652
However, the double colon shortcut can be used only once in the notation of an
IPv6 address. If there are more groups of all zeroes that are not consecutive, only
one can be substituted by the double colon; the others have to be noted as 0.
The IPv6 address space is organized using format prefixes, similar to telephone
country and area codes that logically divide it in the form of a tree so that a route
from one network to another can easily be found.

IPv6 Overview
IPv6 Packet and Headers
An Internet Protocol version 6 (IPv6) data packet comprises of two main parts: the
header and the payload. The first 40 bytes/octets (40×8 = 320 bits) of an IPv6
packet comprise of the header (see Figure 1) that contains the following fields:
 Version/IP version – The 4-bit version field serves the same purpose as in
IPv4. It indicates the version of the IP protocol. For IPv6 packets, it is set to the
value of 6.
 Packet priority/Traffic class (8 bits) – The 8-bit Priority field is used by the
originating node and the routers to identify the data packets. The data packets
belong to the same traffic class and distinguish between packets with different
priorities.
 Flow Label/QoS management – The 20-bit flow label field can be used by a
source to label a set of packets belonging to the same flow. A flow is uniquely
identified by the combination of the source address and of a nonzero Flow label.
Multiple flows may exist from a source to a destination and traffic that is not
associated with any flow (Flow label = 0). The IPv6 routers must handle the
packets belonging to the same flow in a similar fashion. One example of a flow
would be a Voice over IP, or VoIP, conversation.
 Payload length – The 16-bit payload length field contains the length of the data
field in octets/bits following the IPv6 packet header. It puts an upper limit on the

IPv6 Overview
maximum packet payload to 64 KB. In case a higher packet payload is required,

a Jumbo payload extension header is provided in the IPv6 protocol. A Jumbo
payload, or Jumbogram, is indicated by the value zero in the Payload Length
field. Jumbograms are frequently used in supercomputer communication using
the IPv6 protocol to transmit heavy data payload.
 Next Header – The 8-bit Next Header field identifies the type of header
immediately following the IPv6 header. The Next header is at the beginning of
the data field (payload) of the IPv6 packet. This field usually specifies the
transport layer protocol that is used by a packet’s payload. The two most
common kinds of Next Headers are TCP (6) and UDP (17), but many other
headers are also possible. The format that is adopted for this field is the one
proposed for IPv4 by RFC 1700. In IPv6 protocol, the Next Header field is
similar to the IPv4 Protocol field.
 Hop Limit – The 8-bit Hop Limit field is decremented by one, by each node
(typically a router) that forwards a packet. If the Hop Limit field is decremented
to zero, the packet is discarded. The main function of this field is to identify and
to discard packets that are stuck in an indefinite loop due to any routing
information errors. The 8-bit field also puts an upper limit on the maximum
number of links between two IPv6 nodes. In this way, an IPv6 data packet is
enabled a maximum of 255 hops before it is eventually discarded. An IPv6 data
packet can pass through a maximum of 254 routers before being discarded.
 Source Address – The Source Address field indicates the IPv6 address of the
originating host. The size of this field is 128 bits.
 Destination Address – The Destination Address field indicates the IPv6
address of the current destination node. The size of this field is 128 bits.

IPv6 Overview
Addresses Used with IPv6
There are three categories of IPv6 addresses - unicast, multicast, and anycast.
IPv6 does not use broadcasts, as the multicast type can perform its task.
 A unicast address acts as an identifier for a single interface. An IPv6 packet
sent to a unicast address is delivered to the interface identified by that address.
 A multicast address acts as an identifier for a group of interfaces that may
belong to the different nodes. An IPv6 packet delivered to a multicast address is
delivered to the multiple interfaces. For example, a streaming video session
could be sent to a multicast address, and any interface with that address would
receive it.
 An anycast address acts as an identifier for a set of interfaces that may belong
to the different nodes. Unlike a multicast address, an IPv6 packet that is
destined for an anycast address is delivered to the nearest interfaces that is
identified by the address and by the routers' routing protocol.

IPv6 Overview
IPv6 Address Scopes
The "scope" of an address defines the topological span—the boundaries within

which the address can be used. For unicast and anycast addresses (which have
the same scope properties as unicast addresses), there are three different scopes:
 Link local scope is limited to a span of a single link only. Link local addresses
are useful for such things as auto-configuration and neighbor discovery.
 Unique local addresses (ULAs) have replaced "site-local" addresses (which
you will still see referenced in earlier documentation on IPv6). With these
addresses, the scope is the organization and is used for private site
addressing—much like RFC 1918 addresses are used for private addressing
with IPv4.
 Global scope provides for unique, public addresses assigned to interfaces with
the scope being the entire internet.
Multicast addresses have 14 different possible scopes for a wide variety of

definitions of address boundaries. A detailed discussion of all 14 multicast scopes
is beyond the scope of this training. For multicast addresses, the scope is built into
the address structure itself. RFC 4007 – IPv6 Scoped Address Architecture –
specifies the usage of different IPv6 scopes.

IPv6 Overview
Link Local Scope
Link-local addresses are used by nodes when communicating with neighboring

nodes on the same link. For example, on a single link IPv6 network with no router,
link-local addresses are used to communicate between hosts on the link. Link-local
addresses are equivalent to Automatic Private IP Addressing (APIPA) IPv4
addresses using the 169.254.0.0/16 prefix.
Link-local addresses are identified by the Format Prefix of 1111 1110 10. The
address always begins with FE80. With the 64-bit interface identifier, the prefix for
link-local addresses is always FE80::/64.

IPv6 Overview
Unique Local Scope
Unique Local IPv6 Unicast Addresses or ULAs are also called Local IPv6
addresses. These addresses replaced the Site-Local IPv6 addresses that are being
deprecated. They are routable inside a site or between a limited number of sites,
but are not expected to be routable on the global internet. A ULA is globally unique,
thus avoiding intersite address collisions. The ULA is intended for local IPv6
communications, for instance for stable internal communication during
renumbering.

IPv6 Overview
IPv6 Address Scopes – Global Address
Aggregatable global unicast addresses, also known as global addresses, are

identified by the Format Prefix of 001. The address will begin with 2xxx:: or 3xxx::.
Addresses of this type are designed to be aggregated or summarized to produce

an efficient routing infrastructure. They are equivalent to public IPv4 addresses.
Unlike the current IPv4-based Internet, which has a mixture of both flat and
hierarchical routing, the IPv6-based Internet has been designed from its foundation
to support efficient, hierarchical addressing and routing.
Aggregatable global unicast addresses are globally routable and reachable on the
IPv6 portion of the internet.

IPv6 Overview
IPv6 Review – ICMPv6 Message Types
There are two classes of ICMPv6 messages. Error messages have a type from 0 to
127. Informational messages have a type from 128 to 255.
An ICMPv6 message "Packet Too Big" is sent when the packet cannot be
forwarded because the link MTU on the forwarding link is smaller than the size of
the IPv6 packet. In the "Packet Too Big" message, the type field is set to two and
the code field is set to zero. After the checksum field is the 32-bit MTU field that
stores the link MTU for the link on which the packet is being forwarded.

IPv6 Overview
IPv6 Prefix Notation
The IPv6 global address example shown has 64 bits for the network portion and 64
bits for the Interface identifier or host address.

IPv6 Implementation
IPv6 Implementation
Introduction

IPv6 Implementation
IPv6 Addressing Configuration, DNOS 6
On the N-series, similarly start by enabling IPv6 unicast routing with the "ipv6
unicast-routing" command, and then configure the VLAN interfaces with the
appropriate IPv6 address as indicated above. Ensure the physical port is assigned
to the proper VLAN prior.

IPv6 Implementation
invt IPv6 Connectivity Verification
Use ping to verify connectivity on both switches.

IPv6 Implementation
Review Questions
Answers: See below explanations.
Explanation:
1. 128 bits
2. 340 undecillion whereas IPv4 had 4.3 billion
3. Hexadecimal provided more flexibility with the addition of ABCDEF beside
number 0-9
4. Unicast, Multicast, and Anycast
5. Link Local, Unique Local, and Global Address.

Module Summary
Module Summary

Review Questions: IPv6
Review Questions: IPv6
1. How many bits does an IPv6 address have compared with an IPv4 address?
2. How many possible addresses are there with IPv6 compared with IPv4?
3. Why is hexadecimal numbering used with IPv6 but not with IPv4?
4. What are the different address types used with IPv6?
5. What are the different address scopes with IPv6?

Lab: IPv6
Lab: IPv6

Lab: IPv6
Lab: IPv6

Power over Ethernet
Introduction
This module covers Power over Ethernet in a Dell EMC networking environment.
The technology and concepts that enable Ethernet switches to supply electrical
operating power over standard Ethernet cabling to specific device types is
introduced. PoE standards, switch requirements, use cases, configuration,
validation, and troubleshooting steps are also covered.

 Describe PoE and its use in the efficient installation and deployment of
certain types of network end devices.
 Explain how PoE operates and is deployed and configured in the switches
and network cabling infrastructure
 Configure and validate PoE operation in Dell EMC N-Series switches.
 Perform basic PoE troubleshooting in Dell EMC N-Series networks.

Power Over Ethernet Overview
Introduction
This lesson introduces power over Ethernet (PoE) and how it is used to provide
electrical power to network end devices.

 What PoE is and its benefits
 Types of network end devices such as wireless access points and IP telephony
and surveillance systems that use PoE
 How PoE uses standard LAN cabling systems to deliver electrical power
devices over network cabling
 PoE operational and cabling specifications including the various PoE standards
are covered along with how they work to deliver network connectivity and power
to end devices

Supplying Electrical Power to End Devices
Introduction
From enterprise storage arrays to the single IP telephone on a desk, all network
end devices need electrical power to operate. As each end device is installed, a
separate power outlet with enough electrical capacity for that device must be
provided. Further, it must be installed close enough to the device so the power
cable can be plugged in.
Running an electrical branch circuit to provide power close to each new end device
is an expensive proposition. Sometimes, because of location limitations, it is cost
prohibitive to install a branch circuit for each device requiring power. The problem
is exacerbated as more devices are added to a network. Adding to the problems is
when the number of devices increase and are also geographically dispersed.
Power over Ethernet - PoE - is a convenient and cost-effective way to supply

electrical power to a device without using a separate electrical circuit. PoE
transmits electrical operating power over the same Ethernet cable that is used to
connect a device to the network.
All IT devices need electrical power to operate. Electrical supply force is measured
in volts and the amount is measured in amperes, or AMPs. The combined voltage
and power consumption requirements of an electrical device is measured in watts.


