Dell Powerconnect 5548P Users Manual 5500 Series User Guide

2015-01-05

: Dell Dell-Powerconnect-5548P-Users-Manual-136553 dell-powerconnect-5548p-users-manual-136553 dell pdf

Open the PDF directly: View PDF PDF.
Page Count: 728 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Dell PowerConnect
5500 Series
System User Guide
Regulatory Models: PowerConnect 5524, 5524P, 5548, 5548P
Notes, Cautions, and Warnings
NOTE: A NOTE indicates important information that helps you
make better use of your system.
CAUTION: A CAUTION indicates potential damage to
hardware or loss of data if instructions are not followed.
WARNING: A WARNING indicates a potential for property
damage, personal injury, or death.
____________________
Information in this document is subject to change without notice.
© 2012 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written
permission of Dell Inc. is strictly forbidden.
Trademarks used in this text: Dell™, the DELL logo, and PowerConnect™ are
trademarks of Dell Inc.; Intel®, Pentium®, and Celeron® are registered
trademarks of Intel Corporation in the U.S. and other countries; Microsoft® and
Windows® are either trademarks or registered trademarks of Microsoft
Corporation in the United States and/or other countries.
Other trademarks and trade names may be used in this document to refer to either
the entities claiming the marks and names or their products. Dell Inc. disclaims
any proprietary interest in trademarks and trade names other than its own.
Regulatory Models PC5524, PC5524P, PC5548 and PC5548P
May 2012 A05
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Contents 3
Table of Contents
1 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2 Features. . . . . . . . . . . . . . . . . . . . . . . . . . 14
IP Version 6 (IPv6) Support . . . . . . . . . . . . . . . 15
Stack Support . . . . . . . . . . . . . . . . . . . . . . 15
Power over Ethernet . . . . . . . . . . . . . . . . . . . 15
Green Ethernet . . . . . . . . . . . . . . . . . . . . . . 16
Head of Line Blocking Prevention. . . . . . . . . . . . 16
Flow Control Support (IEEE 802.3X) . . . . . . . . . . . 16
Back Pressure Support . . . . . . . . . . . . . . . . . 16
Virtual Cable Testing (VCT) . . . . . . . . . . . . . . . 17
Auto-Negotiation . . . . . . . . . . . . . . . . . . . . 17
MDI/MDIX Support. . . . . . . . . . . . . . . . . . . . 17
MAC Address Supported Features . . . . . . . . . . . 17
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . 19
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . 19
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . 19
Broadcast Storm Control . . . . . . . . . . . . . . . . 19
VLAN Supported Features . . . . . . . . . . . . . . . . 20
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
4Contents
Spanning Tree Protocol Features . . . . . . . . . . . . 21
Link Aggregation . . . . . . . . . . . . . . . . . . . . . 23
Quality of Service Features . . . . . . . . . . . . . . . 23
Device Management Features. . . . . . . . . . . . . . 24
Security Features . . . . . . . . . . . . . . . . . . . . 28
Port Profile (CLI Macro) . . . . . . . . . . . . . . . . . 30
DHCP Server . . . . . . . . . . . . . . . . . . . . . . . 31
Protected Ports. . . . . . . . . . . . . . . . . . . . . . 31
iSCSI Optimization . . . . . . . . . . . . . . . . . . . . 31
Proprietary Protocol Filtering . . . . . . . . . . . . . . 31
3 Hardware Description . . . . . . . . . . . . . . 33
Device Models . . . . . . . . . . . . . . . . . . . . . . 34
Device Structure . . . . . . . . . . . . . . . . . . . . . 34
LED Definitions. . . . . . . . . . . . . . . . . . . . . . 38
Power Supplies . . . . . . . . . . . . . . . . . . . . . 42
4 Stacking Overview. . . . . . . . . . . . . . . . . 43
Stack Overview . . . . . . . . . . . . . . . . . . . . . 44
Stack Members and Unit IDs . . . . . . . . . . . . . . 47
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Contents 5
5 Configuring the Switch . . . . . . . . . . . . . . 54
Configuration Work Flow . . . . . . . . . . . . . . . . 55
Connecting the Switch to the Terminal . . . . . . . . . 56
Booting the Switch . . . . . . . . . . . . . . . . . . . 57
Configuring the Stack . . . . . . . . . . . . . . . . . . 58
Configuration Using the Setup Wizard . . . . . . . . . 58
6 Advanced Switch Configuration . . . . . . . 63
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . 64
Accessing the Device Through the CLI . . . . . . . . . 67
Retrieving an IP Address . . . . . . . . . . . . . . . . 68
Security Management and Password Configuration . . 71
Configuring Login Banners . . . . . . . . . . . . . . . 74
Startup Menu Procedures . . . . . . . . . . . . . . . . 76
Software Download . . . . . . . . . . . . . . . . . . . 79
7 Using Dell OpenManage Administrator. . 83
Starting the Application . . . . . . . . . . . . . . . . . 84
Understanding the Interface. . . . . . . . . . . . . . . 84
Using the Switch Administrator Buttons . . . . . . . . 87
Field Definitions . . . . . . . . . . . . . . . . . . . . . 89
Common GUI Features . . . . . . . . . . . . . . . . . . 89
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
6Contents
GUI Terms. . . . . . . . . . . . . . . . . . . . . . . . . 90
CLI Commands . . . . . . . . . . . . . . . . . . . . . . 90
8 Network Security. . . . . . . . . . . . . . . . . . 92
Port Security . . . . . . . . . . . . . . . . . . . . . . . 93
ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
ACL Binding . . . . . . . . . . . . . . . . . . . . . . 118
Proprietary Protocol Filtering . . . . . . . . . . . . . 120
Time Range . . . . . . . . . . . . . . . . . . . . . . . 122
Dot1x Authentication. . . . . . . . . . . . . . . . . . 127
9 Configuring System Information . . . . . . 150
General Switch Information . . . . . . . . . . . . . . 151
Time Synchronization . . . . . . . . . . . . . . . . . 162
Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . 188
IP Addressing . . . . . . . . . . . . . . . . . . . . . 202
Diagnostics. . . . . . . . . . . . . . . . . . . . . . . 248
Management Security . . . . . . . . . . . . . . . . . 254
DHCP Server . . . . . . . . . . . . . . . . . . . . . . 290
SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . 307
File Management. . . . . . . . . . . . . . . . . . . . 330
Stack Management . . . . . . . . . . . . . . . . . . 361
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Contents 7
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . 369
10 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 379
Jumbo Frames . . . . . . . . . . . . . . . . . . . . . . 382
Green Ethernet Configuration . . . . . . . . . . . . . . 384
Protected Ports . . . . . . . . . . . . . . . . . . . . . 388
Port Profile . . . . . . . . . . . . . . . . . . . . . . . . 391
Port Configuration . . . . . . . . . . . . . . . . . . . . 397
LAG Configuration . . . . . . . . . . . . . . . . . . . . 403
Storm Control . . . . . . . . . . . . . . . . . . . . . . 408
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . 411
11 Address Tables . . . . . . . . . . . . . . . . . . . 416
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 417
Static Addresses. . . . . . . . . . . . . . . . . . . . . 418
Dynamic Addresses . . . . . . . . . . . . . . . . . . . 421
12 GARP . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
GARP Overview . . . . . . . . . . . . . . . . . . . . . 425
GARP Timers . . . . . . . . . . . . . . . . . . . . . . . 426
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
8Contents
13 Spanning Tree . . . . . . . . . . . . . . . . . . . . 428
Spanning Tree Protocol Overview . . . . . . . . . . . 429
Global Settings. . . . . . . . . . . . . . . . . . . . . 431
STP Port Settings. . . . . . . . . . . . . . . . . . . . 436
STP LAG Settings. . . . . . . . . . . . . . . . . . . . 441
Rapid Spanning Tree . . . . . . . . . . . . . . . . . . 444
Multiple Spanning Tree . . . . . . . . . . . . . . . . 448
14 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Virtual LAN Overview . . . . . . . . . . . . . . . . . 460
VLAN Membership . . . . . . . . . . . . . . . . . . . 465
Port Settings . . . . . . . . . . . . . . . . . . . . . . 468
LAGs Settings . . . . . . . . . . . . . . . . . . . . . 474
Protocol Groups . . . . . . . . . . . . . . . . . . . . 477
Protocol Port . . . . . . . . . . . . . . . . . . . . . . 481
GVRP Parameters . . . . . . . . . . . . . . . . . . . 483
Private VLAN . . . . . . . . . . . . . . . . . . . . . . 487
Voice VLAN. . . . . . . . . . . . . . . . . . . . . . . 491
15 Link Aggregation . . . . . . . . . . . . . . . . . . 500
Link Aggregation Overview . . . . . . . . . . . . . . 501
LACP Parameters. . . . . . . . . . . . . . . . . . . . 503
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Contents 9
LAG Membership . . . . . . . . . . . . . . . . . . . . 506
16 Multicast . . . . . . . . . . . . . . . . . . . . . . . . 508
Multicast Support Overview. . . . . . . . . . . . . . . 509
Global Parameters . . . . . . . . . . . . . . . . . . . . 511
Bridge Multicast Groups . . . . . . . . . . . . . . . . 513
Bridge Multicast Forward All . . . . . . . . . . . . . . 517
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . 519
Unregistered Multicast . . . . . . . . . . . . . . . . . 525
Multicast TV VLAN. . . . . . . . . . . . . . . . . . . . 527
17 LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
LLDP Overview. . . . . . . . . . . . . . . . . . . . . . 532
LLDP Properties . . . . . . . . . . . . . . . . . . . . . 533
LLDP Port Settings . . . . . . . . . . . . . . . . . . . . 537
MED Network Policy . . . . . . . . . . . . . . . . . . 540
LLDP MED Port Settings . . . . . . . . . . . . . . . . . 543
Neighbors Information. . . . . . . . . . . . . . . . . . 548
18 Dynamic ARP Inspection . . . . . . . . . . . . 551
Dynamic ARP Inspection Overview . . . . . . . . . . . 552
Global Settings. . . . . . . . . . . . . . . . . . . . . . 553
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
10 Contents
Dynamic ARP Inspection List . . . . . . . . . . . . . 555
Dynamic ARP Inspection Entries . . . . . . . . . . . 557
VLAN Settings . . . . . . . . . . . . . . . . . . . . . 559
Trusted Interfaces . . . . . . . . . . . . . . . . . . . 561
19 DHCP Snooping . . . . . . . . . . . . . . . . . . . 563
DHCP Snooping . . . . . . . . . . . . . . . . . . . . 564
DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . 577
20 iSCSI Optimization . . . . . . . . . . . . . . . . . 584
Optimizing iSCSI Overview . . . . . . . . . . . . . . 585
Global Parameters . . . . . . . . . . . . . . . . . . . 588
iSCSI Targets . . . . . . . . . . . . . . . . . . . . . . 591
iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . 593
Configuring iSCSI Using CLI . . . . . . . . . . . . . . 595
21 Statistics/RMON . . . . . . . . . . . . . . . . . . 596
Table Views . . . . . . . . . . . . . . . . . . . . . . 597
RMON Components . . . . . . . . . . . . . . . . . . 615
Charts. . . . . . . . . . . . . . . . . . . . . . . . . . 633
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Contents 11
22 Quality of Service . . . . . . . . . . . . . . . . . 640
QoS Features and Components . . . . . . . . . . . . . 641
General. . . . . . . . . . . . . . . . . . . . . . . . . . 643
QoS Basic Mode . . . . . . . . . . . . . . . . . . . . . 659
QoS Advanced Mode . . . . . . . . . . . . . . . . . . 668
QoS Statistics . . . . . . . . . . . . . . . . . . . . . . 688
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Revision History . . . . . . . . . . . . . . . . . . . . . . 727
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
12 Contents
Dell PowerConnect 55xx Systems User Guide 13
1
Preface
PowerConnect 5524/5548 and PowerConnect 5524P/5548P are stackable,
advanced multi-layer devices.
This guide contains the information needed for installing, configuring, and
maintaining the device through the web-based management system, called
the OpenManage Switch Administrator.
This guide describes how to configure each system through the web-based
management system and through CLI commands.
The
CLI Reference Guide,
which is available on the Documentation CD,
provides additional information about the CLI commands.
Dell PowerConnect 55xx Systems User Guide 14
2
Features
This section describes the features of the PowerConnect 5524/P and 5548/P
switches.
For a complete list of all updated device features, see the latest software
version Release Notes.
This section contains the following topics:
IP Version 6 (IPv6) Support
•Stack Support
Power over Ethernet
Green Ethernet
Head of Line Blocking Prevention
Flow Control Support (IEEE 802.3X)
•Back Pressure Support
Virtual Cable Testing (VCT)
• Auto-Negotiation
MDI/MDIX Support
MAC Address Supported Features
Layer 2 Features
IGMP Snooping
Port Mirroring
Broadcast Storm Control
•VLAN Supported Features
Spanning Tree Protocol Features
Link Aggregation
Quality of Service Features
Quality of Service Features
Device Management Features
Dell PowerConnect 55xx Systems User Guide 15
Security Features
•DHCP Server
•Protected Ports
iSCSI Optimization
Proprietary Protocol Filtering
IP Version 6 (IPv6) Support
The device functions as an IPv6-compliant host, as well as an IPv4 host (also
known as dual stack). This enables device operation in a pure IPv6 network as
well as in a combined IPv4/IPv6 network.
For more information, see "IP Addressing" on page 202.
Stack Support
The system supports up to eight units with two fixed HDMI stacking ports.
The HDMI ports are 1.3a specification, Category 2 High Speed cables, 340
MHz (10.2 Gbit/s).
it is recommended to use HDMI cable version 1.4
The stacking feature supports the following features:
Fast-link failover
Software auto-synch.
Improved response time to events, such as master failover
Auto-numbering algorithm when choosing unit number
For more information, see "Stacking Overview" on page 43
Power over Ethernet
Power over Ethernet (PoE) provides power to devices over existing LAN
cabling, without updating or modifying the network infrastructure. When
PoE is used, the network devices do not have to be placed next to a power
source. PoE can be used in the following applications:
IP Phones
Wireless Access Points
16 Dell PowerConnect 55xx Systems User Guide
•IP Gateways
•PDAs
Audio and video remote monitoring
For more information, see "Power over Ethernet" on page 157.
Green Ethernet
Green Ethernet, also known as Energy Efficient Ethernet (EEE), is an effort
to make networking equipment environmentally friendly, by reducing the
power usage of Ethernet connections.
The Short-Reach method, which reduces power over Ethernet cables shorter
than 40m, is supported by the device.
For more information, see "Green Ethernet Configuration" on page 384.
Head of Line Blocking Prevention
Head of Line (HOL) blocking results in traffic delays and frame loss caused
by traffic competing for the same egress port resources. To prevent HOL
blocking, the device queues packets, and packets at the head of the queue are
forwarded before packets at the end of the queue.
Flow Control Support (IEEE 802.3X)
Flow control enables lower-speed devices to communicate with higher-speed
devices, by requesting that the higher-speed device refrain from sending
packets. Transmissions are temporarily halted to prevent buffer overflows.
For more information, see "Flow Control" on page 380.
Back Pressure Support
On half-duplex links, the receiving port prevents buffer overflows by
occupying the link so that it is unavailable for additional traffic.
For more information, see "Protected Ports" on page 388.
Dell PowerConnect 55xx Systems User Guide 17
Virtual Cable Testing (VCT)
VCT
detects and reports copper link cabling faults, such as open cables and
cable shorts.
For more information, see "Diagnostics" on page 248.
Auto-Negotiation
Auto-negotiation enables the device to advertise modes of operation. The
auto-negotiation function enables an exchange of information between two
devices that share a point-to-point link segment, and automatically
configures both devices to take maximum advantage of their transmission
capabilities.
The PowerConnect 5500 series enhances auto-negotiation by providing port
advertisement. Port advertisement enables the system administrator to
configure the port speeds that are advertised.
For more information, see "Port Configuration" on page 397 or "LAG
Configuration" on page 403.
MDI/MDIX Support
Standard wiring for end stations is known as Media-Dependent Interface
(MDI), and standard wiring for hubs and switches is known as Media-
Dependent Interface with Crossover (MDIX).
If auto-negotiation is enabled, the device automatically detects whether the
cable connected to an RJ-45 port is MDIX (crossed) or MDI (straight). This
enables both types to be used interchangeably.
If auto-negotiation is not enabled, only MDI (straight) cables can be used.
For more information, see "Port Configuration" on page 397 or "LAG
Configuration" on page 403.
MAC Address Supported Features
MAC Address Capacity Support
The device supports up to 16K MAC addresses and it reserves specific MAC
addresses for system use.
18 Dell PowerConnect 55xx Systems User Guide
Static MAC Entries
MAC entries can be manually entered in the Bridging Table, as an alternative
to learning them from incoming frames. These user-defined entries are not
subject to aging, and are preserved across resets and reboots.
For more information, see "Static Addresses" on page 418.
Self-Learning MAC Addresses
The device enables controlled MAC address learning from incoming packets.
The MAC addresses are stored in the Bridging Table.
For more information, see "Dynamic Addresses" on page 421.
Automatic Aging for MAC Addresses
MAC addresses from which no traffic is received for a given period, are aged
out. This prevents the Bridging Table from overflowing.
For more information, see "Dynamic Addresses" on page 421.
VLAN-Aware MAC-Based Switching
The device always performs VLAN-aware bridging. Classic bridging
(IEEE802.1D), in which frames are forwarded based only on their destination
MAC address, is not performed. However, a similar functionality can be
configured for untagged frames. Frames addressed to a destination MAC
address that is not associated with any port are flooded to all ports of the
relevant VLAN.
MAC Multicast Support
Multicast service is a limited Broadcast service that enables one-to-many and
many-to-many connections for information distribution. In Layer 2 Multicast
service, a single frame is addressed to a specific Multicast address, from which
copies of the frame are transmitted to the relevant ports. When Multicast
groups are statically enabled, you can set the destination port of registered
groups, as well as define the behavior of unregistered Multicast frames.
For more information, see "Multicast" on page 508.
Dell PowerConnect 55xx Systems User Guide 19
Layer 2 Features
IGMP Snooping
Internet Group Membership Protocol (IGMP) Snooping examines IGMP
frame contents, when they are forwarded by the device from work stations to
an upstream Multicast router. From the frame, the device identifies work
stations configured for Multicast sessions, and which Multicast routers are
sending Multicast frames. The IGMP Querier simulates the behavior of a
Multicast router. This enables snooping of the Layer 2 Multicast domain even
if there is no Multicast router.
For more information, see "IGMP Snooping" on page 519.
Port Mirroring
Port mirroring monitors network traffic by forwarding copies of incoming and
outgoing packets from a monitored port to a monitoring port. Users specify
which target port receives copies of all traffic passing through a specified
source port.
For more information, see "Port Mirroring" on page 411.
Broadcast Storm Control
Storm Control enables limiting the number of Multicast and Broadcast
frames accepted by and forwarded by the device.
When Layer 2 frames are forwarded, Broadcast and Multicast frames are
flooded to all ports on the relevant VLAN. This occupies bandwidth, and
loads all nodes connected on all ports.
For more information, see "Storm Control" on page 408.
20 Dell PowerConnect 55xx Systems User Guide
VLAN Supported Features
VLAN Support
VLANs are collections of switching ports that comprise a single Broadcast
domain. Packets are classified as belonging to a VLAN, based on either the
VLAN tag or on a combination of the ingress port and packet contents.
Packets sharing common attributes can be grouped in the same VLAN.
For more information, see "VLANs" on page 459.
Port-Based Virtual LANs (VLANs)
Port-based VLANs classify incoming packets to VLANs, based on their ingress
port.
For more information, see "Defining VLAN Membership Using CLI
Commands" on page 466.
Full 802.1Q VLAN Tagging Compliance
IEEE 802.1Q defines an architecture for virtual, bridged LANs, the services
provided in VLANs, and the protocols and algorithms involved in the
provision of these services.
For more information, see "Virtual LAN Overview" on page 460.
GVRP Support
GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-
compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk
ports. When GVRP is enabled, the device registers and propagates VLAN
membership on all ports that are part of the active underlying Spanning Tree
Protocol topology.
For more information, see "GVRP Parameters" on page 483.
Voice VLAN
Voice VLAN enables network administrators to enhance VoIP service by
configuring ports to carry IP voice traffic from IP phones on a specific VLAN.
VoIP traffic has a preconfigured OUI prefix in the source MAC address.
Network administrators can configure VLANs from which voice IP traffic is
Dell PowerConnect 55xx Systems User Guide 21
forwarded. Non-VoIP traffic is dropped from the Voice VLAN in Auto-Voice
VLAN Secure mode. Voice VLAN also provides QoS to VoIP, ensuring that the
quality of voice does not deteriorate if the IP traffic is received unevenly.
For more information, see "Voice VLAN" on page 491.
Guest VLAN
Guest VLAN provides limited network access to unauthorized ports. If a port
is denied network access via port-based authorization, but the Guest VLAN is
enabled, the port receives limited network access through the Guest VLAN.
For more information, see "Dot1x Authentication" on page 127.
Private VLAN
The Private VLAN feature provides Layer 2 isolation between ports that share
the same Broadcast domain, or in other words, it creates a point-to-
multipoint Broadcast domain. The ports can be located anywhere in the
Layer 2 network (compared to the Protected Ports feature, where the ports
must be in the same stack).
For more information, see "Private VLAN" on page 487.
Multicast TV VLAN
The Multicast TV VLAN feature provides the ability to supply multicast
transmissions to Layer 2-isolated subscribers, without replicating the
multicast transmissions for each subscriber VLAN. The subscribers are the
only receivers of the multicast transmissions.
For more information, see "Multicast TV VLAN" on page 527.
Spanning Tree Protocol Features
Spanning Tree Protocol (STP)
802.1d Spanning tree is a standard Layer 2 switch requirement that enables
bridges to automatically prevent and resolve Layer 2 forwarding loops.
Switches exchange configuration messages using specifically-formatted
frames, and selectively enable and disable forwarding on ports.
For more information, see "Spanning Tree" on page 428.
22 Dell PowerConnect 55xx Systems User Guide
Fast Link
STP can take 30–60 seconds to converge. During this time, STP detects
possible loops, enabling time for status changes to propagate and for relevant
devices to respond. This period of 30-60 seconds is considered too long a
response time for many applications. The Fast Link option bypasses this
delay, and can be used in network topologies, where forwarding loops do not
occur.
For more information on enabling Fast Link for ports and LAGs, see "STP
Port Settings" on page 436
or
"Static Addresses" on page 418.
IEEE 802.1w Rapid Spanning Tree
Spanning Tree takes 30–60 seconds for each host to decide whether its ports
are actively forwarding traffic. Rapid Spanning Tree (RSTP) detects uses of
network topologies to enable faster convergence, without creating forwarding
loops.
For more information, see "Spanning Tree" on page 428.
IEEE 802.1s Multiple Spanning Tree
Multiple Spanning Tree (MSTP) operation maps VLANs into STP instances.
MSTP provides a different load balancing scenario. Packets assigned to various
VLANs are transmitted along different paths within MSTP Regions (MST
Regions). Regions are one or more MSTP bridges by which frames can be
transmitted. The standard lets administrators assign VLAN traffic to
unique paths.
For more information, see "Spanning Tree" on page 428.
STP BPDU Guard
BPDU Guard is used as a security mechanism, to protect the network from
invalid configurations.
BPDU Guard is usually used either when fast link ports (ports connected to
clients) are enabled or when the STP feature is disabled. When it is enabled
on a port, the port is shut down if a BPDU message is received and an
appropriate SNMP trap is generated.
For more information, see "Spanning Tree" on page 428.
Dell PowerConnect 55xx Systems User Guide 23
Link Aggregation
Up to 32 Aggregated Links may be defined, each with up to eight member
ports, to form a single Link Aggregated Group (LAG). This enables:
Fault tolerance protection from physical link disruption
Higher bandwidth connections
Improved bandwidth granularity
High bandwidth server connectivity
A LAG is composed of ports with the same speed, set to full-duplex
operation.
For more information, see "LAG Configuration" on page 403.
Link Aggregation and LACP
LACP uses peer exchanges across links to determine, on an ongoing basis, the
aggregation capability of various links, and continuously provides the
maximum level of aggregation capability achievable between a given pair of
devices. LACP automatically determines, configures, binds, and monitors the
port binding within the system.
For more information, see "Link Aggregation" on page 500.
BootP and DHCP Clients
DHCP enables additional setup parameters to be received from a network
server upon system startup. DHCP service is an on-going process. DHCP is an
extension of BootP.
For more information, see "DHCP IPv4 Interface" on page 207.
Quality of Service Features
Class of Service 802.1p Support
The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking
and prioritizing network traffic at the data link/MAC sub-layer. 802.1p traffic
is classified and sent to the destination. No bandwidth reservations or limits
24 Dell PowerConnect 55xx Systems User Guide
are established or enforced. 802.1p is a spin-off of the 802.1Q (VLANs)
standard. 802.1p establishes eight levels of priority, similar to the IP
Precedence IP Header bit-field.
Advanced QoS
Frames that match an ACL and were permitted entrance are implicitly
labeled with the name of the ACL that permitted their entrance. Advanced
mode QoS actions defined in network policies can then be applied to these
flows.
The switch can set DSCP values and map IPv6 DSCP to egress queues in the
same way it does for IPv4. The switch detects IPv6 frames by the IPv6 ether-
type.
For more information about Advanced QoS, see "QoS Advanced Mode" on
page 668.
TCP Congestion Avoidance
The TCP Congestion Avoidance feature activates an algorithm that breaks up
or prevents TCP global synchronization on a congested node, where the
congestion is due to multiple sources sending packets with the same byte
count.
For more information, see "The following is an example of the CLI
commands:" on page 656.
Device Management Features
SNMP Alarms and Trap Logs
The system logs events with severity codes and timestamps. Events are sent as
SNMP traps to a Trap Recipient List.
For more information, see "SNMP" on page 307
.
Dell PowerConnect 55xx Systems User Guide 25
SNMP Versions 1, 2, and 3
Simple Network Management Protocol (SNMP) over the UDP/IP protocol
controls access to the system. A list of community entries is defined, each
consisting of a community string and its access privileges. There are three
levels of SNMP security: read-only, read-write, and super. Only a super user
can access the Community table.
For more information, see "SNMP" on page 307.
Web-Based Management
Web-based management enables managing the system from any web browser.
The system contains an Embedded Web Server (EWS) that serves HTML
pages, through which the system can be monitored and configured. The
system internally converts web-based input into configuration commands,
MIB variable settings, and other management-related settings.
Management IP Address Conflict Notification
This feature validates the uniqueness of the switch's IP address, whether it is
assigned manually or through DHCP. If the IP address is not unique, the
switch performs actions according to the address type. If the IP address is
static, see more information about this in "IPv4 Interface Parameters" on
page 203. If the IP address is dynamic, see more information about this
in"DHCP IPv4 Interface" on page 207.
Flow Monitoring (sflow)
The switch supports statistics collection, using a sampling technology called
sFlow that is based on RFC 3176. The sFlow sampling technology is
embedded within the switch, and provides the ability to continuously
monitor traffic flows on some or all the interfaces simultaneously.
For more information, see "sFlow" on page 369.
Configuration File Download and Upload
The device configuration is stored in a configuration file. The configuration
file includes both system-wide and port-specific device configuration. The
system can display configuration files as a collection of CLI commands that
are stored and manipulated as text files.
26 Dell PowerConnect 55xx Systems User Guide
Auto-Update of Configuration/Image File
This feature facilitates installation of new devices. When you enable the
various auto-update options, the device automatically downloads a new
image or configuration file when it receives its IP address from a TFTP server,
and automatically reboots, using the image or configuration file it received.
For more information, see "Auto-Update/Configuration Feature" on page 331.
TFTP Trivial File Transfer Protocol
The device supports boot image, software, and configuration
upload/download via TFTP.
USB File Transfer Protocol
The device supports boot image, software, and configuration
upload/download via USB.
Remote Monitoring
Remote Monitoring
(RMON) is an extension to SNMP that provides
comprehensive network traffic monitoring capabilities. RMON is a standard
MIB that defines MAC-layer statistics and control objects, enabling real-time
information to be captured across the entire network.
For more information, see "Statistics/RMON" on page 596.
Command Line Interface
Command Line Interface
(CLI) syntax and semantics conform as much as
possible to common, industry standards. CLI is composed of mandatory and
optional elements. The CLI interpreter provides command and keyword
completion to assist users and save typing.
Syslog
Syslog is a protocol that enables event notifications to be sent to a set of
remote servers, where they can be stored, examined, and acted upon. The
system sends notifications of significant events in real time, and keeps a
record of these events for after-the-fact usage.
For more information on Syslog, see "Logs" on page 188.
Dell PowerConnect 55xx Systems User Guide 27
SNTP
The Simple Network Time Protocol (SNTP) assures accurate network
Ethernet Switch clock time synchronization up to the millisecond. Time
synchronization is performed by a network SNTP server. Time sources are
prioritized by strata. Strata define the distance from the reference clock. The
higher the stratum (where zero is the highest), the more accurate the clock.
For more information, see "Time Synchronization" on page 162.
Domain Name System
Domain Name System (DNS) converts user-defined domain names into IP
addresses. Each time a domain name is assigned, the DNS service translates
the name into a numeric IP address. For example, www.ipexample.com is
translated into 192.87.56.2. DNS servers maintain domain name databases
containing their corresponding IP addresses.
For more information, see "Domain Name System" on page 235.
802.1ab (LLDP-MED)
The Link Layer Discovery Protocol (LLDP) enables network managers to
troubleshoot, and enhances network management by discovering and
maintaining network topologies over multi-vendor environments. LLDP
discovers network neighbors by standardizing methods for network devices to
advertise themselves to other systems, and to store discovered information.
The multiple advertisement sets are sent in the packet Typ e L en g t h Va lue
(TLV) field. LLDP devices must support chassis and port ID advertisement,
as well as system name, system ID, system description, and system capability
advertisements.
LLDP Media Endpoint Discovery
(LLDP-MED) increases network flexibility
by enabling various IP systems to co-exist on a single network LLDP. It
provides detailed network topology information, emergency call service via IP
phone location information, and troubleshooting information.
For more information, see "LLDP" on page 531.
28 Dell PowerConnect 55xx Systems User Guide
Security Features
SSL
Secure Socket Layer (SSL) is an application-level protocol that enables secure
transactions of data through privacy, authentication, and data integrity. It
relies upon certificates and public and private keys.
Port-Based Authentication (Dot1x)
Port-based authentication enables authenticating system users on a per-port
basis via an external server. Only authenticated and approved system users
can transmit and receive data. Ports are authenticated via the Remote
Authentication Dial-In User Service (RADIUS) server using the Extensible
Authentication Protocol (EAP). Dynamic VLAN Assignment (DVA) enables
network administrators to automatically assign users to VLANs during the
RADIUS server authentication.
For more information, see "Dot1x Authentication" on page 127.
Locked Port Support
Locked Port increases network security by limiting access on a specific port to
users with specific MAC addresses. These addresses are either manually
defined or learned on that port. When a frame is seen on a locked port, and
the frame source MAC address is not tied to that port, the protection
mechanism is invoked.
For more information, see "Port Security" on page 93.
RADIUS Client
RADIUS is a client/server-based protocol. A RADIUS server maintains a user
database that contains per-user authentication information, such as user
name, password, and accounting information.
RADIUS Accounting
This feature enables recording device management sessions (Telnet, serial,
and WEB but not SNMP) and/or 802.1x authentication sessions.
Dell PowerConnect 55xx Systems User Guide 29
Due to the complexity of 802.1x setup and configuration, many mistakes can
be made that might cause loss of connectivity or incorrect behavior. The
802.1x Monitor mode enables applying 802.1x functionality to the switch,
with all necessary RADIUS and/or domain servers active, without actually
taking any action that may cause unexpected behavior. In this way, the user
can test the 802.1x setup before actually applying it.
For more information, see "RADIUS" on page 284.
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to
a device. SSH version 2 is currently supported. The SSH server feature
enables an SSH client to establish a secure, encrypted connection with a
device. This connection provides functionality that is similar to an inbound
telnet connection. SSH uses RSA and DSA Public Key cryptography for
device connections and authentication.
For more information, see "Security Management and Password
Configuration" on page 71.
TACACS+
TACACS+ provides centralized security for validation of users accessing the
device. TACACS+ provides a centralized, user management system, while
still retaining consistency with RADIUS and other authentication processes.
For more information, see "TACACS+" on page 275.
Password Management
Password management provides increased network security and improved
password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP
access are assigned security features.
For more information, see "Password Management" on page 279.
The switch provides the ability to demand strong passwords, meaning that
they must contain both upper and lower-case letters, numbers, and
punctuation marks.
For more information, see "Password Management" on page 279.
30 Dell PowerConnect 55xx Systems User Guide
Access Control Lists (ACL)
Access Control Lists
(ACL) enable network managers to define classification
actions and rules for specific ingress ports. Packets entering an ingress port
with an active ACL, are either admitted or denied entry and the ingress port is
disabled. If they are denied entry, the user can disable the port.
Dynamic ACL/Dynamic Policy Assignment (DACL/DPA)
The network administrator can specify the user's ACL in the RADIUS server.
After successful authentication, the user is assigned that ACL.
For more information, see "Network Security" on page 92.
DHCP Snooping
DHCP Snooping expands network security by providing firewall security
between untrusted interfaces and DHCP servers. By enabling DHCP
Snooping, network administrators can differentiate between trusted
interfaces connected to end-users or DHCP servers and untrusted interfaces
located beyond the network firewall.
For more information, see "DHCP Snooping" on page 564.
ARP Inspection
Dynamic ARP inspection is a security feature that validates ARP packets in a
network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC
address bindings. This capability protects the network from certain man-in-
the-middle attacks.
Port Profile (CLI Macro)
Macros provide a convenient way to save and share a common configuration.
A macro is a set of CLI commands with a unique name. When a macro is
applied to a port, the CLI commands contained within it are executed and
added to the Running Configuration file.
For more information, see "Dynamic ARP Inspection" on page 551.
Dell PowerConnect 55xx Systems User Guide 31
DHCP Server
Dynamic Host Configuration Protocol (DHCP) provides a means of passing
configuration information (including the IP address of a TFTP server and a
configuration file name) to hosts on a TCP/IP network. The switch can serve
as a DHCP server or client.
For more information on the device serving as a DHCP server, see "DHCP
Server" on page 290.
For more information on the device serving as a DHCP client, see "DHCP
IPv4 Interface" on page 207.
Protected Ports
The Protected Ports feature provides Layer 2 isolation between interfaces
(Ethernet ports and LAGs) that share the same Broadcast domain (VLAN)
with other interfaces.
For more information, see "Protected Ports" on page 388.
iSCSI Optimization
iSCSI optimization provides the iSCSI flows with specific priority over other
network traffic. In addition, the feature provides monitoring of iSCSI
sessions.
For more information, see "iSCSI Optimization" on page 584.
Proprietary Protocol Filtering
This feature enables user control over the filtering of packets with proprietary
protocols such as CDP, VTP, DTP, UDLD, PaGP, and SSTP. The user can
select any combination of the protocols to be filtered, for example: CDP and
VTP and UDLD.
For more information, see "Network Security" on page 92.
DHCP Relay and Option 82
A DHCP relay agent detects DHCP Broadcasts from DHCP clients and relays
them to DHCP servers that may reside on different subnets.
32 Dell PowerConnect 55xx Systems User Guide
The relay agent information option (Option 82) in the DHCP protocol
enables a DHCP relay agent to send additional client information, upon
requesting an IP address.
Option 82 specifies the relaying switch's MAC address, the port identifier, and
the VLAN that forwarded the packet.
For more information, see "DHCP Relay" on page 577.
Identifying a Switch via LED
The switch provides the ability to turn on a LED (through the GUI interface)
on a specific unit or on all units in a stack for a specific length of time.
For more information, see Unit Identification (Location).
Dell PowerConnect 55xx Systems User Guide 33
3
Hardware Description
This section describes PowerConnect 5500 hardware.
It contains the following topics:
Device Models
Device Structure
LED Definitions
Power Supplies
34 Dell PowerConnect 55xx Systems User Guide
Device Models
The PowerConnect 5500 switches combine versatility with minimal
management requirements. This series includes the following device types:
PowerConnect 5524
— Provides 24 10/100/1000Mbps Base-T ports
PowerConnect 5524P (with PoE)
— Provides 24 10/100/1000Mbps Base-T
ports, along with Power-over-Ethernet (PoE) support
PowerConnect 5548
— Provides 48 10/100/1000Mbps Base-T ports
PowerConnect 5548P (with PoE)
— Provides 24 10/100/1000Mbps Base-T
ports, along with Power-over-Ethernet (PoE) support
Each of these devices provides, in addition to the above ports, two HDMI
ports, two SPF+ ports, an RS-232 console port, and a USB port, as shown in
Figure 5-1.
NOTE: 10/100/1000Mbps Baset-T ports are also known as Gigabit ports or G ports.
Device Structure
This section describes the structure of the devices.
It contains the following topics:
Front Panel
Buttons and LEDs
•Back Panel
Ventilation System
System LEDs
•Port LEDs
Dell PowerConnect 55xx Systems User Guide 35
Front Panel
Figure 5-1 shows the front panel of the PowerConnect 5548 device with its
various ports labelled. The PowerConnect 5524 device from the
PowerConnect 5548 device in that there are 24 G ports and not 48.
Figure 5-2 shows the buttons/LEDs on the right side in greater detail.
Figure 3-1. PowerConnect 5548 Ports
The following ports are found on the devices.
24/48 G Ports
Two X G Port s
(also known as Small Form Factor Plugable (SFP)+ Ports)
These are 10 Gigabit ports, designated as 1000Base-X-SFP+. The SFP+
ports are fiber transceivers designated as 10000 Base-SX or LX. They
include TWSI (Two-Wire Serial Interface) and internal EPROM.
RS-232 Console Port
This port is used for a terminal connection for debugging and software
downloads. The default baud rate is 9,600 bps. The baud rate can be
configured from 2400 bps up to 115,200 bps.
•Two HDMI Ports
The HDMI ports are 1.3a specification, category 2 high-speed cables, 340
MHz (10.2 Gbit/s). They are used for stacking purposes.
Console
SPF+ Ports
USB Port
HDMI Ports
Giga Ports (even numbered)
Port
Giga Ports (odd numbered)
36 Dell PowerConnect 55xx Systems User Guide
NOTE: it is recommended to use HDMI cable version 1.4
•Single USB Port
This port is used for firmware upgrade from a USB device.
Buttons and LEDs
LEDs on Front Panel
Figure 5-2 shows the extreme, right-hand part of the front panel, which
contains buttons and LEDs, in addition to ports.
Figure 3-2. Button/LED Panel
These LEDs are described in Table 5-1 and Table 5-2.
Reset Button
The PowerConnect 5500 switches have a reset button, located on the front
panel that is used for manual reset (reboot) of the device.
The single reset circuit of the switch is activated by power-up or low-voltage
conditions.
Power Status
Fan
RPS
Reset
Stacking Unit ID
Master
Port LEDs
Console Port
Dell PowerConnect 55xx Systems User Guide 37
The Reset button does not extend beyond the unit’s front, and it must be
activated with a pin.
Back Panel
The back panel of the non-PoE models, shown in Figure 5-3, contains a
Redundant Power Supply (RPS) connector, Location LED, and power
connector.
The back panel of the PoE models, shown in Figure 5-4, contains a Modular
Power Supply (MPS) connector, Location LED, power connector, and two fan
outlets.
Figure 3-3. PowerConnect 5524/48 Back Panel
Figure 3-4. PowerConnect 5524/48/P Back Panel
The elements on the back panel are used as follows:
Locator LED
— This LED is lit when the Unit Identification feature is
selected. See "Unit Identification (Location)" on page 367 for more
information about this feature.
RPS/MPS
— Connector for auxiliary power supply.
See "Power Supplies
"
on page 42
for more information.
RPS A/C Power Supply
Locator
Locator MPS A/C Power Supply
FanFan
38 Dell PowerConnect 55xx Systems User Guide
A/C Power Supply
— Connector for AC power supply.
See "Power
Supplies
" on page 42
for more information.
Fans
— Fan outlets.
See "Ventilation System
" on page 38
for more
information.
Ventilation System
The PowerConnect 5500/P switches have two built-in fans. Operation can be
verified by observing the LED that indicates if one or more fans are faulty
(see Table 5-1).
The fan outlets are shown in Figure 5-4.
LED Definitions
The front panel contains light emitting diodes
(LEDs) that indicate the
status of links, power supplies, fans, and system diagnostics.
These are described below.
System LEDs
The system LEDs of the PowerConnect 5500 devices provide information
about the power supplies, fans, thermal conditions, and diagnostics.
Figure 5-2 shows the location of the system LEDS on the device.
Table 5-1 describes the meaning of the colors of the system LEDs.
Table 3-1. System LED Indicators
LED Color Description
Power Supply
(PWR)
Green Static The switch is turned on.
Green Flashing The Locator function is enabled.
Off The switch is turned off.
Status Green Static The switch is operating normally.
Green Flashing The switch is booting.
Red Static A critical system error has occurred.
Red Flashing A non-critical system error has occurred.
Dell PowerConnect 55xx Systems User Guide 39
Stacking No. Indicates the unit ID of the device in the
stack.
Modular/Redundan
cy Power Supply
(MPS/RPS)
Green Static The MPS/RPS is currently operating.
Red Static The MPS/RPS failed.
Off The MPS/RPS is not plugged in.
Locator Green Flashing Locator function is enabled.
Green Static Locator function is disabled.
Master Green Static The device is a master unit.
Off The device is not a master unit.
Fan (FAN) Green Static All device fans are operating normally.
Red Static One or more of the device fans are not
operating.
Table 3-1. System LED Indicators (Continued)
LED Color Description
40 Dell PowerConnect 55xx Systems User Guide
Port LEDs
Gigabit Ports
Each Giga port has two LEDs associated with it. The speed/link (LNK) LED
is located on the left side of the port, while the activity/PoE LED is located on
the right side of the port. The activity/PoE LED is labelled ACT in non-PoE
devices, and is labelled PoE in PoE-enabled devices, as shown in Figure 5-5.
Figure 3-5. Giga Port LEDs
Table 5-2 describes the LED indications for the Gigabit ports:
Table 3-2. Giga Port s on non-PoE-enabled Devices LEDs
LED Color Description
LNK Green Flashing Link is up and the port is either transmitting
or receiving at 1000 Mbs.
Yellow Flashing Link is up and the port is either transmitting
or receiving data at 100 Mbps.
Solid green
Solid amber
Link is up high speed.
Link is up at lower speeds.
OFF The port is currently not operating.
ACT Green Flashing There is activity on the port.
Off There is no activity on the port.
LNK ACT/PoE
LNK ACT/PoE
Dell PowerConnect 55xx Systems User Guide 41
Table 5-3 describes the LED indications for Gigabit ports on PoE-enabled
devices.
HDMI Port LEDs
The HDMI ports have a Speed/link (LNK) LED on their left side and an
activity (ACT) LED on their right side.
Table 5-4 describes the HDMP port LEDs:
Table 3-3. Giga Port s on PoE-enabled Devices LEDs
LED Color Description
LNK Flashing green Link is up and the port is either transmitting or
receiving at 1000 Mbs.
Flashing amber Link is up and the port is either transmitting or
receiving data at 100 Mbps.
Solid green
Solid amber
Link is up high speed.
Link is up at lower speeds.
Off Port is currently not operating.
PoE Flashing green There is activity on the port and the PoE is off.
Flashing amber There is activity on the port and the PoE is on.
Amber solid There is no activity on the port and the PoE power is
on.
Off There is no activity on the port and the PoE is off.
Table 3-4. HDMI (Stacking) Port LEDs
LED Color Description
Speed/Link Solid green Port is linked to device.
Off Port is currently not operating.
ACT Flashing green Port is either transmitting or receiving.
Off Port is not transmitting or receiving.
42 Dell PowerConnect 55xx Systems User Guide
SFP LEDs
The SFP+ ports each have two LEDs, marked as LNK and ACT, associated
with them. Figure 5-5 describes these LEDs.
Stack ID LED
The front panel of the device contains a Stack ID panel used to display the
Unit ID for the Stack Master and members, as shown in Figure 5-2.
Power Supplies
The device has an internal power supply unit (AC unit) and a connector to
connect PowerConnect 5500/P devices to a PowerConnect EPS-470 unit, or
to a PowerConnect MPS-600 unit.
The PowerConnect 5500/P devices have the following internal power
supplies:
24 Port non-PoE devices —
54 Watt
.
48 Port non-PoE devices —
100 Watt
.
24/48 Port PoE devices —
600 Watt
.
Operation with both power supply units is regulated through load sharing.
Power supply LEDs indicate the status of the power supply.