Traditional Power Distribution
Traditional street-to-device power distribution was adequate for many years, and
usually it is still adequate today. However, changes in modern IT device use and
deployment have increased the number of end devices that are connected to a
network. Exacerbating the problem is that many of these devices are being placed
at many different sites and other locations. Devices such as IP telephones and
surveillance equipment are at the top of the list of new devices being added to

networks all the time. Each of these devices needs electrical power. Most are low-
power devices that require an extra device that is called a transformer. This method
for powering devices leads to complicated and costly power distribution, wiring, and
power outlet placement schemes.

Power Over Ethernet Augments Traditional Power Distribution
 Low-power device deployment is the primary target for PoE solutions.

 IP telephones and surveillance equipment are among the best candidates
because many are deployed in locations that do not have power outlets.
 Other candidates include wireless access points and the growing list of low-
power, intelligent, and IoT (Internet of Things) devices.

Instructor Note: Important Points to Cover

 Compare and contrast low-power vs. high-power devices
and give examples of each (such as laptops, desktops,
servers, enterprise storage arrays, etc.).
 Define how each type is cabled power through standard
outlets or specialized connector or through power adapters.
 Explain PoE Benefits: Time and cost savings - by reducing
the time and expense of having many electrical power
circuits installed. Network cables do not require a qualified
electrician to run and connect them and there are few
location limitations. Flexibility - without being tethered to an
electrical outlet, devices such as IP phones and cameras
and wireless access points can be located wherever they
are needed. They can more easily be repositioned as
required. Scalability - having power available on the network
means that installation and distribution of smaller and more
prolific network end devices is simple and effective.

Transmitting Electrical Power Through Ethernet Cables
 Review Ethernet cables and RJ45 connector construct to carry Ethernet signals.
 The illustration shows each RJ45 connector oriented the same way for clarity.
Normally when bent in a "U" shape the connectors shows wire numbering
opposite of each other.
 PoE cable length limits do not affect nor change Ethernet maximum distance
specifications.
 Explain that wattage is a measurement of electrical work. Explain that volts
measure electrical pressure and AMPs measure electrical flow rate. Explain that
[Wattage = Volts X AMPs].
Standard eight-wire cables that are used for Base 10/100 Ethernet do not use all of
the wire pairs. Wires that are connected to pins 4,5 and 7,8 of a cable are not used.
In this case, PoE takes advantage of the unused wire pairs to supply electrical
power to PoE devices. Gigabit Ethernet uses all four wire pairs in a cable. Since

there are no unused cables, PoE supplies power over two of the data wire pairs.
PoE supplies voltage over the cable in the range of 44V-57V DC, at maximum
current draw of 350 mA. Two wires for each of the positive and negative poles of
the DC circuit are used. This design is used because a single wire in the cable is
too thin to carry the full electrical load.

Phantom Power Transmission
Gigabit Ethernet uses all four cable wire pairs to carry data signals. In such cases,
electrical power is transmitted over signal wires using the phantom power
transmission technique. Because electricity and data signals flow through wire at
opposite ends of the frequency spectrum, they can travel over the same cable
without interference. Alternating Current electricity has a low frequency of 60 Hz or
less. PoE uses Direct Current that technically has no alternations at all. Data
transmission signals have frequencies that can range from 10 Mhz to 100 MHz.
Which power transmission scheme PoE uses is transparent to network
administrators and users. PoE Powered Devices are designed to accept power
across the cable in either format.

PoE IEEE Standard
As with most networking protocols, PoE also has IEEE standards that govern
engineering and use characteristics. IEEE 802.3af defines and governs standard
PoE characteristics.

 Note these points about the connect/disconnect protocol
(4th bullet point):
1. Detects device that needs power.

2. Determines power that is needed.
3. Decides when to turn on power.
4. Detects device disconnect (AC and DC disconnect.)
5. Determines when to remove power.
6. Uses an OSI physical layer mechanism for Power Sourcing
Equipment to characterize power demands of an individual
end device at the port.

PoE+ IEEE Standard
PoE+ enhances the IEEE 802.3af specification. Its specific purpose to provide
more power capability to end devices. PoE+ adheres to all other functional
specifications of the 802.3af standard.

How Does PoE Work?
Upon connection, the switch first transmits a lower voltage signal to detect a
special PoE capability signature in PoE-compatible devices. When the signature is
detected, the switch knows that standard PoE voltages can be safely applied to
power the end device. Power over Ethernet is injected onto the cable at a voltage
of 44 VDC to 57 VDC, and typically 48 V is used. Smaller devices could use 5 VDC
through 12 VDC to operate. However, the high voltage that is used in PoE enables
more efficient power transfer along the cable. Voltage at the PoE standard level is
also considered safe in cases where there is exposed wiring, or a short circuit
condition.
Although the voltage is safe for users, it can still damage equipment that has not
been designed to use PoE. Before a PoE switch can enable operating power to
LAN connected equipment, it first performs the signature detection process.

PoE Power Classification
Power classification follows the signature detection stage. After the end device
returns a classification signature, it may send optional power classification
information. The power classification informs the switch about power requirements.
All switches have a limited total power budget. They can use power classification
information to allocate power across all connected PoE devices. In many PoE
source devices, the final power delivery is determined using the Link Layer
Discovery Protocol-Media Endpoint Discovery - LLDP-MED - negotiation. LLDP-
MED is a standard that facilitates function information sharing between end devices
and network infrastructure devices such as Ethernet switches. Using LLDP-MED
enables for refinement or fine-tuning of the power limit.

High-Power PoE
The newer PoE+ is an extension to standard PoE power capability. Maximum

output with increases to 25.5 Watts sustained power and 30 Watts peak power.
With the additional power available in PoE+, a broader range of devices can be
placed on the network using standard Ethernet cable. Security, surveillance, audio
visual, wireless networking, and high-speed communications end devices are
increasing in feature and function. These improvements require more power to
operate. The result is that all classes of PoE end devices can benefit from access
to more power using PoE+.

PoE+ Power Classification
PoE+ Power Class 1 2 3 4
PoE Source 4W 7W 15.4 W 34.2 W

Maximum Power
Budget
Maximum Device 3.84 W 6.49 W 12.95 W 25.5 W

Power
POE+ end devices have a power classification of 4. If a PoE+ device is connected

to a standard POE switch, the switch enables power as if it was a Class 0 device.
However, a PoE+ switch not only recognizes the device as a POE+ device, it also
repeats the classification stage. This classification is a signal to the device that it is
connected to a switch with full POE+ power available. POE+ switches can supply
up to 25.5 W to end devices.

PoE Device Types
PoE Device Types
Introduction
This lesson introduces the wide range of device types available for use in a PoE-
enabled network infrastructure.

 IP telephones
 Wi-Fi access points
 Network security and surveillance cameras
 Environmental sensors and premises access controls
 Building and industrial controls

PoE Device Types
IP Telephones
In most use cases, IP phones are standard telephones. Each IP phone requires an
Ethernet connection and power. Options for power are a standard AC/DC adapter
or PoE. Most IP phones are voice-only units. These require little power and are
compatible with standard PoE. Because of the integrated LCD display and extra
circuitry, voice/video IP phones require more power. PoE+ may be required
because of the additional power demand.

PoE Device Types
Wireless Access Points
Most wireless access points are low-power devices compatible with standard PoE.
Although they can be powered using external DC adapters, providing power
through PoE is most economical when deploying them in quantity. Large and highly
populated areas such as office buildings and stores require them to be deployed at
strategic locations to provide uninterrupted coverage. This type of deployment is
among the best use cases for PoE powered wireless access points.

PoE Device Types
IP Network Security and Surveillance Cameras
Surveillance cameras vary widely in size, feature, and function. Simple devices are
static and transmit video using available light. Others have integrated motors that
enable them to tilt and pan. Some include infrared light sources. Cameras that are
intended for outdoor use may have these features and integrated heating elements
to keep them operating in cold environments. The number and type of features
determine whether a camera can operate using standard PoE, require PoE+ or
cannot use PoE at all.

PoE Device Types
Environmental Sensors and Premises Access Controls
Electronic access control systems provide supervision over who or what is enabled
to gain access to a building, a room, or even a supply cabinet. Environmental
controls are used to monitor or control many different factors including temperature,
pressure, speed, humidity, and so on. These systems range from controls that
connect over proprietary wireless signals to a central LAN-connected PoE
controller. Some of these devices are individual units that are directly connected to
the LAN and use PoE.

PoE Device Types
Building and Industrial Controls
In the past, building HVAC and industrial controls and sensors were connected to a
central management system through an RS-485 or RS-232 bus connection. Today
building and industrial-based control systems are rapidly adopting Ethernet as the
preferred communications infrastructure. This change in communication technology
adds the ability to use PoE to power these devices. These systems range from
sensors and controls that connect over proprietary wireless signals to a central
LAN-connected PoE controller. These devices are directly connected to the LAN
and use PoE.

Power Provisioning
Power Provisioning
Introduction
This lesson covers Power Over Ethernet standards and types and their application
in its role as a technology enabler in modern networks.

 PoE Operating standards and types
 Standard and non-Standard PoE enabled devices and power requirements
 Static vs. dynamic power budget
 Dell N-Series model and port PoE specifications

Power Provisioning
Applying PoE Power Standards
Networks are evolving to not only support business application systems and the
users that access them. Networks are fast becoming the key enabler of intelligence
gathering, analysis, and dissemination centers for real-time surveillance and
monitoring. Networks are becoming the center of environmental and industrial
systems control and monitoring. Because the diversity and complexity is growing
almost as fast as the number of PoE device deployments, PoE is considered an
enabler in the modern network. PoE specifications and capacities are evolving to
keep up as demands on the PoE infrastructure increase.

Power Provisioning
PoE Operating Standards and Types
PoE specifications are arranged into four types. Each type summarizes information
about a version of PoE and its IEEE standard, and how that version is typically
used. Each type standardizes the maximum available power, and other key
information.

Power Provisioning
Power Over Ethernet Type 1
PoE Type 1 uses two wire pairs to connect many types of lower-powered devices
to the network. The IEEE 802.3af standard provides up to 15.4 W of DC power to
each PoE switch port. It provides up to 12.95 W of power for each device. PoE
Type 1 supports VoIP phones, sensors/meters, and wireless access points. It also
supports simple, static surveillance cameras that do not pan, tilt, or zoom or have
other high-power requirement features.

Power Provisioning
PoE Type 2 is for higher-powered devices. It is based on the IEEE 802.3at

standard. It is backward compatible, so it can also support the types of devices that
are typically supported with PoE Type 1. PoE Type 2 can supply up to 30 W of DC
power to each PoE port and up to 25.5 W of power for each device. PoE Type 2
can support more complex devices such as surveillance cameras that pan, tilt or
zoom, and higher powered wireless access points. IP phones with LCD displays
and biometric sensors, monitors, and controls are also supported.

Power Provisioning
PoE Type 3 uses all four pairs in a copper cable. It is based on the IEEE 802.3bt
standard. The standard was ratified September 2018. It provides 60 W of DC
power to each PoE port and up to 51 W of power for each device. PoE Type 3 can
support even higher power demand devices such as video conferencing system
components and environmental, building, and industrial monitoring and
management devices. UPOE is a Cisco implementation of Type 3 PoE. The full
name is Cisco Universal Power Over Ethernet. Dell N-Series Ethernet switches are
fully UPOE compatible.

Power Provisioning
PoE Type 4 is based on the IEEE 802.3bt standard and along with Type 3, was
ratified September 2018. It provides up to 100 W of power to each PoE PSE or
switch port and up to 100 W of power for each device. PoE Type 4 can support
high-power devices such as laptops and other devices with more features, motors,
actuators, and larger LCD displays.

Power Provisioning
Adding PoE to Non-PoE Network
A POE injector, also called a midspan, is used to add PoE capability incrementally
to legacy, non-POE networks. Midspans can be used to upgrade existing LAN
installations to POE, and provide s a solution where fewer POE ports are required.
To upgrade a network segment to PoE, run network cables through the midspan.
As with native POE switches, PoE configuration and management are automatic.
Midspans are available as multiport rack-mounted units or single-port units. If a
network is evolving toward hosting more PoE enabled devices, it is best to upgrade
the switching infrastructure to native PoE switches. Upgrades should be planned
and accomplished as soon as possible, to take full advantage of the power
distribution economy aspect of PoE.

Power Provisioning
Power Management Modes
PoE-enabled switches have a total power budget that cannot be exceeded. If the
current draw exceeds the power budget limit, attached end devices could fail.
Power budget management at the switch is important. Switch power budget
allocation can be managed in either static or dynamic modes. In static mode, a
predetermined amount of power is deducted from the total power budget for the
switch. This deduction ensures that maximum power is always available to a
specific switch port. The specified power is guaranteed for only that interface. This
mode ensures that when the administrator specifies maximum power for a selected
interface is always reserved and cannot be shared with other switch ports. In
dynamic mode, power that is allocated from the total switch power budget for each
port is the power that is consumed at that port. The administrator can allocate any
unused portion of switch PoE power to the other end devices as needed.

Power Provisioning
Dell EMC N-Series Switch PoE Information
Dell N1500 and N2000P models provide up to 48 ports of PoE+. Dell N3000P
models provide up to 48 ports of PoE+ and are UPoE ready.

Power Provisioning
Dell EMC N1100P Series PoE Support Characteristics
Dell N1100-series switches each have a single internal power supply with no
options for more internal or external power supplies. The PoE power budget is 60
W for the N1108P-ON, 185 W for the N1124P-ON, and 370 W for the N1148P-ON
models.

Power Provisioning
Both the Dell N1524P and the N1548P switch have an internal 600-W power
supply that can power up to 24 PoE end devices. At full PoE+ power, this
configuration yields up to 500 W. An external modular power supply provides 1000
W and can power up to 48 PoE end devices. The combined internal and external
power supplies yield up to 1500 W.

Power Provisioning
Dell EMC N1500P Models PoE Power Budget Information
The PoE power budget for each switch port is controlled through the switch
firmware. An administrator can limit the power that is supplied on a port or prioritize
power to some ports over others. The table shows N1524P and N1548P power
budget data in accordance with power supply configurations.
N1500 Switch Internal Power External Power Both Internal and

Model Supply Only Supply Only External Power
Supplies
Dell N1524P Power budget is Power budget is Power budget is

500 W. The total 900 W. The total 1350 W. All 24 PoE+
PoE supplied PoE supplied ports can supply
power must not power must not maximum power.
exceed 500 W. exceed 900 W.
Dell N1548P Power budget is Power budget is Power budget is

500 W. The total 900 W. The total 1700 W. The total
PoE supplied PoE supplied PoE supplied power
power must not power must not must not exceed
exceed 500 W. exceed 900 W. 1700 W.

Power Provisioning
Both the Dell N2024P and the N2048P switch have an internal 1000-W power
supply that can power up to 24 PoE+ end devices. At full PoE+ power, this
configuration yields up to 850 W. An extra modular power supply provides 1000 W
and can power up to 48 PoE end devices. The combined internal and external

Power Provisioning
The switch firmware controls the PoE power budget for each switch port. An
administrator can limit the power that is supplied on a port or prioritize power to
some ports over others. The table shows N2024P and N2048P power budget data
in accordance with power supply configurations.
N2000 Switch Model One Power Supply Two Power Supplies
Dell N2024P Power budget is 850 W. Power budget is 1700 W. All

The total PoE supplied 24 PoE+ ports can supply
power must not exceed maximum power.
850 W.
Dell N2048P Power budget is 850 W. Power budget is 1700 W. All

The total PoE supplied 48 PoE+ ports can supply
power must not exceed maximum power.
850 W.

Power Provisioning
Dell N3024P, N3048P, and N1548EP-OM switches each have an internal 1000-W
power supply that can power up to 24 PoE+ end devices. At full PoE+ power, this
configuration yields up to 850 W. An external modular power supply provides 1000
W, and can power up to 48 PoE end devices. The combined internal and external

Power Provisioning
The switch firmware controls the PoE power budget for each switch port. An
administrator can limit the power that is supplied on a port or prioritize power to
some ports over others. The table shows N3024P and N3048P and N3048EP-ON
power budget data in accordance with power supply configurations. The N3024P
and N3048P and N3132PX switches implement four-pair Universal Power over
Ethernet (UPOE) on the first 12 ports. Four-pair UPOE enables power to be
supplied to Class 5 powered devices that may require up to 60 W. UPOE power
must be configured manually.
N2000 Switch One Power Supply Two Power Supplies

Model
Dell N3024P Power budget is 550 W. The total Power budget is 1100 W.
PoE supplied power must not All 24 PoE+ ports can
exceed 550 W. supply maximum power.
Dell Power budget is 950 W. The total Power budget is 1900 W.

N3048P/N3048EP- PoE supplied power must not All 48 PoE+ ports can
ON exceed 850 W. supply maximum power.

PoE Configuration and Validation
Introduction
This lesson introduces Power Over Ethernet and how it is used to provide electrical
power to specific types network end devices.

 PoE+ key features, descriptions, and available settings for N-Series models
 Port Modes and their functions
 PoE configuration CLI commands and settings validation

Dell EMC N-Series PoE+ Port Modes
There are several PoE+ features the N1524P/N1548P, N2024P/N2048P, and

N3024P/N3048P model switches support to manage power for PoE+ power budget
allocation across the ports. The Global Usage Threshold is used to specify a power
limit as a percentage of the maximum power available to the PoE ports. Setting a
limit prevents the PoE switch from reaching an overload condition. Per-port power
prioritization enables assignment of a power priority for each PoE port. When the
power budget of the PoE switch has been exhausted, the higher-priority ports are
given preference over the lower-priority ports. Lower priority ports are automatically
stopped from supplying power to provide power to higher-priority ports.

PoE+ Features for Dell N-Switches
The Per-Port Power Limit enables setting the power limit for each PoE+ switch
port. Static and dynamic power mode settings can be used to determine the
amount of power to make available to switch ports.
The static setting reserves a guaranteed amount of power for a PoE port. The
configured power is reserved for the port regardless of whether the port is powered
or not. This setting is useful for powering up devices which draw a variable amount
of power and provides them an assured power range to operate within.
The dynamic setting does not reserve power for a given port at any time. Subtract
the instantaneous power that each PoE port draws from the available power
budget. The result is the power available from the switch to add more devices. The
dynamic setting enables the switch to power more PoE devices simultaneously,
because no power is held in reserve. This feature is useful to efficiently power up
more devices when the available power with the PoE switch is limited.
Power Detection Mode - Sets the mode to PoE legacy 802.3af operation or 4-
point 802.3at plus legacy detection. 4-Point detection is a method of protecting the
switch and end device from a PoE mode power mismatch. It ensures the PD, or
end device, PoE mode is correctly detected.

Dell EMC N3000 Models UPoE Capability
The Dell Networking N3024P/N3048P switches implement four-pair Universal

Power over Ethernet (UPOE) on the first 12 ports. Support for four-pair mode
enables power to be supplied to Class 5 powered devices that require up to 60 W.
UPOE power must be configured manually. The N1424P/N1548P/N2024P/N2048P
switches do not support UPOE. High-power mode must be enabled as well as four-
pair forced mode, for the switch to deliver power on all four pairs of wires. Class D
or better cabling is required for feeds more than 34.2 W. CAT 5E cabling does
meet this requirement.