The AC power supply unit operates from 90 to 264 VAC, 47 to 63 Hz. The AC
power supply unit uses a standard connector. A LED, shown in Figure 5-3,
indicates whether the AC unit is connected.
When the device is connected to a supplementary power source, the
probability of failure in the event of a power outage decreases.
Table 3-5. SFP Port LEDs
LED Color Description
LNK Solid green Link is at highest speed.
Solid amber Link is at lowest speed.
Off Port is currently not linked.
ACT Flashing green Port is either transmitting or receiving.
Dell PowerConnect 55xx Systems User Guide 43
4
Stacking Overview
This section describes how the Stacking feature of the PowerConnect 5500
series functions.
It contains the following topics:
Stack Overview
Stack Members and Unit IDs
44 Dell PowerConnect 55xx Systems User Guide
Stack Overview
The PowerConnect 5500 Stacking feature provides multiple switch
management through a single switch, so that all units in the stack are treated
as if they were a single switch. All stack members are accessed through the
management IP address, through which the stack is managed.
Each switch is a member in a stack, although the stack may consist of only a
single switch.
Up to eight units can be stacked.
This section covers the following topics:
Stack Operation Modes
Stacking Units
•Stack Topology
Stack Operation Modes
All stacks must have a Master unit, and may have a Master Backup unit. All
other units are connected to the stack as members (slaves).
A unit in the stack can be in one of the following modes:
Stack Master
— Runs the fully operational software of a switch. In
addition, it runs configures and manages all other units in the stack. All
protocols run in the context of the Master unit. It is responsible for
updating and synchronizing the
Master Backup
.
The Stack Master detects and reconfigures the ports with minimal
operational impact in the event of:
Unit failure
Inter-unit stacking link failure
Unit insertion
Unit removal
When the Master unit boots, or when inserting or removing a stack
member, the Master unit initiates a stacking discovering process.
Dell PowerConnect 55xx Systems User Guide 45
Slave Unit
— Runs a slave version of the software that enables the
applications running on the Master’s CPU to control and manage the
resources of the slave unit.
Master Backup
— Runs as a slave unit, as described above, and in
addition, continuously monitors the existence and operation of the stack
master. If the master unit fails, the master-backup unit assumes the Master
Backup role.
Stacking Units
PowerConnect 5500 series switches use two HDMI 10G ports for stacking.
To connect the units in the stack:
1
Insert one end of an HDMI cable into the left-hand HDMI port on the
unit at the top of the stack and the other end into the right-hand HDMI
port of the unit immediately below it (this is called crossover).
2
Repeat this process until all units are connected.
3
(Optional) Connect the left-hand HDMI port of the unit at the bottom of
the stack to the right-hand HDMI port of the unit at the top of the stack.
This step provides increased bandwidth and redundancy.
46 Dell PowerConnect 55xx Systems User Guide
The results of this process are shown in Figure .
Figure 4-1. Stacking Ring Topology
HDMI Ports
Front Panel
HDMI Ports
Front Panel
HDMI Ports
Front Panel
Front Panel
HDMI Ports
Dell PowerConnect 55xx Systems User Guide 47
Stack Topology
The PowerConnect 5500 series systems operates in a ring or chain topology.
Ring Topology
In a ring topology all units in the stack are connected to each other, forming a
circle. Each unit in the stack accepts data and sends it to the unit to which it
is attached. The packet continues through the stack until it reaches its
destination. The system discovers the optimal path on which to send traffic.
Figure shows units of a stack connected in a ring topology.
Stacking Failover Topology - Chain Topology
Difficulties occur when a unit in the ring becomes non-functional, or a link is
severed. In this case, the system automatically switches to a chain topology,
without any system downtime.
In chain topology, each unit in the stack is connected to neighboring unit
except for the last unit, which is not connected to any other unit.
In the chain topology, the stack continues to function as long as there is a
master- or backup-enabled unit in each segment of the stack.
When the ring topology is switched to chain topology, an SNMP message is
automatically generated, but no stack management action is required. The
unit that failed must be repaired to restore full stacking operation in the ring
topology.
After the stacking issues are resolved, the units can be reconnected without
interruption, and the ring topology is restored.
Stack Members and Unit IDs
This section describes how to configure the stack.
It contains the following topics:
Adding a Unit to the Stack
Assigning Unit IDs
Selecting the Master and Master Backup Units
Switching from the Master to the Master Backup
Replacing Stacking Members
48 Dell PowerConnect 55xx Systems User Guide
Loading Software onto Stack Members
Rebooting the Stack
Managing Configuration Files on the Stack
Adding a Unit to the Stack
The recommended procedure to add a unit to a stack is as follows:
1
Place the powered-off unit in its physical place in the stack, and insert the
stacking link in the unit (but do not connect it to the rest of the stack).
2
Power up the unit, and set the correct Unit ID, as described below.
3
Reboot the unit and connect it to the rest of the stack through the stack
link.
Assigning Unit IDs
Each unit in the stack has a unique ID that defines the unit’s position and
function in the stack, as shown in Figure 5-2.
The unit that is assigned Unit ID 1 is the Master unit, by default. The unit
that is assigned Unit ID 2 is the Master Backup unit.
When you power-up the stack, each unit is assigned a unique Unit ID. This is
displayed on the front panel of the unit, as shown in Figure 5-2.
The Unit ID of each unit can be either automatically assigned or manually
assigned, as described in step 1 to step 4 below.
To assign IDs to the units in the stack, do the following for each unit in the
stack:
1
Connect the unit to the terminal.
Dell PowerConnect 55xx Systems User Guide 49
2
Turn on the unit to begin auto boot and press
Return
or
Esc
to abort and
enter the
Start Up
menu.
3
Select
Stack Menu
to open the
Stack Menu
.
4
Select
Set Unit Stack ID.
Enter either a Unit ID for manual assignment or
0 to indicate that the unit ID will be assigned automatically.
NOTE: The entire stack should be connected, as shown in Figure 6-1, before
powering up the units.
Selecting the Master and Master Backup Units
A unit is master-enabled if it assigned Unit ID 1 and Unit 2. All other units in
the stack (slaves) have unit IDs of 3-8.
The stack master assignment is performed during the configuration boot
process. One master-enabled stack member is elected as Master, and the
other master-enabled stack member is selected as
Master Backup
, according
to the following decision process:
A master is selected from the set of the two Master-enabled units. Priority
is given to the lowest unit ID, but also takes into account the amount of
time the unit is UP (Up Time) as follows:
Startup Menu
[1]Download Software
[2]Erase Flash File
[3]Password Recovery Procedure
[4]Set Terminal Baud-Rate
[5]Stack Menu
[6]Back
[1]Show Unit Stack ID
[2]Set Unit Stack ID
[3]Back
50 Dell PowerConnect 55xx Systems User Guide
When a master-enabled unit is inserted to a running stack, (or when
Master and Backup master both start at the same time), they
exchange each other’s UP TIME (the time since they powered up). If
the time difference is smaller than 10 minutes, the unit with the
lowest unit ID is elected; otherwise, the unit with the longest UP time
is elected.
If a Master-enabled unit (with ID 1 or 2) is inserted into an
operational stack, it will be elected as a backup master.
If a Master unit and/or a backup Master unit is removed from the
stack and the user wishes to configure one of the slave units
(numbered 3-8) to be a Master backup, the user must reset the unit’s
ID. This can be done as follows:
If there is a Master-enabled unit in the stack: Do -
switch
n
renumber
2 (through CLI or GUI). This makes the nth unit a
master-enabled unit.
If there is no Master-enabled unit in the stack: Press the reset
button on the unit to be master-enabled, and assign it a unit ID=
1 using the boot menu.
The user can
force
a master-enabled unit to be the master unit of the
stack, even if the master election process did not select it. This is done by
switching over to the backup unit.
NOTE: Two stacking member are considered the same age if they were
inserted within a ten minute interval, for example, if Unit 2 is inserted in the
first minute of a ten-minute cycle, and Unit 1 is inserted in fifth minute of the
same cycle, the units are considered to be the same age.
NOTE: If two stack members are discovered to have the same Unit ID, only
the older unit is included in the stack. The stack continues to function and a
message is sent notifying that a unit failed to join the stack.
The Stack Master and the
Master Backup
maintain a Warm Standby. The
Warm Standby ensures that the
Master Backup
takes over for the Stack
Master if a failover occurs, so that the stack continues to operate normally.
During the Warm Standby, the Master and the
Master Backup
are
synchronized with the static configuration. When the Stacking Master is
configured, it must synchronize the
Master Backup
. The dynamic
Dell PowerConnect 55xx Systems User Guide 51
configuration is not saved, for example, dynamically-learned MAC addresses
are not saved, but dynamic information is learned quickly and automatically
by network traffic.
Switching from the Master to the Master Backup
The Master Backup replaces the Stack Master if one or more of the following
events occur:
The Stack Master fails or is removed from the stack.
Links from the Stack Master to the stacking members fails.
User performs soft switchover via the Web interface or the CLI.
Switching between the Stack Master and the Master Backup results in limited
service loss. Dynamic tables are relearned if a failure occurs. The Running
Configuration file is synchronized between Stack Master and the Master
Backup, and continues running on the Master Backup.
Replacing Stacking Members
If a unit is removed from the stack, and replaced with a unit with the same
unit ID, the stack member is configured with the original unit configuration.
Otherwise, if the new unit has either more or fewer ports than the previous
unit, the results depend on the device type of the new and original units, as
defined in Table 6-1:
Table 4-1. Port Configurations when Replacing Units
New Unit Original Unit New Port Configuration
5548P or 5548 5548P or 5548 Port configurations remain the same.
5524 or 5524P The first 24 Giga (GE) ports receive the
respective 5524/P 24 GE port
configurations. The 10 G port
configurations remain the same.
52 Dell PowerConnect 55xx Systems User Guide
Loading Software onto Stack Members
Software can be downloaded to all units simultaneously, or to the master unit
alone. If software is only loaded to the master unit, when new software is
selected, and the Master is rebooted, the Master updates the software on the
remaining units.
In this way, all units in the stack run the same software version.
Rebooting the Stack
Whenever a reboot occurs, topology discovery is performed, and the Master
learns all units IDs in the stack.
Configuration files are changed only through explicit user configuration, and
are not automatically modified when units are added, removed or reassigned
unit IDs.
Each time the system reboots, the Startup Configuration file in the Master
unit is used to configure the stack.
Managing Configuration Files on the Stack
The Startup Configuration and Running Configuration file are stored on the
stack master.
Each port in the stack is referenced in the configuration files by its port type
and unit ID/0/port number, for example "gi1/0/24", which means Giga port 24
on unit 1 (the middle 0 is reserved for future use).
Configuration files are managed from the Stack Master, including:
Saving to flash memory
5524P or 5524 5548P or 5548 The PowerConnect 5524/P 24 Gigabit
ports receives the first 24 Giga 5548/P port
configurations. The 10 Giga port
configurations remain the same. The
remaining ports receive the default port
configuration.
5524P or 5524 Port configurations remain the same.
Table 4-1. Port Configurations when Replacing Units (Continued)
New Unit Original Unit New Port Configuration
Dell PowerConnect 55xx Systems User Guide 53
Uploading configuration files to an external TFTP server/HTTP client
Downloading configuration files from an external TFTP server/HTTP
client
Download/upload through the USB port
NOTE: Stack configuration for all configured ports is saved, even if the stack
is reset and/or the ports are no longer present.
Dell PowerConnect 55xx Systems User Guide 54
5
Configuring the Switch
This section describes the configuration that must be performed after the
switch is installed and connected to power supplies. Additional advanced
functions are described in "Advanced Switch Configuration" on page 63.
NOTE: Before proceeding further, read the release notes for this product. You can
download the release notes from the Dell Support website at support.dell.com.
NOTE: We recommend that you obtain the most recent revision of the user
documentation from the Dell Support website at support.dell.com.
It contains the following topics:
Configuration Work Flow
Connecting the Switch to the Terminal
Booting the Switch
•Configuring the Stack
Configuration Using the Setup Wizard
Dell PowerConnect 55xx Systems User Guide 55
Configuration Work Flow
To configure the switches:
1
For each switch in the stack:
a
Connect it to a terminal, as described in the "Connecting the Switch
to the Terminal" on page 56.
b
Boot the switch, as described in the "Booting the Switch" on page 57.
c
Assign a unit ID to the switch, as described in "Assigning Unit IDs" on
page 48.
2
Connect the units in the stack to each other, as described in "Configuring
the Stack" on page 58.
3
Connect the Master unit to the terminal, reboot the unit and the Setup
Wizard is run automatically, as described in "Configuration Using the
Setup Wizard" on page 58.
4
Respond to the Setup Wizard prompts.
5
Continue managing the switch, either through the console or Telnet, using
the CLI or the web GUI.
56 Dell PowerConnect 55xx Systems User Guide
Connecting the Switch to the Terminal
The switch is configured and monitored through a terminal desktop system
that runs terminal emulation software. The switch connects to the terminal
through the console port.
To connect the switch to a terminal:
1
Connect an RS-232 cable to a VT100-compatible terminal or the serial
connector of a desktop system running terminal emulation software.
2
Connect the RS-232 cable to the switch console port on the front panel of
the switch (see Figure 7-1) using an 8-pin RJ-45 male connector.
Figure 5-1. Front-Panel Console Port
3
Set the terminal emulation software as follows:
a
Select the appropriate serial port to connect to the switch.
b
Set the data rate to 9600 baud.
c
Set the data format to 8 data bits, 1 stop bit, and no parity.
d
Set Flow Control to
non
e.
e
Select VT100 for Emulation mode within your communication
software.
f
Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that
the setting is for Terminal keys (
not
Windows keys).
NOTE: You can connect a console to the console port on any unit in the stack, but
stack management is performed only from the stack master (Unit ID 1 or 2).
Console Port
Dell PowerConnect 55xx Systems User Guide 57
Booting the Switch
After the local terminal is connected, turn on power. The switch then goes
through power-on self-test (POST). POST runs every time the switch is
started and checks hardware components, to determine if the switch is
operational before completely booting. If the system detects a critical
problem, the boot process stops. If POST passes successfully, a valid
executable image is loaded into RAM. POST messages are displayed on the
terminal and indicate test success or failure.
The boot process runs for approximately 40-45seconds.
When the boot process completes, the following LEDs are lit, as shown in
Figure 7-2:
•Power
• Status
Fan (should be green)
RPS (if it is being used)
Figure 5-2. Initial LEDs
58 Dell PowerConnect 55xx Systems User Guide
Configuring the Stack
The switch is always considered to be a stack of switches even if the stack only
contains a single switch. If there is more than one switch in the stack, each
switch must be configured individually. See "Assigning Unit IDs" on page 48
for instructions on how to configure the stack.
Configuration Using the Setup Wizard
The Setup Wizard guides you through the initial switch configuration to get
the system up and running as quickly as possible. Note that you can skip the
Setup Wizard and configure the switch manually through the CLI.
The Setup Wizard configures the following fields:
SNMP Community String and SNMP Management System IP address
(optional)
Username and password
Management switch IP address
IP subnet mask
Default gateway IP address
NOTE: The Setup Wizard assumes the following:
The PowerConnect switch was never configured before and is in the same
state as when you received it.
The PowerConnect switch booted successfully.
The console connection is established and the console prompt is displayed on
the screen of a VT100 terminal switch.
Connect the Master unit to a terminal. You can identify the Master unit by
the illuminated Master LED on the front panel of the switch (see Figure 5-2).
To configure the system using the Setup Wizard:
1
Obtain the following information from the network administrator:
SNMP Community String and SNMP Management System IP
address (optional)
Username and password
Dell PowerConnect 55xx Systems User Guide 59
The IP address to be assigned to the VLAN 1 interface through which
the switch is to be managed (by default, every external and internal
port is a member of the VLAN 1)
The IP subnet mask for the network
The default gateway (next hop router) IP address for configuring the
default route
2
Boot the Master unit. The system automatically prompts you to use the
Setup Wizard.
The Setup Wizard displays the following information:
Welcome to Dell Easy Setup Wizard
The Setup Wizard guides you through the initial
switch configuration and gets you up and running
easily and quickly. You can skip the Setup Wizard
and enter CLI mode to manually configure the
switch. The system will prompt you with a default
answer; by pressing Enter, you accept the default
value.
You must respond to the next question to run the
Setup Wizard within 60 seconds, otherwise the
system will continue with normal operation using
the default system configuration.
Would you like to enter the Setup Wizard (you must
answer this question within 60 seconds)? (Y/N)
3
Enter [Y] to run the wizard. If you enter [N] or if you do not respond
within 60 seconds, the Setup Wizard automatically exits and the CLI
console prompt appears.
If you enter [Y] the wizard provides interactive guidance through the
initial switch configuration.
The following information is displayed:
You can exit the Setup Wizard at any time by
entering [ctrl+Z].
The system is not set up for SNMP management by
default.
60 Dell PowerConnect 55xx Systems User Guide
To manage the switch using SNMP (required for Dell
Network Manager) you can:
Setup the initial SNMP version 2 account now.
Return later and set up the SNMP version account.
For more information on setting up a SNMP version
2 account, see the user documentation.
Would you like to set up the SNMP management
interface now? [Y/N]
4
Enter [N] to skip to Step7 or enter [Y] to continue the Setup Wizard. If
you enter [Y] the following information is displayed:
To set up the SNMP management account you must
specify the management system IP address and the
"community string" or password that the particular
management system uses to access the switch. The
wizard automatically assigns the highest access
level [Privilege Level 15] to this account.
You can use Dell Network Manager or other
management interfaces to change this setting later
and to add additional management system later. For
more information on adding management systems, see
the user documentation.
To add a management station:
Please enter the SNMP community string to be used:
5
Enter the SNMP community string. You can use the default name "public"
Please enter the IP address of the Management
System (A.B.C.D) or wildcard (0.0.0.0) to manage
from any Management Station:[0.0.0.0].
6
Enter the SNMP Management System IP.
7
Set up user account privilege level, as follows:
The following information is displayed:
Now we need to set up your initial privilege
(Level 15) user account. This account is used to
login to the CLI and Web interface. You may set up
Dell PowerConnect 55xx Systems User Guide 61
other accounts and change privilege levels later.
For more information on setting up user accounts
and changing privilege levels, see the user
documentation.
To set up a user account:
Enter the user name:
Please enter the user password:
Please reenter the user password:
8
Enter the following:
User name, for example "admin"
Password and password confirmation.
9
Press
Enter
.
The following information is displayed:
Next, an IP address is setup. The IP address is
defined on the default VLAN (VLAN 1). This is the
IP address you use to access the Telnet, Web
interface, or SNMP interface for the switch.
To set up an IP address:
Please enter the IP address of the device
(A.B.C.D):
Please enter the IP subnet mask (A.B.C.D or nn):
10
Enter the management IP address and IP subnet mask, for example
192.168.2.100 as the IP address and 255.255.255.0 as the IP subnet mask.
11
Press
Enter
.
The following information is displayed:
Finally, set up the default gateway.
Please enter the IP address of the gateway from
which this network is reachable
(e.g. 192.168.2.1).Default gateway
(A.B.C.D):[0.0.0.0]
62 Dell PowerConnect 55xx Systems User Guide
12
Enter the default gateway.
13
Press
Enter
. The following is displayed (example):
This is the configuration information that has
been collected:
SNMP Interface = "Dell Network
Manager"@192.168.2.10
User Account setup = admin
Password = **********
Management IP address = 192.168.2.100
255.255.255.0
Default Gateway = 192.168.2.1
The following information is displayed:
If the information is correct, please select (Y)
to save the configuration and copy to the start-up
configuration file. If the information is
incorrect, select (N) to discard configuration and
restart the wizard: [Y/N]
14
Enter [N] to restart the wizard or enter [Y] to complete the Setup Wizard.
If you enter [Y] the following is displayed:
Configuring SNMP management interface.
Configuring user account.......
Configuring IP and subnet......
Thank you for using Dell Easy Setup Wizard. You
will now enter CLI mode.
The CLI prompt is displayed. You have finished the initial configuration.
After the initial configuration is complete, you can manage the switch from
the connected console port using the CLI or remotely through the
management interface, using Telnet or the Web GUI. See the
Dell
PowerConnect 5500 Series User Guide
found
on the Documentation CD.
Dell PowerConnect 55xx Systems User Guide 63
6
Advanced Switch Configuration
This section describes how to perform various configuration operations
through the CLI.
It includes the following topics:
•Using the CLI
Accessing the Device Through the CLI
Retrieving an IP Address
Security Management and Password Configuration
Configuring Login Banners
Startup Menu Procedures
Software Download
64 Dell PowerConnect 55xx Systems User Guide
Using the CLI
This section provides some general information for using the CLI.
For a complete description of CLI commands, refer to the Dell
PowerConnect 55xx Systems
CLI Reference Guide
.
Command Mode Overview
The CLI is divided into command modes, each with a specific command set.
Entering a question mark at the terminal prompt displays a list of commands
available for that particular command mode.
In each mode, a specific command is used to navigate from one mode to
another.
These modes are described below.
User EXEC Mode
During CLI session initialization, the CLI is in User EXEC mode. Only a
limited subset of commands is available in User EXEC mode. This level is
reserved for tasks that do not change the terminal configuration and is used
to access configuration sub-systems.
After logging into the device, User EXEC command mode is enabled. The
user-level prompt consists of the host name followed by the angle bracket
(>). For example: console>
NOTE: The default host name is console unless it has been modified during
initial configuration.
The User EXEC commands enable connecting to remote devices, changing
terminal settings on a temporary basis, performing basic tests, and listing
system information.
To list the User EXEC commands, enter a question mark at the command
prompt.
To enter the next level, Privileged EXEC mode, a password is required (if
configured).
Privileged EXEC Mode
Privileged EXEC mode provides access to the device global configuration.
Dell PowerConnect 55xx Systems User Guide 65
Privileged access can be protected, to prevent unauthorized access and to
secure operating parameters. Passwords are displayed on the screen, and are
case-sensitive.
NOTE: The enable command is only necessary if you login with privilege level less
than 15.
To access and list the Privileged EXEC mode commands:
1
At the prompt type
enable
and press
<Enter>
.
2
When a password prompt displays, enter the password and press
<Enter>
.
The Privileged EXEC mode prompt displays as the device host name
followed by #. For example:
console#
To list the Privileged EXEC commands, type a question mark at the
command prompt.
To return from Privileged EXEC mode to User EXEC mode, type
disable
and press
<Enter>
.
The following example illustrates accessing privileged EXEC mode and then
returning to the User EXEC mode:
Use the exit command to return to a previous mode.
To configure the device, enter the next level, Global Configuration mode.
Global Configuration Mode
The
Global Configuration mode manages device configuration on a global
level. Global Configuration commands apply to system features, rather than a
specific protocol or interface.
console> enable
Enter Password: ******
console#
console# disable
console>
66 Dell PowerConnect 55xx Systems User Guide
To access Global Configuration mode, at the Privileged EXEC Mode prompt,
type configure and press <Enter>. The Global Configuration mode displays
as the device host name followed by (config) and the pound sign #.
To list the Global Configuration commands, enter a question mark at the
command prompt.
The following example illustrates how to access Global Configuration mode
and return back to the Privileged EXEC mode:
Interface Configuration Mode
The Interface Configuration mode configures the device at the physical
interface level (port, VLAN, or LAG). Interface commands that require
subcommands have another level, called the Subinterface Configuration
mode. A password is not required to access this level.
The following example, places the CLI in Interface Configuration mode on
port 1/0/1. The sntp command is then applied to that port.
To run a command in a mode, which does not contain it, use do before the
command, as in the following example:
console# configure
console(configure)#
console#
console# configure
console(config)# exit
console#
console# configure
console(config)# interface gi1/0/1
console(config-if)# sntp client enable
console# configure
console(config)# interface gi1/0/1
console(config-if)# sntp client enable
console(config-if)# do show sntp configuration
Dell PowerConnect 55xx Systems User Guide 67
Accessing the Device Through the CLI
You can manage the device using CLI commands, over a direct connection to
the terminal console, or via a Telnet connection.
Direct Connection
Connect the device to the console and enter the CLI commands upon
receiving a prompt.
Telnet Connection
Telnet is a terminal emulation TCP/IP protocol. RS-232 terminals can be
virtually connected to the local device through a TCP/IP protocol network.
Telnet is an alternative to a local login terminal, where a remote login is
required.
The device supports up to four simultaneous Telnet sessions. All CLI
commands can be used over a Telnet session.
If access is via a Telnet connection, ensure that the device has an IP address
and that software has been downloaded to the device.
To start a Telnet session:
1
Select
Start > Run
.
The
Run
window opens.
2
Ty p e
cmd.
The
cmd
window opens.
3
In the
cmd
window, type
Telnet
<
IP address
>
<Enter>
.
The Telnet session begins.
68 Dell PowerConnect 55xx Systems User Guide
Retrieving an IP Address
Receiving an IP Address from a DHCP Server
When using the DHCP protocol to retrieve an IP address, the device acts as a
DHCP client. When the device is reset, the DHCP command is saved in the
configuration file, but the IP address is not.
To retrieve an IP address from a DHCP server, perform the following steps:
1
Select and connect any port to a DHCP server or to a subnet that has a
DHCP server on it.
2
Type the following commands to use the selected port for receiving the IP
address.
a
Assigning dynamic IP Addresses on a port:
b
Assigning a dynamic IP Addresses on a VLAN:
The interface receives the IP address automatically.
console# configure
console(config)# interface gi1/0/1
console(config-if)# ip address dhcp
console# configure
console(config)# interface vlan 1
console(config-if)# ip address dhcp
Dell PowerConnect 55xx Systems User Guide 69
3
To verify the IP address, type
show ip interface
at the system prompt, as
shown in the following example.
When configuring/receiving IP addresses through DHCP and BOOTP (an
older version of DHCP), the configuration received from these servers
includes the IP address and may include the subnet mask and default
gateway.
NOTE: It is not necessary to delete the device configuration to retrieve an IP
address from the DHCP server.
NOTE: When copying configuration files, avoid using a configuration file that
contains an instruction to enable DHCP on an interface that connects to the same
DHCP server, or to one with an identical configuration. In this instance, the device
retrieves the new configuration file and boots from it. The device then enables
DHCP, as instructed in the new configuration file, and the DHCP instructs it to reload
the same file.
NOTE: If you configure a DHCP IP address, this address is dynamically retrieved,
and the ip address dhcp command is saved in the configuration file. In the event of
master failure, the backup will again attempt to retrieve a DHCP address. This could
result in one of the following:
The same IP address may be assigned.
A different IP address may be assigned, which could result in loss of
connectivity to the management station.
The DHCP server may be down, which would result in IP address retrieval
failure, and possible loss of connectivity to the management station.
Receiving an IP Address From a BOOTP Server
The standard BOOTP protocol is supported and enables the device to
automatically download its IP host configuration from any standard BOOTP
server in the network. In this case, the device acts as a BOOTP client.
console# show ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
----------------- --------- -------- -------- -------- -----
0.0.0.0/32 gi2/0/1 DHCP disable No Valid
10.5.234.232/24 vlan 1 Static disable No Valid
70 Dell PowerConnect 55xx Systems User Guide
To retrieve an IP address from a BOOTP server:
1
Select and connect any port to a BOOTP server or subnet containing such
a server.
2
At the system prompt, enter the
delete startup configuration
command to
delete the Startup Configuration from flash.
The device reboots with no configuration and in 60 seconds starts sending
BOOTP requests. The device receives the IP address automatically.
NOTE: When the device reboot begins, any input at the ASCII terminal or keyboard
automatically cancels the BOOTP process before completion and the device does
not receive an IP address from the BOOTP server.
The following example illustrates the process:
To display the IP address, enter the show ip interface command.
The device is now configured with an IP address.
console> enable
console# delete startup-config
Startup file was deleted
console# reload
You haven’t saved your changes. Are you sure you want to
continue (Y/N) [N]?
This command will reset the whole system and disconnect
your current session. Do you want to continue (Y/N) [N]?
************************************************
/* the device reboots */
Dell PowerConnect 55xx Systems User Guide 71
Security Management and Password
Configuration
System security is handled through the Authentication, Authorization, and
Accounting (AAA) mechanism that manages user access rights, privileges,
and management methods. AAA uses both local and remote user databases.
Data encryption is handled through the SSH mechanism.
Passwords can be configured for the following services:
•Terminal
•Telnet
•SSH
•HTTP
•HTTPS
NOTE: When creating a user name, the default priority is 1, which provides access
but not configuration rights. A priority of 15 must be set to enable access and
configuration rights to the device. Although user names can be assigned privilege
level 15 without a password, it is recommended to always assign a password. If
there is no specified password, privileged users can access the Web interface with
any password.
NOTE: Passwords can be secured by using password management commands to
force aging out of passwords, or expiration of passwords. For more information, see
"Management Security" on page 254.
Initial Configuration and Password Recovery
The system is delivered without a default password, and all passwords must be
defined by the user. If a user-defined password is lost, a password recovery
procedure can be invoked from the Startup menu. This procedure is
applicable for the local terminal only and enables a single access to the device
from the local terminal with no password entered.
The full mode of password recovery mechanism can be enabled/disabled
through the CLI (service password-recovery command).
This affects password recovery in the following way:
Enabled:
When the password-recovery mechanism is invoked, one-time
access to the device without a password is enabled and all configuration
and user files are retained.
72 Dell PowerConnect 55xx Systems User Guide
Disabled:
When the password-recovery mechanism is invoked, one-time
access to the device without a password is stilled enabled, however all
configuration files (startup and backups) are removed and the following
log message is generated to the terminal after boot process completed: “All
configuration and user files were removed”
Configuring an Initial Terminal Password
To configure an initial terminal password, enter the following commands:
Configuring an Initial Telnet Password
To configure an initial Telnet password, enter the following commands:
console(config)# aaa authentication login default line
console(config)# aaa authentication enable default line
console(config)# line console
console(config-line)# login authentication default
console(config-line)# enable authentication default
console(config-line)# password george
console(config)# aaa authentication login default line
console(config)# aaa authentication enable default line
console(config)# line telnet
console(config-line)# login authentication default
console(config-line)# enable authentication default
console(config-line)# password bob
Dell PowerConnect 55xx Systems User Guide 73
Configuring an Initial SSH Password
To configure an initial SSH password, enter the following commands:
Configuring an Initial HTTP Password
To configure an initial HTTP password, enter the following commands:
Configuring an Initial HTTPS Password
To configure an initial HTTPS password, enter the following commands:
Enter the following commands once when configuring use of a terminal, a
Telnet, or an SSH session, for an HTTPS session.
NOTE: In the Web browser, enable SSL 2.0 or greater for the page content to be
displayed.
NOTE: HTTP and HTTPS services require privilege level 15 access and connect
directly to the configuration level access.
console(config)# aaa authentication login default line
console(config)# aaa authentication enable default line
console(config)# line ssh
console(config-line)# login authentication default
console(config-line)# enable authentication default
console(config-line)# password jones
console(config)# ip http authentication aaa login-
authentication local
console(config)# username admin password user1 privilege
15
console(config)# ip http authentication aaa login-
authentication local
console(config)# username admin password user1 privilege
15
console(config)# crypto certificate 1 generate key-
generate
console(config)# ip http secure-server
74 Dell PowerConnect 55xx Systems User Guide
Configuring Login Banners
Banners can be defined for each line, such as console and telnet) or for all
lines. They are disabled by default.
The following types of banners can be defined:
Message-of-the-Day Banner (motd)
— Displayed when the user connects
to the device, before login. The following defines a message-of-the-day for
the console:
console# configure
console(config)# line console
console(config-line)# motd-banner
console(config-line)# exit
console (config)# banner motd *
Welcome*
console# do show banner motd
Welcome
Would you like to enable this banner to all lines?
(Y/N)[Y] Y
console(config)#
Dell PowerConnect 55xx Systems User Guide 75
Login Banner
— Displayed after the Message-of-the-Day Banner, and
before the user has logged in. The following defines a login banner for the
console:
Exec Banner
— Displayed after successful login (in all privileged levels
and in all authentication methods). The following defines an exec banner
for the console:
console# configure
console(config)# line console
console(config-line)# login-banner
console(config-line)# exit
console (config)# banner login *
Please log in*
console# do show banner login
Would you like to enable this banner to all lines?
(Y/N)[Y] Y
Please log in
console# configure
console(config)# line console
console(config-line)# exec-banner
console(config-line)# exit
console (config)# banner exec *
Successfully logged in*
Would you like to enable this banner to all lines?
(Y/N)[Y] Y
console# do show banner exec
Successfully logged in
76 Dell PowerConnect 55xx Systems User Guide
Startup Menu Procedures
The Startup menu enables performing various tasks, such as software
download, flash handling and password recovery.
You can enter the Startup menu when booting the device. User input must be
entered immediately after the POST test.
To enter the Startup menu:
Turn the power on. After the auto-boot messages appear, the following
menu is displayed:
The following sections describe the available Startup menu options.
NOTE: When selecting an option from the Startup menu, take time-out into
account. If no selection is made within 10 seconds (default), the device times out.
This default value can be changed through the CLI.
Download Software - Option[1]
The software download procedure is used to replace corrupted files or
upgrade system software, when the device does not have IP connectivity or
when both software images of the device are corrupted and therefore you
cannot use the web-based management system.
NOTE: it is highly recommended that, before loading via xmodem, the baud rate of
the device and terminal be set to 115200.
Startup Menu
[1]Download Software
[2]Erase Flash File
[3]Password Recovery Procedure
[4]Set Terminal Baud-Rate
[5]Stack menu
[6]Back
Dell PowerConnect 55xx Systems User Guide 77
To download software through the Startup menu:
1
From the Startup menu,
press [1]
. The following prompt is displayed:
2
When using the HyperTerminal, click
Transfer
on the HyperTerminal
Menu Bar and select
Send File
.
3
In the
Filename
field, enter the file path for the file to be downloaded.
4
Ensure that the Xmodem protocol is selected in the
Protocol
field.
5
Press
Send
. The software is downloaded.
NOTE: After software download, the device reboots automatically.
Erase FLASH File - Option[2]
In some cases, the device Startup Configuration file must be erased. If the
configuration is erased, all parameters configured via CLI, web-management
or SNMP must be reconfigured.
To erase the device configuration in the Startup Configuration file:
1
From the Startup menu,
select [2]
. The following message is
displayed:
Warning! About to erase a Flash file.
Are you sure (Y/N)?
2
Press
Y
. The following message is displayed.
Write Flash file name (Up to 8 characters, Enter for
none.):
3
Enter
config
("config" is the standard name for the Startup configuration
file although you can use any name).
The following is displayed:
Downloading code using XMODEM
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File config (if present) will be erased after system
initialization
======== Press Enter To Continue ========
78 Dell PowerConnect 55xx Systems User Guide
The configuration is erased when the system is reset.
Password Recovery - Option[3]
If a password is lost, the Password Recovery procedure can be called from the
Startup menu. The procedure enables entry to the device a single time
without entering a password.
To recover a lost password when entering the local terminal only:
1
From the
Startup
menu, select
[3]
.
2
Continue the regular startup by logging in without a password.
3
Enter a new password or press 'ESC' to exit.
NOTE: To ensure device security, reconfigure passwords for applicable
management methods.
Set Terminal Baud-Rate - Option[4]
To set the terminal baud-rate:
1
Ty p e
[4]
and press
<Enter>
.
2Enter the new baud rate. The following is displayed:
Note that after this step, your terminal will no longer respond. Adjust your
terminal speed to the configured one.
Stack Menu - Option[5]
To configure the stack, type [5] and press <Enter>.
For more information, see "Assigning Unit IDs" on page 48.
Set new device baud-rate: 38,400
Dell PowerConnect 55xx Systems User Guide 79
Software Download
This section contains instructions for downloading device software (system
and boot images) through a TFTP server or USB port. The TFTP server must
be configured before downloading the software.
Software Auto Synch in Stack
When several units are stacked, they must all run the same software version.
When a new slave device is inserted into the stack, it is first checked for
compatibility (meaning that the master can run firmware upgrade/downgrade
to the slave unit), and if found compatible, its boot and image software
versions are automatically updated with the Master’s. If the slave is found not
compatible, it is shutdown.
A SYSLOG message is sent when a master synchronizes a slave's software.
System Image Download
When the device boots, it decompresses the system image from the flash
memory area and runs it. When a new image is downloaded, it is saved in the
other area allocated for the other system image copy.
On the next boot, the device decompresses and runs the image from the
currently active system image.
A system image can be downloaded through a USB port or a TFTP server.
To download the system image from a TFTP server, ensure that an IP address
is configured on one of the device ports and pings can be sent to the TFTP
server. In addition, ensure that the file to be downloaded is saved on the
TFTP server.
To download a system image through the USB port or TFTP server:
1
Enter the
show version
command, to verify which software version is
currently running on the device. The following is an example of the
information that appears:
Unit SW version Boot version HW version
------ ------------------- ------------------- --------
2 1.0.0.24 1.0.0.11
console#
80 Dell PowerConnect 55xx Systems User Guide
2
Enter the
show bootvar
command, to verify which system image is
currently active. The following is an example of the information that is
displayed:
3
Enter the one of the following commands to copy a new system image to
the current unit:
copy {tftp://|usb://}{tftp address}/{file name}
image (current unit)
or
To copy a new system image to all units in the stack:
copy tftp://{tftp address}/{file name}
unit://*/image
4
When the new image is downloaded, it is saved in the area allocated for
the other copy of system image (image-2, as shown in the example). The
following is an example of the information that appears:
Exclamation symbols indicate that a copying process is in progress. Each
symbol (!) corresponds to 512 bytes transferred successfully. A period
indicates that the copying process is timed out. Many periods in a row
indicate that the copying process failed.
console# show bootvar
Unit Image Filename Version Date Status
---- ----- --------- --------- --------------------- ---------
2 1 image-1 1.0.0.13 04-Aug-2010 08:27:30 Active*
2 2 image-2 1.0.0.12 29-Jul-2010 17:02:26 Not active
console#
console# copy tftp://176.215.31.3/file1.ros image
Accessing file ‘file1’ on 176.215.31.3Ö
Loading file1 from 176.215.31.3:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Copy took 00:01:11 [hh:mm:ss]
Dell PowerConnect 55xx Systems User Guide 81
5
Select the image for the next boot by entering the
boot system
command.
After this command, enter the
show bootvar
command to verify that the
copy indicated as a parameter in the
boot system
command is selected for
the next boot.
The following is an example of the information that appears:
If the image for the next boot is not selected by entering the boot system
command, the system boots from the currently active image.
6
Enter the
reload
command. The following message is displayed:
7
Enter
Y
. The device reboots.
Boot Image Download
Loading a new boot image from the TFTP server or USB port, updates the
boot image. The boot image is loaded when the device is powered on. A user
has no control over the boot image copies.
To download a boot image through the TFTP server:
console# boot system image-2
console# show bootvar
Images currently available on the Flash
Image-1 active
Image-2 not active (selected for next boot)
console# reload
This command will reset the whole system and
disconnect your current session. Do you want to
continue (y/n) [n]?
82 Dell PowerConnect 55xx Systems User Guide
1
Enter the
show version
command to verify which software version is
currently running on the device. The following is an example of the
information that appears:
2
Enter the
copy
{
tftp://|usb://
}
{tftp address}/{file
name} boot
command to copy the boot image to the device. The
following is an example of the information that appears:
3
Enter the
reload
command. The following message is displayed:
4
Enter
Y.
The device reboots.
console# show version
Unit SW version Boot version HW version
----- -------------- ----------------- ----------
2 1.0.0.24 1.0.0.11
console#
console# copy tftp://50.1.1.7/contax-10014.ros image
01-Oct-2006 11:57:35 %COPY-I-FILECPY: Files Copy - source URL
tftp://50.1.1.7/contax-10014.ros destination URL flash://image
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
01-Sep-2010 11:57:38 %INIT-I-Startup: Cold Startup
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
01-Sep-2010 11:59:05 %COPY-N-: The copy operation was completed
successfully!
Copy: 5954757 bytes copied in 00:01:30 [hh:mm:ss]
console# reload
This command will reset the whole system and
disconnect your current session. Do you want to
continue (Y/N) [N]?
Dell PowerConnect 55xx Systems User Guide 83
7
Using Dell OpenManage
Administrator
This section provides an introduction to the Dell OpenManage Switch
Administrator user interface.
It contains the following topics:
Starting the Application
Understanding the Interface
Using the Switch Administrator Buttons
Field Definitions
Common GUI Features
CLI Commands
84 Dell PowerConnect 55xx Systems User Guide
Starting the Application
NOTE: Before starting the application the IP address must be defined. For more
information, see "Accessing the Device Through the CLI" on page 67.
1
Open a web browser.
2
Enter the device’s IP address in the address bar and press
<Enter>
.
3
When the
Log In
window displays, enter a user name and password.
NOTE: Passwords are both case sensitive and alpha-numeric.
4
Click
OK
.
The
Dell OpenManage
Switch Administrator
home page displays.
Understanding the Interface
The home page contains the following views:
Tree view
— Located on the left side of the home page, the tree view
provides an expandable view of the features and their components. The
branches in the tree view can be expanded to view all the components
under a specific feature, or retracted to hide the feature's components. By
dragging the vertical bar to the right, the tree area can be expanded to
display the full name of a component.
Device View
— Located in on the top center of the home page, the device
view provides information about device ports, current configuration and
status, table information, and feature components. For further
information, see "Device Representation" on page 85
Components List
— Located in the bottom center of the home page,
contains a list of the feature components. When a feature is expanded, the
GUI page for that feature is displayed.
Information Buttons
— Located at the top of the home page, provide
access to information about the device and access to Dell Support. For
more information, see "Information Buttons" on page 87.
Dell PowerConnect 55xx Systems User Guide 85
Device Representation
The home page contains a graphical representation of the units in the stack’s
front panels. Figure 9-1 displays the 5548 model, but the display for the other
models are similar.
Figure 7-1. PowerConnect Device Port Indicators
The graphic display on the home page displays the Unit ID and port
indicators that specify whether a specific port is currently active. Table 9-1
describes the port colors that are displayed and their meaning:
Table 7-1. Port Colors
NOTE: For more information about LEDs, see "LED Definitions" on page 38.
To configure a port double-click on its icon.
Only ports that are physically present are displayed in the PowerConnect
OpenManage Switch Administrator home page, and can be configured
through the web management system. Non-present ports can be configured
through the CLI or SNMP interfaces.
Port Representation
Ports are referred to in the notation: [gi/te]x/0/z, where:
Component Description
Amber The port is currently connected at 100 Mbps.
Green The port is currently connected at 1000 Mbps
Grey The port is currently disconnected
Stacking Unit ID
Giga Ports (odd numbered)
Giga Ports (even numbered)
86 Dell PowerConnect 55xx Systems User Guide
gi—Giga port
te —Ten Giga port
•x Unit ID
•z Port number
Dell PowerConnect 55xx Systems User Guide 87
Using the Switch Administrator Buttons
This section describes the buttons found on the OpenManage Switch
Administrator interface.
Information Buttons
Table 9-2 describes the information buttons that provide access to online
support and online help, as well as information about the OpenManage
Switch Administrator interfaces. These are displayed at the top of each page.
Device Management Icons
Table 9-3 describes the device management buttons.
Table 7-2. Information Buttons
Button Description
Support Opens the Dell Support page at support.dell.com
About Contains the version and build number and Dell copyright
information.
Logout Opens the Log Out window.
Table 7-3. Device Management Icons
Button Icon Description
Apply&Save Saves changes to the Running and Startup Configuration
files.
Help Open online help. The online help pages are
context-sensitive. For example, if the IP Addressing page is
open, the help topic for that page is displayed when Help is
clicked.
Print Prints the Network Management System page and/or table
information.
88 Dell PowerConnect 55xx Systems User Guide
Refresh Refreshes device information from the Running
Configuration file.
Table 7-3. Device Management Icons (Continued)
Dell PowerConnect 55xx Systems User Guide 89
Field Definitions
Fields that are user-defined can contain between 1–159 characters, unless
otherwise noted on the OpenManage Switch Administrator web page. All
letters or characters can be used, except the following: "\ / : * ? < >"
Common GUI Features
Table 9-4 describes the common functions that can be performed on many
GUI pages.
Table 7-4. Common GUI Elements
Button Description
Apply Save changes entered in GUI page to the Running
Configuration file.
Back Go to previous page.
Cancel Cancel changes entered in GUI page.
Clear All Counters Delete counters.
Clear Counters Delete selected counters.
Clear Log Delete entries from log.
Clear Statistics Delete statistics.
Copy parameters
from
Copy the parameters from a selected row to the selected
target rows.
Copy parameters
from port
Copy the parameters from a selected port to the selected
target ports.
Details Shows further details relevant to the current page.
Next Go to next page.
Query Run a query after query criteria have been entered.
Remove Remove checked elements in the page. If Select All is
selected, all elements are removed.
Reset All Counters Delete all counters.
Restore Defaults Restores parameters entered in page to default values.
90 Dell PowerConnect 55xx Systems User Guide
GUI Terms
Each GUI page in the tree view is described in the following sections. A brief
introduction is provided along with steps specifying how to enter information
in the page. The following terms are used:
Enter
— Indicates that information may be entered in the field. It does
not imply that the field is mandatory.
Select
—Indicates that information may be selected from a drop-down list
or from radio buttons.
Displays
—Indicates that the field is display only.
CLI Commands
There are certain command entry conventions that apply to all commands.
The following table describes these conventions.
Table 7-5. Common GUI Elements
Telnet Opens a Telnet window. This only works in the Explorer 6 and
Firefox browsers.
Button Description
[ ] In a command line, square brackets indicate an optional
entry..
{ } In a command line, curly brackets indicate a selection of
compulsory parameters separated by the | character. One
option must be selected. For example: flowcontrol
{auto|on|off} means that for the flowcontrol command
either auto, on, or off must be selected.
Italic Font
Indicates a parameter value.
Bold Italic Font
Indicates a parameter key word.
<button-name> Any individual key on the keyboard. For example click
<Enter>.
Table 7-4. Common GUI Elements (Continued)
Button Description
Dell PowerConnect 55xx Systems User Guide 91
Ctrl+F4 Any combination of keys clicked simultaneously, for example:
Ctrl and F4.
Screen Display Indicates system messages and prompts appearing on the
console.
all
When a parameter is required to define a range of ports or
parameters and all is an option, the default for the command
is all when no parameters are defined. For example, the
command interface range port-channel has the option of
either entering a range of channels, or selecting all. When the
command is entered without a parameter, it automatically
defaults to all.
Button Description
92 Dell PowerConnect 55xx Systems User Guide
8
Network Security
This section describes the various mechanisms for providing security on the
switch.
It contains the following topics:
Port Security
•ACLs
•ACL Binding
Proprietary Protocol Filtering
•Absolute Time Range
Time Range Recurrence
Dot1x Authentication
Dell PowerConnect 55xx Systems User Guide 93
Port Security
Network security can be enhanced by limiting access on a port to users with
specific MAC addresses. The MAC addresses can be dynamically learned, or
they can be statically configured.
Port security has the following modes:
Classic Lock
— Locked port security monitors both received and learned
packets that are received on specific ports. Access to the locked port is
limited to users with specific MAC addresses. These addresses are either
manually defined on the port, or learned on that port before it was locked.
Limited Dynamic Lock
— When a packet is received on a locked port,
and the packet’s source MAC address is not tied to that port (either it was
learned on a different port, or it is unknown to the system), a protection
mechanism, which provides various options is invoked. Unauthorized
packets arriving to a locked port are either:
–Forwarded
Discarded with no trap
Discarded with a trap
The port is shutdown
Locked port security enables storing a list of MAC addresses in the
configuration file. The MAC addresses are restored when the device is reset.
Disabled ports can be activated from the Port Configuration page.
94 Dell PowerConnect 55xx Systems User Guide
To configure port security:
1
Click
Switching
>
Network Security
>
Port Security
to display the
Port
Security: Summary
page.
Figure 8-1. Port Security: Summary
Security parameters are displayed for all ports or LAGs, depending on the
selected interface type.
2
To modify the security parameters for a port, select it, and click
Edit
.
3
Enter the following fields:
Interface
— Select the interface to be configured.
Current Port Status
— Displays the current port status.
Set Port
— Select to either lock or unlock the port.
Learning Mode
— Set the locked port type. The
Learning Mode
field
is enabled only if
Locked
is selected in the
Set Port
field. The possible
options are:
Classic Lock
— Locks the port using the classic lock mechanism.
The port is immediately locked, regardless of the number of
addresses that have already been learned.
Dell PowerConnect 55xx Systems User Guide 95
Limited Dynamic Lock
— Locks the port by deleting the
dynamic MAC addresses associated with the port. The port learns
up to the maximum addresses allowed on the port. Both
relearning and aging MAC addresses are enabled.
Max Entries (0-128)
— Enter the maximum number of MAC
addresses that can be learned on the port. The
Max Entries
field
is
enabled only if
Locked
is selected in the
Set Port
field, and the
Limited Dynamic Lock
mode is selected in
Learning Mode
field.
Action on Violation
— Select the action to be applied to packets
arriving on a locked port. The possible options are:
Discard
— Discard the packets from any unlearned source.
Forward
— Forward the packets from an unknown source,
without learning the MAC address.
Shutdown
— Discard the packet from any unlearned source, and
shut down the port. Ports remain shutdown until they are
reactivated, or the device is reset.
Trap
— Enable/disable traps being sent when a packet is received on a
locked port.
Trap Frequency (1-1000000)
— Enter the amount of time (in
seconds) between traps.
Configuring Port Security Using CLI Commands
The following table summarizes the CLI commands for configuring port
security.
.
Table 8-1. Port Security CLI Commands
CLI Command Description
set interface active
{[gigabitethernet|tengigabitethern
et] interface|port-channel LAG-
number}
Reactivates an interface that is
shutdown due to port security
reasons.
96 Dell PowerConnect 55xx Systems User Guide
port security max {max-addr}
no port security max
Specifies the maximum number of
MAC addresses that can be learned
on the port.
Use the no form of this command
to restore the default
port security mode {lock | max-
addresses }
no port security mode
Configures the port security
learning mode.
Use the no form of this command
to restore the default
configuration.
port security [forward | discard |
discard-shutdown] [trap seconds]
no port security
Enables port security on an
interface.
Use the no form of this command
to disable port security on an
interface.
port security
[forward|discard|discard-shutdown]
[trap seconds]
no port security
Configures port security on an
interface.
Use the no form of this command
to disable port security.
show ports security
[[gigabitethernet|tengigabitethern
et] port-number ]|port-channel
LAG-number]
Displays lock status of specified
interface or of all interfaces.
Table 8-1. Port Security CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 97
The following is an example of the CLI commands:
console # show ports security
Port Status Learning Action Maximum Trap Frequency
------- -------- -------- -------- ------- ---- ---------
gi1/0/1 Disabled Max-Addresses - 10 - -
gi1/0/2 Disabled Lock - 1 - -
gi1/0/3 Disabled Lock - 1 - -
gi1/0/4 Disabled Lock - 1 - -
gi1/0/5 Disabled Lock - 1 - -
gi1/0/6 Disabled Lock - 1 - -
gi1/0/7 Disabled Lock - 1 - -
gi1/0/8 Disabled Lock - 1 - -
gi1/0/9 Disabled Lock - 1 - -
gi1/0/10Disabled Lock - 1 - -
gi1/0/11Disabled Lock - 1 - -
gi1/0/12Disabled Lock - 1 - -
98 Dell PowerConnect 55xx Systems User Guide
ACLs
This section describes Access Control Lists (ACLs), which enable defining
classification actions and rules for specific ingress or egress ports.
It contains the following topics:
ACL Overview
MAC-Based ACLs
MAC-Based ACEs
•IPv4-Based ACLs
•IPv4-Based ACEs
•IPv6-Based ACLs
•IPv6-Based ACEs
ACL Overview
Access Control Lists (ACLs) enable network managers to define classification
actions and rules for specific ingress or egress ports. Packets entering an
ingress or egress port, with an active ACL, are either admitted or denied entry.
If entry is denied, the ingress or egress port may be disabled, for example, a
network administrator defines an ACL rule that states that port number 20
can receive TCP packets, however, if a UDP packet is received, the packet is
dropped.
ACLs are composed of Access Control Entries (ACEs) that are rules that
determine traffic classifications. Each ACE is a single rule, and up to 256
rules may be defined on each ACL, and up to 3000 rules globally.
Rules are not only used for user configuration purposes, they are also used for
features like DHCP Snooping, Protocol Group VLAN and iSCSI, so that not
all 3000 rules are available for ACEs. It is expected that there will be at least
2000 rules available. If there are fewer rules available, this may be due to
DHCP Snooping or iSCSI optimization. Reduce the number of entries in
DHCP Snooping or reduce the max number of TCP connections in the iSCSI
configuration in order to free rules for ACEs.
The following types of ACLs can be defined:
MAC-based ACL
— Examines Layer 2 fields only
IPv4-based ACL
—Examines the Layer 3 layer of IPv4 frames
Dell PowerConnect 55xx Systems User Guide 99
IPv6-based ACL
—Examines the Layer 3 layer of IPv6 frames
MAC-Based ACLs
To define a MAC-based ACL:
1
Click
Switching
>
Network Security
>
MAC Based ACL
to display the
MAC Based ACL: Summary
page.
Figure 8-2. MAC Based ACL: Summary
The currently-defined MAC-based ACLs are displayed.
2
To add a new ACL, click
Add ACL
, and enter the name of the new ACL.
100 Dell PowerConnect 55xx Systems User Guide
Configuring MAC-Based ACLs Using CLI Commands
The following table summarizes the CLI commands for configuring
MAC-based ACLs.
The following is an example of some of the CLI commands:
Table 8-2. MAC Based ACL CLI Commands
CLI Command Description
mac access-list extended acl-
name
no mac access-list extended acl-
name
Defines an ACL and places the device
in MAC-extended ACL configuration
mode.
Use the no form of this command to
remove the ACL.
show interfaces access-lists Displays access lists applied on
interfaces.
console# show access-lists
Extended IP access list ACL1
permit 234 172.30.40.1 0.0.0.0 any
permit 234 172.30.8.8 0.0.0.0 any
Dell PowerConnect 55xx Systems User Guide 101
MAC-Based ACEs
To add rules to an ACL:
1
Click
Switching
>
Network Security
>
MAC Based ACE
to display the
MAC Based ACE: Summary
page.
Figure 8-3. MAC Based ACE: Summary
The currently-defined rules for the selected ACL are displayed.
2
To add a rule click
Add ACE
.
3
Select the ACL for which a rule is being created.
4
Enter the fields:
New Rule Priority
— Enter the priority of the ACE. ACEs with higher
priority are processed first. One is the highest priority
Source MAC Address
— Match the source MAC address from which
packets have arrived to this source address. In addition to the Source
MAC address, you can enter a
Wildcard Mask
that specifies which
bits in the source address are used for matching and which bits are
ignored. A wildcard of 00:00:00:00:00:00 means the bits must be
matched exactly; ff:ff:ff:ff:ff:ff means the bits are irrelevant. Any
combination of 0s and ffs can be used.
Any
— Check to indicate that the source address is not matched.
102 Dell PowerConnect 55xx Systems User Guide
Dest. MAC Address
— Match the destination MAC address to which
packets are addressed to this address. In addition to the Destination
MAC address, you can enter a
Wildcard Mask
that specifies which
bits in the source address are used for matching and which bits are
ignored. A wildcard of 00:00:00:00:00:00 means the bits must be
matched exactly; ff:ff:ff:ff:ff:ff means the bits are irrelevant. Any
combination of 0s and ffs can be used.
Any
— Check to indicate that the destination address is not matched.
VLAN ID
— Match the packet’s VLAN ID to this VLAN ID. The
possible VLAN IDs are 1 to 4095.
CoS
— Match the packet’s CoS value to this CoS value.
Cos Mask
— Match the packet’s CoS value to one of these CoS
values.
Ether type
— Match the packet’s Ethertype to this one.
Time Range Name
— Check to associate a time range with the ACE.
Select one of the time ranges defined in the
Time Range
page.
Action
— Select the action taken upon a match. The following
options are available:
Permit
— Forward packets that meet the ACL criteria.
Deny
— Drop packets that meet the ACL criteria.
Shutdown
— Drop packets that meet the ACL criteria, and
disable the port to which the packet was addressed.
Logging of Dropped Packets
— Check to activate logging of dropped
packets.
Dell PowerConnect 55xx Systems User Guide 103
Configuring MAC-Based ACEs Using CLI Commands
The following table summarizes the CLI commands for configuring MAC-
based ACEs.
The following is an example of some of the CLI commands:
Table 8-3. MAC Based ACE CLI Commands
CLI Command Description
permit {any|source-ip-address
source-wildcard}
{any|destination destination-
wildcard} [eth-type
0|aarp|amber|dec-
spanning|decnet-
iv|diagnostic|dsm|etype-6000]
[vlan vlan-id] [cos cos cos-
wildcard] [time-range time-
range-name]
Sets permit conditions for an MAC
access list (in MAC ACL configuration
mode).
deny {any|source source-
wildcard} {any|destination
destination-wildcard} [eth-type
0|aarp|amber|dec-
spanning|decnet-iv | diagnostic
|dsm|etype-6000] [vlan vlan-id]
[cos cos cos-wildcard] [time-
range time-range-name][disable-
port|log-input]
Sets deny conditions for an MAC
access list.
console(config)# mac access-list extended server1
console(config-mac-al)# permit 00:00:00:00:00:01
00:00:00:00:00:ff any
104 Dell PowerConnect 55xx Systems User Guide
IPv4-Based ACLs
To define an IPv4-based ACL:
1
Click
Switching
>
Network Security
>
IPv4 Based ACL
to display the
IPv4 Based ACL: Summary
page.
Figure 8-4. IPv4 Based ACL: Summary
The previously-defined IPv4 ACLs are displayed.
2
To add a new ACL, click
Add ACL
.
3
Enter the name of the new ACL. Names are case-sensitive.
Dell PowerConnect 55xx Systems User Guide 105
Configuring IP-based ACLs Using CLI Commands
The following table summarizes the CLI commands for configuring IP-based
ACLs.
The following is an example of some of the CLI commands:
IPv4-Based ACEs
To add a rule to an ACL:
1
Click
Switching
>
Network Security
>
IPv4 Based ACE
to display the
IPv4 Based ACE
page.
Figure 8-5. IPv4 Based ACE: Summary
Table 8-4. IP-Based ACL CLI Commands
CLI Command Description
ip access-list extended acl-
name
no ip access-list extended acl-
name
Defines an IPv4 access list and places
the device in IPv4 access list
configuration mode
Use the no form of this command to
remove the access list.
console(config)# ip access-list extended server-acl
106 Dell PowerConnect 55xx Systems User Guide
The currently-defined rules for the selected ACL are displayed.
2
To add a rule, click
Add ACE
.
3
Select a user-defined ACL, and enter the following fields:
New ACE Priority (1-2147483647)
—Enter the priority of the ACE.
ACEs with higher priority are processed first. One is the highest
priority.
Protocol Select From List
— Select to create an ACE, based on a
specific protocol. The following options are available:
ICMP —
Internet Control Message Protocol (ICMP). The ICMP
enables the gateway or destination host to communicate with the
source host, for example, to report a processing error.
IGMP —
Internet Group Management Protocol (IGMP).
Enables hosts to notify their local switch or router that they want
to receive transmissions assigned to a specific multicast group.
IPinIP
— IP in IP. Encapsulates IP packets to create tunnels
between two routers. This ensures that IPIP tunnel appears as a
single interface, rather than several separate interfaces. IPIP
enables tunnel intranets occur the internet, and provides an
alternative to source routing.
TCP —
Transmission Control Protocol (TCP). Enables two hosts
to communicate and exchange data streams. TCP guarantees
packet delivery, and guarantees that packets are transmitted and
received in the order they are sent.
EGP —
Exterior Gateway Protocol (EGP). Permits exchanging
routing information between two neighboring gateway hosts in an
autonomous systems network.
IGP —
Interior Gateway Protocol (IGP). Enables for routing
information exchange between gateways in an autonomous
network.
UDP —
User Datagram Protocol (UDP). Communication
protocol that transmits packets but does not guarantee their
delivery.
Dell PowerConnect 55xx Systems User Guide 107
HMP
— Host Mapping Protocol (HMP). Collects network
information from various networks hosts. HMP monitors hosts
spread over the internet as well as hosts in a single network.
RDP —
Reliable Data Protocol (RDP). provide a reliable data
transport service for packet-based applications.
IDPR
— Matches the packet to the IDPR protocol.
IDRP
— Matches the packet to the Inter-Domain Routing
Protocol (IDRP).
RVSP
— Matches the packet to the ReSerVation Protocol
(RSVP).
AH
— Authentication Header (AH). Provides source host
authentication and data integrity.
EIGRP
— Enhanced Interior Gateway Routing Protocol
(EIGRP). Provides fast convergence, support for variable-length
subnet mask, and supports multiple network layer protocols.
OSPF
— The Open Shortest Path First (OSPF) protocol is a
link-state, hierarchical interior gateway protocol (IGP) for
network routing Layer Two (2) Tunneling Protocol, an extension
to the PPP protocol that enables ISPs to operate Virtual Private
Networks (VPNs).
IPIP
— IP over IP (IPinIP). Encapsulates IP packets to create
tunnels between two routers. This ensures that IPIP tunnel
appears as a single interface, rather than several separate
interfaces. IPIP enables tunnel intranets occur the internet, and
provides an alternative to source routing.
PIM
— Matches the packet to Protocol Independent Multicast
(PIM).
L2TP
— Matches the packet to Internet Protocol (L2IP).
ISIS
— Intermediate System - Intermediate System (ISIS).
Distributes IP routing information throughout a single
autonomous system in IP networks.
Protocol ID To Match
— Enter a protocol number if you did not
select a protocol by name.
Any(IP)
— Check to use any protocol.
108 Dell PowerConnect 55xx Systems User Guide
Source Port (0 - 65535)
— Enter the TCP/UDP source port. Enter
either
Single
,
Range
or select
Any
to include all ports.
Destination Port (0 - 65535)
— Enter the TCP/UDP destination port.
Enter either a
Single
,
Range
or select
Any
to include all ports.
Source IP Address
— Enter the source IP address to which addresses
in the packet are compared.
Wildcard Mask
—In addition to the
Source MAC address
, you
can enter a mask that specifies which bits in the source address are
used for matching and which bits are ignored. A wildcard of
0.0.0.0 means the bits must be matched exactly in addition to the
IP source address; ff.ff.ff.ff means the bits are irrelevant. Any
combination of 0s and ffs can be used.
Any
— Check to indicate that the source address is not matched.
Dest. IP Address
— Enter the destination IP address to which
addresses in the packet are compared.
Wildcard Mask
—In addition to the Destination MAC address,
you can enter a mask that specifies which bits in the source
address are used for matching and which bits are ignored. A
wildcard of 0.0.0.0 means the bits must be matched exactly in
addition to the IP destination address; ff.ff.ff.ff means the bits are
irrelevant. Any combination of 0s and ffs can be used.
Any
— Check to indicate that the destination address is not
matched.
TCP Flags
— To use TCP flags, check the
TCP Flag
checkbox and
then check the desired flag(s).
ICMP
— Specifies an ICMP message type for filtering ICMP packets.
This field is available only when ICMP is selected in the
Protocol
field. The following options are available:
Select from List
— Select an ICMP type from the list.
ICMP Type
— Enter the ICMP type.
Any
— Check to use all ICMP types.
Dell PowerConnect 55xx Systems User Guide 109
ICMP Code
— Enter an ICMP message code for filtering ICMP
packets that are filtered by ICMP message type or ICMP message
code. This field is available only when ICMP is selected in the
Protocol
field. The following options are available:
ICMP Code
— Enter an ICMP code.
Any
— Check to use all ICMP codes.
IGMP
— IGMP packets can be filtered by IGMP message type. This
field is available only when IGMP is selected in the
Protocol
field. The
following options are available:
Select from List
— Select an IGMP message type from the list.
IGMP Type
— Enter the IGMP message type.
Any
— Check to use all IGMP message types.
Classification
— Select one of the following matching options:
Match DSCP(0-63)
— Matches the packet DSCP value to the
ACL.
Match IP Precedence(0-7)
— Check to enable matching
IP-precedence with the packet IP-precedence value. IP-
precedence enables marking frames that exceed the CIR
threshold. In a congested network, frames containing a higher DP
value are discarded before frames with a lower DP value. If this
field is checked, enter a value to be matched.
Time Range Name
— Check to associate a time range with the ACE.
Select one of the time ranges defined in the
Time Range
page.
Action
— Select the ACL forwarding action. The following options
are available:
Permit
— Forward packets which meet the ACL criteria.
Deny
— Drop packets which meet the ACL criteria.
Shutdown
— Drop packet that meet the ACL criteria, and disable
the port to which the packet was addressed.
Logging of Dropped Packets
— Check to activate logging of dropped
packets.
110 Dell PowerConnect 55xx Systems User Guide
Configuring IP-based ACEs Using CLI Commands
The following table summarizes the CLI commands for configuring IP-based
ACLs.
Table 8-5. IP-Based ACE CLI Commands
CLI Command Description
permit protocol {any|source-ip-address
source-wildcard} {any|destination-ip-
address destination-wildcard} [dscp
number|precedence number] [time-range
time-range-name]
permit icmp {any|source-ip-address source-
wildcard} {any|destination-ip-address
destination-wildcard} [any|icmp-
type][any|icmp-code]] [dscp
number|precedence number] [time-range
time-range-name]
permit igmp {any|source-ip-address source-
wildcard} {any|destination-ip-address
destination-wildcard}[igmp-type] [dscp
number|precedence number] [time-range
time-range-name]
permit tcp {any|source-ip-address source-
wildcard} {any|source-port/port-
range}{any|destination-ip-address
destination-wildcard} {any|destination-
port/port-range } [dscp number|precedence
number] [match-all list-of-flags] [time-
range time-range-name]
permit udp {any|source-ip-address source-
wildcard} {any|source-port|port-range}
{any|destination-ip-address destination-
wildcard} {any|destination-port/port-range
} [dscp number|precedence number] [match-
all time-range-name] [time-range time-
range-name]
Sets conditions to
allow a packet to pass
a named IP access list
( in access list
configuration mode).
The list of protocols is
found above.
Dell PowerConnect 55xx Systems User Guide 111
The following is an example of some of the CLI commands:
deny protocol {any|source-ip-address
source-wildcard} {any|destination-ip-
address destination-wildcard} [dscp
number|precedence number] [time-range
time-range-name] [disable-port|log-input]
deny icmp {any|source-ip-address source-
wildcard} {any|destination-ip-address
destination-wildcard{any|icmp-type}
{any|icmp-code} [dscp number|precedence
number] [time-range time-range-name]
[disable-port|log-input]
deny igmp {any|source-ip-address source-
wildcard} {any|destination-ip-address
destination-wildcard}[igmp-type] [dscp
number|precedence number] [time-range
time-range-name] [disable-port|log-input]
deny tcp {any|source-ip-address source-
wildcard} {any|source-port|port-
range}{any|destination-ip-address
destination-wildcard} {any|destination-
port/port-range } [dscp number|precedence
number] [match-all list-of-flags] [time-
range time-range-name] [disable-port|log-
input]
deny udp {any|source-ip-address source-
wildcard} {any|source-port|port-range}
{any|destination-ip-address destination-
wildcard} {any|destination-port|port-range
} [dscp number|precedence number] [match-
all time-range-name] [time-range time-
range-name] [disable-port|log-input]
Sets deny conditions
for IPv4 access list (in
access list
configuration mode).
console(config)# ip access-list extended server
console(config-ip-al)# permit ip 1.1.1.0 0.0.0.255
1.1.2.0 0.0.0.0
Table 8-5. IP-Based ACE CLI Commands (Continued)
CLI Command Description
112 Dell PowerConnect 55xx Systems User Guide
IPv6-Based ACLs
The IPv6 Based ACL Page displays and enables the creation of IPv6 ACLs,
which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4
or ARP packets.
To define IPv6-based ACLs:
1
Click
Switching
>
Network Security
>
IPv6 Based ACL
to display the
IPv6 Based ACL: Summary
page.
Figure 8-6. IPv6 Based ACL: Summary
A list of all of the currently defined IPv6-based ACLs is displayed.
2
To add a new ACL, click
Add ACL
.
3
Enter the name of the new ACL. Names are case-sensitive.
Dell PowerConnect 55xx Systems User Guide 113
Configuring IPv6-based ACLs Using CLI Commands
The following table summarizes the CLI commands for configuring
IPv6-based ACLs.
The following is an example of some of the CLI commands:
IPv6-Based ACEs
To add a rule to an IPv6-based ACL:
1
Click
Switching
>
Network Security
>
IPv6 Based ACE
to display the
IPv6 ACE: Summary
page.
Figure 8-7. IPv6 Based ACE: Summary
Table 8-6. IP-Based ACL CLI Commands
CLI Command Description
ipv6 access-list [access-list-
name]
no ipv6 access-list [access-
list-name]
Defines an IPv6 access list and places
the device in IPv6 access list
configuration mode
Use the no form of this command to
remove the access list.
console(config)# ipv6 access-list server-acl
114 Dell PowerConnect 55xx Systems User Guide
The currently-defined rules for the selected ACL are displayed.
2
To add a rule click
Add ACE
.
3
Select a user-defined ACL for which a rule is being created.
4
Enter the following fields:
New Rule Priority
— Enter the ACE priority that determines which
ACE is matched to a packet, based on a first match.
Protocol Select from List
— Select to create an ACE, based on a
specific protocol. The following options are available:
TCP — Transmission Control Protocol (TCP). Enables two
hosts to communicate and exchange data streams. TCP
guarantees packet delivery, and guarantees packets are
transmitted and received in the order the are sent.
UDP — User Datagram Protocol (UDP). Communication
protocol that transmits packets but does not guarantee their
delivery.
ICMP — Internet Control Message Protocol (ICMP). The
ICMP allows the gateway or destination host to communicate
with the source host. For example, to report a processing error.
IPV6 — Matches the packet to the IPV6 protocol.
Protocol ID To Match
— Enter a protocol.
Any
— Check to use any protocol.
Source Port
— Enter the TCP/UDP source port. Enter either a
Single
,
Range
or select
Any
to include all ports.
Destination Port
— Enter the TCP/UDP destination port. Enter
either a
Single
,
Range
or select
Any
to include all ports.
TCP Flags
— To use TCP flags, check the
TCP Flag
checkbox and
then check the desired flag(s).
ICMP
— Specifies an ICMP message type for filtering ICMP packets.
This field is available only when ICMP is selected in the
Protocol
field. The following options are available:
Select from List
— Select an ICMP type from the list.
ICMP Type
— Enter the ICMP type.
Dell PowerConnect 55xx Systems User Guide 115
Any
— Check to use all ICMP types.
ICMP Code
— Specifies an ICMP message code for filtering ICMP
packets that are filtered by ICMP message type or ICMP message
code. This field is available only when ICMP is selected in the
Protocol
field. The following options are available:
ICMP Code
— Enter an ICMP code.
Any
— Check to use all ICMP codes.
Source IP Address
— Enter the source IP address to which addresses
in the packet are compared. The following options are available:
Prefix Length
—The number of bits that comprise the source IP
address prefix of the subnetwork.
Any
— Check to indicate that the source address is not matched.
Dest. IP Address
— Enter the destination IP address to which
addresses in the packet are compared. The following options are
available:
Prefix Length
—The number of bits that comprise the
destination IP address prefix of the subnetwork.
Any
— Check to indicate that the destination address is not
matched.
Traffic Class
— Select one of the following options:
Match DSCP
— Matches the packet DSCP value to the ACL.
Match IP Precedence
— Matches the IP-precedence with the
packet IP-precedence value. IP-precedence enables marking
frames that exceed CIR threshold. In a congested network, frames
containing a higher DP value are discarded before frames with a
lower DP value.
Time Range Name
— Check to associate a time range with the ACE.
Select one of the time ranges defined in the
Time Range
page.
Action
— The ACL forwarding action. The following options are
available:
Permit
— Forwards packets that meet the ACL criteria.
Deny
— Drops packets that meet the ACL criteria.
116 Dell PowerConnect 55xx Systems User Guide
Shutdown
— Drops packet that meet the ACL criteria, and disables
the port to which the packet was addressed.
Logging of Dropped Packets
— Check to activate logging of dropped
packets.
Configuring IP-based ACEs Using CLI Commands
The following table summarizes the CLI commands for configuring IP-based
ACLs.
Table 8-7. IP-Based ACE CLI Commands
CLI Command Description
permit protocol {any|{source-prefix/length
}{any|destination- prefix/length } [dscp
number|precedence number] [time-range
time-range-name]
permit icmp {any|{source-prefix/length
}{any|destination-prefix/length }
{any|icmp-type}{any|icmp-code} [dscp
number|precedence number] [time-range
time-range-name]
permit tcp {any|{source-prefix/length }
{any|source-port/port-range}
}{any|destination prefix/length }
{any|destination-port/port-range} [dscp
number|precedence number] [match-all list-
of-flags] [time-range time-range-name]
permit udp {any|{source-prefix/length }}
{any|source-port|port-range}
}{any|destination prefix/length }
{any|destination-port/port-range} [dscp
number|precedence number] [time-range
time-range-name]
Sets permit conditions
for IPv6 access list.
Dell PowerConnect 55xx Systems User Guide 117
The following is an example of some of the CLI commands:
deny protocol {any|{source-prefix/length
}{any|destination-prefix|length} [dscp
number|precedence number] [time-range
time-range-name] [disable-port|log-input]
deny icmp {any|{source-prefix/length
}{any|destination-prefix/length }
{any|icmp-type} {any|icmp-code} [dscp
number|precedence number] [time-range
time-range-name] [disable-port|log-input]
deny tcp {any|{source-prefix/length }
{any|source-port/port-range}
}{any|destination-prefix/length}
{any|destination-port/port-range} [dscp
number|precedence number] [match-all list-
of-flags] [time-range time-range-name]
[disable-port|log-input]
deny udp {any|{source-prefix/length }}
{any|source-port/port-range}
}{any|destination-prefix|length}
{any|destination-port/port-range} [dscp
number|precedence number] [time-range
time-range-name] [disable-port|log-input]
Sets deny conditions
for IPv4 access list (in
Access List
Configuration mode).
console(config)# ipv6 access-list server
console(config-ipv6-al)# permit tcp 3001::2/64 any any 80
Table 8-7. IP-Based ACE CLI Commands (Continued)
CLI Command Description
118 Dell PowerConnect 55xx Systems User Guide
ACL Binding
When an ACL is bound to an interface, all the rules that have been defined
for the ACL are applied to that interface. Whenever an ACL is assigned on a
port or LAG, flows from that ingress or egress interface that do not match the
ACL, are matched to the default rule, which is to Drop unmatched packets.
To change the default action for unmatched packets to an action other than
Drop, do the following:
Add an additional ACE to the ACL with "Any" in all fields
Set its action other than Drop
Set the priority to the lowest in the ACL.
To bind ACLs to interfaces:
1
Click
Switching
>
Network Security
>
ACL Binding
to display the
ACL
Binding: Summary
page.
Figure 8-8. ACL Binding: Summary
The ports on the selected unit are displayed along with their associated
ACLs.
Dell PowerConnect 55xx Systems User Guide 119
2
To bind an ACL to an interface, select an interface and click
Edit
.
3
Select an ACL(s). You can select one of each type (
MAC-based ACL,
IPv4-based ACL
or
IPv6-based ACL
) or one
IPv4-based ACL
and one
IPv6-based ACL
.
Configuring ACL Bindings Using CLI Commands
The following table summarizes the CLI commands for configuring ACL
Bindings.
.
The following is an example of some of the CLI commands:
Table 8-8. ACL Bindings CLI Commands
CLI Command Description
service-acl input acl-name1
[acl-name2]
no service-acl input
Controls access to an interface
Use the no form of the command to
remove access control.
show access-lists [acl-name]Displays access control lists (ACLs)
configured on the switch.
console(config)# mac access-list extended server
console(config-mac-al)# permit 00:00:00:00:00:01
00:00:00:00:00:ff any
console(config-mac-al)# exit
console(config)# interface gi1/0/1
console(config-if)# service-acl input server
120 Dell PowerConnect 55xx Systems User Guide
Proprietary Protocol Filtering
Protocol filters are used to disallow receiving specific proprietary protocol
packets through an interface. These can be enabled for specific ports.
If a protocol filter is enabled on a port, you cannot enable a QoS ACL on this
port.
To configure Proprietary Protocol Filtering:
1
Click
Switching
>
Network Security
>
Proprietary Protocol Filtering
to
display the
Proprietary Protocol Filtering: Summary
page.
Figure 8-9. Proprietary Protocol Filtering: Summary
A list of the ports and their filtered protocols is displayed.
2
Click
Edit
to modify the filtered protocols for a specific port.
3
Select a unit and an interface.
Dell PowerConnect 55xx Systems User Guide 121
4
Move the required protocols from the
Available Protocols
list to the
Filtered Protocols
list. The following displays the protocols and the
addresses that are blocked:
Configuring Proprietary Protocol Filtering Using CLI Commands
The following table summarizes the CLI commands for setting fields in the
Proprietary Protocol Filtering
pages.
Only one of the following CLI commands can be active on a port at the same
time. To add other protocol filters, the command must be negated and then
run again with all the required protocol names.
.
The following is an example of some of the CLI commands:
Table 8-9. Protocol Filtering
Protocol Destination Address Protocol Type
blockcdp 0100.0ccc.cccc 0x2000
blockvtp 0100.0ccc.cccc 0x2003
blockdtp 0100.0ccc.cccc 0x2004
blockudld 0100.0ccc.cccc 0x0111
blockpagp 0100.0ccc.cccc 0x0104
blocksstp 0100.0ccc.cccd -
blockall 0100.0ccc.ccc0 - 0100.0ccc.cccf -
Table 8-10. Proprietary Protocol Filtering CLI Commands
CLI Command Description
service-acl input protocol1
[protocol2protocol6]
no service-acl input
Discards packets that are classified to
specific protocols.
Use the no form of those commands
to disable discarding of the packets.
console (Config-if)# service-acl input blockcdp blockvtp
122 Dell PowerConnect 55xx Systems User Guide
Time Range
Time ranges can be defined and associated with an QoS ACL, so that it is
applied only during that time range.
There are two types of time ranges:
Absolute
—This type of time range begins on a specific date or
immediately and ends on a specific date or extends infinitely. It is created
in the
Time Range
pages. A recurring element can be added to it.
Recurring
— This is a time range element that is added to an absolute
range, and begins and ends on a recurring basis. It is defined in the
Time
Range Recurrence
pages.
If a time range includes both absolute and recurring ranges, the ACL is
activated only if both absolute start time and the recurring time range have
been reached. The ACL is deactivated when either of the time ranges is
reached.
The switch supports a maximum of 10 absolute time ranges.
All time specifications are interpreted as local time (Daylight Savings Time
does not affect this).
To ensure that the time range entries take effect at the desired times, the
system time must be set. For more information on setting the system time,
see "Time Synchronization" on page 162.
A possible use for this feature is to limit access of computers to the network
only during business hours, after which they are locked, and access to the rest
of the network is blocked.
Dell PowerConnect 55xx Systems User Guide 123
Absolute Time Range
To define an absolute time range:
1
Click
Switching
>
Network Security
>
Time Range
to display the
Time
Range: Summary
page.
Figure 8-10. Time Range: Summary
The existing Time Ranges are displayed.
2
To add a new time range, click
Add
.
3
Enter the name of the time range in the
Time Range Name
field.
4
Define the
Absolute Start
time.
To begin the Time Range immediately, click
Immediate
.
To determine at what time in the future the Time Range will begin,
enter values in the
Date
and
Time
fields.
124 Dell PowerConnect 55xx Systems User Guide
5
Define the
Absolute End
time.
To indicate that the Time Range should not end, click
Infinite
.
To determine the time at which the Time Range ends, enter values in
the
Date
and
Time
fields.
See "Configuring Time Ranges Using CLI Commands" on page 125 for the
CLI commands for creating time ranges.
Time Range Recurrence
To add a recurring time range element to an absolute time range:
1
Click
Switching
>
Network Security
>
Time Range Recurrence
to display
the
Recurring Time Range: Summary
page.
Figure 8-11. Recurring Time Range: Summary
A daily and weekly recurring element of the time range that is selected is
displayed if they exist.
Dell PowerConnect 55xx Systems User Guide 125
2
To add a recurring time range element to a time range, click
Add.
3
Select the
Time Range Name
to which you want to add the Time Range
Recurrence. The
Absolute Start
and
Absolute End
fields are displayed.
4
Check if the recurrence is
Daily
or
Weekly
in
Recurrence type
.
5
If the recurrence is
Daily
, enter:
Start Time
— Select the time on which the time range starts.
End Time
— Select the time on which the time range ends.
Weekday
— Select the day of the week on which the time range
occurs.
6
If the recurrence is
Weekly
, enter:
Start
— Select the
Day of the Week
and
Time
on which the time
range starts.
End
—Select the
Day of the Week
and
Time
on which the time
range ends.
Configuring Time Ranges Using CLI Commands
The following table summarizes the CLI commands for configuring time
ranges.
Table 8-11. Time Range CLI Commands
CLI Command Description
time-range time-range-name
no time-range time-range-name
Enables time-range configuration
mode, and defines time ranges for
functions (such as access lists).
Use the no form of this command
to remove the time range
configuration.
absolute start hh:mm day month
year
no absolute start
absolute end hh:mm day month year
no absolute end
Adds start and end times to the
time range.
Use the no form of the commands
to remove the start and end times
from the time range.
126 Dell PowerConnect 55xx Systems User Guide
The following is an example of some of the CLI commands:
periodic day-of-the-week hh:mm to
day-of-the-week hh:mm
no periodic day-of-the-week hh:mm
to day-of-the-week hh:mm periodic
list hh:mm to hh:mm day-of-the-
week1 [day-of-the-week2… day-of-
the-week7]
no periodic list hh:mm to hh:mm
day-of-the-week1 [day-of-the-
week2… day-of-the-week7]
periodic list hh:mm to hh:mm all
no periodic list all hh:mm to
hh:mm all
Adds a recurring time range to the
time range.
Use the no form of the commands
to remove the recurring time
range.
console (config)# time-range http-allowed
console (config-time-range)# absolute start 12:00 1 jan
2005 end 12:00 31 dec 2005
console (config-time-range)# periodic monday 8:00 to
friday 20:00
Table 8-11. Time Range CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 127
Dot1x Authentication
This section describes Dot1x authentication.
It contains the following topics:
Port-Based Authentication Overview
•Dot1x Overview
Port-Based Authentication Global
Port-Based Authentication Interface Settings
Monitoring Users
Host Authentication
Port Authentication Users
Port-Based Authentication Overview
Port-based authentication enables authenticating system users on a per-port
basis via an external server. Only authenticated and approved system users
can transmit and receive data. Ports are authenticated via the RADIUS server
using the Extensible Authentication Protocol (EAP). Port Authentication
includes:
Authenticators
— Specifies the device port that is authenticated before
permitting system access.
Supplicants
— Specifies the host connected to the authenticated port hat
is requesting to access the system services.
Authentication Server
— Specifies the external server, for example, a
RADIUS server, which performs authentication on behalf of the
authenticator, and indicates whether the supplicant is authorized to access
system services.
Port-based authentication creates two access states:
Controlled Access
— Permits communication between the supplicant and
the system, if the supplicant is authorized.
Uncontrolled Access
— Permits uncontrolled communication, regardless
of the port authorization state.
128 Dell PowerConnect 55xx Systems User Guide
The device supports Port Based Authentication via RADIUS servers.
Dot1x Overview
Dot1x is an IEEE standard for port-based network access control. The Dot1x
framework enables a device (the supplicant) to request port access from a
remote device (authenticator) to which it is connected. The supplicant is
permitted to send data to the port only after it is authenticated and
authorized. If it is not authenticated and authorized, the authenticator
discards the supplicant data, unless the data is sent to a Guest VLAN and/or
non-authenticated VLANs.
Authentication of the supplicant is performed by an external RADIUS server
through the authenticator. The authenticator monitors the results of the
authentication.
In the Dot1x standard, a device can be a supplicant and an authenticator at a
port, simultaneously requesting and granting port access. However, this
device can only act as an authenticator, and does not take on the role of a
supplicant.
The following varieties of Dot1x exist:
Single session Dot1x:
A1—Single-session/Single Host
— In this mode, the switch, as an
authenticator, supports a single Dot1x session, and grants permission
to use the port to an authorized supplicant. All other access requests,
made by other devices received from the same port, are denied until
the authorized supplicant is no longer using the port, or the access
request is to an unauthenticated or guest VLAN.
Single-session/Multiple Hosts
—This follows the Dot1x standard. In
this mode, the switch, as an authenticator, enables any device to use a
port, as long as it has been granted permission as a supplicant at the
port.
Multi-Session Dot1x
—Every device (supplicant) connecting to a port
must be authenticated and authorized by the switch (authenticator),
separately in a different Dot1x session. This is the only mode that supports
Dynamic VLAN Assignment (DVA).
Dell PowerConnect 55xx Systems User Guide 129
Dynamic VLAN Assignment (DVA)
Dynamic VLAN Assignment (DVA) is also referred to as RADIUS VLAN
Assignment in this guide. When a port is in Multiple Session mode and is
DVA-enabled, the switch automatically adds the port as an untagged member
of the VLAN that is assigned by the RADIUS server during the authentication
process. The switch classifies untagged packets to the assigned VLAN if the
packets originated from the devices or ports that are authenticated and
authorized.
For a device to be authenticated and authorized at a DVA-enabled port:
The RADIUS server must authenticate the device and dynamically assign
a VLAN to the device.
The assigned VLAN must not be the default VLAN and must have been
created on the switch.
The switch must not be configured to use both a DVA and a MAC-based
VLAN group.
A RADIUS server must support DVA with RADIUS attributes tunnel-type
(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-
group-id = a VLAN ID.
Dynamic Policy/ACL Assignment
The Dynamic Policy/ACL Assignment feature enables specifying a user-
defined ACL or policy in the RADIUS server. After a successful
authentication, the user is assigned that ACL.
Authentication Methods
The possible authentication methods are:
Dot1x
— The switch supports this authentication mechanism, as
described in the standard, to authenticate and authorize Dot1x
supplicants.
MAC-based
— The switch can be configured to use this method to
authenticate and authorize devices that do not support Dot1x. The switch
emulates the supplicant role on behalf of the non-Dot1x-capable devices,
and uses the MAC address of the devices as the username and password,
when communicating with the RADIUS servers. MAC addresses for
130 Dell PowerConnect 55xx Systems User Guide
username and password must be entered in lower case and with no
delimiting characters (for example: aaccbb55ccff). To use MAC-based
authentication at a port:
A Guest VLAN must be defined.
The port must be Guest-VLAN-enabled.
The packets from the first supplicant, at the port before it is
authorized, must be untagged.
You can configure a port to use Dot1x only, MAC-based only, or Dot1x and
MAC-based authentication. If a port is configured to use both Dot1x and
MAC-based authentication, a Dot1x supplicant has precedence over a
non-Dot1x device. The Dot1x supplicant preempts an authorized, but
non-Dot1x device, at a port that is configured with a single session.
Unauthenticated VLAN and Guest VLANs
Unauthenticated VLANs and Guest VLANs provide access to services that do
not require the subscribing devices or ports to be Dot1x or MAC-Based
authenticated and authorized.
An unauthenticated VLAN is a VLAN that allows access by authorized and
unauthorized devices or ports. You can configure one or more VLAN to be
unauthenticated in the VLAN Membership pages in "VLANs" on page 459.
An unauthenticated VLAN has the following characteristics:
It must be a static VLAN, and cannot be the Guest VLAN or the default
VLAN.
The VLAN’s member ports must be manually configured as tagged
members.
The member ports must be trunk and/or general ports. An access port
cannot be member of an unauthenticated VLAN.
The Guest VLAN, if configured, is a static VLAN with the following
characteristics.
It must be manually defined from an existing, static VLAN.
It is automatically available only to unauthorized devices, or to ports of
devices that are connected and Guest VLAN enabled.
Dell PowerConnect 55xx Systems User Guide 131
If a port is Guest-VLAN-enabled, the switch automatically adds the port as
an untagged member of the Guest VLAN when the port is not authorized,
and removes the port from the Guest VLAN when the first supplicant of
the port is authorized.
The Guest VLAN cannot be used as both the Voice VLAN and an
unauthenticated VLAN.
The switch also uses the Guest VLAN for authentication at ports configured
with Multiple Session mode and MAC-based authentication. Therefore, you
must configure a Guest VLAN before you can use the MAC-based
authentication mode.
For authentication to function, it must be activated both globally, in the Port-
Based Authentication Global page and individually on each port, in the Port-
Based Authentication Interface Settings pages.
Monitoring Mode
Monitoring mode enables providing users who fail authentication with
limited network access. This enables these users to correct the reason that the
authentication failed.
The following are the main aspects of this feature:
Enables successful authentications using the returned RADIUS
information
Provides a mechanism to report unsuccessful authentications without
negative repercussions to the user due to administrator errors
Accurately reports the data received from the successful and non-
successful operations so that appropriate changes to problem areas may be
made.
The Dot1x monitoring activation command includes a special VLAN that is
used when there is no access interface configuration present and the client(s)
unsuccessfully authenticates. These clients are placed in the special VLAN.
For users that unsuccessfully authenticate during re-authentication process,
but already have existing VLANs configured, the failure to authenticate does
not put them in a disabled state but places them back to the existing
configuration.