LLDP Media Discovery Protocol
LLDP-MED adds to LLDP discovery capabilities by adding media- and VoIP

telephony-specific messages that are exchanged between switches and end
devices. The LLDP-MED TLV messages provide detailed information about PoE,
network policy, IP phone endpoint location for Emergency Call Services request
location and inventory. The Power over Ethernet Management TLVs enable media,
and IP telephony end devices advertise the power level and power priority they
require. They also let switches advertise the amount of power they can supply.
These advertisements enable switch vendors to add support for advanced power
management functions.

LLDP-MED TLVs
There are three TLV types for LLDP-MED. The Power over Ethernet Management
TLV lets end devices advertise the power level and power priority that is required. It
also lets PoE switches advertise the amount of power that they can supply. The
Network Policy Discovery TLV simplifies deployment of large, multivendor networks
and aids in troubleshooting. This TLV lets end devices and switches advertise their
VLAN ID, IEEE Priority, and Differentiated Services Code Point - Layer 3 Priority -
assignments to each other. Inventory Management Discovery TLV lets an end
device transmit detailed inventory information to the switch. This self-inventory
information can include information such as vendor name, model number, firmware
revision, and device serial number.

Configuring LLDP-MED
LLDP-MED is disabled on all ports by default. Use the commands shown to enable
LLDP MED and verify status. Optional configuration commands are available
where required, but LLDP MED setting defaults are sufficient for most PoE
environments. TLV interface configuration code definitions: 0- Capabilities, 1-
Network Policy 2-Location, 3- Extended PSE, 4- Extended PD, 5-Inventory.
Execute the configuration command in the Interface Configuration (Ethernet) mode.

PoE Switch and Port Configuration
The main management configuration task for PoE switches is power management.
The default switch and port configuration is automatic and sufficient for most
applications. However, PoE power requirements can vary widely. The user network
environment mostly dictates these requirements. When needed, CLI commands
are available to custom configure switch and port power budget allocation and
device type settings. Also, CLI commands can condition PoE feature and power
function settings at each port.

Port Power Control
The power inline command enables or disables the ability of a port to deliver
power. Auto enables the switch to negotiate with the powered device to learn the
desired power draw of the device. The default value is auto, which means that
device discovery is enabled and the port can deliver power. The power inline
detection parameter should be set to class. Execute this command in the CLI
Interface Configuration mode for Ethernet.
Command Description
power inline auto Enables device discovery protocol and

supplies power
power inline never Disables device discovery protocol and

stops supplying power
no power inline Disables the port to deliver power

PoE Power Management
To set the power management type, use the power inline management command
in Global Configuration mode. This command is used along with the power inline
priority command. To set the management mode to the default value, use the 'no'
form of this command. Execute this command in the CLI Global Configuration
mode.
Command Description
power inline management Sets the power management type

{dynamic | static | class}
no power inline management Sets the power management mode to

the default Dynamic mode
Static Power Management
The calculation to find the correct static power management setting is:
Available Power = (Power limit of the Sources – Total Configured power)
Where Total Configured Power is calculated as sum of the configured power limit
configured on the port.

Dynamic Power Management
The calculation to find available is:
Power = (Power limit of the Sources – Total Allocated power)
Where Total Allocated Power is calculated as the sum of the power consumed by
each port.
Class-Based Power Management
Available Power = Power limit of the Sources – Total Class Configured power.
Total Class Configured Power is calculated as the sum of the class-based power
allocation for each port. Class-based power management allocates power, based
on the class that is selected by the device using LLDP. Power is supplied to the
device in class mode per following table:
Class Usage Current Power (Watts)

(milliamps)
0 Default 600 34.2
1 Optional 350 4.0
2 Optional 350 7.0
3 Optional 350 15.4
4 Valid for 802.3at (Type 2) 600 15.4 (PoE+ = 30)

devices, not
supported for 802.3af
devices

Power Management Priority
The power inline priority command configures the port priority level, for the delivery
of power to an attached device. The switch may not be able to supply power to all
connected devices. If adequate power capacity is not available for all enabled
ports, then port priority is used to determine which ports supply power.
Command Description
power inline priority Sets the port power priority to the

{critical | high | low} appropriate level for the importance of
the connected PoE end device.
no power inline limit Sets the power limit type to the default of
32,000 milliwatts.

PoE End Device Description
The power inline powered-device command adds a comment or description of the

powered device type that is connected to the port. This description enables the
user to remember what is attached to the port. To remove the description, use the
no form of this command. Executed in the CLI Interface Configuration mode
(Ethernet).

Device Power Detection Mode
The power inline detection command is used in Interface Configuration

mode. It configures the detection type that tells which types of PDs are detected
and powered by the switch. To set the detection type to the default value, use the
'no' form of this command. The default value is dot3at+legacy mode. Execute this
command in the CLI Global Configuration and Interface Config modes.

UPoE - High-Power Mode
U se this command to enable high-power mode. To disable high power mode, use
the 'no' form of this command. High power is enabled by default. In high-power
mode, the switch (PSE) negotiates the power budget with the powered device (PD)
through LLDP. The system does not apply high power to the interface until an
LLDP-MED packet is received from the link partner requesting the application of
high power. Execute this command in the CLI Interface Configuration mode.

Port Power Limit
Use the power inline limit command to configure the type of power limit. The default
power limit is 32,000 milliwatts. To set the power limit type to the default, use the
'no' form of this command. User-defined limits are only operational if the power
management mode is configured as static. By default, the power management
mode is dynamic. If the operator attempts to set the limit to user-defined and the
power management mode is not configured as static, a warning is issued and the
command has no effect. Execute this command in the CLI Interface Configuration
mode.

Port Priority Setting
The power inline priority command configures the port priority level, for the delivery
of power to an attached device. The switch may not be able to supply power to all
connected devices. If adequate power capacity is not available for all enabled
ports, the port priority is used to determine which ports supply power. For ports that
have the same priority level, the lower-numbered port has higher priority.
What happens if a system is already delivering maximum available power to

existing connected devices, and a new device is attached to a high-priority port? In
this case, power to a low-priority port is shut down and the new device is powered
up. Priority is always enabled for all ports. If all ports have equal priority in an
overload condition, the switch default action is to shut down the lowest numbered
ports first. Execute this command in the CLI Interface Configuration mode
(Ethernet).

Port Power Use Threshold
The power inline usage threshold command configures the system power usage
threshold level at which lower priority ports are disconnected. The threshold is
configured as a percentage of the total available power. The default threshold is
90%. To set the threshold to the default value, use the no form of the command.
Execute this command in the CLI Global Configuration mode.

Port Power Reset
Use the power inline reset command to reset the port. This command is useful if
the port has stopped responding and is in an error state. Power to the powered
devices may be interrupted as the port is reset. Execute this command in the CLI
Interface Configuration mode.

Current PoE Configuration and Status
Use the show power inline command to report current PoE configuration and
status. If no port is specified, the command displays global configuration and status
of all ports. If a port is specified, then the command displays the details for the
single port. Use the detailed parameter to show power limits, detection type, and
high-power mode for the interface. Execute this command in the Privileged Exec
mode.

PoE Controller Firmware Version Display
Use the show power inline firmware-version command in Privileged Exec

mode to display the version of the PoE controller firmware present on the switch file
system. Execute this command in the Privileged Exec mode.

Troubleshooting
Troubleshooting
Introduction
This lesson introduces Power Over Ethernet and how it is used to provide electrical
power to specific types network end devices.

 PoE troubleshooting best practices
 PoE troubleshooting during deployment
 Preventing inadequate power anomalies

Troubleshooting
Troubleshooting Best Practice
In most environments, testing PoE during deployment typically is little more than
connecting a PoE-enabled device to the switch and observing to see if it powers-
up. When a device does not power up, troubleshooting usually starts with moving
the device to another switch port or replacing the LAN cable. If the problem is not
found quickly however, as with most technology, the "go-no-go" type of approach
reaches its limits quickly. For PoE, the troubleshooter must consider the entire,
end-to-end cable infrastructure. Consider details such as the powered device - PD -
type, the type of PoE power it requires, and the standards it adheres to. Also, the
switch must be set up correctly. Troubleshooting not only includes the port PoE
configuration, but also how the switch is set up to distribute and use its power
budget.

Troubleshooting
Typical PoE Problems During Deployment
Shown here are the most common post-deployment causes of trouble in PoE
network environments. When adding PoE to a LAN, it is best to also expand your
knowledge base beyond Ethernet and OSI specifications and protocols. Knowledge
should include low-voltage DC electric power transmission and device
characteristics. Understanding power would immeasurably help in dealing with
deployment and troubleshooting issues. While automated, installing LAN devices
that transfer both data and power over Ethernet should be done with people that
have DC electric power knowledge.

Troubleshooting
Preventing Inadequate Power Anomalies
Understanding power availability is key for correct and predictable device

operation. End device power anomalies manifest in various ways, including
complete failure to operate, to one or more features failing to operate correctly. The
switch must be properly configured to provide the right power to each device while
managing the overall power budget. Example: Assuming a maximum current draw
of 31.2 W per device and the default settings for PoE, the N2024P can power 32
devices using a single power supply. The N2048P can power 31 devices with a
single power supply and 48 devices when using two power supplies.

Troubleshooting
Switch and Port Power Management Checks
After checking and verifying correct physical infrastructure conflagration and

integrity, the next troubleshooting step is to check the switch and ports settings.
Shown here are the main settings to check or adjust to help with troubleshooting
PoE end device or switch error symptoms.

Troubleshooting
Power Usage and Prioritization
 All interfaces are Low priority by default.

 Change only interfaces witch connect critical devices.
 For redundancy: Connect no more critical devices on a single switch than a
single power supply could power.

Troubleshooting
POE Concerns – Powering Devices
Dell N-Series switch models have different power over Ethernet characteristics.
Selecting the correct switch models and PSU configurations for a given PoE
environment is a key to ensure correct and consistent power provisioning post
deployment and over the life of the network.