132 Dell PowerConnect 55xx Systems User Guide
Port-Based Authentication Global
To globally configure authentication:
1
Click
Switching
>
Network Security
>
Dot1 Authentication
>
Port
Based Authentication Global
to display the
Port Based Authentication
Global
page.
Figure 8-12. Port Based Authentication Global
2
Enter the following fields:
Port Based Authentication State
— Enable/disable port-based
authentication.
Authentication Method
— Select an authentication method. The
possible options are:
Dell PowerConnect 55xx Systems User Guide 133
RADIUS, None
— Perform port authentication first by using the
RADIUS server. If no response is received from RADIUS (for
example, if the server is down), then no authentication is
performed, and the session is permitted.
RADIUS
— Authenticate the user on the RADIUS server. If no
authentication is performed, the session is not permitted.
None
— Do not authenticate the user. Permit the session.
Guest VLAN
— Enable/disable the use of a Guest VLAN for
unauthorized ports. If a Guest VLAN is enabled, all unauthorized
ports automatically join the VLAN selected in the Guest VLAN ID
field. If a port is later authorized, it is removed from the Guest VLAN.
VLAN List
— Select the Guest VLAN from the VLAN list.
Monitoring Mod
e — Enable/disable logging authentication attempts.
Monitoring VLAN
— Enter the ID of the VLAN to which traffic
being monitored is routed after unsuccessful Dot1x authentication.
Accept Supplicant when Dynamic Policy/ACL Assignment Has No
Resources
— If no resources remain in the TCAM, the system can
either reject (disable) or allow (enable) successful authentication.
Enabling Port-Based Authentication Globally Using the CLI Commands
The following table summarizes the CLI commands for enabling the port
based authentication as displayed in the Port Based Authentication Global
page.
Table 8-12. Port-Based Authentication Global CLI Commands
CLI Command Description
aaa authentication dot1x
default method1 [method2]
no aaa authentication dot1x
default
Specifies one or more AAA methods for
use on interfaces running IEEE 802.1X.
Use the no form of this command to
restore the default configuration.
dot1x system-auth-control
no dot1x system-auth-control
Enables 802.1x globally.
Use the no form of this command to
restore the default configuration.
134 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
dot1x system-auth-control
monitor [vlan vlan-id]
no dot1x system-auth-control
monitor
Enables 802.1x globally the 802.1x
Monitoring mode and define the Monitor
VLAN.
Use the no format of the command to
return to default.
dot1x guest-vlan
no dot1x guest-vlan
Contains a list of VLANs. The guest
VLAN is selected from the VLAN List.
Use the no form of this command to
disable access.
show dot1x Displays 802.1X status for the device.
console(config)# aaa authentication dot1x default none
console(config)# interface vlan 5
console# show dot1x
802.1x is disabled
Admin Oper Reauth Reauth Username
Port Mode Mode Control Period
-------- ------------------ ------------- -------- ------- --------
gi1/0/1 Force Authorized Authorized* Disabled 3600 n/a
gi1/0/2 Force Authorized Authorized* Disabled 3600 n/a
gi1/0/3 Force Authorized Authorized* Disabled 3600 n/a
gi1/0/4 Force Authorized Authorized* Disabled 3600 n/a
Table 8-12. Port-Based Authentication Global CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 135
Port-Based Authentication Interface Settings
To configure 802.1x authentication on an interface:
1
Click
Switching
>
Network Security
>
Dot1 Authentication
>
Port
Based Authentication Interface Settings
to display the
Port Based
Authentication Interface Settings: Summary
page.
Figure 8-13. Port Based Authentication Interface Settings
Port parameters for the selected unit are displayed.
2
Click
Edit
.
3
Select a port for which the authentication parameters apply in the
Interface
drop-down list.
4
Enter the parameters:
User Name
— Displays the username of the port.
Admin Interface Control
— Select the port authorization state. The
possible options are:
Auto
— Enables port-based authentication on the interface. The
interface moves between an authorized or unauthorized state,
based on the authentication exchange between the device and the
client.
136 Dell PowerConnect 55xx Systems User Guide
Authorized
— Places the interface into an authorized state
without being authenticated. The interface resends and receives
normal traffic without client port-based authentication.
Unauthorized
— Denies the selected interface system access by
moving the interface into unauthorized state. The device cannot
provide authentication services to the client through the
interface.
Current Interface Control
— Displays the current port authorization
state.
Authentication Type
— Select the type of authentication on the port.
The possible options are:
802.1x Only
— 802.1X authentication is the only authentication
method performed on the port.
MAC Only
— Port is authenticated, based on the supplicant
MAC address. Only eight MAC-based authentications can be
used on the port.
802.1x & MAC
— Both 802.1X and MAC-based authentication
are performed on the switch. The 802.1X authentication takes
precedence.
NOTE: For MAC authentication to succeed, the RADIUS server supplicant
username and password must be the supplicant MAC address. The MAC
address must be in lower case letters and entered without the “:” or “-”
separators; for example: 0020aa00bbcc.
Dynamic VLAN Assignment
— Enable/disable dynamic VLAN
assignment for this port. This feature enables you to automatically
assign users to VLANs during the RADIUS server authentication.
When a user is authenticated by the RADIUS server, the user is
automatically joined to the VLAN configured on a RADIUS server.
Port Lock and Port Monitor should be disabled when DVA is
enabled.
Dynamic VLAN Assignment (DVA) can occur only if a RADIUS
server is configured, and port authentication is enabled and set to
802.1x multi-session mode.
If the RADIUS Accept Message does not contain the supplicant’s
VLAN, the supplicant is rejected.
Dell PowerConnect 55xx Systems User Guide 137
Authenticated ports are added to the supplicant VLAN as
untagged.
Authenticated ports remain unauthenticated VLAN and Guest
VLAN members. Static VLAN configuration is not applied to the
port.
The following list of VLANs cannot participate in DVA: an
Unauthenticated VLAN, a Dynamic VLAN that was created by
GVRP, a Voice VLAN, a Default VLAN and a Guest VLAN.
Delete the supplicant VLAN while the supplicant is logged in.
The supplicant is authorized during the next re-authentication if
this supplicant VLAN is re-created, or a new VLAN is configured
on the RADIUS server.
NOTE: DVA provides the same functionality as the MAC to VLAN Assignment
feature, but does so in a standard way. Therefore, when DVA is available,
MAC to VLAN Assignment is not available.
Guest VLAN
— Enable/disable port access to the Guest VLAN. If
enabled, unauthorized users, connected to this interface, can access
the Guest VLAN.
Dynamic Policy / ACL Assignment
— Enable/disable this feature.
Periodic Reauthentication
— Select to enable port re-authentication
attempts after the specified Reauthentication Period.
Reauthentication Period (300-4294967295)
— Enter the number of
seconds after which the selected port is reauthenticated.
Reauthenticate Now
— Select to enable immediate port
re-authentication.
Authentication Server Timeout (1-65535)
— Enter the time interval
that lapses before the device resends a request to the authentication
server. The field value is specified in seconds.
Resending EAP Identity Request (1-65535)
— Enter the amount of
time that lapses before EAP request are resent.
Quiet Period (0-65535)
— Enter the number of seconds that the
device remains in the quiet state, following a failed authentication
exchange.
138 Dell PowerConnect 55xx Systems User Guide
Supplicant Timeout (1-65535)
— Enter the amount of time that
lapses before EAP requests are resent to the supplicant. The field
value is in seconds.
Max EAP Requests (1-10)
Enter the maximum number of EAP
requests that can be sent. If a response is not received after the defined
period (supplicant timeout), the authentication process is restarted.
Enabling Port-Based Authentication on Interfaces Using the CLI Commands
The following table summarizes the CLI commands for enabling the port
based authentication as displayed in the Port Based Authentication Global
page.
Table 8-13. Port-Based Authentication Interface CLI Commands
CLI Command Description
dot1x port-control {auto |
force-authorized | force-
unauthorized}
no dot1x port-control
Enables manual control of the port
authorization state.
Use the no form of this command to
restore the default configuration.
dot1x mac-authentication
{mac-only|mac-and-802.1x}
no dot1x mac-authentication
Enables authentication based on the
station’s MAC address.
Use the no form of this command to
disable access.
dot1x radius-attributes vlan
no dot1x radius-attributes
vlan
Enables user-based VLAN assignment.
Use the no form of this command to
disable user-based VLAN assignment.
dot1x guest-vlan enable
no dot1x guest-vlan enable
Enables unauthorized users on the
interface access to the guest VLAN.
Use the no form of this command to
disable access.
dot1x max-req count
no dot1x max-req
Sets the maximum number of times that
the device sends an EAP to the client,
before restarting the authentication
process.
Use the no form of this command to
restore the default configuration.
Dell PowerConnect 55xx Systems User Guide 139
dot1x re-authentication
no dot1x re-authentication
Enables periodic re-authentication of the
client.
Use the no form of this command to
restore the default configuration.
dot1x timeout re-authperiod
seconds
no dot1x timeout supp-timeout
Sets the number of seconds between re-
authentication attempts.
Use the no form of this command to
restore the default configuration.
dot1x re-authenticate
[[gigabitethernet|tengigabit
ethernet] port-number]
Manually initiates a re-authentication of
all 802.1X-enabled ports or the specified
802.1X-enabled port.
dot1x timeout quiet-period
seconds
no dot1x timeout quiet-period
Sets the number of seconds that the
device remains in the quiet state following
a failed authentication exchange.
Use the no form of this command to
restore the default configuration.
dot1x timeout server-timeout
seconds
no dot1x timeout server-
timeout
Sets the time for the retransmission of
packets to the authentication server.
Use the no form of this command to
restore the default configuration.
dot1x timeout supp-timeout
seconds
no dot1x timeout supp-timeout
Sets the time for the retransmission of an
EAP request frame to the client.
Use the no form of this command to
restore the default configuration.
dot1x timeout tx-period
seconds
no dot1x timeout tx-period
Sets the number of seconds that the
device waits for a response to an EAP -
request/identity frame, from the client,
before resending the request.
Use the no form of this command to
restore the default configuration.
show dot1x
[[gigabitethernet|tengigabit
ethernet] port-number]
Displays 802.1X status for the device or
for the specified interface.
Table 8-13. Port-Based Authentication Interface CLI Commands (Continued)
CLI Command Description
140 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
show dot1x advanced Displays 802.1X advanced features for the
switch or specified interface.
show dot1x users [username
username]
Displays 802.1X users for the device.
dot1x guest-vlan enable
no dot1x guest-vlan enable
Enables using a guest VLAN for
unauthorized ports.
Use the no form of this command to
restore the default configuration.
console(config)# aaa authentication dot1x default none
console(config)# interface vlan 5
console(config-if)# dot1x auth-not-req
console(config)# vlan database
console(config-vlan)# vlan 2
console(config-vlan)# exit
console(config)# interface vlan 2
console(config-if)# dot1x guest-vlan
console# show dot1x
Interface Admin
Mode
Oper Mode Reauth
Control
Reauth
Period
Username
-------- ------- ---------- -------- ------ --------
gi1/0/1 Auto Authorized Enabled 3600 Bob
gi1/0/2 Auto Authorized Enabled 3600 John
gi1/0/3 Auto Unauthoriz
ed
Enabled 3600 Clark
gi1/0/4 Force-
auth
Authorized Disabled 3600 n/a
Table 8-13. Port-Based Authentication Interface CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 141
Monitoring Users
Use the
Monitoring Users
page to view rejected users.
1
Click
Switching
>
Network Security
>
Dot1 Authentication
>
Monitoring Users
to display the
Monitoring Users
page.
Figure 8-14. Monitoring Users
2
Select a supplicant that was authenticated on the port. The supplicant’s
information is displayed.
User Name
— Name assigned to this port.
Port
— Number of port.
VLAN
— Port belongs to this VLAN.
MAC Address
— Source of traffic.
Reject Reason
— Reason that traffic was rejected. See Table 8-14 for a
list of the possible reject reasons.
Time
— Time that traffic was rejected.
142 Dell PowerConnect 55xx Systems User Guide
Table 8-14. Reject Reason Description
Abbreviation Description
ACL-DEL ACL was deleted by a user.
ACL-NOTEXST ACL sent by the RADIUS server does not exist on the device.
ACL-OVRFL ACL sent by the RADIUS server cannot be applied because of
TCAM overflow.
AUTH-ERR Rejected by RADIUS due to wrong user name or password in
the RADIUS server.
FLTR-ERR RADIUS accept message contains more than two filter IDs.
FRS-MTH-DENY First method is deny.
IPv6WithMAC RADIUS accept message contains filter with IPv6 DIP and
MAC addresses.
IPV6WithNotIP RADIUS accept message contains IPv6 and not IP
simultaneously.
POL-BasicMode Policy is not supported in the QoS basic mode.
POL-DEL Policy was deleted by a user.
POL-OVRFL Policy sent by radius server can not be applied because of
TCAM overflow.
RAD-APIERR RADIUS API returned error (e.g. No RADIUS server is
configured).
RAD_INVLRES RADIUS server returned invalid packet (e.g. EAP attribute is
missing).
RAD-NORESP RADIUS server is not responding.
VLAN-DFLT VLAN sent by a RADIUS server cannot be applied because it
is the default VLAN.
VLAN-DYNAM VLAN sent by RADIUS server cannot be applied because it is
a dynamic VLAN.
VLAN-GUEST VLAN sent by RADIUS server cannot be applied because it is
the Guest VLAN.
Dell PowerConnect 55xx Systems User Guide 143
Monitoring Users Using the CLI Commands
The following table summarizes the CLI commands for monitoring users:
The following is an example of the CLI commands:
Table 8-15. Monitoring Users CLI Commands
CLI Command Description
show dot1x monitoring result
[username username]
Displays the captured information of each
interface/host on the switch/stack.
console# show dot1x monitoring Tom
Username: Tom
Port g1
Quiet period: 60 Seconds
Tx period: 30 Seconds
Max req: 2
Supplicant timeout: 30 Seconds
Server timeout: 30 Seconds
Session Time (HH:MM:SS): 08:19:17
MAC Address: 00:08:78:32:98:78
Authentication Method: Remote
Assigned VLAN: 207
Reason for Failure:VLAN was not defined on Switch
144 Dell PowerConnect 55xx Systems User Guide
Host Authentication
Use the Host Authentication page to define the authentication mode on the
port, and the action to perform if a violation is detected.
To view ports and their authentication information:
1
Click
Switching
>
Network Security
>
Dot1 Authentication
>
Host
Authentication
to display the
Host Authentication: Summary
page.
Figure 8-15. Host Authentication: Summary
A list of the ports and their authentication modes is displayed. The fields
are defined on the
Edit
page with the exception of the following field:
Single Host Status
— Displays the host status. The possible options
are:
Unauthorized
— The port control is
Force Unauthorized
, the
port link is down or the port control is
Auto
, but a client has not
been authenticated via the port.
Dell PowerConnect 55xx Systems User Guide 145
Not in Auto Mode — The port control is
Forced Authorized
, and
clients have full port access.
Single-host Lock — The port control is
Auto
and a single client
has been authenticated via the port.
No Single Host
— Multiple Host is enabled.
Number of Violations
— Displays the number of packets that arrive
on the interface in single-host mode, from a host whose MAC address
is not the supplicant MAC address.
2
Click
Edit
.
3
In the
Port
drop-down list, select the port to which you want to apply the
authentication mode.
4
Enter the fields:
Host Authentication
— Define the host authentication type. The
options are:
Single
— Only a single authorized host can access the port. (Port
Security cannot be enabled on a port in single-host mode.)
Multiple Host
— Multiple hosts can be attached to a single
802.1x-enabled port. Only the first host must be authorized, and
then the port is wide-open for all who want to access the network.
If the host authentication fails, or an EAPOL-logoff message is
received, all attached clients are denied access to the network.
Multiple Session
— A number of specific authorized hosts may
access the port. Each host is treated as if it was the first and only
user and must be authenticated. Filtering is based on the source
MAC address.
Action on Single Host Violation
— Select the action to be applied to
packets arriving in Single Session/Single Host mode, from a host
whose MAC address is not the supplicant MAC address. The options
are:
Discard
— Discard the packets from any unlearned source.
Forward
— Forward the packets from an unknown source,
however, the MAC address is not learned.
146 Dell PowerConnect 55xx Systems User Guide
Shutdown
— Discard the packet from any unlearned source and
shut down the port. Ports remain shutdown until they are
activated, or the switch is reset.
Host Authentication pages:
The following is an example of the CLI commands:
Table 8-16. Host Authentication CLI Commands
CLI Command Description
dot1x host-mode {multi-
host|single-host|multi-
sessions}
Allows a single host (client) or multiple
hosts on an IEEE 802.1x-authorized port.
dot1x traps mac-
authentication failure
no dot1x traps mac-
authentication failure
Enables sending traps when a MAC
address is successfully authenticated by
the 802.1X mac-authentication access
control.
Use the no form of this command to
disable the traps.
dot1x traps mac-
authentication success
no dot1x traps mac-
authentication success
Enables sending traps when MAC address
was failed in authentication of the 802.1X
MAC authentication access control.
Use the no form of this command to
disable the traps.
dot1x violation-mode
{restrict | protect |
shutdown}
no dot1x violation-mode
Configures the action to be taken, when a
station whose MAC address is not the
supplicant MAC address, attempts to
access the interface.
Use the no form of this command to
return to default.
show dot1x advanced
[gigabitethernet|tengigabite
thernet] port-number]
Displays 802.1x advanced features for the
device or specified interface.
console(config)# interface gi1/0/1
console(config-if)# dot1x host-mode multi-host
console(config-if)# dot1x host-mode single-host
console(config-if)# dot1x host-mode multi-sessions
Dell PowerConnect 55xx Systems User Guide 147
Port Authentication Users
The Port Authentication Users page enables you to view users that attempted
to be authenticated.
To view ports and their authentication definitions:
1
Click
Switching
>
Network Security
>
Dot1 Authentication
>
Port
Authentication Users
to display the
Port Authentication Users
page.
Figure 8-16. Port Authentication Users
The ports and their authentication definitions are displayed.
User Name
— Supplicant names that were authenticated on each
port.
Port
— Number of port.
Session Time
— Amount of time (in seconds) that the supplicant was
logged on the port.
148 Dell PowerConnect 55xx Systems User Guide
Authentication Method
— Method by which the last session was
authenticated. The options are:
None
—No authentication is applied; it is automatically
authorized.
RADIUS
—Supplicant was authenticated by a RADIUS server.
MAC Address
—Displays the supplicant MAC address.
MAC Address
— MAC address of user who attempted to be
authenticated.
VLAN
— VLAN assigned to the user.
Filter
— Filter that was applied to the user by receiving the
policy/ACL name from the RADIUS server (Dynamic ACL
Assignment).
2
Click
Details
to view the names of the VLAN filters (
Filter #1
and
Filter
#2
) defined on the port, in addition to the above fields.
Dell PowerConnect 55xx Systems User Guide 149
Display Port Authentication Users Using the CLI Commands
The following table summarizes the CLI commands for displaying port
authentication users:
The following is an example of the CLI commands:
Table 8-17. Display Port Authentication Users CLI Commands
CLI Command Description
show dot1x users Displays active 802.1x authenticated users for the
device.
console# show dot1x users
Port User Session Auth MAC VLAN Filter
Name Time Method Address
------ ----- ----------- -------- -------------- ---- ------
gi1/0/1 Bob 1d 03:08:58 Remote 0008.3b79.8787 3
Port User Session Auth MAC VLAN Filter
Name Time Method Address
------ ----- ----------- -------- -------------- ---- ------
gi1/01 Bob 1d 09:07:38 Remote 0008.3b79.8787 3 OK
gi1/01 Tim 03:08:58 Remote 0008.3b79.3232 9 OK
gi1/03 Paul 02:12:48 Remote 0008.3b89.8237 8 Warning
console# show dot1x users username Bob
Port User Session Auth MAC VLAN Filter
Name Time Method Address
------ ----- ----------- -------- -------------- ---- ------
gi1/01 Bob 1d 09:07:38 Remote 0008.3b79.8787 3 OK
Dell PowerConnect 55xx Systems User Guide 150
9
Configuring System Information
This section describes how to set system parameters, such as security features,
switch software, system time, logging parameters and more.
It contains the following topics:
General Switch Information
Time Synchronization
•Logs
IP Addressing
•Diagnostics
Management Security
•DHCP Server
•DHCP Server
•File Management
Stack Management
•sFlow
Dell PowerConnect 55xx Systems User Guide 151
General Switch Information
This section describes how to view and set general switch parameters.
It contains the following topics:
•Asset Information
System Health
Power over Ethernet
Asset Information
Use the Asset page to view and configure general device information,
including the system name, location, contact, system MAC Address, System
Object ID, date, time, and system up time.
To configure general device parameters:
1
Click
System
>
General
>
Asset
in the tree view to display the
Asset
page.
Figure 9-1. Asset
152 Dell PowerConnect 55xx Systems User Guide
2
Enter/view the parameters:
System Name (0-159 Characters)
— Enter the user-defined device
name.
System Contact (0-159 Characters)
— Enter the name of the contact
person.
System Location (0-159 Characters)
— Enter the location where the
system is currently running.
MAC Address
— Displays the device MAC address.
Sys Object ID
— Displays the vendor's authoritative identification of
the network management subsystem contained in the entity.
Date
— Enter the current date (mandatory). This date can also be
entered in the
Manual Time Settings
page. If SNTP has been defined,
but the SNTP server is not available, the switch uses the date and time
in this field and the
Time
field.
Time
— Enter the current time (mandatory). This time can also be
entered in the
Manual Time Settings
page. If SNTP has been defined,
but the SNTP server is not available, the switch uses the date and time
in this field and the
Date
field.
System Up Time
— Displays the amount of time since the last device
reset.
3
For each unit in the stack (displayed in
Unit No
.), the following
information is displayed:
Service Tag
— Displays the service reference number used when
servicing the device.
Asset Tag
— Enter the device asset tag.
Serial No.
— Displays the device serial number.
4
Enter the
Asset Tag (0-16 Characters)
for each unit in the stack. This is
the user-defined reference for the unit.
Dell PowerConnect 55xx Systems User Guide 153
Entering Asset Information Using the CLI Commands
The following table summarizes the CLI commands for entering fields
displayed on the Asset
page.
The following is an example of the CLI commands
Table 9-1. Asset CLI Command
CLI Command Description
snmp-server contact text
no snmp-server contact
Configures the system contact
(sysContact) name.
Use the no form of the command to
remove the system contact
information.
snmp-server location text
no snmp-server location
Configures the system location
string.
Use the no form of this command to
remove the location string.
hostname name
no hostname
Specifies the device host name.
Use the no form of the command to
remove the existing host name.
clock set hh:mm:ss
{month|day} year
Sets the system clock to this time.
asset-tag [unit unit] tag
no asset-tag [unit unit]
Assigns the asset tag to the unit.
Removes the asset tag from the unit.
console (config)# asset-tag 2365491870
154 Dell PowerConnect 55xx Systems User Guide
System Health
To view the device’s power information and set fan administration state:
1
Click
System
>
General
>
System
Health
in the tree view to display the
System Health
page.
Figure 9-2. System Health
The
System Health
page displays the following fields:
Unit No.
— The unit in the stack for which information is displayed.
Power Supply Status
—Displays the following columns:
PS
— The power status of the internal power unit. The possible
options are:
Checked
— The power supply is operating normally.
Unchecked
— The power supply is not operating normally.
Not Present
— The power supply is currently not present.
Dell PowerConnect 55xx Systems User Guide 155
RPS
— The device has one of two auxiliary power supplies:
Redundant Power Supply (RPS) for non-PoE devices and Modular
Power Supply (MPS) for PoE devices. Only one of these may be
present at one time. For each type of power supply, the possible
options are:
Checked
— The power supply is operating normally.
Unchecked
— The power supply is not operating normally.
Not Present
— The power supply is currently not present.
Temperature
— Displays the temperature on the device.
Fan Status
— The device has two fans. The device constantly
measures the internal temperature, and powers the fans on/off
according to the temperature. The user can set the fans to be
constantly on. The possible options are:
Checked
— The fans are operating normally.
Unchecked
— At least one of the fans is not operating
normally.
Fan Admin State
— On/Auto status that user configured in the
Edit
page.
Fan Current Level
— Specifies whether the fan is actually on or off.
2
The lower block displays the condition under which a fan will be turned on
or off.
Fan Level
— The on or off level.
Condition
— The temperature at which the fans will be turned on or
off. The device temperature is displayed in Celsius. The device
temperature threshold is 40 C (104 F).Table 11-2 displays the
temperature in Fahrenheit in increments of 5.
NOTE: It is recommended to leave Fan User Level at Auto so that the fans
operate according to the temperature of the switch.
3
To control the fans on a unit, or set the default value, click
Edit
, and enter
the fields:
Unit ID
— Select the unit ID whose fan will be adjusted.
156 Dell PowerConnect 55xx Systems User Guide
Fan Admin State
— Set one of the options:
Auto
— Fans are turned on when the internal temperature of the
switch is higher than the threshold displayed on the
Summary
page in the
Condition
field.
ON
— Turns fan on under all conditions
Table 9-2. Celsius to Fahrenheit Conversion Table
Viewing System Health Information Using the CLI Commands
The following table summarizes the CLI commands for viewing fields
displayed on the System Health
page.
Celsius Fahrenheit
032
541
10 50
15 59
20 68
25 77
30 86
35 95
40 104
Table 9-3. System Health CLI Command
CLI Command Description
show system [unit unit]Displays system information.
system fans always-on
[unit unit]
no system fans always-on
Sets the system fans to On regardless of device
temperature.
Use the no form of the command to return to
default
show system fans Displays the fans’ status.
Dell PowerConnect 55xx Systems User Guide 157
The following is an example of the CLI commands:
Power over Ethernet
A Power over Ethernet (PoE) switch is a type of PSE (Power Sourcing
Equipment) that delivers electrical power to connected Powered Devices
(PDs) over existing copper cables, without interfering with the network
traffic, updating the physical network or modifying the network
infrastructure.
Using PoE eliminates the need to:
Place all network devices next to power sources.
Deploy double-cabling systems, significantly decreasing installation costs.
PoE can be used in any network that deploys relatively low-powered devices
connected to the Ethernet LAN. PDs are devices that receive power from the
PowerConnect power supplies, such as:
•IP phones
console# show system
Unit Type
---- ----------------------
2 PowerConnect 5548
Unit Main Power Supply Redundant Power Supply
---- ----------------- ----------------------
2 OK
Unit Fans Status
---- -------------
2 OK
Unit Temperature (Celsius) Temperature Sensor Status
---- ------------------------- ---------------------
2 41 OK
Unit Up time
---- ---------------
2 02,00:03:32
158 Dell PowerConnect 55xx Systems User Guide
Wireless access points
•IP gateways
Audio and video remote monitoring devices
PDs are connected to the device via the Gigabit ports.
To configure PoE parameters on devices equipped with PoE:
1
Click
System
>
General
>
Power over Ethernet
in the tree view to display
the
Power Over Ethernet: Summary
page.
Figure 9-3. Power Over Ethernet: Summary
2
The PoE global parameters are displayed:
Power Status
— The inline power source status.
On
— The power supply unit is functioning.
Off
— The power supply unit is not functioning.
Dell PowerConnect 55xx Systems User Guide 159
Faulty
— The power supply unit is functioning, but an error has
occurred, for example, a power overload or a short circuit.
Nominal Power
— The actual amount of power the device can supply,
in watts.
Consumed Power
— The amount of the power used by the device, in
watts.
3
Enter the following parameters:
System Usage Threshold (1-99 Percent)
— Enter the percentage of
power consumed before a trap is generated.
Traps
— Enable/disable traps if system usage goes over the threshold.
The possible options are:
Enable
— Enables PoE traps on the device. If traps are enabled,
you must also enable SNMP, and configure at least one SNMP
notification recipient.
Disable
— Disables PoE traps on the device.
4
To view PoE port settings for a unit in the stack, select its
Unit ID
. The
port PoE parameters are displayed for all ports on the unit. The fields
displayed in this block are described in the
Edit
page.
5
To set PoE settings for a port, click
Edit
.
6
Select a port in the
Port
field, and enter the following PoE parameters for
the PDs connected to this port.
PoE Admin Status
— Select the device PoE mode. The possible
options are:
Auto
— Enables the Device Discovery protocol, and provides
power to the device using the PoE unit. The Device Discovery
Protocol enables the device to discover Powered Devices attached
to the device interfaces, and to learn their classification.
Never
— Disables the Device Discovery protocol, and stops the
power supply to the device using the PoE module.
Power Priority Level
Enter the priority that determines the power
that is used if the power supply is from Critical to Low. If, for
example, the power supply is running at 99% usage, and port 1 is
prioritized as Critical, but port 3 is prioritized as Low, port 1 is will
receive power before port 3.
160 Dell PowerConnect 55xx Systems User Guide
Power Limit
(0-15.4) — Enter the maximum amount of power
that the PoE unit may deliver to this port.
Powered Device (0-24 characters)
— Enter a user-defined
description of the PD connected to the port, such as: "Bob Smith’s
telephone".
The following fields are displayed on this page:
PoE Operational Status
— Whether the port is currently providing
power. If it is not providing power, the reason is displayed.
Power Consumption
— The amount of power being consumed by
the powered device.
Overload Counter
— Total power overload occurrences.
Short Counter
— Total power shortage occurrences.
Denied Counter
— Number of times the powered device was
denied power.
Absent Counter
N
umber of times the power supply was stopped to
the PD because it was no longer detected. f
Invalid Signature Counter
— Number of times an invalid signature
was received. Signatures are the means by which the powered device
identifies itself to the PSE. Signatures are generated during powered
device detection, classification, or maintenance.
Managing PoE Using the CLI Commands
The following table describes the CLI commands for viewing fields displayed
on the Power Over Ethernet pages.
Table 9-4. Power Over Ethernet CLI Commands
CLI Command Description
power inline {auto|never}Configures the administrative status of
the inline power on an interface.
power inline powered-device
pd-type
no power inline powered-
device
Adds a description of the powered device
type. Use the no version of the command
to remove the description.
Use the no form of this command to
restore the default configuration.
Dell PowerConnect 55xx Systems User Guide 161
The following is an example of the CLI commands:
power inline priority
{critical|high|low}
no power inline priority
Configures the priority of the interface
from the point of view of inline power
management.
Use the no form of this command to
restore the default configuration.
power inline usage-threshold
no power inline usage-
threshold
Configures the threshold for triggering
alarms.
Use the no form of this command to
restore the default configuration.
power inline traps enable
no power inline traps enable
Enables PoE device traps.
Use the no form of this command to
disable traps.
power inline limit-mode
{class|port}
no power inline limit-mode
Sets the power limit mode of the system.
Use the no form of this command to
return to default.
show power inline
[[[gigabitethernet|tengigabi
tethernet]port-number|vlan
vlan-id|port-channel LAG-
number]|module stack-member-
number]
Displays PoE configuration information
for all interfaces or for a unit in the stack.
console# show power inline
Unit Power Nominal Power Consumed Power Usage Threshold Traps
---- ------- ------------- ------------------ --------------- -----
1 Off 1 Watts 0 Watts (0%) 95 Disable
2 Off 1 Watts 0 Watts (0%) 95 Disable
3 Off 1 Watts 0 Watts (0%) 95 Disable
4 Off 1 Watts 0 Watts (0%) 95 Disable
Table 9-4. Power Over Ethernet CLI Commands (Continued)
CLI Command Description
162 Dell PowerConnect 55xx Systems User Guide
Time Synchronization
The system clock runs from the moment the system starts up, and keeps track
of the date and time.
The date and time may be either set manually, or it may be received from an
SNTP server.
This section describes how to set system time, and contains the following
sections:
Manual Time Settings
Setting System Time and Daylight Savings Time
CLI Commands for Setting Manual Time
System Time from an SNTP Server
Global Settings (Clock Source)
SNTP Global Settings
SNTP Authentication
–SNTP Servers
–SNTP Interfaces
CLI Script for Receiving Time from an SNTP Server
Manual Time Settings
This section describes how to set the system time manually on the device.
It contains the following topics:
Setting System Time and Daylight Savings Time
CLI Commands for Setting Manual Time
Dell PowerConnect 55xx Systems User Guide 163
Setting System Time and Daylight Savings Time
Use the Manual Time Settings page to set system date/time manually (as
opposed to receiving them from an external SNTP server). For more
information on SNTP, see "System Time from an SNTP Server" on page 170.
If system time is kept using an external SNTP clock, and the external SNTP
clock fails, the system time reverts to the time set here or in the Asset page.
In addition to setting the local clock, you can use this page to enable Daylight
Savings Time (DST) on the device.
The following is a list of DST start and end times in various countries:
Albania
— Last weekend of March until the last weekend of October.
Australia
— From the end of October until the end of March.
Australia
- T
asmania
— From beginning of October until the end of
March.
Armenia
— Last weekend of March until the last weekend of October.
Austria
— Last weekend of March until the last weekend of October.
Bahamas
— From April to October, in conjunction with U.S. summer
hours.
Belarus
— Last weekend of March until the last weekend of October.
Belgium
— Last weekend of March until the last weekend of October.
Brazil
— From the 3rd Sunday in October until the 3rd Saturday in
March. During the period of Daylight Saving Time, Brazilian clocks go
forward one hour in most of the Brazilian southeast.
Chile
— Easter Island 9th March 12th October. The first Sunday in March
or after 9th March.
China
— China does not operate Daylight Saving Time.
Canada
— From the first Sunday in April until the last Sunday of October.
Daylight Saving Time is usually regulated by provincial and territorial
governments. Exceptions may exist in certain municipalities.
Cuba
— From the last Sunday of March to the last Sunday of October.
Cyprus
— Last weekend of March until the last weekend of October.
Denmark
— Last weekend of March until the last weekend of October.
Egypt
— Last Friday in April until the last Thursday in September.
164 Dell PowerConnect 55xx Systems User Guide
Estonia
— Last weekend of March until the last weekend of October.
Finland
— Last weekend of March until the last weekend of October.
France
— Last weekend of March until the last weekend of October.
Germany
— Last weekend of March until the last weekend of October.
Greece
— Last weekend of March until the last weekend of October.
Hungary
— Last weekend of March until the last weekend of October.
India
— India does not operate Daylight Saving Time.
Iran
— From 1st Farvardin until the 1st Mehr.
Iraq
— From 1st April until 1st October.
Ireland
— Last weekend of March until the last weekend of October.
Israel
— Varies year-to-year.
Italy
— Last weekend of March until the last weekend of October.
Japan
— Japan does not operate Daylight Saving Time.
Jordan
— Last weekend of March until the last weekend of October.
Latvia
— Last weekend of March until the last weekend of October.
Lebanon
— Last weekend of March until the last weekend of October.
Lithuania
— Last weekend of March until the last weekend of October.
Luxembourg
— Last weekend of March until the last weekend of October.
Macedonia
— Last weekend of March until the last weekend of October.
Mexico
— From the first Sunday in April at 02:00 to the last Sunday in
October at 02:00.
Moldova
— Last weekend of March until the last weekend of October.
Montenegro
— Last weekend of March until the last weekend of October.
Netherlands
— Last weekend of March until the last weekend of October.
New Zealand
— From the first Sunday in October until the first Sunday
on or after 15th March.
Norway
— Last weekend of March until the last weekend of October.
Paraguay
— From 6th April until 7th September.
Poland
— Last weekend of March until the last weekend of October.
Portugal
— Last weekend of March until the last weekend of October.
Dell PowerConnect 55xx Systems User Guide 165
Romania
— Last weekend of March until the last weekend of October.
Russia
— From the 29th March until the 25th October.
Serbia
— Last weekend of March until the last weekend of October.
Slovak
R
epublic
— Last weekend of March until the last weekend of
October.
South Africa
— South Africa does not operate Daylight Saving Time.
Spain
— Last weekend of March until the last weekend of October.
Sweden
— Last weekend of March until the last weekend of October.
Switzerland
— Last weekend of March until the last weekend of October.
Syria
— From 31st March until 30th October.
Taiwa n
— Taiwan does not operate Daylight Saving Time.
Turkey
— Last weekend of March until the last weekend of October.
United Kingdom
— Last weekend of March until the last weekend of
October.
United States of America
— From the second Sunday of March at 02:00
to the first Sunday of November at 02:00.
166 Dell PowerConnect 55xx Systems User Guide
To manually set the device time:
1
Click
System
>
Time Synchronization
>
Manual Time Settings
in the
tree view to display the
Manual Time Settings
page.
Figure 9-4. Manual Time Settings
2
Enter the following local settings:
Date
— The system date.
Local Time
— The system time.
Time Zone Offset
— The difference between Greenwich Mean Time
(GMT) and local time. For example, the Time Zone Offset for Paris is
GMT +1:00, while the local time in New York is GMT –5:00.
3
To set Daylight Savings Time (DST), select the
Daylight Savings
field and
select one of the possible options:
USA
— The device switches to DST at 2 a.m. on the second Sunday
of March, and reverts to standard time at 2 a.m. on the first Sunday of
November.
Dell PowerConnect 55xx Systems User Guide 167
European
— The device switches to DST at 1:00 am on the last
Sunday in March, and reverts to standard time at 1:00 am on the last
Sunday in October. The
European
option applies to EU members,
and other European countries using the EU standard.
Other
— Specifies that you will set DST manually in the fields
described below.
If you selected
USA
or
European
you are finished. If you selected
Other
,
proceed to the next step.
There are two types of DST possible when
Others
is selected. You can set a
specific date in a particular year, or you can set a recurring setting,
irrespective of the year. For a specific setting in a particular year, complete
the
Daylight Savings
area, and for a recurring setting, complete the
Recurring
area.
If
Other
is selected, the
From
and
To
fields must be defined either in the
Non-recurring
or
Recurring
section.
4
To enter non-recurring DST parameters, enter the following fields:
From
— The time that DST begins. The possible options are:
DD/MMM/YY
— The date, month, and year at which DST
begins.
HH/MM
— The time (hour and minutes) at which DST begins.
To
— The time that DST ends. The possible options are:
DD/MMM/YY
— The date, month, and year at which DST ends.
HH/MM
— The time (hour and minutes) at which DST ends.
5
To enter recurring DST parameters, select
Recurring
and enter the
following fields:
From
— The time that DST begins each year, for example, DST
begins locally every second Sunday in April at 5:00 am. The possible
options are:
Day
— The day of the week from which DST begins every year.
Week
— The week within the month from which DST begins
every year.
Month
— The month of the year in which DST begins every year.
168 Dell PowerConnect 55xx Systems User Guide
Time
— The time at which DST begins every year.
To
— The recurring time that DST ends each year, for example, DST
ends locally every fourth Friday in October at 5:00 am. The possible
options are:
Day
— The day of the week at which DST ends every year.
Week
— The week within the month at which DST ends every
year.
Month
— The month of the year in which DST ends every year.
Time
— The time at which DST ends every year.
CLI Commands for Setting Manual Time
The following steps (in any order) must be completed before setting time
manually:
Set system time
Define the time zone in relation to GMT.
Configure Daylight Savings Time.
The following table summarizes the CLI commands for setting fields
displayed in the Manual Time Setting pages when the clock source is Local.
Table 9-5. Manual Time Setting CLI Commands
CLI Description
clock set hh:mm:ss {[day
month]|[month day]} year
Set the system clock to this time.
clock summer-time zone
recurring {usa|eu|{week
day month hh:mm week day
month hh:mm}}[offset]
Configures the system to automatically
switch to summer time (according to the
USA and European standards) every year on a
recurring basis.
Dell PowerConnect 55xx Systems User Guide 169
clock summer-time zone
date date month year hh:mm
date month year hh:mm
[offset]
clock summer-time zone
date month date year hh:mm
month date year hh:mm
[offset]
no clock summer-time
Configures the system to automatically
switch to summer time (Daylight Savings
Time) for a specific period - date/month/year
format.
Use the no form of the command to
configure the system not to switch to
summer time (Daylight Savings Time).
clock timezone zone hours-
offset [minutes offset]
Sets the time zone and names it "zone" for
display purposes.
show clock Displays the time and date from the system
clock.
Table 9-5. Manual Time Setting CLI Commands (Continued)
CLI Description
170 Dell PowerConnect 55xx Systems User Guide
A sample script to set system time manually is shown below
System Time from an SNTP Server
This section describes how to receive date/time from an SNTP server.
It contains the following topics:
SNTP Overview
SNTP Global Settings
SNTP Authentication
•SNTP Servers
•SNTP Interfaces
Table 9-6. CLI Script to Set Manual System Time
CLI Description
Console# clock set 13:32:00 7 Nov 2010 Set the system time.
console# configure
console(config)# clock timezone Ohio +2
Set the time zone to GMT
plus 2 hours. The name of
the zone "Ohio" is purely for
documentation purposes.
This is not mandatory for
manual time, but is
recommended. It enables
anyone seeing the time to
know what that time is in
respect to their timezone.
console(config)# clock summer-time
Ohio_Summer recurring usa
Set Daylight Savings Time
such that it recurs every year
and is based on the summer
time schedule of the USA.
The name of the zone
"Ohio_Summer" is for
documentation purposes
only.
console(config)# exit
console# show clock
Display the system time.
Dell PowerConnect 55xx Systems User Guide 171
SNTP Overview
The switch supports the Simple Network Time Protocol (SNTP), which
provides accurate network switch clock time synchronization of up to 100
milliseconds. The implementation of SNTP is based on SNTPv4 (RFC 2030).
SNTP is a simple and lighter version of NTP, and can be used when the
ultimate performance of the full NTP implementation, described in
RFC-1305, is not required. SNTP operates with NTP, thus an SNTP client
can work with both SNTP and NTP servers.
The switch operates only as a client, and cannot provide time services to other
systems.
SNTP Server Types
The switch can accept time information from the following server types:
•Unicast
Polling for Unicast information is used for polling a server whose IP
address is known. This is the preferred method for synchronizing device
time, as it is most secure.
Up to eight SNTP servers can be defined.
If this method is selected, SNTP information is accepted only from SNTP
servers defined in the
SNTP Servers
page.
Time levels T1 - T4 (see the "Algorithm for Selecting Designated SNTP
Server" on page 173 section) are used to determine from which server time
information is accepted.
If Unicast polling is not enabled or if no servers are defined on the device,
the device accepts time information from any SNTP server of the type that
is enabled, which responds.
•Anycast
Polling for Anycast information is used when the SNTP server’s IP address
is not defined or it cannot be reached. If this method is enabled, time
information can be received from any SNTP server on the network. The
172 Dell PowerConnect 55xx Systems User Guide
device time and date are synchronized when it proactively requests
synchronization information.
Anycast polling to get time information is preferable to Broadcast polling,
because it is more secure.
Time levels T3 and T4 are used to determine from which server time
information is accepted.
Broadcast
Broadcast information is used if receiving Broadcast packets has been
enabled, and one of the following situations occurs:
The SNTP server IP address has not been defined.
Several time-information packets are received and the Broadcast time
is best according to the algorithm defined in "Algorithm for Selecting
Designated SNTP Server" on page 173.
Broadcast is the least secure method of receiving time, because it is both
unsecured and the time information was not specifically requested by the
device. Anycast is also unsecured, but time-information packets are only
accepted if they were requested.
Stratums
Each SNTP server is characterized by stratums, which define the accuracy of
its clock. The stratum is the distance, in terms of NTP hops, from the most
authoritative time server. The lower the stratum (where zero is the lowest),
the more accurate the clock. The switch accepts time from stratum 1 and
above.
The following provides examples of clocks from various stratums:
Stratum 0
— A real time clock is used as the time source, for example, a
GPS system.
Stratum 1
— A server that is directly linked to a Stratum 0 time source is
used.
Stratum 2
— The time source is distanced from the Stratum 1 server over
a network path, for example, a Stratum 2 server receives the time over a
network link, via NTP, from a Stratum 1 server.
Dell PowerConnect 55xx Systems User Guide 173
Algorithm for Selecting Designated SNTP Server
Messages received from SNTP servers are logged, until there are three
responding servers, or the timer expires. In any event, when the third message
is received, the timer expires.
A server is selected to be the “designated server” according to the following
criteria:
The stratum (the distance in terms of NTP hops from the best
authoritative time servers) is considered, and the server with the best
(lowest) stratum is selected.
If there is a tie in stratums, packets from servers defined on the device are
preferred to Anycast packets, which in turn are preferred to Broadcast
packets.
If multiple servers pass the above criteria, then the server that sent the first
(earliest) time packet is chosen.
If a better server is discovered later, it is selected to be the “designated server
at that time.
Polling
You can configure the system to acquire time information in the following
ways:
Enable polling
— Time information is requested every polling interval.
Do not enable polling
— Time information is received when the system is
brought up and every time that a topological change is made to the
Running Configuration file, for example when an SNTP Unicast server is
added.
This is configured by the user in the SNTP Global Settings page.
On power up, when the switch sends a request and there is no reply, it issues
another request (three retries at most) after 20 seconds of waiting.
If no SNTP server is found, the process is invoked every “poll interval” (set in
the SNTP Global Settings page), and a management trap is triggered.
Authentication
You can require that SNTP servers be authenticated, although this is not
mandatory (see the SNTP Authentication pages).
174 Dell PowerConnect 55xx Systems User Guide
MD5 (Message Digest 5) Authentication safeguards device synchronization
paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash
value. MD5 is a variation of MD4, and increases MD4 security.
MD5 both verifies the integrity of the communication and authenticates the
origin of the communication.
Global Settings (Clock Source)
System time can be set manually, or it may be received from an external
SNTP server. You if wish to set the system time manually, you do not to use
the Global Settings page, because the default is manual (local) system time.
To set the clock source:
1
Click
System
>
Time Synchronization
>
Global Settings
in the tree view
to display the
Global Settings
page.
Figure 9-5. Global Settings
Dell PowerConnect 55xx Systems User Guide 175
2
Select the
Clock Source
. The possible options are:
Local
System time is taken from the device’s internal clock. Set this
as defined in "Manual Time Settings" on page 162.
SNTP
System time is set via an SNTP server. Set SNTP parameters
as defined in "System Time from an SNTP Server" on page 170.
Defining the Clock Source Using CLI Commands
The following table summarizes the CLI commands for setting the clock
source.
The following is an example of the CLI commands:
SNTP Global Settings
If SNTP was selected as the clock source in the Global Settings page, you
must define the mechanism of setting time from an SNTP server. This is
done in the SNTP pages, described below.
Table 9-7. Clock Source CLI Command
CLI Description
clock source {sntp}
no clock source
Configures an external time source for the
system clock.
Use the no form of this command to disable
the external time source.
show clock [detail]Displays the time and date from the system
clock and its source.
console# configure
console(config)# clock source sntp
console# show clock detail
3:29:03 UTC Sep 7 2010
Time source is sntp
Time zone:
Offset is UTC+0
176 Dell PowerConnect 55xx Systems User Guide
To define the types of server from which the device accepts SNTP
information and the polling interval:
1
Click
System
>
Time Synchronization
>
SNTP Global Settings
in the
tree view to display the
SNTP Global Settings
page.
Figure 9-6. SNTP Global Settings
2
Enter the fields:
Poll Interval (60-86400)
— Enter the interval (in seconds) at which
the SNTP servers are polled.
Receive Broadcast Servers Updates
— Enable/disable receiving time
information from Broadcast servers.
Receive Anycast Servers Updates
— Enable/disable receiving time
information from Anycast SNTP servers.
Receive Unicast Servers Updates
— Enable/disable receiving time
information from the SNTP servers defined on the switch.
Poll Unicast Requests
— Enable/disable sending SNTP Unicast server
time information requests to the SNTP server.
Dell PowerConnect 55xx Systems User Guide 177
Defining SNTP Global Settings Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the SNTP Global Settings pages.
The following is an example of the CLI commands:
SNTP Authentication
Use the SNTP Authentication page to enable/disable SNTP authentication
between the device and an SNTP server, and to set the means by which the
SNTP server is authenticated.
Table 9-8. SNTP Global Parameters CLI Commands
CLI Command Description
sntp client poll timer
seconds
no sntp client poll timer
Sets the polling time for an SNTP client.
Use the no form of this command to
restore the default configuration.
sntp broadcast client
enable
no sntp broadcast client
enable
Enables SNTP Broadcast clients.
Use the no form of this command to
disable SNTP Broadcast clients.
sntp anycast client enable
no sntp anycast client
enable
Enables SNTP Anycast clients.
Use the no form of this command to
disable SNTP Anycast clients.
sntp unicast client enable
no sntp unicast client
enable
Enables SNTP predefined Unicast clients.
Use the no form of this command to
disable SNTP Unicast clients.
show sntp configuration Displays SNTP configuration
console(config)# sntp anycast client enable
178 Dell PowerConnect 55xx Systems User Guide
To configure SNTP authentication:
1
Click
System
>
Time Synchronization
>
SNTP Authentication
in the
tree view to display the
SNTP Authentication:
Summary
page.
Figure 9-7. SNTP Authentication: Summary
The previously-defined authentication keys are displayed.
2
Enable/disable
SNTP Authentication
. This enables/disables
authenticating SNTP sessions between the device and an SNTP server.
3
Multiple keys can be defined. To add a new SNTP authentication key, click
Add
, and enter the
fields.
Encryption Key ID (1 - 4294967295)
— Enter the number used to
identify this SNTP authentication key internally.
Authentication Key (1 - 8 Characters)
— Enter the key used for
authentication. The SNTP server must send this key for the switch to
use its time/date information.
Dell PowerConnect 55xx Systems User Guide 179
Trusted Key
— Check to specify
that the encryption key is used to
authenticate the (Unicast) SNTP server. If this is not checked, the
key is not used for authentication (and another key(s) is used).
Defining SNTP Authentication Settings Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the SNTP Authentication pages.
The following is an example of the CLI commands:
Table 9-9. SNTP Authentication CLI Commands
CLI Command Description
sntp authenticate
no sntp authenticate
Defines authentication for received SNTP
traffic from servers.
Use the no form of this command to disable
the feature.
sntp trusted-key key-
number
no sntp trusted-key key-
number
Authenticates the identity of a system to
which SNTP will synchronize.
Use the no form of this command to disable
system identity authentication.
sntp authentication-key
key-number md5 value
no sntp authentication-
key key-number
Defines an authentication key for SNTP.
Use the no form of this command to remove
the authentication key for SNTP.
console(config)# sntp authenticate
console(config)# sntp trusted-key 8
console(config)# sntp authentication-key 8 md5 Clkkey
180 Dell PowerConnect 55xx Systems User Guide
SNTP Servers
To add an SNTP server or display SNTP server information:
1
Click
System
>
Time Synchronization
>
SNTP Servers
in the tree view to
display the
SNTP Servers: Summary
page.
Figure 9-8. SNTP Servers: Summary
The following is displayed for the previously-defined servers:
SNTP Server
— IP address of server.
Polling
— Polls the selected SNTP server for system time information,
when enabled.
Encryption Key ID
— Key Identification used to communicate
between the SNTP server and device.
Dell PowerConnect 55xx Systems User Guide 181
Preference
— SNTP server providing SNTP system time information.
The system displays on of the following options:
Primary
— The server from which time was last accepted.
Secondary
— All other servers from which time was received.
Status
— The operating SNTP server status. The possible options are:
Up
— The SNTP server is currently operating normally.
Down
— An SNTP server is currently not available, for example,
the SNTP server is currently not connected or is currently down.
In progress
— The SNTP server is currently sending or receiving
SNTP information.
Unknown
— The progress of the SNTP information currently
being sent is unknown, for example, the device is currently
looking for an interface.
Last Response
— The last time a response was received from the
SNTP server.
Offset
The estimated offset of the server's clock, relative to the
local clock, in milliseconds. The host determines the value of this
offset, using the algorithm described in RFC 2030.
Delay
— The estimated round-trip delay of the server's clock, relative
to the local clock over the network path between them, in
milliseconds. The host determines the value of this delay, using the
algorithm described in RFC 2030.
2
To add an SNTP Server, click
Add
, and enter the fields:
Supported IP Format
— Select whether IPv4 or IPv6 format is used
for the IP address of the SNTP server.
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. Select one of the possible
options:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
182 Dell PowerConnect 55xx Systems User Guide
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. Select one of the
possible options:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
SNTP Server
— Enter the SNTP server’s IP address.
Poll Interval
— Enable/disable polling the selected SNTP server for
system time information, when enabled.
Encryption Key ID
— Check to use an encryption key, and select one
of the encryption keys that was defined in the
SNTP Authentication
pages.
Defining SNTP Servers Settings Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the SNTP Server pages.
Table 9-10. SNTP Server CLI Commands
CLI Command Description
sntp server {ipv4-
address|ipv6-address|ipv6-
address|hostname} [poll]
[key key-id]
no sntp server {ipv4-
address|ipv6-address|ipv6-
address|hostname}
Configures the device to use SNTP to
request and accept SNTP traffic from a
server.
Use the no form of this command to
remove a server from the list of SNTP
servers.
sntp unicast client poll
no sntp unicast client poll
Enables polling for the SNTP predefined
Unicast clients.
Use the no form of this command to
disable the polling for the SNTP client.
show sntp status Displays the SNTP server statuses.
Dell PowerConnect 55xx Systems User Guide 183
The following is an example of the CLI commands:
SNTP Interfaces
If receiving time information from Anycast servers is enabled, you can
determine through which interface the Anycast packets are sent and received.
If no interface is defined, Anycast requests are not sent.
console(config)# sntp server 100.1.1.1 poll key 10
console# show sntp status
Clock is unsynchronized
Unicast servers:
Server Status Last Response Offset Delay
[mSec] [mSec]
--------------- --------- ------------- -------- -------
Anycast server:
Server Interface Status Last Response Offset Delay
[mSec] [mSec]
--------------- -------- -------------- ------ ------
Broadcast:
Interface IP Address Last Response
------------ --------------- -----------------------
gi1/0/1 00:00:00.0 Jan 1 2010
184 Dell PowerConnect 55xx Systems User Guide
To enable receiving Anycast updates on an interface:
1
Click
System
>
Time Synchronization
>
SNTP Interface Settings
to
display the
SNTP Interface Settings: Summary
page.
Figure 9-9. SNTP Interface Settings: Summary
The following fields are displayed for every interface for which an SNTP
interface has been enabled:
Interface
— The port, LAG or VLAN on which SNTP is enabled.
Receive Servers Updates
— Displays whether the interface is enabled
to receive updates from the SNTP server.
2
To add an interface that can receive SNTP server updates, click
Add
.
3
Select an interface and enable/disable
State
to indicate that the interface
can now receive/not receive SNTP server updates.
Dell PowerConnect 55xx Systems User Guide 185
Defining SNTP Interface Settings Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the SNTP Interface Settings pages.
Table 9-11. SNTP Interface Settings CLI Commands
CLI Command Description
sntp client enable
{[[gigabitethernet|tengigabitethern
et] port-id|vlan vlan-id|port-
channel LAG-number]}
no sntp client enable
{[[gigabitethernet|tengigabitethern
et]port-number|vlan vlan-id|port-
channel LAG-number]}
Enables the SNTP client on an
interface in Global
Configuration mode.
Use the no form of this
command to disable the SNTP
client.
sntp client enable
no sntp client enable
Enables SNTP client on an
interface in Interface
Configuration mode.
Use the no form of this
command to disable the SNTP
client.
show sntp configuration Shows the configuration of the
Simple Network Time Protocol
(SNTP).
186 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
CLI Script for Receiving Time from an SNTP Server
The following is a sample script that configures receiving system time from an
SNTP server.
console# configure
console(config)# sntp client enable gi1/0/1
console# exit
console# configure
console(config)# interface gi1/0/1
console(config-if)# sntp client enable
console# show sntp configuration
SNTP port : 123 .
Polling interval: 1024 seconds.
No MD5 authentication keys.
Authentication is not required for synchronization.
No trusted keys.
Unicast Clients: Disabled
Unicast Clients Polling: Disabled
Server Polling Encryption Key
----------------------------- ---------- -----------
Broadcast Clients: disabled
Anycast Clients: disabled
Broadcast Interfaces: gi1/0/1
Table 9-12. Manual Time Setting CLI Commands
CLI Description
console# configure
console(config)#clock source sntp
Set the source of time as
an SNTP server.
Dell PowerConnect 55xx Systems User Guide 187
console(config)#sntp client poll timer 6 Set polling time to 6
seconds.
console(config)#sntp unicast client
enable
Enable accepting time
from predefined Unicast
clients.
console(config)#sntp unicast client poll Enable polling predefined
Unicast clients.
console(config)#sntp server 10.4.1.3
poll
Define the server that will
be used as an SNTP
server.
console(config)#exit
console# show sntp configuration
Display SNTP settings.
console# show sntp status Display SNTP servers.
Table 9-12. Manual Time Setting CLI Commands (Continued)
CLI Description
188 Dell PowerConnect 55xx Systems User Guide
Logs
The Logs feature enables the switch to keep several, independent logs. Each
log is a set of entries that record system events.
It contains the following topics:
System Log Overview
Global Parameters
RAM Log
Log File (in Flash)
Login History
Remote Log Server
System Log Overview
System logs record events and report errors or informational messages. Some
aspects of system logging can be configured, as described below. When you
configure system logging, the configuration applies to all units in the stack.
Some events are automatically logged, such as hardware problems. You may
enable/disable logging the following types of events:
Authentication Events
in the
Global Parameters
page
Copy File Events
in the
Global Parameters
page
Management Access Events
in the
Global Parameters
page
Login History
in the
Login History
page
Event messages have a unique format, as per the System Logs (SYSLOG)
protocol recommended message format for all error reporting, for example,
SYSLOG and local device reporting messages are assigned a severity code,
and include a message mnemonic that identifies the source application
generating the message.
Messages may be filtered, based on their urgency or relevancy.
Events may be logged to the following destinations:
•Console
Logging buffer (RAM)
— Messages are stored in a cyclical file buffer.
When the maximum number of messages is reached, messages are written
starting at the beginning of the buffer (overwriting the old messages).
Dell PowerConnect 55xx Systems User Guide 189
Logs stored on the Logging buffer are deleted when the device is reset.
Logging file (flash)
— Messages are stored in flash memory. When the
buffer is full, messages are written starting at the beginning of the memory
block (overwriting the old messages).
SYSLOG Server
— Messages are sent to a remote server. This is useful for
central and remote management and to provide more space for storage of
messages.
Up-to eight SYSLOG servers can be defined in the Remote
Log Server Settings pages.
You can select where to send logging messages according to their severity.
Each of the severity level can be directed to the console, RAM log, flash log
file or SYSLOG server or to any combination of these destinations.
Global Parameters
Use the Global Parameters page to enable/disable logging for the following
logging severity levels.
Emergency
— If the device is down or not functioning properly, an
emergency log message is saved to the specified logging location.
Alert
— An alert log is saved if there is a serious device malfunction,
for example, all device features are down.
Critical
— A critical log is saved if a critical device malfunction
occurs, for example, two device ports are not functioning, while the
rest of the device ports remain functional.
Error
— A device error has occurred, for example, a single port is
offline.
Warning
— The lowest level of a device warning. The device is
functioning, but an operational problem has occurred.
Notice
— Provides device information to which you might have to
respond.
Informational
— Provides device information to which you do not
have to respond.
Debug
— Provides debugging messages.
190 Dell PowerConnect 55xx Systems User Guide
If you enable logging, some events are automatically logged, and in addition,
you can enable/disable specific types of logging and set their destination.
To configure logging:
1
Click
System
>
Logs
>
Global Parameters
in the tree view to display the
Global Parameters
page.
Figure 9-10. Global Parameters
2
Enable/disable
logging in the
Logging
drop-down list. Console logs are
enabled by default, and cannot be disabled.
3
If Logging is enabled, select the types of events to be logged in addition to
the events that are always logged:
Log Authentication Events
— Enable/disable generating logs when
users are authenticated.
Dell PowerConnect 55xx Systems User Guide 191
Log Copy Files Events
— Enable/disable generating logs when files
are copied.
Log Management Access Events
— Enable/disable generating logs
when the device is accessed using a management method, for
example, each time the device is accessed using SSH, a device log is
generated.
4
To select the destination of logging messages, according to their severity
levels, check the minimum severity level that will be associated with the
console log, RAM log, Log file (Flash memory) and remote SYSLOG
servers. When a severity level is selected, all severity levels above the
selection are selected automatically.
Enabling Logs Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Global Parameters page.
Table 9-13. Global Log Parameters CLI Commands
CLI Command Description
logging on
no logging
Enables error message logging.
Turns off error message logging.
logging console level
no logging console level
Limits messages logged to the
console, based on severity.
Use the no form of this command to
disable logging limiting to the
console.
logging file level
no logging file
Limits SYSLOG messages stored in
flash memory, based on severity.
Use the no form of this command to
cancel using the buffer.
file-system logging
{copy|delete-rename}
Enables the logging of file system
events.
192 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
management logging {deny}
no management logging {deny}
Enables Management Access List
(ACL) deny events.
Use the no form of this command to
disable logging management access
list events.
aaa logging {login}
no aaa logging {login}
Enables logging authentication login
events.
Use the no form of this command to
disable logging authentication login
events.
console# configure
console(config)# logging on
console(config)# logging console errors
console(config)# logging file alerts
Table 9-13. Global Log Parameters CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 193
RAM Log
To manage the RAM log buffer:
1
Click
System
>
Logs
>
RAM Log
in the tree view to display the
RAM Log
page.
Figure 9-11. RAM Log
The
Max RAM Log Entries (20-400)
line, which contains the maximum
number of RAM log entries permitted, is displayed. When the log buffer is
full, the oldest entries are overwritten. The
Current Setting
contains how
many entries are currently permitted, and you can change this number in
the
New Setting (after reset)
field.
The following is displayed for the existing logs:
Log Index
— The log number in the RAM Log table.
194 Dell PowerConnect 55xx Systems User Guide
Log Time
— The time at which the log was entered into the RAM Log
table.
Severity
— The log severity.
Description
— The log entry text.
2
To remove all entries from the RAM log, click
Clear Log
.
Viewing and Clearing the RAM Log Table Using the CLI Commands
The following table summarizes the CLI commands for setting the size of the
RAM log buffer, viewing, and clearing entries in the RAM log.
The following is an example of the CLI commands:
Table 9-14. RAM Log Table CLI Commands
CLI Command Description
logging buffered
size
no logging buffered
Sets the number of SYSLOG messages stored in the
internal buffer (RAM).
Use the no form of this command to cancel using the
buffer.
show logging Displays the RAM logging buffer.
clear logging Clears the RAM logging buffer.
console(config)# logging buffered 300
04-Oct-2010 09:47:04 %SYSLOG-N-LOGGINGBFRSIZE: the number
of syslog messages stored in the internal buffer will be
changed to 300 (after reboot).
Dell PowerConnect 55xx Systems User Guide 195
Log File (in Flash)
To view and/or clear the flash memory log file:
1
Click
System
>
Logs
>
Log File
in the tree view to display the
Log File
page.
Figure 9-12. Log File
The following is displayed for the existing logs:
Log Index
— The log number in the Log file.
Log Time
— The time at which the log was entered.
Severity
— The log severity.
Description
— The log entry text.
2
To remove all entries from the log file, click
Clear Log
.
196 Dell PowerConnect 55xx Systems User Guide
Displaying the Log File Table Using the CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Log File page.
The following is an example of the CLI commands:
Login History
Use the Login History page to monitor users, including the time a user
logged in, and the protocol used to log on to the device.
Table 9-15. Log File Table CLI Commands
CLI Command Description
show logging file Displays the logging state and the SYSLOG
messages stored in the logging file.
console# show logging file
Logging is enabled.
Console Logging: Level info. Console Messages: 0 Dropped.
Buffer Logging: Level info. Buffer Messages: 62 Logged, 62
Displayed, 200 Max.
File Logging: Level debug. File Messages: 11 Logged, 51
Dropped.
SysLog server 1.1.1.1 Logging: info. Messages: 0 Dropped.
01-Jan-2000 01:12:01 :%COPY-W-TRAP: The copy operation was
completed successfully
01-Oct-2010 01:11:49 :%LINK-I-Up: gi/1/0/11
01-Oct-2010 01:11:46 :%LINK-I-Up: gi/1/0/12
Dell PowerConnect 55xx Systems User Guide 197
To enable user history logging and view user login history:
1
Click
System
>
Logs
>
Login History
in the tree view to display the
Login History
page.
Figure 9-13. Login History
The login history for the selected user or all users is displayed.
2
Enable/disable
Login History to File
to record login history.
3
Select a user or
All
from the
User Name
drop-down list. The login history
for this user is displayed in the following fields:
Login Time
— The time the selected user logged on to the device.
User Name
— The user that logged on to the device.
Protocol
— The means by which the user logged on to the device.
Location
— The IP address of the station from which the device was
accessed.
198 Dell PowerConnect 55xx Systems User Guide
Displaying the Device Login History Using CLI Commands
The following table summarizes the CLI commands for viewing and setting
fields displayed in the Login History page.
The following is an example of the CLI commands:
Table 9-16. Login History CLI Commands
CLI Command Description
aaa login-history file
no aaa login-history file
Enables writing to the login history file.
Use the no form of this command to disable
writing to the login history file.
show users login-history
[username]
Displays the user’s login history.
console (config)# aaa login-history file
console# show users login-history
Login Time Username Protocol Location
----------- -------- -------- ----------
01-Oct-2010
23:58:17
admin HTTP 172.16.1.8
01-Oct-2010
07:59:23
admin Telnet 172.16.0.8
Dell PowerConnect 55xx Systems User Guide 199
Remote Log Server
Log messages can be sent to remote log servers, using the SYSLOG protocol.
To add a remote log server:
1
Click
System
>
Logs
>
Remote Server Settings
in the tree view to display
the
Remote Log Server: Summary
page.
Figure 9-14. Remote Log Server: Summary
The previously-defined remote servers are displayed.
2
To add a remote log server, click
Add
, and enter the fields:
Supported IP Format
— Select whether the IPv4 or IPv6 format is
supported.
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
200 Dell PowerConnect 55xx Systems User Guide
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
New Log Server IP Address
— Enter the IP address of the remote
SYSLOG server.
UDP Port (1-65535)
— Enter the UDP port to which the logs are sent
for the selected server.
Facility
— Select a user-defined application from which system logs
are sent to the remote server. Only a single facility can be assigned to a
single server. If a second facility level is assigned, the first facility level
is overridden. All applications defined for a device utilize the same
facility on a server.
Description (0-64 Characters)
— Enter a server description.
Severity to Include
— Check the severity levels to be logged to the
remote server. The event severity levels are listed on this page in
descending order from the highest severity to the lowest. When a
severity level is selected to appear in a log, all higher severity events are
automatically selected to appear in the log. When a security level is
not selected, no lower severity events appear in the log.
Dell PowerConnect 55xx Systems User Guide 201
Working with Remote Server Logs Using the CLI Commands
The following table summarizes the CLI command for working with remote
log servers.
The following is an example of the CLI commands:
Table 9-17. Remote Log Server CLI Commands
CLI Command Description
logging host {ipv4-address|ipv6-
address|hostname} [port port-id]
[severity level] [facility
facility] [description text]
no logging host {ipv4-
address|ipv6-address|hostname}
Logs messages to a remote server
with this IP address.
Use the no form of this command
to delete the SYSLOG server with
the specified address from the list
of SYSLOGs.
show syslog-servers Displays list of SYSLOG servers.
console (configure) # logging host 1.1.1.1
console# show syslog-servers
Device Configuration
---------------------------------------------------------
IP Address Port Facility Severity Description
----------- ----- -------- ----------- -----------
1.1.1.1 514 local7 info
1.1.1.2 514 local7 info
1.1.1.3 514 local7 info
1.1.1.4 514 local7 info
202 Dell PowerConnect 55xx Systems User Guide
IP Addressing
This section describes how to configure IP addresses on the switch, and
contains the following topics:
IP Addressing Overview
IPv4 Interface Parameters
DHCP IPv4 Interface
IPv4 Static Routing
•IPv6 Interfaces
IPv6 Default Gateway
•ISATAP Tunnel
IPv6 Neighbors
•IPv6 Routes Table
Domain Name System
Default Domain Names
Host Name Mapping
•ARP
UDP Relay
IP Addressing Overview
The device functions as an IPv6-compliant host, as well as an IPv4-host (also
known as dual stack). This enables device operation in a pure-IPv6 network,
as well as in a combined IPv4/IPv6 network.
Difference Between IPv4 and IPv6 Addressing
The primary difference between IPv4 to IPv6 is the length of network
addresses. IPv6 addresses are 128 bits, whereas IPv4 addresses are 32 bits.
Thus, IPv6 addresses enable the use of many more unique addresses.
The 128-bit IPv6 address format is divided into eight groups of four
hexadecimal digits. Abbreviation of this format by replacing a group of zeros
with double colons (::) is acceptable. IPv6 address representation can be
further simplified by suppressing the leading zeros.
Dell PowerConnect 55xx Systems User Guide 203
All IPv6 address formats are acceptable, yet for display purposes, the system
displays the most abbreviated form, which replaces groups of zeros with
double colons and removes the leading zeros.
IPv6 Prefixes
While Unicast IPv6 addresses written with their prefix lengths are permitted,
in practice their prefix lengths are always 64 bits, and therefore are not
required to be expressed. Any prefix that is less than 64 bits is a route or
address range that summarizes a portion of the IPv6 address space.
For every assignment of an IP address to an interface, the system runs the
Duplicate Address Detection (DAD) algorithm to ensure uniqueness.
An intermediary transition mechanism is required for IPv6-only nodes to
communicate with IPv6 nodes over an IPv4 infrastructure. The tunneling
mechanism implemented is the Intra-Site Automatic Tunnel Addressing
Protocol (ISATAP). This protocol treats the IPv4 network as a virtual IPv6
local-link, with each IPv4 address mapped to a Link Local IPv6 address.
IPv4 Interface Parameters
You can assign IP addresses to the interface in the following ways:
Manual Assignment — Described below
DHCP Server Assignment — Described in "DHCP IPv4 Interface" on
page 207
Multiple IP addresses can be configured in the IPv4 Interface Parameters
pages. These IP addresses can be assigned to a port, LAG, or VLAN interface.
When an IP address is assigned, it is checked for uniqueness in the following
way:
A gratuitous ARP request is sent three times every three seconds.
If after (3+1)*3 = 12 seconds the switch has not received the ARP
response, the IP address is considered to be unique.
During the procedure the switch has to reply to gratuitous ARP and probe
ARP requests with the validated IP address.
204 Dell PowerConnect 55xx Systems User Guide
The IP address is assigned even if the above validation procedure concludes
that the IP address in question is not unique, but a SYSLOG message is
generated.
In addition to the above validation procedure every time a switch receives an
ARP request with a sender IP address that is equal to its IP address defined on
the input interface it sends a SYSLOG message informing of IP duplication,
containing the sender IP and MAC addresses, from the received ARP
message.
To assign an IP address to an interface, and to define subnets to which traffic
can be routed:
1
Click
System
>
IP Addressing
>
IPv4 Interface Parameters
in the tree
view to display the
IP Interface Parameters: Summary
page.
Figure 9-15. IPv4 Interface Parameters: Summary
Dell PowerConnect 55xx Systems User Guide 205
The previously-assigned IP addresses are displayed.
2
To add an IP address to an interface, click
Add
, and enter the fields:
IP Address
— Enter the IP address assigned to the interface.
Network Mask
— Select the subnetwork mask to which traffic can be
routed.
Prefix Length
— Enter the number of bits that comprise the IP
address prefix of the subnetwork.
Interface
— Select the interface for which the IP address is defined.
Select an interface type
Port
,
LAG
, or
VLAN
and the specific
interface number.
Defining IPv4 Interfaces Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the IPv4 Interfaces Parameters page.
Table 9-18. IPv4 Interface Parameters CLI Commands
CLI Command Description
ip address ip-address
{mask|prefix-length}
no ip address [ip-address]
Sets an IP address.
Use the no form of the command to
remove an IP address.
show ip interface
[[gigabitethernet|tengigabitet
hernet]port-number|vlan vlan-
id|port-channel LAG-number]
Displays the usability status of
interfaces configured for IP.
206 Dell PowerConnect 55xx Systems User Guide
The following are sample procedures to configure a static IPv4 address on an
interface using CLI and then to remove it:
Table 9-19. Sample CLI Script to Configure IPv4 Statically on a VLAN
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# interface vlan 1Enter Interface mode for
VLAN 1.
console(config-if)# ip address
10.5.225.40 /27
Set the routing interface with
prefix length of 27.
console(config-if)# ip default-
gateway 10.5.225.33
Set the address of the default
gateway
console(config-if)# no ip address Remove the address (if
required).
Table 9-20. Sample CLI Script to Configure IPv4 Statically on a Port
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# interface gi1/0/1 Enter Interface mode for port
1 on unit 1.
console(config)# no switchport Enable the port to work as an
IP interface (Layer 3 mode).
console(config-if)# ip address
10.5.225.40 /27
Configure an IP address with
prefix length of 27.
console(config-if)# ip default-
gateway 10.5.225.33
Set the address of the default
gateway
console(config-if)# no ip address Remove the address (if
required).
Dell PowerConnect 55xx Systems User Guide 207
DHCP IPv4 Interface
The switch can operate in the following ways:
It can function as a DHCP client that obtains its own IP from a DHCP
server, as described in this section
It can function as a DHCP server that allocates IP addresses to other
devices, as described in "DHCP Server" on page 290
When the interface is configured as a DHCP client, it keeps requesting an IP
address from the DHCP server, until it receives one. It then sends Address
Resolution Protocol (ARP) packets to confirm the uniqueness of the IP
address. If the ARP response shows that the IP address is in use, the switch
sends a DHCPDECLINE message to the DHCP server, and sends another
DHCPDISCOVER packet that restarts the process.
IP address collisions occur when the same IP address is used in the same IP
subnet by more than one device. Address collisions require administrative
actions on the DHCP server and/or the devices that collide.
Up to 32 interfaces (ports, LAGs, and/or VLAN) on the switch can be
configured with a static or dynamic IP address. The IP subnets to which these
IP addresses belong are known as directly connected/attached IP subnets.
The IP address assignment rules for the switch are as follows:
If the IP address on the switch is changed, the switch issues gratuitous
ARP packets to the corresponding VLAN, to check IP address collisions.
When a client must renew its lease, prior to its expiration date, a
DHCPREQUEST message is sent.
A specific interface can have either a static IP address or a dynamic IP
address, but not both.
208 Dell PowerConnect 55xx Systems User Guide
To define the switch as a DHCP client:
1
Click
System
>
IP Addressing
>
DHCP IPv4 Interface
in the tree view to
display the
DHCP IPv4 Interface: Summary
page.
Figure 9-16. DHCP IPv4 Interface: Summary
Dell PowerConnect 55xx Systems User Guide 209
The previously-configured DHCP IPv4 interfaces are displayed.
2
To add an interface that can receive an IP address, click
Add
and select the
whether the interface is a port, LAG or VLAN in the
Interface
field.
Defining DHCP IPv4 Interfaces Using CLI Commands
The following table summarizes the CLI commands for setting fields in the
DHCP IPv4 Interface pages.
Table 9-21. DHCP IPv4 Interface CLI Commands
CLI Command Description
ip address dhcp
no ip address dhcp
Acquires an IP address on an Ethernet interface
from the Dynamic Host Configuration Protocol
(DHCP).
Use the no form of this command to release an
acquired IP address.
210 Dell PowerConnect 55xx Systems User Guide
Configuring DHCP IPv4 Interfaces Using CLI
The following is a sample CLI script to configure a dynamic IPv4 address on
an interface and then to remove it:
IPv4 Static Routing
IPv4 static routes can be configured for IP addresses that are not on directly
connected networks. These are defined in the IPv4 Static Routing pages.
Table 9-22. Sample CLI Script to Configure IPv4 Dynamically on a VLAN
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# interface vlan 1Enter VLAN mode for VLAN
1.
console(config)# no switchport Enable the port to work as an
IP interface (Layer 3 mode).
console(config-if)# ip address dhcp Use the DHCP protocol to
acquire the IP address.
console(config-if)# no ip address
dhcp
Remove the address (if
required).
Table 9-23. Sample CLI Script to Configure IPv4 Dynamically on a Port
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# interface vlan 1Enter VLAN mode for VLAN
1.
console(config-if)# ip address dhcp Use the DHCP protocol to
acquire the IP address.
console(config-if)# no switchport Enable the port to work as an
IP interface (Layer 3 mode).
console(config-if)# no ip address
dhcp
Remove the address (if
required).
Dell PowerConnect 55xx Systems User Guide 211
When routing traffic, the next hop is determined according to the longest
prefix match (LPM algorithm). A destination IPv4 address may match
multiple routes in the IPv4 Static Route table. The switch uses the matched
route with the longest prefix match.
To add an IPv4 static route:
1
Click
System
>
IP Addressing
>
IPv4 Static Routing
in the tree view to
display the
IPv4 Static Routing: Summary
page.
Figure 9-17. IPv4 Static Routing: Summary
2
Click
Add
to add a destination, and enter the fields:
Destination IP Prefix
— Enter the destination IPv4 prefix. If all zeros
are entered, this represents a default route.
Network Mask
— Select the destination IPv4 mask.
Prefix Length
— Select the length of the destination IPv4 address
prefix.
212 Dell PowerConnect 55xx Systems User Guide
Next Hop
— Enter the IP address to which the packet is forwarded on
the route to the destination address. This is typically the address of a
neighboring switch.
Route Type
— Select the route type. The possible options are:
Reject
— Rejects the route and stops routing to the destination
network via all gateways. This ensures that if a frame arrives with
the destination IP of this route, it is dropped.
Remote
— The route is a remote path.
Metric
(1-255) — Enter the administrative distance (cost) to the
destination.
Defining IPv4 Static Routing Using CLI Commands
The following table summarizes the CLI commands for configuring IPv4
static routing.
The following is an example of the CLI command:
Table 9-24. IPv4 Static Routing CLI Commands
CLI Command Description
ip routing
no ip routing
Enables IPv4 Routing.
Use the no format of the
command to disable IPv4
Routing.
ip route prefix {mask|prefix-
length} ip-address-next-hop
[metric distance] [reject-route]
no ip route prefix {mask|prefix-
length} [ip-address-next-hop]
Configures static routes.
Use the no form of this
command to remove static
routes.
show ip route Displays the current routing
table state.
console(config)# ip route prefix 192.168.1.1 /8
10.5.234.255 metric 3 reject-route
Dell PowerConnect 55xx Systems User Guide 213
Configuring Two IP Networks on Two Different VLANS Using CLI
The following shows how to configure two IP networks on two different
VLANS using CLI:
To test this setup described in Figure 11-18:
1
Connect a host whose address is 1.1.1.2 to interface 1/0/1 (default route
1.1.1.1)
2
Connect a host whose address 2.1.1.2 to port 1/0/2 (default route 2.1.1.1)
3
Ping from 1.1.1.2 to 2.1.1.2 to verify the configuration
Table 9-25. Sample CLI Script to Configure Two IP Networks on Two Different VLANSs
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# vlan database Enter VLAN mode.
console(config-vlan)# vlan 100-150 Create VLANs number 100 to
150.
console(config-vlan)# exit Exit VLAN mode.
console(config)#interface gi1/0/1 Enter Interface mode for port
1 on unit 1.
console(config-if)# switchport access
vlan 100
Make port a member of
VLAN 100.
console(config-if)# ip address
1.1.1.1 255.255.255.0
Set the IP address with mask.
console(config-vlan)# exit Exit Interface mode for port.
console(config)#interface gi1/0/2 Enter Interface mode for port
2 on unit 1.
console(config-if)# switchport access
vlan 150
Make port a member of
VLAN 150.
console(config-if)# ip address
2.1.1.1 255.255.255.0
Set the IP address with mask.
console(config-vlan)# exit Exit Interface mode for port.
214 Dell PowerConnect 55xx Systems User Guide
Figure 9-18. IP Routing Setup
IPv6 Interfaces
The system supports IPv6-addressable hosts.
To define IPv6 interfaces:
1
Click
System
>
IP Addressing
>
IPv6 Interface
in the tree view to open
the
IPv6 Interface: Summary
page.
Figure 9-19. IPv6 Interface: Summary
PC 1.1.1.1
Switch
PC 2.1.1.1
VLAN 100
VLAN 150
Dell PowerConnect 55xx Systems User Guide 215
2
Select an interface. The IPv6 addresses defined on the interface are
displayed. In addition to the fields described in the
Add
pages, the
following fields are displayed:
ICMP Error Rate Limit Interval (0-2147483647)
— Enter the
rate-limit interval for ICMPv6 error messages in milliseconds. The
value of this parameter together with the Bucket Size parameter
(below) determines how many ICMP error messages may be sent per
time interval, for example, a rate-limit interval of 100 ms and a bucket
size of 10 messages translates to 100 ICMP error messages per second.
ICMP Error Rate Limit Bucket Size (1-200)
— Enter the bucket size
for ICMPv6 error messages. The value of this parameter together with
the
ICMP Error Rate Limit Interval
parameter determines how many
ICMP error messages may be sent per time interval, for example, a
rate-limit interval of 100 ms and a bucket size of 10 messages
translates to 100 ICMP error messages per second.
3
To add a new IPv6 interface, click
Add IPv6 Interface
, and enter the fields:
Interface
— Select an IPv6 interface to be configured.
Number of DAD Attempts
— Enter the number of consecutive
neighbor solicitation messages that are sent on an interface while
Duplicate Address Detection (DAD) is performed on Unicast IPv6
addresses on this interface. New addresses remain in a tentative state
while duplicate address detection is performed. A field value of 0,
disables duplicate address detection processing on the specified
interface. A field value of 1, indicates a single transmission without
follow up transmissions.
Autoconfiguration
— Enable/disable stateless auto configuration of
IPv6 address assignment. When enabled, the router solicitation ND
procedure is initiated. This discovers a router in order to assign an IP
address to the interface, based on prefixes received with RA messages.
When auto configuration is disabled, no automatic assignment of
IPv6 global Unicast addresses is performed, and existing,
automatically-assigned IPv6 global Unicast addresses are removed
from the interface.
216 Dell PowerConnect 55xx Systems User Guide
Send ICMP Unreachable
— Enable/disable transmission of ICMPv6
address Unreachable messages. When enabled, unreachable messages
are generated for any packet arriving on the interface with unassigned
TCP/UDP port.
4
To add an address to an IPv6 interface, click
Add IPv6 Address
, and enter
the fields for the selected interface:
IPv6 Address Type
— Check the means by which the IP address was
added to the interface. The possible options are:
Link Local
— The IP address is link local; non-routable and can
be used for communication on the same network only. A Link
Local address has a prefix of 'FE80'.
Global Unicast
— The IP address is a globally unique IPv6
Unicast address; visible and reachable from different subnets
.
Global Anycast
— The IP address is a globally unique IPv6
Anycast address; visible and reachable from different subnets
.
IPv6 Address
— Enter the IPv6 address assigned to the interface. The
address must be a valid IPv6 address, specified in hexadecimal using
16-bit values between colons. An example of an IPv6 address is
2031:0:130F:0:0:9C0:876A:130D and the compressed version is
represented as 2031:0:130F::9C0:876A:130D. Up to five IPv6
addresses (not including Link Local addresses) can be set per
interface, with the limitation of up to128 addresses per system.
Prefix Length
— For global Unicast or Anycast, enter the length of the
IPv6 prefix. The length is a decimal value that indicates how many of
the high-order contiguous bits of the address comprise the prefix (the
network portion of the address). The Prefix field is applicable only on a
static IPv6 address defined as a
Global IPv6
address.
EUI-64
— For global Unicast or Anycast, check to use the EUI-64
option.
Dell PowerConnect 55xx Systems User Guide 217
Defining IPv6 Interfaces Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the IPv6 Interface pages.
Table 9-26. IPv6 Interfaces CLI Commands
CLI Command Description
ipv6 enable [no-autoconfig]
no ipv6 enable
Enables the IPv6 addressing mode on an
interface.
Use the no form of this command to
disable the IPv6 addressing mode on an
interface
ipv6 address autoconfig
no ipv6 address autoconfig
Enables automatic configuration of IPv6
addresses, using stateless auto
configuration on an interface. Addresses
are configured depending on the prefixes
received in Router Advertisement
messages.
Use the no form of this command to
disable address auto configuration on the
interface.
ipv6 icmp error-interval
milliseconds [bucketsize]
no ipv6 icmp error-interval
Configures the rate limit interval and
bucket size parameters for IPv6 Internet
Control Message Protocol (ICMP) error
messages.
Use the no form of this command to
return the interval to its default setting.
ipv6 address ipv6-
address/prefix-length [eui-64]
[anycast]
no ipv6 address [ipv6-
address/prefix-length] [eui-
64]
Configures an IPv6 address for an
interface.
Use the no form of this command to
remove the address from the interface.
218 Dell PowerConnect 55xx Systems User Guide
ipv6 address ipv6-
address/prefix-length link-
local
no ipv6 address link-local
Configures an IPv6 link-local address for
an interface.
Use the no form of this command to
return to the default link local address on
the interface.
ipv6 unreachables
no ipv6 unreachables
Enables the generation of ICMP for IPv6
(ICMPv6) unreachable messages for
packets arriving on a specified interface.
Use the no form of this command to
prevent the generation of unreachable
messages.
ipv6 nd dad attempts attempt Configures the number of consecutive
neighbor solicitation messages that are
sent on an interface while Duplicate
Address Detection (DAD) is performed
on the unicast IPv6 addresses of the
interface.
show ipv6 interface
[[gigabitethernet|tengigabite
thernet] port-number|vlan
vlan-id|port-channel LAG-
number]
Displays the usability status of interfaces
configured for IPv6.
show ipv6 icmp error-interval Displays the IPv6 ICMP error
interval.
Table 9-26. IPv6 Interfaces CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 219
The following is a sample script to configure IPv6 using CLI:
IPv6 Default Gateway
Use the IPv6 Default Gateway pages to configure and view the default IPv6
router addresses. This list contains routers that are candidates to become the
switch default router for non-local traffic. The switch randomly selects a
router from the list. The switch supports one static IPv6 default router.
Dynamic default routers are routers that have sent router advertisements to
the switch IPv6 interface.
When adding or deleting IP addresses, the following events occur:
When removing an IP interface, all of its default gateway IP addresses are
removed.
Dynamic IP addresses cannot be removed.
An alert message is displayed after a user attempts to insert more than one
IP address.
An alert message is displayed when attempting to insert a non-Link Local
type address.
Table 9-27. Sample CLI Script to Configure IPv6 on a Port
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# interface vlan 1Enter VLAN mode for VLAN
1.
console(config-if)# ipv6 enable Enable IPv6 (dynamic).
console(config-if)# ipv6 address
5::1/64
Set the IPv6 address (static)
220 Dell PowerConnect 55xx Systems User Guide
To configure a router:
1
Click
System
>
IP Addressing
>
IPv6 Default Gateway
in the tree view to
display the
IPv6 Default Gateway: Summary
page.
Figure 9-20. IPv6 Default Gateway: Summary
The previously-defined routers are displayed with the following fields:
IPv6 Default IPv6 Address
— The router’s address.
Interface
— The interface on which the router is accessed.
Ty p e
— The means by which the default gateway was configured. The
possible options are:
Static
— The default gateway is user-defined.
Dynamic
— The default gateway is dynamically configured
through router advertisement.
Dell PowerConnect 55xx Systems User Guide 221
State
— The router’s status. The possible options are:
Incomplete
— Address resolution is in progress and the link-layer
address of the default gateway has not yet been determined.
Reachable
— The default gateway is known to have been
reachable recently (within tens of seconds ago).
Stale
— The default gateway is no longer known to be reachable
but until traffic is sent to the default gateway, no attempt is made
to verify its reachability.
Delay
— The default gateway is no longer known to be reachable,
and traffic has recently been sent to the default gateway. Rather
than probe the default gateway immediately, however, there is a
delay sending probes for a short while in order to give upper-layer
protocols a chance to provide reachability confirmation.
Probe
— The default gateway is no longer known to be reachable,
and Unicast Neighbor Solicitation probes are being sent to verify
reachability.
Unreachable
— No reachability confirmation was received.
2
To add an IPv6 default gateway, click
Add,
and enter the fields:
IPv6 Address Type
— Displays that the IP address was added to the
interface through a link local address.
Link Local Interface
— Displays the outgoing interface through
which the default gateway can be reached.
Default Gateway IPv6 Address
— Enter the Link Local IPv6 address
of the default gateway.
Defining IPv6 Default Gateway Parameters Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the IPv6 Default Gateway pages
.
Table 9-28. IPv6 Default Gateway CLI Commands
CLI Command Description
ipv6 default-gateway ipv6-
address
Defines an IPv6 default gateway.
222 Dell PowerConnect 55xx Systems User Guide
The following are examples of these CLI command:
ISATAP Tunnel
To deliver IPv6 addresses in an IPv4 network, a tunneling process must be
defined that encapsulates IPv6 packets in IPv4 packets.
The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv6
transition mechanism that is used to transmit IPv6 packets between
dual-stack nodes (nodes that can accept both IPv4 and IPv6 addresses) on top
of an IPv4 network.
When enabling ISATAP on a tunnel interface, an explicit IPv4 address is
configured as the tunnel source, or an automatic mode exists, where the
lowest IPv4 address is assigned to an IP interface. This source IPv4 address is
used for setting the tunnel interface identifier according to ISATAP
addressing conventions. When a tunnel interface is enabled for ISATAP, the
tunnel source must be set for the interface in order for the interface to
become active.