Module Summary
Module Summary

Review Questions: Power over Ethernet—PoE
Review Questions: Power over Ethernet—PoE
1. How does PoE use an Ethernet cable to transmit power?
2. Which PoE spefication type has a maximum source port power of 60W?
3. Which command enables or disables the ability of a port to deliver power?
4. List two of the most common PoE post-deployment challenges.

Security
Introduction
This module covers security in a Dell EMC networking environment. The

technology and concepts that enable security on the campus network are
introduced.

 Explain the purpose of access control
 Apply appropriate commands to deny or permit IP connectivity
 Configure permit host access control
 Explain the need for port-security
 Compare methods of port-security
 Configure sticky mode port security
 Interpret port security output
 Explain the purpose of AAA security
 Configure local and remote authentication

Access Control Lists (ACLs)
Introduction
This lesson introduces Access Control Lists (ACLs) on DNOS 6 including the
purpose of access control and the commands that are used to permit access.

 Describe the purpose of ACLs
 Commands used to deny or permit IP connectivity

Access Control List Overview
Access control lists (ACLs) are a collection of rules that provide security by
blocking selected packets from entering the switch. ACLs are implemented in
hardware and processed at line rate for the front-panel ports. A reduced
functionality set of ACLs is implemented in firmware for the Out-of-band (OOB)
port.
An ACL can be created to limit access to the management interfaces, which

hardens the switch against external threats. ACLs can be based on the connection
method, for example, Telnet or HTTP and/or the source IP address.
The Dell EMC Networking N-Series switches support ACL configuration in both the
ingress and egress direction. Egress ACLs provide the capability to implement
security rules on the egress flows, traffic leaving a port rather than the ingress
flows, traffic entering a port. Ingress and egress ACLs can be applied to any
physical port, port channel (LAG), or VLAN routing port.
When an ingress (the traffic entering) or egress (or traffic leaves) ACL is applied to
a port the ACL compares the criteria in its rules. It is compared in list order, to the
fields in a packet or frame to check for matching conditions. The ACL processes
the traffic that is based on the actions that are contained in the rules.
ACLs are organized into access groups. Access groups are numbered in priority,
lowest number has highest priority. Multiple access groups can be configured on an
interface, the lowest numbered access group is processed first, and then the next

lowest numbered access group. Within an access group, ACL rules are processed
in sequence, from the first, lowest numbered rule to the last, highest numbered rule
in the access group.
Note: ACL processing proceeds by attempting to match each of the ACLs

listed in the first match term or clause in the first access group in order. If
an ACL does not match, processing moves to the next ACL in order until
an ACL matches or the ACL group is exhausted. If there are more access
groups configured, processing proceeds with the next access group.
In reality, all interface ACL matches are attempted in parallel at once, and
the priority of the ACL is used to determine the action. Then, all VLAN
ACL matches are attempted in parallel at once, and the priority of the ACL
is used to determine the action. This implies that a packet that matches
both a physical interface ACL and a VLAN ACL will always take the
physical interface action.
 Extended – filtering based on the following:

– IP protocol number
– Source IP address
– Destination IP address
– Source TCP port number
– Destination TCP port number
– Source UDP port number
– Destination UDP port number
 Layer 2 MAC ACLs
 Supported on physical interfaces and LAG port channels
 MAC ACL rules specify that a MAC address mask and an inverse MAC
address mask can be used to cover a range of MAC addresses
 Default MAC address mask: 00:00:00:00:00:00
 Limits the ACL rule to the single specified MAC address.

 Example: Deny all MAC addresses with a 01:02:03: prefix:

deny 01:02:03:00:00:00 00:00:00:ff:ff:ff
 Layer 3 IP ACLs:
– Supported on physical interface, LAG port channels, and VLANs

– One IP ACL supported per interface.

ACL Configuration
MAC ACL Configuration
Command Description
console(config)# mac access-list Create an extended MAC ACL.

my-ext-mac-acl
console(config-mac-access-acl- Configure rules by specifying the

list)# deny host source address/mask and
01:02:03:04:05:06 any destination address/mask. For a
single MAC address, the "host" prefix
console(config-mac-access-acl-
eliminates the need to add a mask.
list)# deny host
01:00:5e:00:00:00
00:00:00:ff:ff:ff any
list)# permit any any
list)# exit

console(config)# interface enter interface configuration mode

gi1/0/1
console(config-if-gi1/0/1)# mac Apply the ACL to the interface and

access-group my-ext-mac-acl in apply to ingress traffic ("in") or
vlan 10,20 egress traffic ("out:). For ingress
traffic, VLANs can be optionally
specified.
Ingress ACLs can be applied to an interface such that only packets with specific
VLAN tags are filtered. Can apply to certain VLANs, sequence-number Enter a
number as the filter sequence number. Range: zero (0) to 65535.
 Deny - Enter the keyword deny, to drop any traffic matching this filter.
 Permit - to forward any traffic matching this filter, enter the keyword permit.
 Any - Enter the keyword any to filter all packets.
 Host mac-address - Enter the keyword host and then a MAC address to filter
packets with that host address.
The MAC ACL supports an inverse mask. A mask of ff:ff:ff:ff:ff:ff allows entries that
do not match and a mask of 00:00:00:00:00:00 only allows entries that match
exactly.
 mac-source-address-mask - Specify which bits in the MAC address must be

matched.
 Permit - To forward any traffic matching this filter, enter the keyword permit.
 mac-destination-address - Enter the destination MAC address and mask in
nn:nn:nn:nn:nn:nn format.
 mac-destination-address-mask - Specify which bits in the MAC address must
be matched.
The MAC ACL supports an inverse mask. A mask of ff:ff:ff:ff:ff:ff allows entries that
do not match and a mask of 00:00:00:00:00:00 only allows entries that match
exactly.

MAC ACL Verification
Command Description
console# show mac-access-lists Display all MAC access lists and all
rules that are defined for the MAC ACL.
console# show mac-access-lists Displays a specific MAC ACL by using

my-ext-mac-acl the name parameter.

IP ACL Configuration
Command Description
console(config)# ip access- Create an extended IP ACL.

list my-ext-ip-acl extended
console(config-ip-acl)# deny Configure rules by specifying the

ip 1.1.1.0 0.0.0.255 2.2.2.0 source address/mask and destination
0.0.0.255 address/mask. For a single IP address,
the "host" prefix eliminates the need to
console(config-ip-acl)# permit
add a mask.
ip any any
console(config-ip-acl)# exit
console(config)# interface Enter interface configuration mode.

vlan 10
console(config-if-vl-10)# ip Apply the ACL to the interface and

access-group my-ext-ip-acl in apply to ingress traffic ("in") or egress
traffic ("out:). For ingress traffic, VLANs
can be optionally specified.

IP ACL Verification
Command Description
console# show ip access-lists Display all IPv4 access lists and all rules
that are defined for the IPv4 ACL.
console# show ip access-lists Displays a specific IP ACL by using the

my-ext-ip-acl name parameter.

Scenario - Server Admin Cannot FTP to New Server
Scenario
A server admin recently deployed a new server on the network. The
admin is trying to FTP several files to the server, however they are
unable to connect to the server using FTP. The server admin advised
that they are able to access the server using RDP. He also confirmed
that all of the settings on the server are correct to allow FTP. The new
server was connected to port 20 on the switch. What could be
preventing the server admin from using FTP to transfer files?
Question / Discussion Topic:
A server admin recently deployed a new server on the network. The admin is trying
to FTP several files to the server, however they are unable to connect to the server
using FTP. The server admin advised that they can access the server using RDP.
The admin also confirmed that all settings on the server are correct to allow FTP.
The new server was connected to port 20 on the switch. What could be preventing
the server admin from using FTP to transfer files?
Explain what steps you would take to troubleshoot the issue.

 Think of ideas of why FTP is not working?
 What are your next steps when troubleshooting?
 What commands could you use to help with troubleshooting

Discussion Notes:

Port Security
Port Security
Introduction
This lesson introduces port security on DNOS 6.

 What is port security?
 Why is port security needed?
 Commands to configure port security

Port Security
What Is Port Security?
Port security is used to enable security on a per-port basis. When a port is enabled
for port security, only packets with allowable source MAC addresses are forwarded.
All other packets are discarded. Port security allows a configurable limit to the
number of source MAC addresses that can be learned on a port.
The port security feature allows the administrator to limit the number of source
MAC addresses that can be learned on a port. When a port reaches the configured
limit, any additional addresses are not learned, and the frames that are received
from unlearned stations are discarded. Frames with a source MAC address that
has already been learned are forwarded.
This feature, which is also known as MAC locking, is to help secure the network by
preventing unknown devices from forwarding packets into the network. For
example, to ensure that only a single device can be active on a port, set the
number of allowable dynamic addresses to one. After the MAC address of the first
device is learned, no other devices will be allowed to forward frames into the
network.

Port Security
Why Port Security Is Needed?
The focus on security is mainly at Layer 3 not Layer 2, which creates a security
gap. The entry points into the network, edge routing devices, and wireless access
points attacks at Layer 2 are often left unconsidered in security discussions.
Layer 2 Attacks
Attacks that are launched against switches at Layer 2 can be grouped as follows:
 MAC Layer Attacks - these attacks often focus on the MAC table.
 VLAN Attacks
 Spoof Attacks
 Attacks on switch devices

Port Security
MAC Flooding Attack
Note to developer: Fix diagram
 A hacker tool such as MACOF generates fake MAC addresses. An Ethernet

switch fills its CAM with thousands of addresses and the switch floods all
frames out all ports, acting like a hub. The attacker is now able to capture the
entire traffic on their VLAN.
 What is the impact to an organization?
– The switch traffic forwarding is inefficient.

– An intruding device can be connected to any switch port and capture traffic
that is not normally destined for that port.