An ISATAP address is represented using the [64-bit prefix]:0:5EFE:w.x.y.z,
where 5EFE is the ISATAP identifier and w.x.y.z is a public or private IPv4
address. Thus, a Link Local address will be represented as FE80::5EFE:w.x.y.z
show ipv6 route Displays the current state of the IPv6 routing
table.
console(config)# ipv6 default-gateway fe80::abcd
console(config-if)# do show ipv6 route
Codes: L - Local, S - Static, I - ICMP, ND - Router
Advertisement
The number in the brackets is the metric.
L 3000::/64 is directly connected, VLAN 20 Lifetime Infinite
L 4003::/64 is directly connected, VLAN 20 Lifetime Infinite
L 5003::/64 is directly connected, VLAN 20 Lifetime Infinite
L 6003::/64 is directly connected, VLAN 20 Lifetime Infinite
Table 9-28. IPv6 Default Gateway CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 223
After the last IPv4 address is removed from the interface, the ISATAP IP
interface state becomes inactive and is represented as Down, however the
Admin state remains Enabled.
When defining tunneling, note the following:
An IPv6 Link Local address is assigned to the ISATAP interface. The initial
IP address is assigned to the interface, and the interface state becomes
Active
.
If an ISATAP interface is active, the ISATAP router IPv4 address is resolved
via DNS by using ISATAP-to-IPv4 mapping. If the ISATAP DNS record is
not resolved, the ISATAP host name-to-address mapping is searched in the
host name cache.
When an ISATAP router IPv4 address is not resolved via the DNS process,
the status of the ISATAP IP interface remains Active. The system does not
have a default gateway for ISATAP traffic until the DNS procedure is
resolved.
In order for an ISATAP Tunnel to work properly over an IPv4 network, an
ISATAP router is must be set up.
224 Dell PowerConnect 55xx Systems User Guide
To define an IPv6 ISATAP tunnel:
1
Click
System
>
IP Addressing
>
IPv6 ISATAP Tunnel
in the tree view to
display the
ISATAP Tunnel
page.
Figure 9-21. IPv6 ISATAP Tunnel
2
Enter the fields:
ISATAP Status
—Enable/disable the status of ISATAP on the device.
IPv4 Address Type
— Enter the source of the IPv4 address used by the
tunnel. The options are:
Auto
—Use the dynamic address.
None
—Disable the ISATAP tunnel
Manual
—Use the manual address assigned.
IPv4 Address
— Enter the local (source) IPv4 address of a tunnel
interface.
Dell PowerConnect 55xx Systems User Guide 225
Tunnel Router's Domain Name
— Enter a specific automatic tunnel
router domain name.
Domain Name Query Interval
(10 - 3600)
— Enter the interval
between DNS queries (before the IP address of the ISATAP router is
known) for the automatic tunnel router domain name.
ISATAP Router Solicitation Interval
(10 - 3600)
— Enter the interval
between router solicitations messages when there is no active router.
ISATAP Robustness (1 - 20)
— Enter the number of DNS
Query/Router Solicitation refresh messages that the device sends per
second.
Select the
Use Default
option to use the default setting of a field.
Defining ISATAP Tunnel Parameters Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the ISATAP Tunnel pages.
Table 9-29. ISATAP Tunnel CLI Commands
CLI Command Description
interface tunnel number Enters tunnel interface configuration
mode.
tunnel mode ipv6ip {isatap}
no tunnel mode ipv6ip
Configures an IPv6 transition
mechanism global support mode.
Use the no form of this command to
remove an IPv6 transition mechanism.
tunnel isatap router router_name
no tunnel isatap router
Configures a global string that
represents a specific automatic tunnel
router domain name.
Use the no form of this command to
remove the string associated with the
router domain name and restore the
default configuration.
tunnel source {auto|ip-address
ipv4-address}
no tunnel source
Sets the local (source) IPv4 address of
a tunnel interface.
Use the no form of the command to
delete the tunnel local address.
226 Dell PowerConnect 55xx Systems User Guide
The following is an example of a CLI script to create a tunnel:
tunnel isatap query-interval
seconds
no tunnel isatap query-interval
Configures the interval between DNS
Queries (before the IP address of the
ISATAP router is known) for the
automatic tunnel router domain
name.
Use the no form of this command to
restore the default configuration.
tunnel isatap solicitation-
interval seconds
no tunnel isatap solicitation-
interval
Configures the interval between
ISATAP router solicitations messages
(when there is no active ISATAP
router).
Use the no form of this command to
restore the default configuration.
tunnel isatap robustness number
no tunnel isatap robustness
Configures the number of DNS
Query/Router Solicitation refresh
messages that the device sends.
Use the no form of this command to
restore the default configuration.
show ipv6 tunnel Displays information on the ISATAP
tunnel.
Table 9-30. ISATAP Tunnel CLI Script
CLI Command Description
console#config Enter Global Configuration
mode.
console(config)# interface vlan 1 Enter Interface mode for
VLAN 1.
console(config-if)# ip address
10.5.225.40 /27
Configure an IP address with
prefix length of 27.
console(config-if)# ip default-gateway
10.5.225.33
console(config-if)#exit
Set the address of the default
gateway and exit Interface
mode.
Table 9-29. ISATAP Tunnel CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 227
console (config)# ip domain lookup Enable DNS lookup
console(config)# ip name-server
176.16.1.18
Define DNS server
console(config)# interface tunnel 1 Enter tunnel mode
console(config-tunnel)#tunnel mode
ipv6ip isatap
Enable tunnel.
console(config-tunnel)#tunnel source
auto
The system minimum IPv4
address will be used as the
source address for packets
sent on the tunnel interface.
console(config-tunnel)# do show ipv6
tunnel
Display tunnel configuration
Table 9-30. ISATAP Tunnel CLI Script
CLI Command Description
228 Dell PowerConnect 55xx Systems User Guide
IPv6 Neighbors
The Neighbors feature is similar in functionality to the IPv4 Address
Resolution Protocol (ARP) feature. It enables detecting Link Local addresses
within the same subnet, and includes a database for maintaining reachability
information about active neighbors.
The device supports a total of up to 64 neighbors, obtained statically or
dynamically.
When removing an IPv6 interface, all neighbors entered statically or learned
dynamically, are removed.
To add an IPv6 neighbor:
1
Click
System
>
IP Addressing
>
IPv6 Neighbors
in the tree view to
display the
IPv6 Neighbors: Summary
page.
Figure 9-22. IPv6 Neighbors: Summary
Dell PowerConnect 55xx Systems User Guide 229
The previously-defined neighbors are displayed along with their states.
The possible states are:
Incomplete
— An address resolution is in progress, and the link-layer
address of the neighbor has not yet been determined.
Reachable
— The neighbor is known to have been reachable recently
(within tens of seconds).
Stale
— The neighbor is no longer known to be reachable, but until
traffic is sent to the neighbor, no attempt is made to verify its
reachability.
Delay
— The neighbor is no longer known to be reachable, and traffic
has recently been sent to the neighbor. Rather than probe the
neighbor immediately, however, there is a delay sending probes for a
short while, in order to give upper-layer protocols a chance to provide
reachability confirmation.
Probe
— The neighbor is no longer known to be reachable, and
Unicast Neighbor Solicitation probes are being sent to verify
reachability.
2
To clear the Neighbors table, select one of the following options:
None
— Does not clear any entries.
Static Only
— Clears the static entries.
Dynamic Only
— Clears the dynamic entries.
All Dynamic and Static
— Clears the static and dynamic address
entries.
3
To add a new IPv6 neighbor, click
Add,
and enter the fields:
IPv6 Interface
— Displays the interface on which IPv6 Interface is
defined.
IPv6 Address
— Enter the neighbor IPv6 address.
MAC Address
— Enter the MAC address assigned to the interface.
230 Dell PowerConnect 55xx Systems User Guide
4
To modify or remove an IPv6 neighbor, click
Edit
, and enter the fields
described on the
Add
page.
5
If an entry for the specified IPv6 address already exists in the neighbor
discovery cache, as learned through the IPv6 neighbor discovery process,
you can convert the entry to a static entry. To do this, select
Static
in the
Ty p e
field.
Defining IPv6 Neighbors Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the IPv6 Neighbors pages.
Table 9-31. IPv6 Neighbors CLI Commands
CLI Command Description
ipv6 neighbor ipv6_addr
{[gigabitethernet|tengigabitethernet]
port-number|vlan vlan-id|port-channel
LAG-number]} mac_addr
no ipv6 neighbor ipv6_addr
{[gigabitethernet|tengigabitethernet]
port-number|vlan vlan-id|port-channel
LAG-number]}
Configures a static entry in
the IPv6 neighbor discovery
cache.
Use the no form of this
command to remove a static
IPv6 entry from the IPv6
neighbor discovery cache.
show ipv6 neighbors
{static|dynamic}[ipv6-address ipv6-
address] [mac-address mac-address]
[[gigabitethernet|tengigabitethernet]
port-number|vlan vlan-id|port-channel
LAG-number]]
Displays IPv6 neighbor
discovery cache information.
clear ipv6 neighbors Deletes all entries in the IPv6
neighbor discovery cache.
Dell PowerConnect 55xx Systems User Guide 231
The following is an example of the CLI commands:
console# config
console(config)# ipv6 neighbor 3000::a31b vlan 1
001b.3f9c.84ea
console# show ipv6 neighbors dynamic
Interface IPv6 Address HW Address State Router
--------- ------------ ---------- ----- -----
VLAN 1 3000::a31b 0001b.3f9c.84ea Reachable Yes
232 Dell PowerConnect 55xx Systems User Guide
IPv6 Routes Table
The
IPv6 Routes Table
describes how to reach IPv6 destinations. The routing
table is used to determine the next-hop address and the interface used for
forwarding.
Each dynamic entry also has an associated invalidation timer value (extracted
from Router Advertisements). This timer is used to delete entries that are no
longer advertised.
To view IPv6 destinations and how they are reached:
•Click
System
>
IP Addressing
>
IPv6 Routes Table
in the tree view to
display the
IPv6 Routes Table
page.
Figure 9-23. IPv6 Routes Table
The following is displayed for each IP address:
IPv6 Address
— The destination IPv6 address.
Dell PowerConnect 55xx Systems User Guide 233
Prefix Length
— The length of the IPv6 prefix. This field is applicable
only when the destination address is defined as a global IPv6 address.
Interface
— The interface that is used to forward the packet. Interface
refers to any Port, LAG or VLAN.
Next
Hop
— The address to which the packet is forwarded on the
route to the Destination address (typically the address of a
neighboring router). This can be either a Link Local or Global IPv6
address.
Metric
— The value used for comparing this route to other routes
with the same destination in the IPv6 route table. This is an
administrative distance with the range of 0-255.
Life-Time
— The timeout interval of the route if no activity takes
place.
Infinite
means the address is never deleted.
Route
Ty p e
— Specifies whether the destination is directly-attached
and the means by which the entry was learned. The possible options
are:
Local
— A directly-connected route entry.
Static
— Manually configured route, supported only for default
gateway, learned through the Neighbor Discover (ND) process.
ICMP
— The route was learned through ICMP Redirect
messages, sent by the router.
ND
— Route was learned by the ND protocol from Router
Advertisement messages.
Viewing IPv6 Routes Table Parameters Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the IPv6 Routes Table page.
Table 9-32. IPv6 Routes Table CLI Commands
CLI Command Description
show ipv6 route Displays the current state of the ipv6
routing table.
234 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console> show ipv6 route
Codes: L - Local, S - Static, I - ICMP, ND - Router
Advertisement
The number in the brackets is the metric.
S::/0 via fe80::77 [0] VLAN 1 Lifetime Infinite
ND::/0 via fe80::200:cff:fe4a:dfa8 [0] VLAN 1 Lifetime
1784 sec
L 2001::/64 is directly connected, g2 Lifetime Infinite
L 2002:1:1:1::/64 is directly connected, VLAN 1 Lifetime
2147467 sec
L 3001::/64 is directly connected, VLAN 1 Lifetime
Infinite
L 4004::/64 is directly connected, VLAN 1 Lifetime
Infinite
L 6001::/64 is directly connected, g2 Lifetime Infinite
Dell PowerConnect 55xx Systems User Guide 235
Domain Name System
The Domain Name System (DNS) converts user-defined domain names into
IP addresses. Each time a domain name is assigned, the DNS service
translates the name into a numeric IP address, for example,
www.ipexample.com is translated into 192.87.56.2. DNS servers maintain
domain name databases and their corresponding IP addresses.
To add a DNS server and specify the active DNS server:
1
Click
System
>
IP Addressing
>
Domain Name System
in the tree view
to display the
Domain Name System: Summary
page.
Figure 9-24. Domain Name System: Summary
The list of previously-defined DNS servers is displayed.
2
To enable mapping of host names into IP addresses through a DNS server,
select
DNS Status
.
3
To activate one of the currently-defined DNS servers, enable
Active Server
.
236 Dell PowerConnect 55xx Systems User Guide
4
To add a DNS server, click
Add
, and enter the fields:
Supported IP Format
— Select whether the IPv4 or IPv6 format is
supported.
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
DNS Server
— Enter the IP address of the DNS server being added.
DNS Server Currently Active
— Displays the DNS server that is
currently active.
Set DNS Server Active
— Check to activate the selected DNS server.
Configuring DNS Servers Using the CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the
Domain Name System
pages.
Table 9-33. DNS CLI Commands
CLI Command Description
ip domain lookup Enables DNS system for translating host
names to IP addresses.
ip name-server {server1-
ipv4-address|server1-ipv6-
address} [server-address2
server-address8]
no ip name-server [server-
address … server-address8]
Sets the available name servers. Up to eight
name servers can be set.
The no form of the command removes a
name server.
Dell PowerConnect 55xx Systems User Guide 237
The following is an example of the CLI commands:
clear host Deletes entries from the host name-to-
address cache.
clear host dhcp {name|*} Deletes entries from the host name-to-
address mapping received from DHCP.
show hosts Displays the default domain name, the list
of name server hosts, the static and the
cached list of host names and addresses
console (config)# ip domain lookup
console(config)# ip name-server 176.16.1.18
Table 9-33. DNS CLI Commands (Continued)
CLI Command Description
238 Dell PowerConnect 55xx Systems User Guide
Default Domain Names
A default domain name is used when an IP address cannot be mapped to a
known domain name.
This domain name is applied to all unqualified host
names.
To define the default domain name:
1
Click
System
>
IP Addressing
>
Default Domain Name
to display the
Default Domain Name
page.
Figure 9-25. Default Domain Name
If there is a currently-defined default domain name, it is displayed.
2
Enter the
Default Domain Name (1 - 160 Characters).
Its
Ty p e
is displayed, and has one of the following options:
Dynamic
— The IP address was created dynamically.
Static
— The IP address is a static IP address.
Dell PowerConnect 55xx Systems User Guide 239
Defining Default Domain Names Using the CLI Commands
The following table summarizes the CLI commands for configuring the
default domain name:
The following is an example of the CLI commands:
Table 9-34. Default Domain Name CLI Commands
CLI Command Description
ip domain-name name
no ip domain-name
Defines a default domain name that the software uses
to complete unqualified host names.
The no form of the command disables the use of the
Domain Name System (DNS).
console(config)# ip domain-name dell.com
240 Dell PowerConnect 55xx Systems User Guide
Host Name Mapping
Host names can be dynamically mapped to IP addresses through the Domain
Name System pages, or statically through the Host Name Mapping page.
To assign IP addresses to static host names.
1
Click
System
>
IP Addressing
>
Host Name Mapping
in the tree view to
display the
Host Name Mapping: Summary
page.
Figure 9-26. Host Name Mapping: Summary
The currently-defined host names are displayed.
2
Click
Add
to add a new host name. Up to four IP addresses can be added.
3
For each IP address, enter the fields:
Supported IP Format
— Select whether the IPv4 or IPv6 format is
supported.
Dell PowerConnect 55xx Systems User Guide 241
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
Host Name (1-160 Characters)
— Enter the host name to be
associated with the IP address entered below.
IP Address
— Enter the IP address of the domain. Four addresses can
be entered.
4
Click
Remove
to delete a host name. All addresses for this host name are
deleted at the same time.
Mapping IP Addresses to Domain Host Names Using the CLI Commands
The following table summarizes the CLI commands for mapping domain
host names to IP addresses.
Table 9-35. Domain Host Name CLI Commands
CLI Command Description
ip host name address
[address2 address3
address4]
Defines the static host name-to-address mapping in
the host cache
no ip host name Removes the name-to-address mapping.
clear host {name|*} Deletes entries from the host name-to-address cache.
show hosts [name]Displays the default domain name, list of name server
hosts, the static and the cached list of host names and
addresses.
242 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
ARP
The Address Resolution Protocol (ARP) converts IP addresses into physical
MAC addresses. ARP enables a host to communicate with other hosts when
their IP addresses are known.
To add an IP/MAC address mapping:
1
Click
System
>
IP Addressing
>
ARP
in the tree view to display the
ARP:
Summary
page.
Figure 9-27. ARP: Summary
console(config)# ip host accounting.abc.com 176.10.23.1
Dell PowerConnect 55xx Systems User Guide 243
The entries in the table are displayed.
2
Enter the parameters:
ARP Entry Age Out (1 - 40000000)
— Enter the amount of time in
seconds that can pass between ARP requests for this address. After
this period, the entry is deleted from the table.
Clear ARP Table Entries
— Select the type of ARP entries that are
cleared on all devices. The possible options are:
None
— ARP entries are not cleared.
All
— All ARP entries are cleared.
Dynamic
— Only learned ARP entries are cleared.
Static
— Only static ARP entries are cleared.
3
To add a mapping, click
Add
, and enter the fields:
Interface
— Select an interface to be associated with the addresses.
IP Address
— Enter the station IP address, which is associated with
the MAC address filled in below.
MAC Address
— Enter the station MAC address, which is associated
in the ARP table with the IP address.
4
To change the status of a mapping from static to dynamic or vice versa,
click
Edit
and enter the field:
Status
— Select the entry’s status. The possible options are:
Static
— The entry was statically entered.
Dynamic
— The entry was dynamically learned.
244 Dell PowerConnect 55xx Systems User Guide
Configuring ARP Using the CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the ARP pages.
The following is an example of the CLI commands:
Table 9-36. ARP CLI Commands
CLI Command Description
arp ip_addr mac_addr
{[gigabitethernet|tengigabit
ethernet] port-number|vlan
vlan-id|port-channel LAG-
number}
Adds a permanent entry in the ARP
cache.
no arp ip-address Removes an ARP entry from the ARP
Tabl e .
arp timeout seconds Configures how long an entry remains in
the ARP cache. This command can be
used in Global Configuration mode for all
interfaces, or in Interface Configuration
mode for a specific interface.
clear arp-cache Deletes all dynamic entries from the ARP
cache
show arp Displays entries in the ARP Table.
show arp configuration Displays the global and interface
configuration of the ARP protocol
console(config)# arp 198.133.219.232 00-00-0c-40-0f-bc
console(config)# arp timeout 12000
console(config)# exit
console# show arp
ARP timeout: 12000 Seconds
Interface IP Address HW Address Status
--------- ---------- ---------- ------
gi1/0/11 10.7.1.102 00:10:B5:04:DB:4B dynamic
gi1/0/12 10.7.1.135 00:50:22:00:2A:A4 static
Dell PowerConnect 55xx Systems User Guide 245
UDP Relay
Switches do not typically route IP Broadcast packets between IP subnets.
However, if configured, the switch can relay specific UDP Broadcast packets
received from its IPv4 interfaces to specific destination IP addresses.
To configure the relaying of UDP packets received from a specific IPv4
interface with a destination UDP port:
1
Click
System
>
IP Addressing
>
UDP Relay
in the tree view to display
the
UDP Relay: Summary
page.
Figure 9-28. UDP Relay: Summary
246 Dell PowerConnect 55xx Systems User Guide
The UDP relays are displayed.
2
To add a UDP relay, click
Add
, and enter the fields:
Source IP Address
— Select the source IP address to where the switch
is to relay UDP Broadcast packets, based on a configured UDP
destination port. The interface must be one of the IPv4 interfaces
configured on the switch. Select
All
for all addresses.
UDP Port (1 - 65535)
— Check
Default Services
to select all of the
following default ports:
IEN-116 Name Service (port 42)
DNS (port 53)
NetBIOS Name Server (port 137)
NetBIOS Datagram Server (port 138)
TACACS Server (port 49)
Time Service (port 37)
If
Default Services
are not selected, check the text box and enter a
UDP port.
Destination IP Address
— Enter the IP address that receives the UDP
packet relays. If this field is 0.0.0.0, UDP packets are discarded. If this
field is 255.255.255.255, UDP packets are flooded to all IP interfaces.
Configuring UDP Relay Using the CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the UDP Relay pages.
Table 9-37. UDP Relay CLI Commands
CLI Command Description
ip helper-address {ip-
interface|all} address [udp-
port-list]
no ip helper-address {ip-
interface|all} address
Enables the forwarding of User
Datagram Protocol (UDP) broadcast
packets received on an interface to a
specific (helper) address.
Use the no form of this command to
disable the forwarding of broadcast
packets to a specific (helper) address.
Dell PowerConnect 55xx Systems User Guide 247
The following is an example of the CLI commands:
console (config)# ip helper-address all 172.16.9.9 49 53
console (config)# do show ip helper-address
Interface Helper Address UDP Ports
----------- --------------- --------------------------
All 172.16.9.9 49,53
248 Dell PowerConnect 55xx Systems User Guide
Diagnostics
This section describes how to perform cable tests on copper and fiber optic
cables.
It contains the following sections:
•Integrated Cable Test
Optical Transceiver Diagnostics
Dell PowerConnect 55xx Systems User Guide 249
Integrated Cable Test
Time Domain Reflectometry (TDR) technology is used to test the quality
and characteristics of a copper cable attached to a port. Cables up to 120
meters long can be tested. Cables can only be tested when the ports are in the
down state, with the exception of Approximated Cable Length test.
This test can only be performed when the port is up and operating at 1 Gbps.
To perform a cable test and view the results:
1
Click
System
>
Diagnostics
>
Integrated Cable Test: Summary
in the
tree view to display the
Integrated Cable Test: Summary
page.
Figure 9-29. Integrated Cable Test: Summary
2
Select a unit in the stack in the
Unit ID
field. Results from previously-run
tests on that unit are displayed.
3
Ensure that both ends of the copper cable are connected to a device.
250 Dell PowerConnect 55xx Systems User Guide
4
Ensure that the cable is connected to tested port. Go to the
Test
tab.
5
Click
Test Now
. The copper cable and Approximate Cable Length tests are
performed, and the following test results are displayed:
Test Result
— Displays the cable test results. The possible options are:
No Cable
— There is no cable connected to the port.
Open Cable
— The cable is connected on only one side.
Short Cable
— A short has occurred in the cable.
OK
— The cable passed the test.
Cable Fault Distance
— Displays the distance from the port where
the cable error occurred.
Last Update
— Displays the last time the port was tested.
Approximate Cable Length
— Displays the approximate cable length.
Performing Integrated Cable Tests Using CLI Commands
The following table contains the CLI commands for performing integrated
cable tests.
Table 9-38. Integrated Cable Test CLI Commands
CLI Command Description
test cable-diagnostics tdr
interface[gigabitethernet|tengigab
itethernet] port-number
Performs VCT tests.
show cable-diagnostics tdr
interface[gigabitethernet|tengigab
itethernet] port-number
Shows results of last VCT tests on
ports.
show cable-diagnostics cable-
length interface
[gigabitethernet|tengigabitetherne
t] port-number
Displays the estimated copper
cable length attached to a port.
Dell PowerConnect 55xx Systems User Guide 251
The following is an example of the CLI commands:
Optical Transceiver Diagnostics
The
Optical Transceiver Diagnostics
page displays the operating conditions
reported by the SFP (Small Form-factor Pluggable) transceiver. Some
information might not be available for SFPs that do not support the digital
diagnostic monitoring standard SFF-8472.
The following is the list of the compatible SFPs:
•SFP:
X3366 — 1000Base-SX, Finisar FTLF8519P2BNL
U3650 — 1000Base-LX, Finisar FTRJ1319P1BTL
•SFP+:
N743D — SR, Finisar FTLX8571D3BCL
T307D — LR, Finisar FTLX1471D3BCL
C043H — LRM, Avago AFBR-707SDZ-D1
N198M — LRM, Finisar FTLX1371D3BCL
console> enable
console# test cable-diagnostics tdr gi1/0/3
Cable is open at 100 meters.
console# show cable-diagnostics cable-length interface
gi2/0/5
Port Length [meters]
------- ----------------
gi2/0/5 < 50
252 Dell PowerConnect 55xx Systems User Guide
To view the results of optical fiber tests:
•Click
System
>
Diagnostics
>
Optical Transceiver Diagnostics
in the
tree view to display the
Optical Transceiver Diagnostics
page.
Figure 9-30. Optical Transceiver Diagnostics
The following fields are displayed for the selected unit:
Port
— The port number on which the cable was tested.
Temperature
— The temperature (C) at which the cable is operating.
Voltage
— The voltage at which the cable is operating.
Current
— The current at which the cable is operating.
Output Power
— The rate at which output power is transmitted.
Input Power
— The rate at which input power is transmitted.
Transmitter Fault
— A fault occurred during transmission.
Loss of Signal
— A signal loss occurred in the cable.
Data Ready
— The transceiver has achieved power up, and data is
ready.
Dell PowerConnect 55xx Systems User Guide 253
Performing Fiber Optic Cable Tests Using CLI Commands
The following table contains the CLI command for performing fiber optic
cable tests.
The following is an example of the CLI command:
Table 9-39. Fiber Optic Cable Test CLI Commands
CLI Command Description
show fiber-ports optical-
transceiver [interface
[gigabitethernet|tengigabitethe
rnet] port-number] [detailed]
Displays the optical transceiver
diagnostics.
console# show fiber-ports optical-transceiver detailed
Port Temp
[C]
Voltage Current
[aM]
Output
[mWat]
Input
[mWa]
POWER
[mWa]
LOS
------- ---- ------- ---- ---- ---- ---- ---
gi1/0/1 48 5.15 50 1.789 1.789 No No
gi1/0/2 43 5.15 10 1.789 1.789 No No
254 Dell PowerConnect 55xx Systems User Guide
Management Security
This section describes the pages used to manage device security.
It contains the following topics:
Access Profiles
Profile Rules
Authentication Profiles
Select Authentication
Active Users
•Local User Database
•Line Passwords
Enable Password
• TACACS+
Password Management
•RADIUS
Access Profiles
Access to management functions may be limited to users identified by:
Ingress interface (Port, LAG, or VLAN)
Source IP address
Source IP subnet
Management access may be separately defined for the following types of
management access methods:
Telnet (CLI over Telnet sessions)
Secure Telnet
•Web (HTTP)
Secure Web (HTTPS, Using SSL)
•SNMP
Dell PowerConnect 55xx Systems User Guide 255
This means, for example, that the set of managers allowed via Telnet may be
different than the set of Web-based managers which is, in turn, may be
different than the set of secure-web based managers, and so on.
A specific management access method may be completely disabled by
denying all user access to it (e.g. denying all users access to CLI/Telnet
management effectively disables CLI/Telnet as an available management
interface to the system).
By default, management access to the system, through all methods, is
enabled over all interfaces.
NOTE: If you enable management access through a physical port, all VLANs and
IP interfaces on that port will be acceptable management traffic sources. If you
enable management access through a VLAN, all ports and IP interfaces on that
VLAN will be acceptable. If specific IP address(es) are specified, only traffic from
the specified IP addresses on the appropriate ports will be accepted.
Access Profiles Rules
Each management access profile is composed of at least one rule, which acts
as a filter, and defines the device management method, interface type, source
IP address, network mask, and the device management access action.
Users can be blocked or permitted management access.
Rule priority sets the order in which the rules are implemented. Assigning an
access profile to an interface denies access via other interfaces. If an access
profile is not assigned to any interface, the device can be accessed by all
interfaces.
A total of 256 rules can be defined for all Management Access profiles.
To add rules to existing access profiles, see "Profile Rules" on page 259.
256 Dell PowerConnect 55xx Systems User Guide
Creating an Access Profile
To define an access profile with a single rule:
1
Click
System
>
Management Security
>
Access Profiles
in the tree view
to display the
Access Profiles: Summary
page.
Figure 9-31. Access Profiles: Summary
The currently-defined access profiles are displayed.
2
To activate an access profile, select it in the
Active Access Profile
field.
If you select
Console Only
, active management of the device can only be
performed using the console connection. This profile cannot be removed.
3
To add a new profile, click
Add
, and enter the fields:
Access Profile Name (1-32 Characters)
— Enter a name for the access
profile.
Dell PowerConnect 55xx Systems User Guide 257
Rule Priority
(1-65535)
— Enter the rule priority. Rules are applied to
packets according to their priority. These can be viewed in the
Profile
Rules: Summary
page.
Management Method
— Select the management method to which
the access profile is applied. Users using this management method are
authenticated using this access profile. The possible options are:
All
— The access profile is applied to all management methods.
Telnet
— The access profile is applied to Telnet users.
Secure Telnet (SSH)
— The access profile is applied to SSH
users.
HTTP
— The access profile is applied to HTTP users.
Secure HTTP (HTTPS)
— The access profile is applied to
HTTPS users.
SNMP
— The access profile is applied to SNMP users.
Interface
— Check the fields and select the interface type to which
the rule applies.
Enable Source IP Address
— Check this parameter to restrict access,
based on the source IP address. When this field is not selected, the
source IP address cannot be entered into a configured rule.
Supported IP Format
— Select whether the IPv4 or IPv6 format is
supported for the source IP addresses.
Source IP Address
— Enter the interface source IP address for which
the rule applies. This is an optional field and indicates that the rule is
valid for a subnetwork.
Network Mask
— Enter the IP subnetwork mask if
Supported IP
Format
is IPv4.
Prefix Length
— Enter the number of bits that comprise the source IP
address prefix, or the network mask of the source IP address.
Action
— Select whether to permit or deny management access to the
defined interface. The possible options are:
Permit
— Permits access to the device.
Deny
— Denies access to the device.
258 Dell PowerConnect 55xx Systems User Guide
Defining Access Profiles Using CLI Commands
The following table contains the CLI command for defining an access profile,
without its rules. The CLI commands for defining the rules are described in
"Defining Access Profile Rules Using CLI Commands" on page 260.
The following is an example of the CLI commands:
Table 9-40. Access Profile CLI Commands
CLI Command Description
management access-list
name
no management access-list
name
Defines an access-list for management.
Use the no form of this command to delete an
access list.
console(config)# management access-list mlist
console(config-macl)#
Dell PowerConnect 55xx Systems User Guide 259
Profile Rules
If an access profile already exists, meaning that a single rule has been defined
on it, use the Profile Rules pages to add additional rules to it.
To add a rule to a management access profiles:
1
Click
System
>
Management Security
>
Profile Rules
in the tree view to
display the
Profile Rules: Summary
page.
Figure 9-32. Profile Rules: Summary
2
Select an access profile name. Its rules are displayed in the order that they
will be implemented.
3
To add a rule to the selected management access profile, click
Add
.
4
Select a management access profile.
5
Complete the fields that are defined in
Access Profiles
pages.
260 Dell PowerConnect 55xx Systems User Guide
Defining Access Profile Rules Using CLI Commands
The following table summarizes the CLI commands for adding rules to access
profiles.
Table 9-41. Access Profiles CLI Commands
CLI Command Description
permit[[gigabitethernet|tengigab
itethernet port-number]|vlan
vlan-id|port-channel LAG-number]
[service service]
Sets port permit conditions for the
management access list.
permit ip-source {ipv4-
address|ipv6-address|prefix-
length} [mask mask|prefix-
length]
[[gigabitethernet|tengigabitethe
rnet][port-number|vlan vlan-
id|port-channel LAG-number]
[service service]
Sets port permitting conditions for
the management access list, and the
selected management method.
deny
[[gigabitethernet|tengigabitethe
rnet] port-number|vlan vlan-
id|port-channel LAG-number]
[service service]
Sets port denying conditions for the
management access list, and the
selected management method.
deny ip-source {ipv4-
address|ipv6-address|prefix-
length} [mask mask|prefix-
length]
[[gigabitethernet|tengigabitethe
rnet] port-number|vlan vlan-
id|port-channel LAG-number]
[service service]
Sets port denying conditions for the
management access list, and the
selected management method.
management access-class
{console-only|name}
no management access-class
Defines which access-list is used as
the active management connections.
Use the no form of this command to
disable management connection
restrictions.
Dell PowerConnect 55xx Systems User Guide 261
The following is an example of the CLI commands:
show management access-list
[name]
Displays the active management
access-lists.
show management access-class Displays information about
management access-class.
console(config)# management access-list mlist
console(config-macl)# permit gi1/0/1
console(config-macl)# permit gi1/0/2
console(config-macl)# deny gi1/0/3
console(config-macl)# deny gi1/0/4
console(config-macl)# exit
console(config)# management access-class mlist
console(config)# exit
console# show management access-list
mlist
-----
permit gi1/0/1
permit gi1/0/2
deny gi1/0/3
deny gi1/0/4
! (Note: all other access implicitly denied)
console# show management access-class
Management access-class is enabled, using access list
mlist
Table 9-41. Access Profiles CLI Commands (Continued)
CLI Command Description
262 Dell PowerConnect 55xx Systems User Guide
Authentication Profiles
In addition to access profiles, you can configure authentication for
management access methods, such as SSH, console, Telnet, HTTP, and
HTTPS.
User authentication can occur:
•Locally
Via an external server,
such as a TACACS+ or a RADIUS server
User authentication occurs in the order that the methods are selected, for
example, if both the Local and RADIUS options are selected, the user is
authenticated first locally. If the local user database is empty, the user is
authenticated via the RADIUS server.
If an error occurs during the authentication, the next selected method is
used.
If an authentication method fails, or the user has an insufficient privilege
level, the user is denied access to the switch. The switch then stops, does not
continue, and does not attempt to use the next authentication method.
If a privilege level is redefined, the user must also be re-defined.
User authentication can also be set to None
,
in which case no authentication
is performed.
The process of configuring authentication for management access methods is
divided into the following stages:
Create an authentication profile, as described below
Assign an authentication profile to a management method, as described in
"Select Authentication" on page 265
Dell PowerConnect 55xx Systems User Guide 263
To create an authentication profile:
1
Click
System
>
Management Security
>
Authentication Profiles
in the
tree view to display the
Authentication Profiles: Summary
page.
Figure 9-33. Authentication Profiles: Summary
All currently-defined authentication profiles are displayed.
2
Click
Add
to add a new authentication profile, and enter the fields:
Profile Name (1-12 Characters)
— Enter the name of the new
authentication profile. Profile names cannot include blank spaces.
Authentication Method: Optional Methods
— Select a user
authentication methods that can be assigned to this authentication
profile. The possible options are:
Line
— The line password is used for user authentication
(defined in "Line Passwords" on page 272).
264 Dell PowerConnect 55xx Systems User Guide
Enable
— The enable (encrypted) password is used for
authentication (defined in "Enable Password" on page 274).
Local
— The user authentication is performed by the device,
which checks the user name and password for authentication.
RADIUS
— The user authentication is performed by the
RADIUS server. For more information, see "RADIUS" on
page 284.
TACACS+
— The user authentication is performed by the
TACACS+ server. For more information, see "TACACS+" on
page 275.
None
— No user authentication occurs.
Select a method by highlighting it in the
Optional Methods
list, and
clicking on the right arrow to move it to the
Selected Methods
list.
Configuring an Authentication Profile Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Authentication Profiles pages.
The following is an example of the CLI commands:
Table 9-42. Authentication Profile CLI Commands
CLI Command Description
aaa authentication login
{default|list-name} method1
[method2]
no aaa authentication login
{default|list-name}
Configures login authentication.
Use the no form of the command to
remove a login authentication profile.
console(config)# aaa authentication login default radius
local enable none
Dell PowerConnect 55xx Systems User Guide 265
Select Authentication
After Authentication Profiles are defined, the Authentication Profiles can be
assigned to Management Access methods, for example, console users can be
authenticated by Authentication Profile 1, while Telnet users can be
authenticated by Authentication Profile 2.
To assign an authentication profile to a management access method:
1
Click
System
>
Management Security
>
Select Authentication
in the
tree view to display the
Select Authentication
page.
Figure 9-34. Select Authentication
2
For the
Console
,
Telnet
and
Secure Telnet (SSH)
types of users, select
either the default authentication profile or one of the previously-defined
authentication profiles.
266 Dell PowerConnect 55xx Systems User Guide
3
For
Secure HTTP
and
HTTP
types of users, select one or all of the
Optional Methods
and click the right-arrow to move them to the
Selected
Methods
. The options are:
Local
— Authentication occurs locally.
None
— No authentication method is used for access.
RADIUS
— Authentication occurs at the RADIUS server.
TACACS+
— Authentication occurs at the TACACS+ server.
Assigning Access Authentication Profiles Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Select Authentication page.
Table 9-43. Select Authentication CLI Commands
CLI Command Description
aaa authentication enable {
default
|
list-
name
}
method
[
method2
...]
no aaa authentication enable {
default
|
list-
name
}
Indicates the authentication
method list when accessing a
higher privilege level from a
remote Telnet, Console or SSH.
enable authentication [
default
|
list-name
]
no enable authentication
Specifies the authentication
method for accessing a higher
privilege level from a remote
Telnet or console.
Use the no form of this
command to restore the default
authentication method
login authentication [
default
|
list-name
]Indicates the login
authentication method list for a
remote Telnet, Console or SSH.
ip http authentication aaa login-
authentication
method1
[
method2
]
no ip http authentication aaa login-
authentication
Indicates authentication
methods for HTTP or HTTPS
servers.
show authentication methods Displays information about the
authentication methods.
Dell PowerConnect 55xx Systems User Guide 267
The following is an example of the CLI commands that sets authentication
for the console using the default method list that was previously-defined:
The following is an example of the CLI commands that creates an
authentication method list for http server access (RADIUS and local):
console(config)#line console
console(config-line)# enable authentication default
console(config-line)# login authentication default
console(config-line)# exit
console(config)# ip http authentication aaa login-
authentication radius local
console(config)# exit
268 Dell PowerConnect 55xx Systems User Guide
Active Users
To view active users on the device:
•Click
System
>
Management Security
>
Active Users
in the tree view to
display the
Active Users
page.
Figure 9-35. Active Users
The following fields are displayed for all active users:
Name
— Active users logged into the device.
Protocol
— The management method by which the user is connected
to the device.
Location
— The user’s IP address.
Dell PowerConnect 55xx Systems User Guide 269
Displaying Active Users Using CLI Commands
The following table summarizes the CLI commands for viewing active users
connected to the device.
The following example shows an example of the CLI command:
Table 9-44. Active Users CLI Commands
CLI Command Description
show users Displays information about active users.
console> show users
Username Protocol Location
-------- -------- ---------
Bob Serial
John SSH 172.16.0.1
Robert HTTP 172.16.0.8
Betty Telnet 172.16.1.7
270 Dell PowerConnect 55xx Systems User Guide
Local User Database
Use the Local User Database
pages to define users, passwords and access
levels.
To add a new user:
1
Click
System
>
Management Security
>
Local User Database
in the tree
view to display the
Local User Database: Summary
page.
Figure 9-36. Local User Database: Summary
All users are displayed even if they have been suspended.
If a user has been suspended, it can be restored here by selecting the
Reactivate Suspended User
field.
2
To add a user, click
Add
, and enter the fields:
User Name (1-20 characters)
— Enter the username of the user.
Dell PowerConnect 55xx Systems User Guide 271
Access Level
— Select a user access level. The lowest user access level
is 1 and 15 is the highest user access level. Users with access level 15
are Privileged Users, and only they can access and use the switch
administrator.
Password (8-64 characters)
— Enter the password of the user.
Confirm Password
— Confirm the password of the user.
The following fields are displayed:
Expiry Date
— The expiration date of the user-defined password.
Lockout Status
— Specifies whether the user currently has access
(status
Usable
), or whether the user is locked out due to too many
failed authentication attempts since the user last logged in
successfully (status
Locked
).
Reactivate Suspended User
— Check to reactivate the specified
user’s access rights. Access rights can be suspended after
unsuccessfully attempting to login.
Configuring Local Users Using CLI Commands
The following table summarizes the CLI commands for configuring local
users.
Table 9-45. Local User CLI Commands
CLI Command Description
username name {nopassword|password
password|password encrypted
encrypted-password}
username name [privilege-level]
no username name
Establishes a username-based
authentication system.
Use the no form to remove a user
name.
set username name active Reactivates a suspended user’s
access rights.
show user accounts Displays users information.
272 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
Line Passwords
To add a line password for
Console, Telnet, and Secure-Telnet users
:
1
Click
System
>
Management Security
>
Line Passwords
in the tree view
to display the
Line Password
page.
Figure 9-37. Line Password
2
Enter the fields for each type of user, separately:
Password (0 - 159 Characters)
— Enter the line password for accessing
the device.
Confirm Password
— Confirm the line password.
console(config)# username bob password lee privilege 15
console# set username bob active
Dell PowerConnect 55xx Systems User Guide 273
Console/Telnet/Secure Telnet Line Aging (1-365)
— Check to set the
amount of time in days that elapses before a line password is aged out.
Enter the number of days after which the password expires.
Expiry Date
— Displays the expiration date of the line password.
Lockout Status
— Displays whether the user currently has access
(status
Usable
), or whether the user is locked out due to too many
failed authentication attempts since the user last logged in
successfully (status
Locked
).
Reactivate Locked Line
— Check to reactivate the line password for a
Console/Telnet/Secure Telnet session. Access rights can be suspended
after a number of unsuccessful attempts to log in.
Assigning Line Passwords Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Line Password
page
.
The following is an example of the CLI commands:
Table 9-46. Line Password CLI Commands
CLI Command Description
line {console|telnet|ssh}Identifies a specific line for configuration
and enters the Line Configuration
command mode.
password password
[encrypted]
no password
Sets a password on a line.
Use the no form of this command to
remove the password.
console(config)# line console
console(config-line)# password dell
274 Dell PowerConnect 55xx Systems User Guide
Enable Password
To set a local password to control access to Normal and Privilege levels
activities.
1
Click
System
>
Management Security
>
Enable Passwords
in the tree
view to display the
Enable Password
page.
Figure 9-38. Enable Password
2
Enter the fields:
Select Enable Access Level
— Select the access level to associate with
the enable password. The lowest user access level is
1
and
15
is the
highest user access level. Users with access level 15 are Privileged
Users, and only they can access and use the OpenManage Switch
Administrator.
Password (0-159 characters)
— Enter the enable password.
Confirm Password
— Confirm the password.
Dell PowerConnect 55xx Systems User Guide 275
Expiry Date
— If Aging is selected, displays the expiration date of the
enable password.
Lockout Status
— Displays the number of failed authentication
attempts since the user last logged in successfully (if the
Enable
Login Attempts
checkbox is selected in the
Password Management
page.) Specifies
LOCKOUT
, when the user account is locked.
Reactivate Suspended User
— Check to reactivate the specified user’s
access rights. Access rights can be suspended after unsuccessfully
attempting to login.
Assigning Enable Passwords Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Enable Password page.
The following is an example of the CLI commands:
TACACS+
The device can act as a Terminal Access Controller Access Control System
(TACACS+) client. TACACS+ provides centralized validation of users
accessing the device, while still retaining consistency with RADIUS and other
authentication processes.
TACACS+ provides the following services:
Authentication
— Provides authentication during login and via user
names and user-defined passwords.
Authorization
— Performed at login after authentication. The TACACS+
server checks the privileges of the authenticated user.
Table 9-47. Enable Password CLI Commands
CLI Command Description
enable password [level
level] d [encrypted]
no enable password [level
level]
Sets a local password to control access to
user and privilege levels.
Use the no form of this command to
remove the password requirement.
console(config)# enable password level 15 secret
276 Dell PowerConnect 55xx Systems User Guide
The TACACS+ protocol ensures network integrity through encrypted
protocol exchanges between the device and TACACS+ server.
To configure TACACS+ servers:
1
Click
System
>
Management Security
>
TACACS+
in the tree view to
display the
TACACS+: Summary
page.
Figure 9-39. TACACS+: Summary
The list of currently-defined TACACS+ servers is displayed. The
parameters for each server is displayed, along with its connection status.
2
Enter the default parameters for TACACS+ servers. These values are used
unless values are added in the
TACACS+ Add
or
Edit
pages.
Source IP Address
— The device IP address used for the TACACS+
session between the device and the TACACS+ server. The default is
0.0.0.0., which means that any IP address of the device can be used to
communicate with the TACACS+ server.
Dell PowerConnect 55xx Systems User Guide 277
Key String (1-128 Characters)
— The authentication and encryption
key for TACACS+ communications between the device and the
TACACS+ server. This key must match the encryption key sent by the
TACACS+ server. This key is encrypted.
Timeout for Reply (1-30)
— The amount of time that passes before
the connection between the device and the TACACS+ server times
out.
3
To add a TACACS+ server, click
Add
, and enter the fields on the page.