Port Security
MAC Poisoning
 The attacker creates a

frame with a source
MAC address of the
legitimate device - MAC
Address A
 The switch removes the
valid CAM table entry for
Gi 0/1 and adds it for Gi
0/2
 This change causes the
switch to forward frames
that are destined for host
A to the interface of the
attacker
 When host A sends new
frames, the MAC table
returns to normal

Port Security
Methods of Port Security
Two methods are used to implement port security: dynamic locking and static
locking. Dynamic locking implements a first arrival mechanism for MAC locking.
Static locking also has an optional sticky mode.
Dynamic Locking
Dynamic locking implements a ‘first arrival’ mechanism for MAC locking. The
administrator specifies how many dynamic addresses may be learned on the
locked port. The maximum dynamic MAC address limit is 600 MAC addresses. If
the limit has not been reached, and then a packet with an unknown source MAC
address is learned and forwarded normally. If the MAC address limit has been
reached, the packet is discarded. The administrator can disable dynamic locking by
setting the number of allowable dynamic entries to zero.
When a port security-enabled link goes down, all dynamically locked addresses are
freed. When the link is restored, that port can once again learn MAC addresses up
to the administrator specified limit. A dynamically locked MAC address is eligible to
be aged out when another packet with that MAC address is not seen within the
age-out time. If station movement occurs, dynamically locked MAC addresses are
also eligible to be relearned on another port. Statically locked MAC addresses are
not eligible for aging. If a packet arrives on a port with a source MAC address that
is statically locked on another port, and then the packet is discarded.

Port Security
Static Locking
Static locking allows the administrator to specify a list of host MAC addresses that
are allowed on a port. The maximum static MAC address limit is 100 MAC
addresses. The behavior of packets is the same as for dynamic locking: only
packets that are received with a known source MAC address can be forwarded.
Any packets with source MAC addresses that are not configured are discarded.
The switch treats this action as violation and supports the ability to send an SNMP
port security trap.
If one or more specific MAC addresses that are connected to a particular port are
known, the administrator can specify those addresses as static entries. If you set
the allowable dynamic entries to zero, only packets with a source MAC address
matching a MAC address in the static list are forwarded.
Statically locked MAC addresses are not eligible for aging. If a packet arrives on a
port with a source MAC address that is statically locked on another port, and then
the packet is discarded.
Sticky Mode
Sticky mode configuration converts all the existing dynamically learned MAC
addresses on an interface to sticky. Sticky means that they are not aged out and be
displayed in the running-config. Also, new addresses that are learned on the
interface are also sticky. Note "sticky" is not the same as static. The difference is
that all sticky addresses for an interface are removed from the running-config when
the interface is taken out of sticky mode. Static addresses must be removed from
the running-config individually.
 Sticky MAC addresses appear in the running-config in the following form:
 switchport port-security mac-address sticky
0011.2233.4455 vlan 33
 Statically locked MAC addresses appear in the running-config in the following
form:
 switchport port-security mac-address 0011.2233.4455 vlan

33

Port Security
NOTE: To remove dynamic or static MAC locking, the max learn value
must be set to 0.

Port Security
Port Security Commands
Port security must be enabled globally and on the interface to be active.
NOTE: Port security should only be enabled on access mode ports and
not on trunk mode ports. This recommendation is not enforced by the
switch.
Command Description
console(config)# switchport port- Enable port security/MAC

security locking globally and on an
interface.
console(config-if-gi1/0/3)#
interface gi1/0/3
switchport port-security

Port Security
console(config-if-gi1/0/3)# Disables the interface when a

switchport port-security violation violation occurs. The protect
shutdown option could be used instead
which sends a TRAP when a
violation occurs on the
interface.
Command Description
console(config)# switchport port- Enable port security/MAC

security locking globally and on an
interface, enable sticky.
mode on the interface and
interface gi1/0/3
convert all dynamic addresses
console(config-if-gi1/0/3)# on the interface to
switchport port-security sticky.
console# show port-security static

gi1/0/1
Command Description
console# show port-security all Display port

security
settings on all
interfaces.

Port Security
console# show port-security static <interface id> Display port

security
settings on a
specified
interface. Use
the dynamic
keyword to
display
learned MAC
addresses
and the static
keyword to
display
configured
MAC
addresses.
In this
example, the
output shows
2 statically
configured
MAC
addresses.
The VLAN is
identified for
the MAC
addresses
and indicates
that one of
the secure
MAC
addresses is
sticky.

Authentication, Authorization, and Accounting (AAA)
Introduction
This lesson introduces Authentication, Authorization, and Accounting (AAA) on

DNOS 6.

 Overview of AAA
 AAA methods
 Configuring local and RADIUS authentication.

AAA Overview
AAA is a framework for configuring management security in a consistent way.

Three services make up AAA:
 Authentication—Validates the user identity. Authentication takes place before
the user is allowed access to switch services.
 Authorization—Determines which services the user is allowed to access.
Examples of services include access to the switch management console and
access to network services.
 Accounting—Collects and sends security information about switch management
console users and switch management commands
Each service is configured using method lists. Method lists define how each service
is performed by specifying the methods available to perform the service. The first
method in a list is tried first. If the first method returns an error, the next method in
the list is tried. This process continues until all methods in the list have been
attempted. If no method can perform the service, and then the service fails. A
method may return an error due to lack of network access, misconfiguration of a
server, and other reasons. If there is no error, the method returns success if the
user is allowed access to the service and failure if the user is not. AAA gives the
user flexibility in configuration by allowing different method lists to be assigned to
different access lines. In this way, it is possible to configure different security
requirements for the serial console than for Telnet, for example.

AAA Methods
A method performs authentication or authorization for the configured service. Not

every method is available for every service. Some methods require a username
and password, and other methods only require a password.
AAA Methods
Method? Username? Password? Can Return

an error?
enable no yes yes
ias yes yes no
line no yes yes
local yes yes yes
none no no no
radius yes yes yes
tacacs yes yes yes

Methods that never return an error are not followed by any other methods in a
method list.
 The enable method uses the enable password. If there is no enable password
that is defined, and then the enable method returns an error.
 The ias method is a special method that is only used for 802.1X. It uses an
internal database (separate from the local user database) that acts like an
802.1X authentication server. This method never returns an error. It passes or
denies a user.
 The line method uses the password for the access line on which the user is
accessing the switch. If there is no line password that is defined for the access
line, and then the line method returns an error.
 The local method uses the local user database. If the user password does not
match, and then access is denied. This method returns an error if the username
is not present in the local user database.
 The none method does not perform any service, but instead always returns a
result as if the service had succeeded. This method never returns an error. If
none is configured as a method, the user is authenticated and allowed to
access the switch.
 The radius and tacacs methods communicate with servers running the
RADIUS and TACACS+ protocols, respectively. If the switch is unable to
contact the server, these methods can return an error.

Local Authentication

Command Description
console(config)#aaa authentication login Create a login

“loc” local authentication list called
“loc” that contains the
method local.
console(config)#line telnet Enter the configuration

mode for the Telnet line.
console(config-telnet)#login Assign the loc login

authentication loc authentication list that is
console(config-telnet)#exit used for users accessing
the switch using Telnet.

console(config)#enable password PaSSW0rd Allow Telnet and SSH

users access to Privileged
Exec mode. It is required
that an enable password
be configured to enable
local access users to
elevate to privileged exec
level.
console(config)#username guest password Create a user with the

password name “guest” and
password “password”. A
simple password can be
configured here, since
strength-checking has not
yet been enabled.
console(config)#passwords strength Set the minimum number

minimum numeric-characters 2 of numeric characters
required when password
strength checking is
enabled. This parameter is
enabled only if the
passwords strength
minimum character-
classes parameter is set to
something greater than its
default value of 0.
console(config)#passwords strength Set the minimum number

minimum character-classes 4 of character classes that
must be present in the
password. The possible
character classes are:
upper-case, lower-case,
numeric, and special.

console(config)#passwords strength-check Enable password strength

checking.
console(config)#username admin password Create a user with the

paSS1&word2 privilege 15 name “admin” and
password “paSS1&word2”.
This user is enabled for
privilege level 15. Because
password strength
checking was enabled, the
password requires at least
two numeric characters,
one uppercase character,
one lowercase character,
and one special character.
console(config)#passwords lock-out 3 Configure the switch to

lock out a local user after 3
failed login attempts.
This configuration allows either user to log in to the switch. Both users have
privilege level 1. If no enable password was configured, neither user could
successfully issue the enable command. The enable command grants access to
Privileged Exec mode, because there is no enable password set by default. The
default method list for Telnet enable authentication is only the “enable” method.
NOTE: It is recommended that the password strength checking and

password lockout features be enabled when configuring local users.
Public Key SSH Authentication
Here is an example of a public key configuration for SSH login. Using a tool such
as putty and a private/public key infrastructure, you can enable secure login to the
Dell EMC Networking N-Series switch without a password. Instead, a public key is
used with a private key kept locally on the administrator's computer. The public key
can be placed on multiple devices, allowing the administrator secure access

without needing to remember multiple passwords. It is recommended that the

private key be protected with a password.
Command Description
console(config)#username “admin” password Create a switch

f4d77eb781360c5711ecf3700 administrator.
a7af623 privilege 15 encrypted
console(config)#aaa authentication login Set the login, and

“NOAUTH” line enable methods
console(config)#aaa authentication enable for line to
“NOAUTH” line NOAUTH.
console(config)#crypto key generate rsa Generate an

internal RSA key.
This step is not
required if an
internal RSA key
has been
generated before
on this switch.
console(config)#crypto key pubkey-chain Set SSH to use a

ssh user-key “admin” rsa public key for the
specified
administrator
login. The
username
command
specifies the user
login, not the ias-
user command.

console(config-pubkey-key)#key-string row Enter the public

AAAAB3NzaC1yc2EAAAABJQAAAIBor6DPjYDpSy8Qc key that is
ji68xrS/4Lf8c9Jq4xXKIZ5Pvv20AkRFE0ifVI9EH obtained from a
4jyZagR3wzH5Xl9dyjA6bTuqMgN15C1xJC1l59FU8 key authority or
8JaY7ywGdRppmoaJrNRPM7RZtQPaDVIunzm3eMr9P from a tool such
ywwQ0umsHWGNexUrDYHFWRIAmJp89AAxw== as PuTTyGen.
console(config)#exit This command is
entered as a
single line, not as
multiple lines as it
is displayed in the
following text.
console(config)#line ssh Set the line

method to SSH.
console(config-ssh)#login authentication Configure the

networkList authentication
console(config-ssh)#exit method to the
networkList. The
networkList
contains a single
method—local—
which is
equivalent to
password
authentication.
Since the
authentication
provides the public
key, a second
layer of
authentication is
not required.

console(config)#ip ssh server These three lines

console(config)#ip ssh pubkey-auth enable the SSH
console(config)#ip ssh protocol 2 server, configure it
to use public key
authentication,
and specify use of
the SSH-2
protocol.
console(config)#username admin password Create a user with

paSS1&word2 privilege 15 the name “admin”
and password
“paSS1&word2”.
This user is
enabled for
privilege level 15.
Because
password strength
checking was
enabled, the
password requires
having at least two
numeric
characters, one
uppercase
character, one
lowercase
character, and one
special character.
console(config)#passwords lock-out 3 Configure the

switch to lock out
a local user after 3
failed login
attempts.

RADIUS Authentication

Command Description
console(config)#aaa Create a login authentication list called

authentication login “rad” “rad” that contains the method radius.
radius
console(config)#aaa Create an enable authentication list called

authentication enable “raden” that contains the method radius.
“raden” radius

console(config)#radius This command is the first step in defining a

server auth 1.2.3.4 RADIUS authentication server at IP
console(config-auth- address 1.2.3.4. The automate-tester
radius)#name Radius-Server username parameter is a dummy User ID
console(config-auth- that is NOT configured on the RADIUS
radius)#automate-tester server, and is used to verify server
username DummyLogin idle- liveness. The result of this command is to
time 30 place the user in radius server
configuration mode to enable further
configuration of the server.
console(config-tacacs)#key Define the shared secret. It must be the

“secret” same as the shared secret defined on the
console(config-tacacs)#exit RADIUS server.
console(config)#line telnet Enter the configuration mode for the Telnet

line.
console(config-telnet)#login Assign the rad login authentication method

authentication rad list for users accessing the switch over
Telnet.
console(config- Assign the raden enable authentication

telnet)#enable method list for users running the enable
authentication raden command when accessing the switch over
console(config-telnet)#exit Telnet.
NOTE: A user logging in with this configuration would be placed in User

Exec mode with privilege level 1. To access Privileged Exec mode with
privilege level 15, use the enable command.

Module Summary
Module Summary

Review Questions: Security
Review Questions: Security
1. What are the three types of Access Control Lists?
2. What two methods are used to implement port security on a Dell EMC N-Series
switch?
3. Which AAA service validates the user identity?

Lab: Security
Lab: Security

Lab: Security
Lab: Security

Stacking
Introduction
This module covers basic concepts of stacking. The topologies and cable
connections for stacking Dell N-series switches and DNOS 6.X stacking features.
Upon completing this module, you are able to:

 Define the need for stacking
 Describe the stacking features of Dell N-series switches
 Discuss the stack master, standby and member switch roles
 Compare the cascade and ring topologies that are used in stacking
 Describe the general stacking guidelines for N1500, N2000, N3000, and N
4000 series switches
 Discuss stacking implementation using stacking module, inbuilt stacking
ports and user-ports
 Demonstrate cable connection scheme and port configuration used for
stacking
 List the commands to configure and verify configuring the switches for
stacking mode
 Discuss mixed stacking for N2000 with N2128PX-ON switches and N3000
series with N3048EP-ON, N3132PX-ON switches

Stacking Overview
Stacking Overview
Introduction
This lesson introduces stacking requirements and configuration of Dell N series

switches.

 Overview of stacking and need for stacking
 Role of a switch as stack master, standby, and member

Stacking Overview
Stacking Overview
Stacking:
Stacking is a well-known networking concept of cabling devices together into a
cohesive unit that behaves as a single, larger switch.
Stacking will elect a switch to act as the master. It maintains the running
configuration, controls the CLI operations. For any stack that has 2 or more
switches, there will be a Standby member. A single switch can operate as a
standalone stack master (the switch operates as master of a stack of one) this is
the default scenario for many stack-capable switches.

Stacking Overview
Why Stacking - Ease of Management
Ease of Management:
Stacking increases port count by creating a virtual chassis from multiple physical
devices. In multiple switches, stacking makes management easier because a stack
can be configured as a single virtual unit through the management device. A single
switch in the stack (known as the Master switch) manages all the units using a
single IP address. The master switch enables a user to access every port in the
stack from this IP address. The IP address of the stack does not change, even if
the master changes.

Stacking Overview
Stacking for High Availability
Why Stacking - High Availability
End devices can be cabled with redundant connections to different stack units in
the stack. If the acting management device fails, a standby device takes over as
the new management device, and an existing line/member device will take over as
the new standby device.

Stacking Overview
Stack Management Roles
Stack Management Roles
The three roles that a switch can take on are Stack Master, Standby, and regular
Members.
Stack Master: The Master device is the primary management unit that is used to
configure all other members of the stack using a single IP address. The Master
owns the control plane, and the other units maintain a local copy of the forwarding
databases. A user can connect a serial cable into the console port of the master
unit to access the CLI for the stack. Connecting a cable to a non-stack master unit
will result in a "CLI - Unavailable" message, as all management must be completed
from the master unit. Also if a virtual IP address has been configured this can be
used for remote management of the stack configuration.
The stack master is referred to as the Mgmt Switch in the CLI.

Stacking Overview
From the stack Master, a user can configure:
 System-level features that apply to all stack members

 Interface-level features for individual stack members.
Standby: The standby switch is used to manage the stack and becomes the stack
master if the original stack master fails or is powered off. The Standby needs to be
ready to take over at any time and should have all the configuration information
from the master. A standby unit is preconfigured in the stack. If the current stack
master fails, the standby unit becomes the stack master. When the failed master
resumes normal operation, it joins the stack as a member (not a master) if the new
stack master has already been elected. The stack master copies its running
configuration to the standby unit whenever it changes (subject to some restrictions
to reduce overhead). This enables the standby unit to take over the stack operation
with minimal interruption if the stack master becomes unavailable. If there was a
two-member stack, when the original stack master comes back online, it will join
back as Standby.
Member: All switches in a stack that are not designated as the master or standby
switch are called stack members. If the Master device fails, and Standby device
assumes new role as Master, and then a Member device becomes the new
Standby device. Also, the lack of a standby unit triggers an election among the
remaining units for a standby role.

Stacking Overview
LAG vs Stack vs MLAG
LAG will aggregate multiple links into a single logical port channel between two
switches. LAG can be combined with stacking, where links from multiple switches
in a single stack can be combined into a port channel which connects the two stack
groups.
MLAG enables a port channel from a single switch to connect with two MLAG peer
switches. The peer switches must have a peer link between them.

Topology in Stacking
Introduction
 Daisy chain and ring topology

 Stacking and cabling of N1500, N2000, N3000 and N4000 series switches

Cabling Best Practices
Daisy Chain:
A daisy chain topology is a linear connection between all units through stacking
links. The daisy chain topology is not recommended because it does not have full
redundancy. If a link or switch fails that can result in a split stack, whereby each
surviving side of the stack is online but believes the other side is down.
Ring Topology:
In a Ring topology, all units in the stack are connected in a loop. It is similar to the
daisy chain except that the last unit is connected back to first unit which provides
redundancy if any stack link fails. The failure of one link in a ring does not remove
any switch from the stack. This is because there are redundant connections that
maintain stack functionality. So the ring topology is more reliable than a chain and
provides a more stable stack operation. This topology also provides more efficient
pathing as traffic will follow the least number of stack hops and additional cables
will also add more bandwidth.

N1500 Stacking
N1500 Series switches stack using the 10G SFP+ front-panel ports. Each stack
can have maximum of four units. Use at least two ports on each switch to enable a
ring topology connection.
The example in the CLI shows how to use two 10-GigabitEthernet ports for
stacking.

N2000 Stacking
Stacking N2000 Series Switches
 Stacking Ports: Uses mini-SAS, 2xHG Stacking port mini-SAS type. Two LEDs
(LNK, ACT) are provided for indicating the existence of link and
Transmit/Receive activity. The details of both LEDs are given below.
 LNK-LED
– Off - no link
– Solid Green - link exists
 ACT-LED
– LED Off - no transmit/receive activity
– Blinking Green - transmitting/receiving
 M LED: The M LED indicates Stack Master. If the GREEN LED is glowing, it
indicates Stack Master. If the Green LED of M is OFF. Then it indicates that this
switch is not Stack Master.
– The ACT and LNK LEDs are on the back side of the switch and the M LED
is located either on the front panel or port side of the switch.

N3000 Stacking
 Stacking Ports: Uses mini-SAS, 2xHG Stacking port mini-SAS type. Two LEDs
(LNK, ACT) are provided for indicating the existence of link and
Transmit/Receive activity. The details of both LEDs are given below.
 LNK-LED
– Off - no link
– Solid Green - link exists
 ACT-LED
– LED Off - no transmit/receive activity
– Blinking Green - transmitting/receiving
 M LED: The M LED indicates Stack Master. If the GREEN LED is glowing, it
indicates Stack Master. If the Green LED of M is OFF. Then it indicates that this
switch is not Stack Master.
– The ACT and LNK LEDs are on the back side of the switch and the M LED
is located either on the front panel or port side of the switch.
 Dell EMC Networking N3000 series switches can stack up to eight units as of
firmware release 6.5.1.