The fields below are those that were not described on the
TACACS+:
Summary
page.
Host IP Address
— Enter the TACACS+ server IP address.
Priority (0-65535)
— Enter the order in which the TACACS+ servers
are used if several are defined.
Source IP Address
— Enter either specific device IP address for the
TACACS+ server.
Authentication Port (0-65535)
— Enter the port number through
which the TACACS+ session occurs.
Timeout for Reply (1-30)
— Enter the amount of time that passes
before the connection between the device and the TACACS+ server
times out.
Single Connection
— Check to maintain a single open connection
between the device and the TACACS+ server.
278 Dell PowerConnect 55xx Systems User Guide
Wherever available, check
Use Default
to use a value that was entered in
the
TACACS+: Summary
page.
Defining TACACS+ Settings Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the TACACS+ Settings pages.
Table 9-48. TACACS+ CLI Commands
CLI Command Description
tacacs-server host {ip
address|hostname}[single-
connection] [port port-number]
[timeout timeout][key key-
string][source source] [priority
priority]
no tacacs-server host {ip-
address|hostname}
Configures a TACACS+ host.
Use the no form of this command to
delete the specified TACACS+ host.
tacacs-server key key-string
no tacacs-server key
Specifies the authentication and
encryption key for all TACACS+
communications between the device
and the TACACS+ server.
Use the no form of this command to
disable the key.
tacacs-server timeout timeout
no tacacs-server timeout
Specifies the timeout value in
seconds.
tacacs-server source-ip source
no tacacs-server source-ip
source
Specifies the source IP address.
Use the no form of this command to
restore the default configuration.
show tacacs [ip-address]Displays configuration and statistics
for a TACACS+ server.
Dell PowerConnect 55xx Systems User Guide 279
The following is an example of the CLI commands:
Password Management
Password management provides increased network security and improved
password control. This feature is optional and must be enabled in the
Password Management page.
Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access can be assigned
security features that include:
Minimum password lengths
Password expiration dates (password aging)
Prevention of frequent password reuse
Lockout of users after failed login attempts
Number of repeated characters allowed
Number of different character classes required in the password. Numeric,
alphabetic, and special characters are all character classes.
console(config)# tacacs-server source-ip 172.16.8.1
console# show tacacs
Device Configuration
-----------------------------
IP Address Status Port Single TimeOut Source IP Priority
Connection
---------- ------ ------ ---------- -------- ---------- --------
1.1.1.11 Not 49 No Global Global 10
Connected
1.1.1.21 Not 49 No Global Global 19
Connected
1.1.1.31 Not 49 No Global Global 18
Connected
1.1.1.41 Not 49 No Global Global 17
Connected
Global values
--------------
TimeOut : 5
-----------------------------
Source IP : 0.0.0.0
280 Dell PowerConnect 55xx Systems User Guide
Password aging starts immediately after password management is enabled.
However it is only effective if system time on the device is taken from an
SNTP server. Passwords expire according to the user-defined expiration
date/time. Ten days prior to password expiration, the device displays a
password expiration warning message.
After the password has expired, users can log in a few additional times.
During the remaining logins, an additional warning message displays
informing the user that the password must be changed. If the password is not
changed, users are locked out of the system, and can only log in using the
console. Password warnings are logged in the SYSLOG file.
NOTE: Password aging is enabled only after setting the switch to use SNTP for
setting time.
Dell PowerConnect 55xx Systems User Guide 281
To define password management parameters:
1
Click
System
>
Management Security
>
Password Management
in the
tree view to display the
Password Management
page.
Figure 9-40. Password Management
2
Check the required fields and enter their values:
Enable Strong Passwords
— Check to enable this feature.
Number of Classes
— Select a number of character classes. The
character classes are: upper case characters, lower case characters,
digits and punctuation. The number of character classes selected
indicates how many different types of characters must be in the
password.
Repeated Characters
— Select the number of permissible repeated
characters in the password.
282 Dell PowerConnect 55xx Systems User Guide
Password Minimum Length (8-64 characters)
— When checked,
specifies the minimum password length. Enter the minimum
password length.
Enable Login Attempts
— When checked, enables locking a user out
of the device when a faulty password is used more than the number of
times entered. Select the maximum number of login attempts.
Global Password Aging (1-365)
— When checked, specifies that the
password will expire in the number of days entered. Enter the number
of days. This is only enabled after setting the switch to use SNTP for
setting time
Consecutive Passwords Before Reuse (1-10)
— When checked,
indicates the number of times a password must be changed, before the
password can be reused. Select the number of times.
Password History Hold Time (1-365)
— When checked, the password
history will be deleted after the number of days entered. Enter the
number of days.
Password Management Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Password Management page.
Table 9-49. Password Management CLI Commands
CLI Command Description
passwords strength-check enable
no passwords strength-check
Enforces password strength checks.
Use the no form of this command
to disable enforcing password
strength checks.
passwords strength [max-limit
repeated characters | minimum
character-classes]
no passwords strength
Enforces limits of repeated
characters and character classes.
Use the no form of this command
to disable enforcing limits of
repeated characters and character
classes.
Dell PowerConnect 55xx Systems User Guide 283
The following is a sample script that sets password strength rules and creates a
user with a valid password.
password min-length length
no password min-length
Defines the minimum password
length.
Use the no form of this command
to remove the restriction.
passwords aging days
no passwords aging
Enforces password aging.
Use the no form of this command
to return to default.
password history number
no password history
Defines the amount of times a
password is changed, before the
password can be reused.
password history hold-time days
no password history hold-time
Configures the duration that a
password is relevant for tracking
passwords history.
Use the no form of this command
to return to the default
configuration.
password lockout number
no password lockout
Defines the number of times a
faulty password is entered before
the user is locked out of the device.
Use the no form of this command
to disable the lockout feature.
show password configuration Displays password management
information.
Table 9-50. CLI Script to Configure Strong Password
CLI Command Description
console#configure
console(conf)# passwords strength-
check enable
Enable strong passwords.
Table 9-49. Password Management CLI Commands (Continued)
CLI Command Description
284 Dell PowerConnect 55xx Systems User Guide
RADIUS
Remote Authentication Dial-In User Service (RADIUS) servers provide
additional security for networks. Up to four RADIUS servers can be defined.
RADIUS servers provide a centralized authentication method for:
Telnet Access
Secure Shell Access
Web Access
Console Access
console(config)# passwords strength
minimum character-classes 3
Enable that passwords must
contain at least three
character classes.
password min-length 8 Enable that passwords must
contain at least eight
characters.
console(config)# username admin
privilege 15 password FGH123!@#
Create a user named
"admin" with privilege level
15 and password that fits
the strength rules.
Table 9-50. CLI Script to Configure Strong Password
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 285
To add a RADIUS server:
1
Click
System
>
Management Security
>
RADIUS
in the tree view to
display the
RADIUS: Summary
page.
Figure 9-41. RADIUS: Summary
The RADIUS default parameters and previously-defined RADIUS servers
are displayed.
2
Enter the default parameters to be used when these parameters are not
entered for a specific server.
Default Retries (1-10)
— The default number of transmitted requests
sent to RADIUS server before a failure occurs.
Default Timeout for Reply (1-30)
— The default amount of the time
(in seconds) that the device waits for an answer from the RADIUS
server before timing out.
Default Dead time (0-2000)
— The default amount of time (in
minutes) that a RADIUS server is bypassed for service requests.
Default Key String (0-128 Characters)
— The Default Key string
used for authenticating and encrypting all RADIUS communications
between the device and the RADIUS server. This key is used for
encryption.
Source IPv4 Address
— The source IP v4 address that is used for
communication with RADIUS servers.
286 Dell PowerConnect 55xx Systems User Guide
Source IPv6 Address
— The source IP v6 address that is used for
communication with RADIUS servers.
3
To add a RADIUS server, click
Add
, and enter the fields:
Supported IP Format
— Select whether the IPv4 or IPv6 format is
supported.
IP Address
— Enter the RADIUS server IP address.
Priority (0-65535)
— Enter the priority of the authentication server
being added. 0 is the highest value. This is used to configure the order
in which servers are queried.
Authentication Port (0-65535)
— Enter the authentication port used
to verify the RADIUS server authentication. Enter 0 if you do not
want this server to be used for authentication purposes.
Accounting Port (0-65535)
— Enter the accounting port, which is the
UDP port number of the RADUS server used for accounting requests.
Enter 0 if you do not want this server to be used for accounting
purposes.
Usage Type
— Enter the
RADIUS server usage. The possible options
are:
Login
— Used for login authentication and/or accounting.
802.1x
— Used for 802.1x authentication and/or accounting.
All
— Used for all types of authentication and/or accounting.
4
Enter the following fields if you do not want to use the default values
entered in the
RADIUS: Summary
page. If you do want to use the default
values, check
Use Default
for these fields.
Number of Retries (1-10)
— Enter the number of requests sent to the
RADIUS server before a failure occurs.
Timeout for Reply (1-30
) — The amount of the time in seconds that
the device waits for an answer from the RADIUS server before retrying
the query, or switching to the next server.
Dead Time (0-2000)
— The amount of time (in minutes) that a
RADIUS server is bypassed for service requests.
Key String (0-128 Characters)
— The key string used for
authenticating and encrypting all RADIUS communications between
the device and the RADIUS server.
Dell PowerConnect 55xx Systems User Guide 287
Source IP Address
— The device IP address that is used for
communication with RADIUS servers.
Defining RADIUS Servers Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed on the RADIUS pages.
Table 9-51. RADIUS Server CLI Commands
CLI Command Description
radius-server host {ipv4-
address|ipv6-address|ipv6z-
address|hostname} [auth-port
auth-port-number] [acct-port
acct-port-number][timeout
timeout] [retransmit retries]
[deadtime deadtime] [key key-
string] [source {ipv4-
address|ipv6-address}] [priority
priority] [usage
{login|802.1x|all}]
no radius-server host {ipv4-
address|ipv6-address|hostname}
Specifies a RADIUS server host.
Use the no form of the command to
delete the specified RADIUS server
host.
radius-server timeout timeout
no radius-server timeout
Sets the interval for which a device
waits for a server host to reply.
Use the no form of this command to
restore the default configuration.
radius-server source-ip source-
ip-address
no radius-server source-ip
source-ip-address
Specifies the source IPv4 address
that will be used for the IPv4
communication with RADIUS
servers.
Use the no form of this command to
restore the default configuration.
288 Dell PowerConnect 55xx Systems User Guide
radius-server source-ipv6
source-ipv6-address
no radius-server source-ipv6
source-ipv6-address
Specifies the source IPv6 address
that will be used for the IPv6
communication with RADIUS
servers.
Use the no form of this command to
restore the default configuration.
radius-server retransmit retries
no radius-server retransmit
Specifies the number of times the
software searches the list of
RADIUS server hosts.
Use the no form of this command to
restore the default configuration.
radius-server deadtime deadtime
no radius-server deadtime
Configures unavailable servers to be
skipped.
Use the no form of this command to
restore the default configuration.
radius-server key key-string
no radius-server key
Sets the authentication and
encryption key for all RADIUS
communications between the router
and the RADIUS server.
Use the no form of this command to
restore the default configuration.
show radius-servers Displays the RADIUS server
settings.
Table 9-51. RADIUS Server CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 289
The following is an example of CLI commands:
console(config)# radius-server host 192.168.10.1 auth-
port 20 timeout 20
console(config)# radius-server key enterprise-server
console# show radius-servers
IP address Port Port Time- Ret- Dead- Source IP Prio. Usage
Auth Acct Out rans Time
--------------- ----- ----- ------ ------ ------ --------------- ----- ---
1.1.1.11 1812 1813 Global Global Global Global 10 all
1.1.1.21 1812 1813 Global Global Global Global 19 all
1.1.1.31 1812 1813 Global Global Global Global 18 all
1.1.1.41 1812 1813 Global Global Global Global 17 all
1.1.1.51 1812 1813 Global Global Global Global 16 all
Global values
--------------
TimeOut : 3
Retransmit : 3
Deadtime : 0
Source IP : 0.0.0.0
Source IPv6 : ::
290 Dell PowerConnect 55xx Systems User Guide
DHCP Server
The switch can operate as either:
DHCP client that obtains its own IP from a DHCP server, as described in
"DHCP IPv4 Interface" on page 207
DHCP server that allocates IP addresses to other devices, as described in
this section
This section contains the following topics:
DHCP Server Overview
DHCP Server Properties
Network Pool
Excluded Addresses
Static Hosts
Address Binding
DHCP Server Overview
A DHCP server uses a defined pool of IP addresses (user-defined) from which
it allocates IP addresses to DHCP clients.
The DHCP server can allocate IP addresses in the following modes:
Static Allocation
— The hardware address of a host is manually mapped
to an IP address.
Permanent Allocation
— An IP address sent to the client through a
standard request-reply mechanism, is owned by that client permanently
(unless changes in the network environment/connections take place, for
any reason).
Dynamic Allocation
— A client obtains a leased IP address for a specified
period of time. The IP address is revoked at the end of this period, and the
client must request another IP address.
Dell PowerConnect 55xx Systems User Guide 291
DHCP Server Properties
If the device is configured to act as a DHCP server, pinging capability can be
enabled. The DHCP server pings an IP address in the address pool before
assigning that IP address to a requesting client. If the ping is unanswered, the
DHCP server assumes that the address is not in use and assigns the address to
the client.
To configure the device as a DHCP server:
1
Click
System
>
DHCP Server
>
DHCP Server Properties
in the tree view
to display the
DHCP Server Properties
page.
Figure 9-42. DHCP Server Properties
292 Dell PowerConnect 55xx Systems User Guide
2
Enter the fields:
DHCP Server Status
— Enable/disable the ability of the device to
function as a DHCP server.
DHCP Ping
— Enable/disable the DHCP server to ping the offered
IP address before responding to a client request.
DHCP Ping Retries
— Enter the number of pings that are sent before
discarding an IP address.
Use Default
reverts to the default Ping
Retries setting.
DHCP Ping Timeout
— Enter the maximum time interval (in
milliseconds) that the DHCP server waits for a ping reply.
Use Default
reverts to the default Ping Timeout.
Defining DHCP Server Using CLI Commands
The following table summarizes the CLI commands for defining the switch as
a DHCP server.
Table 9-52. DHCP Server CLI Commands
CLI Command Description
ip dhcp server
no ip dhcp server
Enables the DHCP server feature on
the device.
Use the no form of this command to
disable the DHCP server feature.
ip dhcp ping enable
no ip dhcp ping enable
Enables the DHCP server to send ping
packets before assigning the address to a
requesting client.
Use the no form of this command to
prevent the server from pinging pool
addresses.
ip dhcp ping count number
no ip dhcp ping count
Specifies the number of packets a
DHCP server sends to a pool address as
part of a ping operation.
Use the no form of this command to
restore the default configuration.
Dell PowerConnect 55xx Systems User Guide 293
The following is an example of the CLI commands:
ip dhcp ping timeout
milliseconds
no ip dhcp ping timeout
Specifies the time interval during which
a DHCP server waits for a ping reply
from an address pool.
Use the no form of this command to
restore default values.
console(config)# ip dhcp ping enable
console(config)# ip dhcp ping count 5
Table 9-52. DHCP Server CLI Commands (Continued)
CLI Command Description
294 Dell PowerConnect 55xx Systems User Guide
Network Pool
When the device is serving as a DHCP server, a pool of IP addresses must be
defined, from which the switch will allocate IP addresses to clients.
Each IP pool has a lease duration.
To create a pool of IP addresses, and define their lease durations:
1
Click
System
>
DHCP Server
>
Network Pool
in the tree view to display
the
Network Pool: Summary
page.
Figure 9-43. Network Pool: Summary
The previously-defined network pools are displayed.
2
Click
Add
to define a new network pool, and enter the fields:
Pool Name
— Enter the pool name.
Subnet IP Address
— Enter the subnet in which the network pool
resides.
Dell PowerConnect 55xx Systems User Guide 295
Network Mask
— Check and enter the pool’s network mask.
Prefix Length
— Check and enter the number of bits that
comprise the address prefix.
Address Pool Start —
Enter the first IP address in the range of the
network pool.
Address Pool End —
Enter the last IP address in the range of the
network pool.
Lease Duration
— Enter the amount of time a DHCP client can use
an IP address from this pool. The total lease duration is 4294967295
seconds, i.e. 49710.2696 days. Thus a lease of 49710 days, 0 hours, 0
minutes and 0 seconds is a legal value, while a lease of 49710 days, 23
hours, 59 minutes and 59 seconds results in an Out of Range alert.
Days
— The duration of the lease in number of days. The range is
0 to 49710 days.
Hours
— The number of hours in the lease. A days value must be
supplied before an hours value can be added.
Minutes
— The number of minutes in the lease. A days value and
an hours value must be added before a minutes value can be
added.
Infinite
— The duration of the lease is unlimited.
Default Router —
Enter the default router for the DHCP client.
Domain Name Server —
Enter the DNS server available to the DHCP
client.
Domain Name —
Enter the domain name for a DHCP client. The
domain name may contain up to 32 characters.
NetBIOS WINS Server —
Enter the NetBIOS WINS name server
available to a DHCP client.
NetBIOS Node Type —
Select how to resolve the NetBIOS name.
Valid node types are:
Empty
Default value.
Broadcast —
IP Broadcast messages are used to register and
resolve NetBIOS names to IP addresses.
296 Dell PowerConnect 55xx Systems User Guide
Peer-to-Peer —
Point-to-point communications with a NetBIOS
name server are used to register and resolve computer names to IP
addresses.
Mixed —
A combination of b-node and p-node communications
is used to register and resolve NetBIOS names. M-node first uses
b-node; then, if necessary, p-node. M-node is typically not the best
choice for larger networks because its preference for b-node
Broadcasts increases network traffic.
Hybrid —
A hybrid combination of b-node and p-node is used.
When configured to use h-node, a computer always tries p-node
first and uses b-node only if p-node fails. This is the default.
SNTP Server —
Enter the IP address of the time server for the DHCP
client.
Next Server —
Enter the IP address of the next server in the boot
process of a DHCP client. If the next server in the boot process is not
configured, the DHCP server uses inbound interface helper addresses
as boot servers.
Next Server Name —
Enter the name of the next server in the boot
process.
Image File Name —
Enter the name of the file that is used as a boot
image.
Configuring Network Pool Using CLI Commands
The following table summarizes the CLI commands for defining a pool of
addresses on the DHCP server.
Table 9-53. Network Pool CLI Commands
CLI Command Description
ip dhcp pool network name
no ip dhcp pool network name
Configures a DHCP address pool on a
DHCP Server and enters DHCP Pool
Configuration mode.
Use the no form of this command to remove
the address pool.
Dell PowerConnect 55xx Systems User Guide 297
address {network-number|low
low-address high high-
address} {mask|prefix-
length}
no address
Configures the subnet number, mask and
start and end addresses for a DHCP address
pool on a DHCP Server.
Use the no form of this command to remove
the subnet number and mask.
lease {days [{hours}
[minutes]]|infinite}
no lease
Configures the time duration of the lease for
an IP address that is assigned from a DHCP
server to a DHCP client.
Use the no form of this command to restore
the default value
default-router ip-address
[ip-address2 ... ip-
address8]
no default-router
Configures the default router list for a
DHCP client.
Use the no form of this command to remove
the default router list.
dns-server ip-address [ip-
address2 ... ip-address8]
no dns-server
Configures the DNS IP servers available to a
DHCP client.
Use the no form of this command to remove
the DNS server list.
domain-name domain
no domain-name
Specifies the domain name for a DHCP
client.
Use the no form of this command to remove
the domain name.
netbios-name-server ip-
address [ip-address2 ... ip-
address8]
no netbios-name-server
Configures the NetBIOS Windows Internet
Naming Service (WINS) servers that are
available to Microsoft DHCP clients.
Use the no form of this command to remove
the NetBIOS name server list.
netbios-node-type {b-node|p-
node|m-node|h-node}
no netbios-node-type
Configures the NetBIOS node type for
Microsoft Dynamic Host Configuration
Protocol (DHCP) clients.
Use the no form of this command to remove
the NetBIOS node type.
Table 9-53. Network Pool CLI Commands (Continued)
CLI Command Description
298 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
time-server ip-address [ip-
address2 ... ip-address8]
no time-server
Specifies the time servers list for a DHCP
client.
Use the no form of this command to remove
the time servers list.
next-server ip-address
no next-server
Configures the next server in the boot
process of a DHCP client.
Use the no form of this command to remove
the boot server.
next-server-name name
no next-server-name
Configures the next server name in the boot
process of a DHCP client.
Use the no form of this command to remove
the boot server name.
bootfile filename
no bootfile
Specifies the default boot image file name
for a DHCP client.
Use the no form of this command to delete
the boot image file name.
show ip dhcp pool network
[name]
Displays the DHCP network pool
configuration.
console(config)# ip dhcp pool network pool1
console(config-dhcp)# address 10.12.1.99 255.255.255.0
01b7.0813.8811.66
console(config-dhcp)# lease 1
Table 9-53. Network Pool CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 299
Excluded Addresses
By default, the DHCP server assumes that all pool addresses in a pool may be
assigned to clients. A single IP address or a range of IP addresses can be
excluded.
To define an excluded address range:
1
Click
System
>
DHCP Server
>
Excluded Addresses
in the tree view to
display the
Excluded Addresses: Summary
page.
Figure 9-44. Excluded Addresses: Summary
The previously-defined excluded IP addresses are displayed.
2
To add a range of IP addresses to be excluded, click
Add
, and enter the
fields:
Start IP Address
— First IP address in the range of excluded IP
addresses.
300 Dell PowerConnect 55xx Systems User Guide
End IP Address
— Last IP address in the range of excluded IP
addresses.
Excluding Addresses Using CLI Commands
The following table summarizes the CLI commands for excluding addresses.
The following is an example of the CLI commands:
Table 9-54. Excluding Addresses Using CLI Commands
CLI Command Description
ip dhcp excluded-address low-
address [high-address]
no ip dhcp excluded-address
low-address [high-address]
Configures a DHCP address pool on a
DHCP Server and enter DHCP Pool
Configuration mode.
Use the no form of this command to
remove the address pool.
show ip dhcp excluded-addresses Displays the excluded addresses.
console(config)# ip dhcp excluded-address 172.16.1.100
172.16.1.199
console> show ip dhcp excluded-addresses
The number of excluded addresses ranges is 2
Excluded addresses:
10.1.1.212- 10.1.1.219, 10.1.2.212- 10.1.2.219
Dell PowerConnect 55xx Systems User Guide 301
Static Hosts
To manually allocate permanent IP addresses to clients (known as static
hosts):
1
Click
System
>
DHCP Server
>
Static Hosts
in the tree view to display
the
Static Hosts: Summary
page.
Figure 9-45. Static Hosts: Summary
The static hosts are displayed.
2
To add a static host, click
Add
, and enter the fields:
Host Name —
Enter the host pool name, which can be a string of
symbols and an integer.
IP Address —
Enter the IP address that was statically assigned to the
host.
Network Mask —
Enter the pool’s network mask.
Prefix Length
Enter the number of bits that comprise the address
prefix.
302 Dell PowerConnect 55xx Systems User Guide
Client Identifier —
Enter a unique identification of the client
specified in dotted hexadecimal notation, such as: 01b6.0819.6811.72.
or:
MAC Address —
Enter the MAC address of DHCP static host.
Client Name —
The name of the client, using a standard set of ASCII
characters. The client name must not include the domain name.
Default Router
— Enter the default router for the DHCP client.
Domain Name Server
— Enter the DNS server available to the DHCP
client.
Domain Name
— Enter the domain name for a DHCP client. The
domain name may contain up to 32 characters.
NetBIOS WINS Server
— Enter the NetBIOS WINS name server
available to a DHCP client.
NetBIOS Node Type
— Select how to resolve the NetBIOS name.
Valid node types are:
Empty
— Default value.
Broadcast
— IP Broadcast messages are used to register and
resolve NetBIOS names to IP addresses.
Peer-to-Peer
— Point-to-point communications with a NetBIOS
name server are used to register and resolve computer names to IP
addresses.
Mixed
— A combination of b-node and p-node communications
is used to register and resolve NetBIOS names. M-node first uses
b-node; then, if necessary, p-node. M-node is typically not the best
choice for larger networks because its preference for b-node
Broadcasts increases network traffic.
Hybrid
— A hybrid combination of b-node and p-node is used.
When configured to use h-node, a computer always tries p-node
first and uses b-node only if p-node fails. This is the default.
SNTP Server
— Enter the IP address of the time server for the DHCP
client.
Dell PowerConnect 55xx Systems User Guide 303
Next Server
— Enter the IP address of the next server in the boot
process of a DHCP client. If the next server in the boot process is not
configured, the DHCP server uses inbound interface helper addresses
as boot servers.
Next Server Name
— Enter the name of the next server in the boot
process.
Image File Name
— Enter the name of the file that is used as a boot
image.
Defining Static Hosts Using CLI Commands
The following table summarizes the CLI commands for defining static hosts.
See Table 11-53 for the remaining CLI commands that are common to the
Network Pool pages, but are used in the context DHCP Pool Host context.
Table 9-55. Defining Static Hosts Using CLI Commands
CLI Command Description
ip dhcp pool host
no ip dhcp pool host
Configures a DHCP static address
on a DHCP Server and enters the
DHCP Pool Host Configuration
mode.
Use the no form of this command to
remove the address pool.
ip host name address [address2
address3 address4]
no ip host name
Defines the static host name-to-
address mapping in the host cache.
Use the no form of this command to
remove the static hostname-to-
address mapping.
show hosts Displays the default domain name,
the list of name server hosts, the
static and the cached list of host
names and addresses.
clear host Deletes entries from the host name-
to-address cache.
304 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console(config)# ip dhcp pool host station
console(config-dhcp)#ip host accounting.website.com
176.10.23.1
console# show hosts
System Name:
Default domain: Domain name is not configured
Name/address lookup is enable
Name servers (Preference order): 1.1.1.1 1.1.1.2 1.1.1.3
1.1.1.4 1.1.1.5
Configured host name-to-address mapping:
Host IP Address
--------------------------------- -----------------------
accounting.website.com 176.10.23.1
Dell PowerConnect 55xx Systems User Guide 305
Address Binding
Use the
Address Binding
page to view and remove the IP addresses allocated
by the switch and their corresponding MAC addresses.
To view and/or remove address bindings:
•Click
System
>
DHCP Server
>
Address Binding
in the tree view to
display the
Address Binding
page.
Figure 9-46. Address Binding
The following fields for the address bindings are displayed:
IP Address
— The IP addresses of the client.
Client Identifier/MAC Address
— A unique identification of the
client specified as a MAC Address or in dotted hexadecimal notation,
e.g., 01b6.0819.6811.72.
Lease Expiration
— The lease expiration date and time of the host’s
IP address.
Ty p e
— The manner in which the IP address was assigned to the
client. The possible options are:
Static
— The hardware address of the host was mapped to an IP
address.
306 Dell PowerConnect 55xx Systems User Guide
Permanent
— The IP address, obtained dynamically from the
switch, is owned by the client permanently (unless changes in the
network environment/connections take place, for any reason).
Dynamic
— The IP address, obtained dynamically from the
switch, is owned by the client for a specified period of time. The
IP address is revoked at the end of this period, at which time the
client must request another IP address.
Dell PowerConnect 55xx Systems User Guide 307
SNMP
This section describes the Simple Network Management Protocol (SNMP)
for managing network devices.
It contains the following topics:
SNMP Overview
SNMP Global Settings
•SNMP Views
SNMP Access Control (Groups)
SNMP User Security Model (Users)
SNMP Communities
SNMP Notification Filters
SNMP Notification Recipients
SNMP Overview
The switch supports the SNMPv1, SNMPv2 and SNMPv3.
SNMP v1 and v2
The SNMP agent maintains a list of variables that are used to manage the
switch. These variables are stored in the Management Information Base
(MIB) from which they may be presented. The SNMP agent defines the MIB
specification format, as well as the format used to access the information over
the network. Access rights to the SNMP agents are controlled by access
strings.
SNMPv1 and v2 are enabled by default.
SNMP v3
In addition to the features provided by SNMPv1 and SNMPv2, SNMPv3
applies access control and a new trap mechanism to SNMPv1 and SNMPv2
PDUs. In addition, a User Security Model (USM) can be defined, which
includes:
Authentication
— Provides data integrity and data origin authentication.
308 Dell PowerConnect 55xx Systems User Guide
Privacy
— Protects against disclosure of message content. Cipher Block-
Chaining
(CBC) is used for encryption. Either authentication alone can
be enabled on an SNMP message, or both authentication and privacy can
be enabled on an SNMP message. However privacy cannot be enabled
without authentication.
Timeliness
— Protects against message delay or message redundancy. The
SNMP agent compares incoming message to the message time
information.
Key Management
— Defines key generation, updates, and use.
The switch supports SNMP notification filters, based on Object IDs (OIDs),
which are used by the system to manage switch features.
Authentication or Privacy Keys are modified in the User Security Model
(USM).
SNMPv3 can only be enabled if the Local Engine ID is enabled.
SNMP Access Rights
Access rights in SNMP are managed in the following ways:
SNMPv1 and SNMPv2
— Communities
The community name is a password sent by the SNMP management
station to the device for authentication purposes.
A community string is transmitted along with the SNMPv1,v2 frames, but
neither the frames nor the community string are encrypted. Since
SNMPv1 and SNMPv2 are not encrypted, they are not secure.
Communities can be associated with views or groups, and they are defined
in the
Community
pages.
SNMPv3
— Users and Groups
SNMP v3 works with users instead of communities. The users belong to
groups that have access rights assigned to them. Users are defined in the
User Security Model
pages
SNMPv3 provides two security mechanisms:
Authentication
— The switch checks that the SNMP user is an
authorized system administrator. This is done for each and every
frame.
Dell PowerConnect 55xx Systems User Guide 309
Privacy
— SNMP frames can carry encrypted data.
These mechanisms can be combined to provide three levels of security:
–No security
Authentication
Authentication and Privacy. Note that for both authentication and
privacy to be enabled, two groups with the same name, one with
authentication and one with privacy, must be created.
A group is a label for a combination of attributes that determines whether
members have read, write, and/or notify privileges. Users can be associated
with a group. A group is operational only when it is associated with an
SNMP user.
Model OIDs
The following are the switch model Object IDs (OIDs):
SNMP Global Settings
The Engine ID is used by SNMPv3 entities to uniquely identify themselves.
An SNMP agent is considered an authoritative SNMP engine. This means
that the agent responds to incoming messages (Get, GetNext, GetBulk, Set),
and sends Trap messages to a manager. The agent's local information is
encapsulated in fields in the message.
Each SNMP agent maintains local information that is used in SNMPv3
message exchanges (not relevant for SNMPv1 or SNMPv2). The default
SNMP Engine ID is comprised of the enterprise number and the default
MAC address. The SNMP engine ID must be unique for the administrative
domain, so that no two devices in a network have the same engine ID.
Model Name Object ID
PC5524 10895.3030
PC5524P 10895.3032
PC5548 10895.3031
PC5548P 10895.3033
310 Dell PowerConnect 55xx Systems User Guide
The local information is stored in four read-only MIB variables:
snmpEngineId, snmpEngineBoots, snmpEngineTime, and
snmpEngineMaxMessageSize.
To configure SNMP:
1
Click
System
>
SNMP
>
Global Parameters
in the tree view to display
the
Global Parameters
page.
Figure 9-47. Global Parameters
The global parameters are displayed.
2
Enter the fields:
Local Engine ID
(10-64 Hex Characters)
— Check and enter the
local device engine ID. The field value is a hexadecimal string. Each
byte in hexadecimal character strings is two hexadecimal digits. Each
byte can be separated by a period or a colon. The Engine ID must be
defined before SNMPv3 is enabled.
For stacked devices, verify that the Engine ID is unique for the
administrative domain. This prevents two devices in a network from
having the same Engine ID.
Dell PowerConnect 55xx Systems User Guide 311
Use Default
— Check to use the device-generated Engine ID. The
default Engine ID is based on the device MAC address, and is defined
per standard as:
First 4 octets
— First bit = 1, the rest is IANA Enterprise number
= 674.
Fifth octet
— Set to 3 to indicate the MAC address that follows.
Last 6 octets
— MAC address of the device.
SNMP Notifications
— Enable/disable the switch sending SNMP
notifications.
Authentication Notifications
— Enable/disable the switch sending
SNMP traps when authentication fails.
Setting SNMP Global Parameters Using CLI Commands
The following table summarizes the CLI commands for setting fields in the
Global Parameters page.
Table 9-56. SNMP Global Parameters Commands
CLI Command Description
snmp-server engine ID local
{engine-id-string|default}
no snmp-server engine ID
local
Specifies the local device engine ID. The
field values is a hexadecimal string. Each
byte in hexadecimal character strings is two
hexadecimal digits. Each byte can be
separated by a period or colon. The Engine
ID must be defined before SNMPv3 is
enabled.
Use the no form of this command to
remove the configured engine ID.
snmp-server enable traps
no snmp-server enable traps
Enables the router to send Simple Network
Management Protocol traps.
Use the no form of the command to disable
SNMP traps.
312 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
SNMP Views
An SNMP view, which is a collection of MIB subtrees, provides or blocks
access to device features.
Each subtree is defined by the Object ID (OID) of the root of its subtrees. In
extreme cases this subtree can be a leaf. Well-known names can be used to
specify the root of the desired subtree, or an OID can be entered (see "Model
OIDs" on page 309).
Each subtree is either included in or excluded from the view being defined.
snmp-server trap
authentication
no snmp-server trap
authentication
Enables the router to send Simple Network
Management Protocol traps when
authentication fails.
Use the no form of this command to
disable SNMP failed authentication traps.
show snmp Checks the status of SNMP
communications.
console(config)# snmp-server enable traps
console(config)# snmp-server trap authentication
console(config)# snmp-server engineid local default
The engine-id must be unique within your administrative
domain.
Do you wish to continue? [Y/N]y
The SNMPv3 database will be erased. Do you wish to
continue? [Y/N]y
Table 9-56. SNMP Global Parameters Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 313
Views can be attached to groups in the Access Control pages.
To create an SNMP view:
1
Click
System
>
SNMP
>
View Settings
in the tree view to display the
View Settings: Summary
page.
Figure 9-48. View Setting: Summary
2
Select a view name. Its subtrees are displayed.
3
To remove a subtree from an SNMP view, click
Remove
. The subtrees of
the default views (Default, DefaultSuper) cannot be changed.
4
To add a new view, click
Add
, and enter a new
View Name (1-30
Characters)
.
5
To complete the definition of the view, click
Edit
, and select a
View Name
to modify. Enter the fields:
New Object ID Subtree
— Check to specify the device feature OID
included or excluded in the selected SNMP view.
314 Dell PowerConnect 55xx Systems User Guide
Selected from List
— Select the device feature OID by using the
Up
and
Down
buttons to scroll through a list of all device OIDs.
Or:
Insert
— Specify the device feature OID.
View Type
— Specify if the defined OID branch will be included or
excluded in the selected SNMP view.
Defining SNMP Views Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the View Settings pages.
The following is an example of CLI commands:
Table 9-57. SNMP View CLI Commands
CLI Command Description
snmp-server view view-name
oid-tree {included|excluded}
no snmp-server view view-name
[oid-tree]
Creates or updates a SNMP server view
entry.
Use the no form of this command to
remove an SNMP server view entry.
show snmp views [viewname]Displays the configuration of a view or all
views.
console(config)# snmp-server view user1 1 included
console(config)# end
console# show snmp views
Name OID Tree Type
------------ --------------- --------
user1 system included
Default iso included
Default snmpVacmMIB excluded
Default usmUser excluded
Default rndCommunityTable excluded
DefaultSuper iso included
Dell PowerConnect 55xx Systems User Guide 315
SNMP Access Control (Groups)
For ease of use, users may be assigned to groups. In this way, it is possible to
assign feature access rights to an entire group, instead of assigning them
individually to users. Users are created in the User Security Model pages.
Groups can be defined in any version of SNMP, but only SNMPv3 groups can
be assigned authentication methods.
To add an SNMP group, and assign it access control privileges:
1
Click
System
>
SNMP
>
Access Control
in the tree view to display the
Access Control: Summary
page.
Figure 9-49. Access Control: Summary
Previously-defined groups are displayed.
2
To add a new group, click
Add
, and enter the fields:
Group Name (1-30 Characters)
— Enter a group name.
316 Dell PowerConnect 55xx Systems User Guide
Security Model
— Select the SNMP version of the group.
Security Level
— Select the security level attached to the group.
Security levels apply to SNMPv3 only. The possible options are:
No Authentication
— Neither authentication nor the privacy
security levels are assigned to the group.
Authentication
— Authenticates SNMP messages, and ensures
that the origin of the SNMP message is authenticated.
Privacy
— Encrypts SNMP message.
Operation
— Select the group access rights. The possible options are:
Read
— The management access is restricted to read-only, and
changes cannot be made to the assigned SNMP view. If desired,
select a view from the drop-down list.
Write
— The management access is read-write and changes can
be made to the assigned SNMP view. If desired, select a view from
the drop-down list.
Notify
— Sends traps for the assigned SNMP view. If desired,
select a view from the drop-down list.
Defining SNMP Access Control Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the Access Control pages.
Table 9-58. SNMP Access Control CLI Commands
CLI Command Description
snmp-server group groupname
{v1|v2|v3 {noauth|auth|priv}}
[read readview] [write
writeview] [notify notifyview]
no snmp-server group groupname
{v1|v2|v3 [noauth|auth|priv]}
[context-name]
Configure a new Simple Network
Management Protocol (SNMP)
group, or a table that maps SNMP
users to SNMP views.
Use the no form of this command to
remove a specified SNMP group.
show snmp groups [groupname]Displays the configuration of groups
Dell PowerConnect 55xx Systems User Guide 317
The following is an example of the CLI commands:
SNMP User Security Model (Users)
An SNMP user is defined by the following:
Login credentials (username, password, and authentication method)
Context and scope in which the user operates
Association with a group
•Engine ID
SNMP user login credentials are verified using a local database.
After a user is authenticated, it takes on the attributes of its group, and can
then access the views permitted to this group. A user can only be a member of
a single group.
Before you create an SNMPv3 user, create an SNMPv3 group in the Access
Control pages.
When the configuration file is saved, SNMP communities/users are not
saved. This means that if you configure another device with this
configuration file, you must define the SNMP communities/users on that
device.
console (config)# snmp-server group user-group v3 priv
read user-view
console# show snmp groups
Name Security Views
Model Level Read Write Notify
----- ----- ------- ------- ------- ----------
1 V1 noauth - - -
2 V1 noauth - - -
3 V1 noauth - - -
4 V1 noauth - - -
5 V1 noauth - - -
318 Dell PowerConnect 55xx Systems User Guide
To create an SNMP V3 user, and assign it to a group and view:
1
Click
System
>
SNMP
>
User Security Model
in the tree view to display
the
User Security Model: Summary
page.
Figure 9-50. User Security Model: Summary
The currently-defined users and their groups are displayed.
2
To add a user, click
Add
, and enter the fields:
User Name
(1-30 Characters) — Enter a new user name.
Engine ID
— Specifies the local or remote SNMP entity, to which the
user is connected. Changing or removing the local SNMP Engine ID
deletes the SNMPv3 User Database. Select either
Local
or
Remote
. If
Remote
is selected, enter the remote engine ID.
Group Name
— Select from a list of user-defined SNMP groups.
SNMP groups are defined in the
Access Control Group
pages.
Dell PowerConnect 55xx Systems User Guide 319
Authentication Method
— Select an authentication method used to
authenticate users. The possible options are:
None
— No user authentication is used.
MD5
Password
— HMAC-MD5-96 password is used for
authentication.
SHA Password
— Users are authenticated using the HMAC-SHA-
96 authentication level.
MD5
Key — Users are authenticated using the HMAC-MD5
algorithm.
SHA
Key — Users are authenticated using the HMAC-SHA-96
authentication level.
Password
(0-32 Characters)
— If the MD5 Password or SHA Password
authentication method was selected, enter the user-defined password
for a group.
Authentication Key (MD5-16; SHA-20 Hex Characters)
— If the
MD5 Key or SHA Key authentication method was selected, enter the
HMAC-MD5-96 or HMAC-SHA-96 keys. The authentication and
privacy keys are entered to define the authentication key. If only
authentication is required, 16 bytes are defined for MD5. If both
privacy and authentication are required, 32 bytes are defined for MD5.
Each byte in hexadecimal character strings is two hexadecimal digits.
Each byte can be separated by a period or a colon.
Privacy Key (16 Hex Characters)
— If the MD5 Key or SHA Key
authentication method was selected, enter the privacy key. If only
authentication is required, 20 bytes are defined. If both privacy and
authentication are required, 16 bytes are defined. Each byte in
hexadecimal character strings is two hexadecimal digits. Each byte can
be separated by a period or colon.
320 Dell PowerConnect 55xx Systems User Guide
Defining SNMPv3 Users Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the User Security Model pages.
The following is an example of the CLI commands:
SNMP Communities
When using SNMP v1,2, communities strings (passwords) are used to provide
access rights in the following ways:
Basic Table
— The access rights of a community can be read-only, read-
write, or SNMP Admin. In addition, you can restrict access to the
community to only certain MIB objects using a
view
. Views are defined in
the
Views Setting
pages.
Advanced Table
— Access rights to a community are assigned to a group
that consists of users. A group can have Read, Write, and Notify access to
views. Groups are defined in the
Access Control
pages.
Table 9-59. SNMP Users CLI Commands
CLI Command Description
snmp-server user username groupname
{v1|v2c|[remote-host] v3 [encrypted]
[auth {md5|sha} auth-password]}
no snmp-server user username [remote-
host]
Configures a new SNMP V3
user.
Use the no form of the
command to remove a user.
show snmp users [username]Displays the configuration of
users.
console(config)# snmp-server user tom acbd v1
console(config)# snmp-server user tom acbd v2c
console(config)# snmp-server user tom acbd v3
Dell PowerConnect 55xx Systems User Guide 321
To define an SNMP community:
1
Click
System
>
SNMP
>
Communities
in the tree view to display the
Communities: Summary
page.
Figure 9-51. SNMP Community
The Basic and Advanced tables are displayed.
2
To add a new community, click
Add
.
3
Define the SNMP management station by entering its IP address
information:
Supported IP Format
— Select whether the IPv4 or IPv6 format is
being used.
IPv6 Address Type
— When the community supports IPv6, this
specifies the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
322 Dell PowerConnect 55xx Systems User Guide
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
SNMP Management Station
— Enter the management station IP
address for which the SNMP community is defined, or choose
All
to
be able to receive SNMP messages from anywhere.
Community String (1-20 Characters)
— Enter the community string,
which functions as a password, and is used to authenticate the
management station to the device.
4
To associate access mode and views directly with the community, enter the
fields:
Basic
— Check to enable
SNMP Basic mode for a selected
community.
Access Mode
— If Basic is selected, specify the access rights of the
community. The possible options are:
Read-Only
— Management access is restricted to read-only, and
changes cannot be made to the community.
Read-Write
— Management access is read-write and changes can
be made to the device configuration, but not to the community.
SNMP Admin
— User has access to all device configuration
options, as well as permissions to modify the community.
View Name
— Select a view from a list of user-defined SNMP views.
The view determines other characteristics associated with the
community.
5
To use Advanced mode, enter the fields:
Advanced
— When SNMP Advanced mode is selected, you can select
an SNMP group to specify the SNMP access control rules for the
selected community. The SNMP Advanced mode is defined only with
SNMPv3.
Dell PowerConnect 55xx Systems User Guide 323
Group Name
— Select the group to be associated with the
community.
Configuring Communities Using CLI Commands
The following table summarizes the CLI commands for setting fields in the
Community pages.
The following is an example of the CLI commands:
SNMP Notification Filters
Notification filters determine the type of SNMP notifications that are sent to
the management station, based on the OID of the notification to be sent.
Each OID is linked to a device feature or a feature aspect.
SNMP notification filters provide the following services:
Identification of management trap targets
•Trap filtering
Table 9-60. SNMP Community CLI Commands
CLI Command Description
snmp-server community community
[view view-name] [ro|rw|su]
{ipv4-address|ipv6-address}
[mask mask-value|prefix-length
prefix-value] [type router|oob]
Sets up the community access string
to permit access to the SNMP
protocol.
Use the no form of this command to
remove the specified community
string
snmp-server community-group
community group-name [ipv4-
address|ipv6-
address][mask|prefix-length]
[type router|oob]
no snmp-server community string
[ipv4-address|ipv6-address]
Sets up community access string to
permit limited access to the SNMP
protocol, based on group access
rights.
show snmp Displays the current SNMP device
configuration.
console (config)# snmp-server community dell ro 10.1.1.1
324 Dell PowerConnect 55xx Systems User Guide
Selection of trap generation parameters
Access control checks
After creating a notification filter, attach it to a notification recipient in the
SNMPv1,2 Notification Recipients pages.