N4000 Stacking
Dell 4000 series switches stack with other Dell Networking 4000 series switches
over front panel ports that are configured for stacking. All the port types on the
N4000 series switches can be used for stacking. Dell networking N4000 series
switches do not stack with different Dell networking series switches or Dell
PowerConnect series switches.
 Up to 12 switches can be stacked

 N4000 series switches stack with same series switches over front panel ports
that are configured for stacking
 All the port types on the N4000 series switches can be used for stacking
 N4000 series switches do not stack with different series switches or
PowerConnect series switches
 M LED Indicates Stack Master
 Green: Indicates that Switch is stack master

 Off: Switch is not stack master, or switch is in stand-alone mode

Configure Stacking
Configure Stacking
Introduction
This lesson describes how to create a stack DNOS 6 and its features. The lesson
also describes how to add and remove a unit from a stack and general stacking
guidelines for N series switches.
 Creating a stack
 DNOS 6 stacking features
 Adding and removing a member from the stack
 Managing the standby unit
 Mixed stacking
 General stacking guidelines

Configure Stacking
Creating a Stack

Configure Stacking
DNOS 6.x Stacking Features
Stack Firmware Synchronization: The Firmware Synchronization feature

provides an automatic mechanism to synchronize the firmware on stack members
whose firmware version is different from the version running on the stack manager.
Use the boot auto-copy-sw command in Global Configuration mode to enable or
disable Stack Firmware Synchronization.
Non-stop Forwarding: The Nonstop Forwarding (NSF) feature enables a stack to

continue forwarding end-user traffic when the management unit in a stack fails. Dell
supports non-stop forwarding for the following events:
 Power failure of the management unit

 Other hardware failure causing the management unit to hang or to reset
 Software failure causing the management unit to hang or to reset
 Fail over initiated by the administrator
 Loss of cascade connectivity between the management unit and the backup
unit
To Enable/disable Non-stop Forwarding, Use nsf command to enable non-stop

forwarding in Stacking Configuration mode. The no form of the command disables
NSF.

Configure Stacking
Adding Member to a Stack
Display Supported Switchtypes
Use the show supported switchtype command to display information about

all supported switch types.

Configure Stacking
Adding Member to a Stack
 Run the commands shown, one after the other

 F01/1/1 and F01/1/2 interfaces are used for stacking here

Configure Stacking
 Save the configuration to the Startup-Configuration

 The console port prompts as "Are you sure you want to save? (y/n)
 Press "y" to save the configuration
 Power off the switches. Connect the stacking ports in a ring topology
Usually, if a switch is added to an existing stack, it becomes a stack member, and

not the stack master. When adding a new member to a stack, ensure that only the
stack cables are connected before powering up the new unit. Other network cables
are connected to the new switch after it has successfully joined the stack. The
stack port configuration is stored on each of the member units. Each member of the
stack also has a copy of the MAC address forwarding table.
All stack member units must run the same version of firmware. Make sure to either
upgrade firmware on the new units to be added to match the firmware on the
Master, or use the automatic firmware update method that is shown in the section
DNOS 6.x Stacking Features for new members joining the stack.
For switch models that do not have dedicated stacking ports, user ports are used.
User ports that act as stacking ports must have their personality that is changed to
support stack framing.
The example that is shown in the image explains how to add a stack member to an
existing stack. Before cabling a new switch into the stack, perform the commands
in the image one by one to set up the switch ports to be stacked. Once configured,
continue to perform cabling to complete the task. If multiple new members are to be
added, complete the installation of one switch before going to the next. Complete
these steps again for each switch to be added.

Configure Stacking
Removing Member Units from a Stack
Removing Member Units from a Stack
 Run the show switch command to see the current Stack configuration --
console#show switch
 Make sure to verify exactly which ports are being used for stacking so they are
uncabled and rerouted last
 To verify the ports, Run the show Switch Stack-Ports command --
console#show switch stack-ports | include Stack
 Locate the switch to be removed using locate switch command --
console#locate switch
 Only after rerouting the traffic through the remaining stack units, remove the
stacking cables from the switch to be removed.
Removing any member of a ring topology stack does not require a reload of any
member unit in the stack. If a unit in the stack fails, the Master unit removes the
failed unit from the stack and no changes or configuration are applied to the other
stack members; however, the dynamic protocol tries to reconverge as the topology
could change because of the failed unit. When there are no connected ports on the
failed unit, the stack is intact without changes.
A blinking LED light can be generated on the back of each physical unit. This
blinking LED is useful when identifying physical units and ports for running

Configure Stacking
diagnosis, sniffing, mirroring ports, and other basic troubleshooting. It is also helpful
when adding, removing, replacing, or tracing cables associated with these
interfaces. Use the locate switch command to blink the blue “Locator” LED on the
switch unit you are trying to locate.
Before removing a physical unit from a stack, prepare ports on the other stack
member units to receive the cables and traffic that is redirected to them from the
member unit being removed. Consider all LAGs, VLANs, STP, ACLs, security, and
so on, that needs to be configured on the new ports to accept cables, establish
links, and begin to forward traffic.
Do not remove or reroute stacking cables until prompted. Disconnect all other links
on the member to be removed and reroute the traffic that was going through this
unit so it now goes through the ports that were prepared on the remaining stack
unit members. Only after rerouting the traffic through the remaining stack units,
remove the stacking cables from the switch to be removed.
Additional information on show switch commands
The show switch command shows the configuration and status of the stacking
units, including the active and standby stack management units, the pre-configured
model identifier, the plugged in model identifier, the switch status and the current
code version. Both the pre-configured switch types (as set by the member
command in stack mode) and the currently connected switchtypes, if any, are
shown.
Syntax
show switch [stack–member–number | stack–ports[counters |

diag | stackpath {from-unit | all} to-unit] | stack–standby]
 stack–member–number—The stack member number.
 stack–ports—Display summary stack-port information for all interfaces.
 counters—Display summary data counter information for all interfaces.
 diag—Display front panel stacking diagnostics for each port.
 stack-path—Display the active path from one stacking unit to another.
 From-unit—The unit from which the packets originate.
 all—Displays all unit paths.

Configure Stacking
 To-unit—The unit to which the packets are sent.

 stack–standby—Display

Configure Stacking
Managing Standby Unit
Managing Standby Unit
 Find out which unit is currently in Standby status, by running the show switch
command.
 Oper Stby is selected automatically by the Master during stack creation.
 If the administrator decides to select a different unit to be Standby, and then it is
labeled Cfg Stby.
 To change the standby to a different unit, use the standby x command.
 Verify the change with the show switch command.
If the Master unit fails or is taken offline, a Standby unit automatically takes place
as Master. During this time, there is no more than a 50 ms interruption in unicast
connectivity. Run the Show switch command to find which switch is the standby
switch. The Standby Status column shows which unit is in Standby mode. There
are two standby modes: Oper Stby and Cfg Stby. Oper Stby is selected
automatically by the Master during stack creation. If the administrator decides to
select a different unit to be Standby, it is labeled Cfg Stby. Both Standby modes
work identically.

Configure Stacking
In this example, unit 2 is the stack standby for the Master unit. The standby x
command, where x is set to 3, changes the standby switch from unit #2 to unit #3.
Verify the change with the show switch command.

Configure Stacking
Mixed Stacking
Mixed Stacking
Dell EMC Networking N3132PX‐ ON switches can be mixed stack with N3000
Series switches of up to 8 units. Mixed stack of N3132PX‐ ON and N3000 supports
only 1024 active VLANs configurable in the range 1‐ 4093 and does not support
MMRP/MVRP. Dell EMC Networking N3132PX‐ ON switches have an expansion
slot to install optional stacking module with two mini‐ SAS stack ports. Dell EMC
Networking N3000 Series switches are available with two fixed mini‐ SAS stack
ports.
Dell EMC Networking N2128PX‐ ON switches can be mixed stack with N2000
Series switches of up to 12 units. Dell EMC Networking N2000 and N2128PX‐ ON
switches are available with two fixed mini‐ SAS stack ports.
Administrators configuring mixed stack with N2128PX‐ ON and N2000 Series

switches MUST follow the instructions that are documented in the Upgrading Dell
EMC Networking N2128PX‐ ON Switches to Version 6.5.2.18 Firmware.pdf.
Administrators configuring mixed stack with N3132PX‐ ON and N3000 Series

switches MUST follow the instructions that are documented in the Upgrading Dell
EMC Networking N3132PX‐ ON Switches to Version 6.5.2.48 (Advanced) or
6.5.2.18(AdvancedLite).pdf.

Configure Stacking
Administrators configuring mixed stack with N3048EP-ON, N3132PX-ON, and

N3000 Series switches MUST follow the instructions that are documented in the
"Upgrading Dell EMC Networking N3048EP-ON Switches to Version
6.5.2.35(Advanced) or 6.5.2.5(AdvanceLite)".
SL Mixed Stacking Switch Series Firmware Version

No
1 N2000 Series and N2128PX-ON N2000N2100Stdv6.5.2.18.itb
2 N3000 Series and N3132PX-ON N3000N3100AdvLitev6.5.2.18.itb
3 N3048EP-ON and N3132PX-ON N3000N3100Advv6.5.2.48.itb

Configure Stacking
Stacking – General Guidelines
Stacking – General Guidelines
Stack using same platform series. For example, Dell Networking N2000 series
switches only stack with other N2000 series switches, N3000 series switches only
stack with other Dell N3000 series switches. All members of stack must run the
same OS version. For specifics on number of switches that can be stacked,
methods of stacking (dedicated optional modules and cables, integrated modules
(mini-SAS), user/data port, expansion modules), speeds associated with stacking
ports, cabling distance limitations, and so on – see User Guides for individual
switching platforms. For switch models that do not have dedicated stacking ports,
user ports are used. User ports that act as stacking ports must have their
personality that is changed to support stack framing.

Module Summary
Module Summary

Review Questions: Stacking
Review Questions: Stacking
1. How does stacking making management easier?
2. What are the two types of stacking topologies that can be used?
3. What are the three roles a switch can take when in a stack?
4. What feature enables a stack to continue forwarding end-user traffic when the
management unit in a stack fails?

Lab: Security
Lab: Security

Lab: Security
Lab: Stacking


Dell EMC Networking Campus Configuration and Administration - Participant Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Dell EMC Networking Campus Configuration and Administration - Participant Guide

Uploaded by

Copyright:

Available Formats

DELL EMC

© Copyright 2019 Dell Inc. Page i

Overview of Campus Network Design and Dell Networking Campus

Dell Networking N-Series Switches ........................................................................ 13

Module Summary ..................................................................................................... 22