To add a notification filter:
1
Click
System
>
SNMP
>
Notification Filters
in the tree view to display
the
Notification Filter: Summary
page.
Figure 9-52. Notification Filter: Summary
2
The OIDs of the selected filter are displayed.
3
If required, the notification filter type can be changed by selecting one of
the following options:
Excluded
— OID traps or informs will not be sent.
Included
— OID traps or informs will be sent.
Dell PowerConnect 55xx Systems User Guide 325
4
To add a new notification filter, click
Add
.
5
In addition to the fields described in the
Summary
page, enter the fields:
Filter Name (1-30 Characters)
— Enter the notification filter name.
New Object Identifier Tree
— Check to specify the device feature
OID included or excluded in the selected SNMP view.
Selected from List
— Select the device feature OID by using the
Up
and
Down
buttons to scroll through a list of all device OIDs.
or:
Object ID
— Specify the device feature OID.
Filter Type
— Select whether the defined OID branch will be
Included
or
Excluded
in the selected SNMP view.
Configuring Notification Filters Using CLI Commands
The following table summarizes CLI commands for defining fields displayed
in the Notification Filter pages.
Table 9-61. SNMP Notification Filter CLI Commands
CLI Command Description
snmp-server filter filter-name oid-
tree {included|excluded}
no snmp-server filter filter-name
[oid-tree]
Creates or updates an SNMP
notification filter.
Use the no form of this
command to remove the
specified SNMP server filter
entry.
show snmp filters [filter-name]Displays the configuration of
SNMP notification filters
326 Dell PowerConnect 55xx Systems User Guide
The following is an example of CLI commands:
SNMP Notification Recipients
An SNMP notification is a trap message, sent from the switch to the SNMP
management station, indicating that a certain event has occurred, such as a
link up or down.
Trap receivers, also known as notification recipients, are network nodes to
which trap messages are sent by the switch.
A trap receiver entry contains the IP address of the node and the SNMP
credentials corresponding to the version that will be included in the trap
message. When an event arises that requires a trap message to be sent, it is
sent to every node listed in the trap receiver list.
Some messages are of an informational nature and are called "informs"
instead of traps.
console (config)# snmp-server filter user1 iso included
console(config)# end
console # show snmp filters
Name OID Tree Type
----------- ------------- --------
user1 iso Included
Dell PowerConnect 55xx Systems User Guide 327
To add notification recipients, and attach them to notification filters:
1
Click
System
>
SNMP
>
Notification Recipient
in the tree view to
display the
Notification Recipients: Summary
page.
Figure 9-53. Notification Recipients: Summary
The previously-defined notification recipients are displayed.
2
To add a new notification recipient, click
Add
, and enter the fields:
Supported IP Format
— Select whether the IPv4 or IPv6 format is
supported.
IPv6 Address Type
— When the recipient supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
328 Dell PowerConnect 55xx Systems User Guide
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The IPv6 interface is configured on this VLAN.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
Recipient IP
— The IP address to whom the traps are sent.
Notification Type
— The notification sent. The possible options are:
Trap
— Traps are sent.
Inform
— Informs are sent.
If SNMP versions 1 and 2 are enabled for the selected recipient, enter the
fields:
Community String
— The community string of the trap manager.
Notification Version
— The message trap SNMP version (v1 or v2).
If SNMPv3 is used to send and receive traps, enter the fields:
User Name
— The user to whom SNMP notifications are sent.
Security Level
— The means by which the packet is authenticated.
The possible options are:
No Authentication
— The packet is neither authenticated nor
encrypted.
Authentication
— The packet is authenticated.
Privacy
— The packet is both authenticated and encrypted.
3
Enter the fields for all versions of SNMP:
UDP Port (1-65535)
— The UDP port used to send notifications. The
default is 162.
Filter Name
— Select an SNMP filter from a list of previously-defined
SNMP filters.
Timeout (1-300)
— The amount of time (seconds) the device waits
before resending informs.
Retries (1-255)
— The amount of times the device resends an inform
request.
Dell PowerConnect 55xx Systems User Guide 329
Configuring SNMP Notification Recipients Using CLI Commands
The following table summarizes the CLI commands for setting fields in the
Notification Recipients pages.
The following is an example of the CLI commands:
Table 9-62. SNMP Notification CLI Commands
CLI Command Description
snmp-server host {ipv4-
address|ipv6-address|hostname}
[traps|informs] [version {1|2c|3
[auth|noauth|priv]}] community-
string [udp-port port] [filter
filtername] [timeout seconds]
[retries retries]
no snmp-server host {ipv4-
address|ipv6-address|hostname}
[traps|informs] [version {1|2c|3}]
Creates or updates a notification
recipient receiving notifications in
SNMP version 1, 2 or 3.
Use the no form of this command to
remove the specified host.
show snmp Shows the current SNMP
configuration.
console(config)# snmp-server host 172.16.1.1 private
console(config)# end
console# show snmp
Community-
String
Community-
Access
View Name IP Address
------------- ------------ --------- ----------
public read only user-view All
private read write default 172.16.1.1
private su DefaultSup
er
172.17.1.1
330 Dell PowerConnect 55xx Systems User Guide
File Management
This section describes how to manage device firmware (image files) and
configuration files.
It contains the following topics:
File Management Overview
Auto-Update/Configuration Feature
File Download
•File Upload
•Active Images
•Copy Files
•File System
File Management Overview
This section describes the system files found in the system and how they can
be updated (downloaded) and backed up (uploaded).
System Files
The following system files are maintained on the system:
Startup Configuration File
— Files with extension
.text
. These files
contain the commands required to configure the device at startup or after
reboot. The Startup Configuration file is created from the Running
Configuration file, or can be created from another file.
Running Configuration File
— Files with extension
.text
. These files
contain all Startup Configuration file commands, as well as all commands
entered during the current session. After the device is powered down or
rebooted, all commands stored in the Running Configuration file are lost.
During the startup process, all commands in the Startup Configuration
file are copied to the Running Configuration file, and applied to the
device.
During the session, new configuration commands are added to the
Running Configuration file. To update the Startup Configuration file with
these configuration commands, the Running Configuration file must first
be copied to the Startup Configuration file before powering down the
Dell PowerConnect 55xx Systems User Guide 331
device. This can be done manually in the Copy Files page or see "Auto-
Update/Configuration Feature" on page 331 for more information about
how to perform this automatically.
Image Files
—Files with extension
.ros
. System file images are saved in two
flash files called Image 1 and Image 2. The active image
contains the
active copy, while the other image contains a backup copy. The device
boots and runs from the active
image. If the active image is corrupted, the
system automatically boots from the non-active image. This is a safety
feature for faults occurring during the software upgrade process.
Downloading/Uploading System Files
System files can be manually loaded from (downloaded) or copied to
(uploaded) a TFTP server or a USB drive. This can be done in one of the
following ways:
Manually
—System files can be downloaded using the
File Download
page
and uploaded using the
File Upload
page.
Automatically (Auto Update/Configuration)
—System files can be
downloaded automatically, as follows:
Auto-Configuration
—If the Auto-Configure feature is enabled (in the
Auto Update of Configuration/Image File page), the Startup
Configuration file (in various conditions described below) might be
automatically updated after reboot.
Auto-Update
—If the Firmware Auto-Update feature is enabled in the
Auto Update of Configuration/Image File page, the image file is might
be automatically updated (in various conditions described below).
Auto-Update/Configuration Feature
The Auto-Update/Configuration feature enables initial configuration of the
device and upgrading of the firmware through an automatic process, which
enables the administrator to ensure that the configuration/firmware of all the
devices in the network is up-to-date.
332 Dell PowerConnect 55xx Systems User Guide
The required configuration files/images are stored on a USB key or TFTP
server, and these are downloaded to all the devices in the network when the
device boots up instead of booting from a local startup configuration file.
Auto-Update/Configuration also enables quick installation of new devices on
the network, since an out-of-box device can be configured to retrieve its
configuration file from the network/USB, allowing instant access to it from
the administrator's management station and up-to-date configuration on the
device.
NOTE: If Auto-Update is performed through the USB port, in addition to upgrading
the Startup Configuration and image file, a new IP address can also be assigned
to the device. See "Setup Files" on page 332 below.
Setup Files
In addition to placing configuration and image files on the USB key, the USB
key might also contain a setup file, which is a file with a .setup extension.
Setup File Contents
A setup file contains one or more lines. Each line contains some or all of the
following fields:
MAC Address
—This indicates to which device the line applies. In this
way, a single setup file can be used for multiple devices.
New IP Address
—The new IP address to be assigned to the device.
New IP Address Mask
—The IP address mask to be applied to the new IP
address assigned to the device.
Configuration File Name
—Name of the configuration file to be used as
the Startup Configuration.
Image File Name
—Name of the image file to be loaded on device.
Flag
—Indicates the status of the line. The following values can be used in
this field:
In-Use
—This line has already been applied. It is no longer a candidate
for future use.
Invalid
—The line is invalid, do not use.
Blank
—There is no value for the flag field. This line is a candidate to
be applied to the device.
Dell PowerConnect 55xx Systems User Guide 333
Setup File Format
A line in a setup file contains all or some of the above fields separated by
spaces (in the following order):
<MAC-Address> <New-IP-Address> <New-IP-Mask> <Configuration-
File-Name> <Image-File-Name> <flag>
If the <flag> field is omitted, it is considered to be blank.
A line can be in one of the following formats:
Format A—Contains all possible fields:
<MAC_address (of device)> <New_IP_Address> <New_IP_Mask>
<Configuration-File-Name> <Image-File-Name> <flag>
Examples:
0080.c200.0010 192.168.0.10 255.255.255.0 switch-X.text pc5500-
4018.ros
This means that the line applies to the device with MAC address:
0080.c200.0010
; a new IP address of
192.168.0.10
is to be assigned to
the device, with mask:
255.255.255.0
. The
switch-x.text
is the Startup
Configuration file and
pc5500-4018.ros
is the new image file.
0080.c200.0010 192.168.0.10 255.255.255.0 switch-X.text pc5500-
4018.ros in-use
This line will not be used because the flag is
in-use
indicating that it
has already been used for some device, and it would be incorrect to use
if for another device.
0080.c200.0010 192.168.0.10 255.255.255.0 switch-X.text pc5500-
4018.ros invalid
This line will not be used because the flag is
invalid
indicating that it
is failed in the past.
334 Dell PowerConnect 55xx Systems User Guide
Format B—Contains the following 4 fields:
<MAC_address> <Configuration-File-Name> <Image-File-Name>
<flag>
Example:
0080.c200.0010 switch-X.text pc5500-4018.ros
This means that the line applies to the device with MAC address:
0080.c200.0010
. The s
witch-x.text
is the Startup Configuration file and
pc5500-4018.ros
is the new image file.
Format C—Contains the following 5 fields:
<IP_address> <IP_mask> <Configuration-File-Name> <Image-File-
Name> <Flag>
Example:
192.168.0.10 255.255.255.0 switch.text pc5500-4018.ros
This means that the line applies to any device (no MAC address is
supplied); a new IP address of 192.168.0.10 is to be assigned to the device,
with mask: 255.255.255.0. The
switch-x.text
is the Startup Configuration
file and
pc5500-4018.ros
is the new image file.
Format D—Contains the following 3 fields:
<IP_address> <IP_mask> <Flag>
Example:
192.168.0.10 255.255.255.0
This means that the line applies to any device (no MAC address is
supplied); a new IP address of 192.168.0.10 is to be assigned to the device,
with mask: 255.255.255.0.
Dell PowerConnect 55xx Systems User Guide 335
Triggering the Auto-Update/Configuration Process
When the Auto-Update/Configuration feature is enabled (in the Auto
Update of Configuration/Image File page), the device automatically attempts
to download a new image or configuration file (under certain circumstances)
using one of the following processes:
The Auto-Update process is triggered from the USB drive if
a USB key in
the USB drive is found.
The Auto-Configuration process
is triggered from the USB drive
after the
Auto-Update process completed and the device was rebooted (if a new
image file was loaded), and if the following conditions are fulfilled:
There is a USB key in the USB drive.
Force Configuration Download at Next Startup has been enabled by
the boot host dhcp command, or the Startup Configuration file is
empty.
See "Performing Auto-Update from a USB Drive" on page 336.
The Auto-Update from a TFTP server is triggered if the following
conditions are fulfilled:
The conditions for a USB Auto-Update are not fulfilled.
An IP address of a TFTP server is received from a DHCP server.
A file name is received from DHCP server.
The Auto-Configuration from a TFTP server is triggered if the following
conditions are fulfilled:
The conditions for USB Auto-Configuration are not fulfilled.
The switch as DHCP client received a configuration file name or a
TFTP URL.
Force Configuration Download at Next Startup enabled by the boot
host dhcp command, or, the Startup Configuration file is empty.
See "Preparations for Using Auto Configuration from a TFTP Server
" on
page 338
.
NOTES:
DHCP client never triggers the Auto-Update process from a TFTP server
after attempting (whether successfully or not) to auto-update/configure
configuration/image file from the USB drive.
336 Dell PowerConnect 55xx Systems User Guide
If the auto process involved setting the IP address of the device from the
setup file, the auto process from the TFTP server can be triggered.
If the USB drive contains a setup file, but that setup file does not include a
line that can be used for the current device, the DHCP client is able to
trigger the Auto-Update process from TFTP (because the USB process
never started at all).
Automatic DHCP IP Interface Assignment
The user can manually define a DHCP interface in the DHCP IPv4 page.
If the user does not do this, the switch automatically creates a DHCP
interface on the VLAN with the lowest VLAN ID that does not have an IP
address defined on it after boot if both of the following conditions are
fulfilled:
There is no DHCP IP interface.
There is a VLAN without an IP address.
Preparations for Using Auto Update/Configuration from a USB Drive
Before Auto-Update/Configuration from a USB drive can be performed, the
following steps must be performed:
1. Enable Auto-Update/Configuration in the Auto Update of
Configuration/Image File page.
2. (Optional) Create a line in the setup file for this device containing the
required options and load it on the USB key.
3. Load configuration/image files on the USB key as required.
4. Insert the USB key in the USB drive and reboot the device.
Performing Auto-Update from a USB Drive
When Auto-Update is initiated from a USB drive, the following steps are
performed:
1. Locate the correct setup file
The USB drive is searched for a setup file.
One of the following can occur:
Setup file is not found—The root folder of the USB is searched for an
image files (with
.ros
extension).
The image file with the most recent version is loaded into the
image file if the versions are different.
Dell PowerConnect 55xx Systems User Guide 337
If a new image file was loaded, the device is rebooted.
The USB drive is searched for a configuration file (
.text
extension). If there is more than one configuration file, the file
named powerconnect.text is loaded (if it is not found the process
is stopped).
One or more setup files are found—If a single setup file is found, it is
used; if several files are found, the file
powerconnect.setup
is used. If
no setup file with this name is found, the process is stopped.
2. Find the line in the setup file relevant to the device
When the correct
setup file is found, it is searched for a line relevant to the device, as
follows:
The setup file is searched for a line with format A or B in which there
is a match to the device's MAC address. If such line is found, and its
format is valid (the <flag> field is empty), the line is applied.
If no line for the specific device was found, the setup file is searched
for valid lines with formats C or D. The first line found is applied.
3. Apply the correct line
When the correct line in the setup file is found,
it is applied, as follows:
If the line contains an IP address and IP mask, the IP address is
configured on the default VLAN.
If the line contains an image file and its version differs from the
current image file version, the USB image file is loaded and the switch
is rebooted.
If a new image file was loaded, it is loaded onto all units in the stack.
If the line contains a configuration file, the configuration file is
appended to running configuration file.
4. Mark the flag in the applied line
When the line is applied (successfully
or not), its flag is set, as follows:
If the line contains an IP address and IP mask (format C or D), the IP
address is configured on the default VLAN and the line is marked as
"in-use". This ensures that the line is not used for another device.
If the line was not applied successfully, for one of the following
reasons, the line is marked as "invalid" and a SYSLOG message is sent.
338 Dell PowerConnect 55xx Systems User Guide
The configuration file specified by the line does not exist on the
USB key or is corrupted.
The image file specified by the line does not exist on the USB key
or is corrupted.
If parsing of the line failed for some other reason, the line is ignored
and a SYSLOG message is sent.
NOTE: When both Auto-Update and Auto-Configuration are performed, the image
file is loaded first, the device is booted and then the configuration file is loaded.
Preparations for Using Auto Configuration from a TFTP Server
The Auto-Update/Configuration feature enables configuring the device from
a configuration file found on the TFTP server.
Two methods may be used:
One-file Read, described in "Auto Configuration (One File Read Method)"
on page 338. This method is used if a configuration file is found on the
TFTP server.
Multi-file Read, described in "Auto Configuration (Multi File Read
Method)" on page 339. This method is used if a configuration file name is
not found on the DHCP server, or the configuration file is not found on
the TFTP server.
Auto Configuration (One File Read Method)
This method
requires the following preparations on the DHCP and TFTP
servers:
•TFTP Server
Place a configuration file, for example
config.txt
in the main directory.
This file can be created by copying a configuration file from a device.
When the device is booted this becomes the Running configuration file.
•DHCP Server
Configure the DHCP server with option 67 and the name of the
configuration file on the TFTP server (for example,
config.txt
).
Configure the DHCP server with option -20 or 66. This is the IP
address of the TFTP server.
Dell PowerConnect 55xx Systems User Guide 339
Device
- On the device, one of the following cases may exist:
–If
Configuration Auto-Config
is selected, the device is configured
with the configuration file on the TFTP server only if the Startup
configuration file is empty.
–If
Force Configuration Download at Next Startup
is selected, the
device is configured with the configuration file on the TFTP server
whether the Startup configuration file is not empty or not.
Auto Configuration (Multi File Read Method)
If the one-file method has failed and the TFTP Server IP address has been
provided by the DHCP Server, the switch applies the multi-file method to
download the configuration file. The following steps are performed by the
switch:
The switch gets the hostname, as described below.
If the hostname was provided by the DHCP server, this hostname is
used.
If the hostname has not been provided by a DHCP server, and if the
user has configured the
sysName
variable, its value is used as a
hostname.
If neither of the above occurred, the switch uses the
fp-net.cfg
Filename List on the TFTP server. Each file in this list is a text file
containing commands, each of which:
•Occupies one line.
Has the following format:
ip host
hostname
ip-addr
. Each line
maps an IP address to a hostname. When the switch identifies its
own IP address in this list, the hostname associated with it is used.
The switch tries to download a configuration file with the following names:
hostname-config
hostname.cfg
if the previous file does not exist
host.cfg
if the previous files do not exist
340 Dell PowerConnect 55xx Systems User Guide
Preparations for Firmware Image Download from TFTP
The image file download consists of the following steps:
The switch downloads the Indirect Image File and extracts from it the
name of the image file.
Note:
If the size of the image name bigger than 160 octets only the first
160 octets will be used
If the image file version differs from the current image file version, then
the image file is loaded and the switch is rebooted.
The preparations on the DHCP and TFTP servers require the following:
•TFTP Server
Create a sub directory in the main directory. Place a software image
file in it.
Create an indirect file that contains a path and the name of the
software version (for example indirect-contax.txt that contains
contax\contax-version.ros).
Copy this file to the TFTP server’s main directory
•DHCP Server
Configure the DHCP server with option -20 or 66. This is the IP
address of the TFTP server.
Configure the DHCP server with option 125. Enter the following
information:
A2-02-00-00 — Enterprise Number 674 (Dell PowerConnet 55xx
value). It should be written from right to left. 674=02 a2
15 — Data Length
01 — Sub option code 1 (Dell PowerConnet 55xx value)
13 — Sub option length
Conversion of the file name (in the above example: conversion of
indirect-contax.txt
from ASCII to HEX - 69-6E-64-69-72-65-63-
74-2D-63-6F-6E-74-61-78-2E-74-78-74
Dell PowerConnect 55xx Systems User Guide 341
Auto Update Configuration through the GUI
To set the auto update and configuration parameters:
. NOTE: For the automatic options in this page to work the following must be
implemented:
Since Auto-Config depends on retrieving information from a DHCP server, the
startup configuration needs to include a DHCP IP interface. The device is
defined as a DHCP client, as described in "DHCP IPv4 Interface" on page 207.
After reboot, this command is not saved in the Startup configuration.
Preparations described above must be completed on the DHCP server and
TFTP servers.
1
Click
System
>
File Management
>
Auto Update of
Configuration/Image File
in the tree view to display the
Auto Update of
Configuration/Image File
page.
Figure 9-54. Auto Update of Configuration/Image File
342 Dell PowerConnect 55xx Systems User Guide
The auto-update-configuration options are displayed.
2
Modify the auto-update configuration parameters as required:
Configuration Auto-Config (boot host auto-config)
— Enable/disable
automatic download of the configuration parameters to the Running
Configuration file. By default, this occurs only if the Startup
Configuration file is empty.
Firmware Auto-Update (boot host auto-update)
— Enable/disable
automatic download of the image file.
Force Configuration Download at Next Startup (boot host dhcp)
Enable/disable the
Configuration Auto Update
option to work even if
the Startup Configuration file is not empty.
Auto-Copy Running Configuration to Startup Configuration After
Download (boot host auto-save)
— Enable/disable the Running
Configuration file to be automatically copied to the Startup
Configuration file after downloading the Running Configuration file.
Auto Update Configuration Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Auto Update of Configuration/Image File page.
Table 9-63. Auto Update of Configuration/Image File CLI Commands
CLI Command Description
boot host auto-config
no boot host auto-config
Enables the support of auto-
configuration via DHCP.
Use the no form of this command to
disable DHCP auto configuration.
boot host auto-update
no boot host auto-update
Enables the support of auto-update via
DHCP.
Use the no form of this command to
disable DHCP auto configuration
Dell PowerConnect 55xx Systems User Guide 343
The following is an example of the CLI command to view the Auto-Update
status:
boot host dhcp
no boot host dhcp
Forces the mechanism used to
download a configuration file at the
next system startup.
Use the no form of this command to
restore the host configuration file to the
default.
boot host auto-save
no boot host auto-save
Enables automatic saving of Running
configuration in Startup configuration
after download.
Use the no form of this command
restore default behavior
show boot Shows the status of the IP DHCP Auto
Config process.
console# show boot
Auto Config
-----------
Config Download via DHCP: enabled
Next Boot Config Download via DHCP: force
Auto Update
-----------
Image Download via DHCP: enabled
Table 9-63. Auto Update of Configuration/Image File CLI Commands (Continued)
CLI Command Description
344 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI command to configure auto-update
on the switch:
File Download
Software and configuration files can be downloaded from an external device
to the switch:
To download from a USB port or when management computer uses HTTP
•To download files using TFTP
console# configure
console(config)# boot host auto-save
console(config)# interface vlan 1
console(config-if)# ip address dhcp
console(config-if)# 01-Oct-2006 15:19:51 %BOOTP_DHCP_CL-W-
DHCPIPCANDIDATE: The device is waiting for IP address
verification on interface Vlan 1 , IP 10.5.225.47, mask
255.255.255.224, DHCP server 10.5.224.25
01-Oct-2006 15:20:03 %BOOTP_DHCP_CL-I-DHCPCONFIGURED: The
device has been configured on interface Vlan 1 , IP
10.5.225.47, mask 255.255.255.224, DHCP server 10.5.224.25
01-Oct-2006 15:20:03 %COPY-I-FILECPY: Files Copy - source
URL tftp://10.5.224.4/33.txt destination URL running-
config
01-Oct-2006 15:20:03 %COPY-N-TRAP: The copy operation was
completed successfully
01-Oct-2006 15:20:03 %COPY-I-FILECPY: Files Copy - source
URL running-config destination URL flash://startup-config
01-Oct-2006 15:20:10 %COPY-N-TRAP: The copy operation was
completed successfully
Dell PowerConnect 55xx Systems User Guide 345
To download from a USB port or when management computer uses HTTP
1
Click
System
>
File Management
>
File Download
in the tree view to
display the
File Download
page.
Figure 9-55. File Download
2
For HTTP, enter the
IP Format
fields for the HTTP server IP address.
Supported IP Format
— Select whether IPv4 or IPv6 format is
supported.
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
346 Dell PowerConnect 55xx Systems User Guide
3
Select a
Firmware/Configuration
option. The possible options are:
Firmware Download
— A firmware file is downloaded.
Configuration Download
— A configuration file is downloaded.
4
Select to download firmware or a configuration file via a USB port or
HTTP in
Download Protocol
.
5
If the
Firmware Download
option was selected, enter the following:
Source File Name (1-64 characters)
— The file to be downloaded.
Destination File Type
— The destination file type to which the file is
downloaded. The possible options are:
Software Image
— Downloads the Image file. The image file
overwrites the non-active image. It is recommended to designate
that the non-active image becomes the active image after reset,
and then to reset the device following the download. During the
Image file download a dialog box opens that displays the
download progress, and browsing is disabled.
Boot Code
— Downloads the Boot file.
6
If the
Configuration Download
option was selected, enter the following:
Server IP Address
— Enter the IP address of the server.
Source File Name (1-64 Characters)
— Enter the source file name.
Destination File Name
— Select the destination file to which the
configuration file is downloaded. The possible options are:
Running Configuration
— Check to download commands into
the Running Configuration file. The current file is overwritten.
Startup Configuration —
Check to download commands into the
Startup Configuration file. The current file is overwritten.
New File Name (1-64 Characters)
— Check to copy commands
into a file in flash memory. Enter the filename.
7
Click
Activate
to start the download process.
Dell PowerConnect 55xx Systems User Guide 347
To download files using TFTP
1
Click
System
>
File Management
>
File Download
in the tree view to
display the
File Download
page.
Figure 9-56. File Download
2
Enter the
IP Format
fields for the TFTP server IP address.
Supported IP Format
— Select whether IPv4 or IPv6 format is
supported.
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
348 Dell PowerConnect 55xx Systems User Guide
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
3
Select a
Firmware/Configuration
option. The possible options are:
Firmware Download
— A firmware file is downloaded.
Configuration Download
— A configuration file is downloaded.
4
Select to download firmware or a configuration file via a TFTP server in
Download Protocol
.
5
If the
Firmware Download
option was selected, enter the following:
Server IP Address
— The IP address of the server from which the
firmware file is downloaded.
Source File Name (1-64 characters)
— The file to be downloaded.
Destination File Type
— The destination file type to which the file is
downloaded. The possible options are:
Software Image
— Downloads the Image file. The image file
overwrites the non-active image. It is recommended to designate
that the non-active image becomes the active image after reset,
and then to reset the device following the download. During the
Image file download a dialog box opens that displays the
download progress. The window closes automatically when the
download is complete.
Boot Code
— Downloads the Boot file.
6
If the
Configuration Download
option was selected, enter the following:
Server IP Address
— The TFTP server IP address from which the
configuration files are downloaded.
Source File Name (1-64 characters)
— The configuration file to be
downloaded.
Dell PowerConnect 55xx Systems User Guide 349
Destination File Name
— The destination file to which the
configuration file is downloaded. The possible options are:
Running Configuration
— Check to download commands into
the Running Configuration file. The current file is overwritten.
Startup Configuration —
Check to download commands into the
Startup Configuration file. The current file is overwritten.
New File Name (1-64 characters)
— Check to download
commands into a configuration backup file. Enter the filename.
7
Click
Activate
to start the download process.
Downloading Files Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the File Download page.
The following is an example of the CLI command:
NOTE: Each exclamation mark (!) indicates that ten packets were successfully
transferred.
File Upload
Software and configuration files can be uploaded to an external device.
To upload from a USB port or when management computer uses HTTP
To upload a file or image using TFTP
Table 9-64. File Download CLI Commands
CLI Command Description
copy source-url destination-
url
Copies files from a source to a
destination.
console# copy tftp://10.6.6.64/pp.txt startup-config
....!
Copy: 575 bytes copied in 00:00:06 [hh:mm:ss]
01-Jan-2000 06:41:55 %COPY-W-TRAP:
The copy operation was completed successfully
350 Dell PowerConnect 55xx Systems User Guide
The following methods can be used:
To upload from a USB port or when management computer uses HTTP
To upload a file or image using TFTP
To upload from a USB port or when management computer uses HTTP
1
Click
System
>
File Management
>
File Upload
in the tree view to
display the
File Upload
page.
Figure 9-57. File Upload
2
Configuration Upload
is selected automatically.
3
Select to upload a configuration file when the management computer is
using HTTP or from a USB port in
Download Protocol
.
4
Enter the fields:
Transfer File Name
— The configuration file to which the
configuration is uploaded. The possible options are:
Running Configuration
— Uploads the Running Configuration
file.
Startup Configuration
— Uploads the Startup Configuration file.
5
Click
Activate
to start the upload process. A message will be displayed
asking where for the path of the destination file.
Dell PowerConnect 55xx Systems User Guide 351
To upload a file or image using TFTP
1
Click
System
>
File Management
>
File Upload
in the tree view to
display the
File Upload
page.
Figure 9-58. File Upload
2
Enter the
IP Format
fields for the TFTP server IP address.
Supported IP Format
— Select whether IPv4 or IPv6 format is
supported.
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
352 Dell PowerConnect 55xx Systems User Guide
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
VLAN
— The VLAN on which the IPv6 interface is configured.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
3
Select one of the options:
Firmware Upload
— A firmware file is uploaded.
Configuration Upload
— A configuration file is uploaded.
4
Select to upload firmware or a configuration file via a TFTP server in
Download Protocol
.
5
If
Firmware Upload
was selected, enter:
TFTP Server IP Address
— The TFTP server IP address to which the
software image is uploaded.
Destination File Name (1-64 Characters)
— The file name to which
the file is uploaded.
6
If
Configuration Upload
was selected, enter:
TFTP Server IP Address
— The TFTP server IP address to which the
configuration file is uploaded.
Destination File Name (1-64 Characters)
— The configuration file
name/path to which the file is uploaded.
Transfer File Name
— The configuration file that is uploaded. The
possible options are:
Running Configuration
— Uploads the Running Configuration
file.
Startup Configuration
— Uploads the Startup Configuration file.
User-defined Files
Uploads the selected file. A user-defined
file is only displayed in this list if one was previously created by a
user, for example, if the user copied the running configuration file
to a user-defined configuration file called BACKUP-SITE-1, the
BACKUP-SITE-1 configuration file is displayed in the list and can
be selected.
7
Click
Activate
to start the upload process.
Dell PowerConnect 55xx Systems User Guide 353
Uploading Files Using CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the File Upload page.
The following is an example of the CLI commands:
Table 9-65. File Upload CLI Commands
CLI Command Description
copy source-url destination-url Copies any file from a source to a
destination.
console# copy image tftp://10.6.6.64/uploaded.ros
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Copy: 4234656 bytes copied in 00:00:33 [hh:mm:ss]
01-Jan-2000 07:30:42 %COPY-W-TRAP:
The copy operation was completed successfully
354 Dell PowerConnect 55xx Systems User Guide
Active Images
There are two firmware images, Image1 and Image2, stored on the switch.
One of these images is identified as the active image, and the other is
identified as the inactive image. The switch boots from the active image.
You can switch the inactive image to the active image, and then reboot the
switch.
The active image file for each unit in the stack can be individually selected.
To select the image file to be used after reset:
1
Click
System
>
File Management
>
Active Images
in the tree view to
display the
Active Images
page.
Figure 9-59. Active Images
The following fields are displayed:
Unit ID
— ID of the unit.
Dell PowerConnect 55xx Systems User Guide 355
Active Image
— The name of the image file that is currently active on
the unit in the stack.
After Reset
— The image file that will be active on the unit in the
stack after the device is reset. The possible options are:
Image 1
— Activates Image file 1 after the device is reset.
Image 2
— Activates Image file 2 after the device is reset.
2
Click
Apply
to select the image file to be used after reset in
After Reset
.
Working with the Active Image File Using CLI Commands
The following table summarizes the CLI commands for viewing fields
displayed in the Active Images
.
The following is an example of the CLI commands:
Copy Files
Firmware and configuration files can be copied between units in the stack.
Use the Copy Files page to perform the following:
Copy the firmware on the Master unit to another unit in the stack.
Copy the master Running Configuration file to the master sTartup
Configuration file, or copy the configuration to a user-defined
configuration file.
Copy the master Startup Configuration file to a backup file on the Flash
file system or to a USB if available.
Table 9-66. Active Image CLI Commands
CLI Command Description
boot system {image-
1|image-2} [switch
number|all]
Sets the system image that the device loads at
startup.
show version [unit
unit]
Displays version information for the system
console# boot system image-1 all
356 Dell PowerConnect 55xx Systems User Guide
Copy a configuration file to the Running Configuration file. It is
important to be aware that copying a file to the Running Configuration
file actually executes these commands, so some of the configuration
commands might fail (for example when trying to create a VLAN that is
already defined on the system).
Restore configuration factory defaults.
To copy files:
1
Click
System
>
File Management
>
Copy Files
in the tree view to display
the
Copy Files
page.
Figure 9-60. Copy Files
2
To copy the firmware from the Master unit to the Backup Master unit or to
all other units, select
Copy Master Firmware
and select the options:
Source
— Select either the current Master unit’s software image file or
boot code file.
Dell PowerConnect 55xx Systems User Guide 357
Destination Unit
— Check to copy the firmware to either the Backup
Master unit or all units in the stack.
3
To copy the Running Configuration file of the Master unit to the Startup
Configuration file of the Master unit or vice versa, select
Copy
Configuration Firmware
and enter the options:
Source
— Select either the Running Configuration or the Startup
Configuration file.
Destination
— Select either the Running Configuration, Startup
Configuration file or user-created flash files, depending on the source
configuration file.
or
New File Name (1-64 characters)
— To copy the source file to a
user-named file, enter the name of a file. If this option is selected,
check where the file is stored:
Flash
or
USB
.
4
Select
Restore Configuration Factory Defaults
to replace the current
configuration settings by the factory configuration default settings.
5
Click
Activate
to initiate the selected process.
Copying Files Using CLI Commands
The following table summarizes the CLI commands for performing actions
provided by the Copy Files page.
Table 9-67. Copy Files CLI Commands
CLI Command Description
copy source-url destination-url Copies any file from a source to a
destination.
delete startup-config Deletes the startup-config file.
delete url Deletes a file from the FLASH
memory device.
358 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console# delete startup-config
Delete startup-config [y/n]? y
console# 01-Oct-2006 16:10:51 %FILE-I-DELETE: File Delete -
file URL flash://startup-config
console# copy running-config startup-config
Overwrite file [startup-config] ?[Yes/press any key for
no]....01-Oct-2006 16:11
:47 %COPY-I-FILECPY: Files Copy - source URL running-config
destination URL flash://startup-config
01-Oct-2006 16:12:01 %COPY-N-TRAP:
The copy operation was completed successfully
Copy succeeded
Dell PowerConnect 55xx Systems User Guide 359
File System
Use the File System page to view information about files currently stored on
the system, including file names, file sizes, files modifications, and file
permissions. The files system permits managing up to two user-defined
backup configuration files.
To view information about files:
1
Click
System
>
File Management
>
File System
in the tree view to
display the
File System
page.
Figure 9-61. File System
2
Select the File Location. The possible options are:
Flash
— Files in flash memory are displayed.
USB
— Files on the USB device are displayed.
360 Dell PowerConnect 55xx Systems User Guide
The following information is displayed for all files in the system:
File Name
— The name of the file currently stored in the file
management system.
Size
— The file size.
Modified
— The date the file was last modified.
Permission
— The permission type assigned to the file.
3
The following system-wide information is displayed if
Flash
was selected:
Total Bytes
— The total amount of the space currently being used.
Free Bytes
— The remaining amount of space currently free. Total
bytes and free bytes are not available when selecting USB.
4
To rename a file, click its
Rename
button. Change the
File Name
.
Managing Files Using CLI Commands
The following table summarizes the CLI command for viewing system files.
The following is an example of the CLI commands:
Table 9-68. File Management CLI Command
CLI Command Description
dir [flash://|usb://] Display list of files on a flash file system
rename url new-url Renames a file
delete url Deletes a file
console# dir flash://
Directory of flash:
File Name Permission Flash Size Data Size Modified
-------------- ---------- ---------- --------- -----------------------
1.cfg rw 524160 14065 05-Oct-2006 21:20:36
2.cfg rw 524160 14065 7-Oct-2006 09:11:07
aaafile.prv -- 65520 -- 03-Oct-2006 15:45:41
dhcpdb.sys r- 65520 -- 01-Oct-2006 19:22:49
Total size of flash: 16121856 bytes
Free size of flash: 524768 bytes
Dell PowerConnect 55xx Systems User Guide 361
Stack Management
This section describes how to manage the stack.
It consists of the following topics:
Stack Management Overview
•Stack Unit ID
•Versions
• Reset
Unit Identification (Location)
Stack Management Overview
A stack consists of up to eight units, with support for up to 400 network ports.
Unit 1 usually acts as the stack master and Unit 2 is the backup master. All
other units act as slaves.
The entire stack, without regard to the stack topology or the number of units
in the stack, can be managed as a single switch.
For more information about stacking, see "Stacking Overview" on page 43.
The stacking pages described in this section enable the following actions:
Switching from the Master unit to the Backup Master unit
Changing unit IDs
Viewing hardware and software versions on each unit
Resetting either a unit or all the units in the stack
Setting the Location LED on a unit(s)
Stack Unit ID
Use the Stack Unit ID pages to:
Switch stack control from the Master unit to the Backup Master unit
Change unit IDs, or enable them to be automatically numbered by the
system
362 Dell PowerConnect 55xx Systems User Guide
To switch from the Backup Master unit to the Master Unit or set unit IDs:
1
Click
System
>
Stack Management
>
Stack Unit ID
in the tree view to
display the
Stack Unit ID
page.
Figure 9-62. Stack Unit ID
2
Enter the fields:
Switch Stack Control from Unit 1 to Unit 2
— Check this field to
make unit 2 the Master unit.
Unit ID After Reset
— Select
Auto
if you want the system to assign
the unit ID after reset. Select a number to assign the unit an ID
manually.
Dell PowerConnect 55xx Systems User Guide 363
Managing Stacks Using the CLI Commands
The following table summarizes the CLI commands for setting fields
displayed in the Stack Unit ID page.
The following is an example of the CLI commands:
Table 9-69. Stack Unit ID CLI Commands
CLI Command Description
stack master unit
no stack master
Makes the unit specified be the Master unit.
Use the no version to restore the default
Master unit.
switch current-unit-number
renumber new-unit-number
Changes the unit ID of a specific unit.
console(config)# stack master unit 2
console(config)# switch 3 renumber 6
364 Dell PowerConnect 55xx Systems User Guide
Versions
To view the hardware and software versions currently running on the switch:
•Click
System
>
Stack Management
>
Versions
in the tree view to display
the
Versions
page.
Figure 9-63. Versions
The following fields are displayed:
Unit ID
— The unit number for which the device versions are
displayed.
Software Version
— The current software version running on the
device.
Boot Version
T
he current Boot version running on the device.
Hardware Version
T
he current device hardware version.
Dell PowerConnect 55xx Systems User Guide 365
Displaying Device Versions Using the CLI
The following table summarizes the CLI commands for viewing fields
displayed in the Versions page.
The following is an example of the CLI commands:
Reset
Use the Reset
page to reset the device from a remote location.
To reset a unit in the stack:
1
If changes were made to the Running Configuration file, save them to the
Startup Configuration file before resetting the device. This prevents the
current device configuration from being lost. For more information about
saving Configuration files, see "Copy Files" on page 355.
Table 9-70. Versions CLI Commands
CLI Command Description
show version [unit-id]Displays system version information for a
unit or for the whole stack.
console> show version 2
Unit SW Version Boot Version HW Version
---- ------------- ------------- ------------
2 1.0.0.8 1.0.0.02 00.00.01
366 Dell PowerConnect 55xx Systems User Guide
2
Click
System
>
Stack Management
>
Reset
in the tree view to display the
Reset
page.
Figure 9-64. Reset
3
In the
Reset Unit ID
field, select either the unit ID to be reset or
Stack
to
reset all the units in the stack.
Resetting the Device Using the CLI
The following table summarizes the CLI commands for performing a reset of
the device via the CLI:
Table 9-71. Reset CLI Command
CLI Command Description
reload [slot unit]Reloads the operating system of a single unit or of
all the units.
Dell PowerConnect 55xx Systems User Guide 367
The following is an example of the CLI command:
Unit Identification (Location)
The Location LED on a unit helps you to discover a specific unit, or indeed,
all the units in a stack.
To light up the Location LED:
1
Click
System
>
Stack Management
>
Unit Identification
in the tree
view to display the
Unit Identification
page.
Figure 9-65. Unit Identification
console# reload
You haven't saved your changes. Are you sure you want to
continue? (Y/N)[N] Y
This command will reset the whole system and disconnect
your current session. Do you want to continue? (Y/N)[N]
368 Dell PowerConnect 55xx Systems User Guide
2
Enter the fields:
Identify Unit ID
—Select a unit. This unit’s Location and Power LED
start blinking. Select
All
to cause the Location LEDs in all the units in
the stack to light up.
Identification Duration
(2-60)
—Enter a time interval. The Location
and Power LED light up for this period of time.
Setting the Location LED Using the CLI
The following table summarizes the CLI commands for setting the Location
LED:
The following is an example of the CLI command:
Table 9-72. Location LED CLI Commands
CLI Command Description
system light [unit unit-
number] [duration seconds]
system light stop
Lights the location LED on a spe-
cific unit.
Use the no form of this command to
turn off the light.
console# system light unit 1
Dell PowerConnect 55xx Systems User Guide 369
sFlow
This section describes sFlow monitoring of traffic.
It contains the following sections:
sFlow Overview
•Workflow
sFlow Receiver Settings
sFlow Interface Settings
sFlow Statistics
sFlow Overview
The sFlow feature enables collecting statistics using the sFlow sampling
technology, based on sFlow V5.
This sampling technology is embedded within switches and routers. It
provides the ability to continuously monitor traffic flows on some or all the
interfaces, simultaneously.
The sFlow monitoring system consists of an sFlow agent (embedded in a
switch or router or in a stand alone probe) and a central data collector, known
as the sFlow receiver.
The sFlow agent uses sampling technology to capture traffic and statistics
from the device it is monitoring. sFlow datagrams are used to forward the
sampled traffic and statistics to an sFlow receiver for analysis.
sFlow V5 defines:
How traffic is monitored.
The sFlow MIB that controls the sFlow agent.
The format of the sample data used by the sFlow agent when forwarding
data to a central data collector.
The device provides support for two types
of sFlow sampling: flow sampling and counters sampling. The following
counters sampling is performed according to sFlow V5 (if supported by
the interface):
Generic interface counters (RFC 2233)
Ethernet interface counters (RFC 2358)
370 Dell PowerConnect 55xx Systems User Guide
Workflow
By default, flow and counter sampling are disabled.
To enable sFlow sampling:
1
Set the IP address of a receiver (also known as a collector) for sFlow
statistics. Use the
sFlow Receivers Settings
page for this.
2
Enable flow and/or counter sampling, direct the samples to a receiving
interface, and configure the average sampling rate. Use the
sFlow
Interface Settings
pages for this.
3
View and clear the sFlow statistics counters. Use the
sFlow Statistics
page
for this.
Dell PowerConnect 55xx Systems User Guide 371
sFlow Receiver Settings
To set the sFlow receiver parameters:
1
Click
System
>
sFlow
>
sFlow Receivers Settings
in the tree view to
display the
sFlow Receivers Settings: Summary
page.
Figure 9-66. sFlow Receivers Settings: Summary
The sflow parameters are displayed.
2
To add a receiver (sflow analyzer), click
Add
and select one of the
pre-defined sampling definition indices in
Index
.
3
Enter the receiver’s address fields:
Supported IP Format
— Select whether IPv4 or IPv6 format is
supported.
372 Dell PowerConnect 55xx Systems User Guide
IPv6 Address Type
— When the server supports IPv6, this specifies
the type of static address supported. The possible options are:
Link Local
— A Link Local address that is non-routable and used
for communication on the same network only.
Global
— A globally unique IPv6 address; visible and reachable
from different subnets.
Link Local Interface
— When the server supports an IPv6 Link Local
address, this specifies the Link Local interface. The possible options
are:
None
— Disable the ISATAP tunnel.
ISATAP
— The IPv6 interface is configured on an ISATAP
tunnel.
IP Address
— Enter the receiver’s IP address.
4
Enter the fields:
Syslog Port Number
— Port to which SYSLOG message are sent.
Maximum Header Size (Bytes)
— Maximum number of bytes that
can be sent to the receiver in a single sample datagram (frame).
Adding an sFlow Receiver Using the CLI Commands
The following table summarizes the CLI commands for adding an sFlow
receiver.
Table 9-73. sflow Receiver CLI Commands
CLI Command Description
sflow receiver index {ipv4-
address|ipv6-address|hostname}
[port port] [max-datagram-size
bytes]
no sflow receiver index
Defines an sFlow receiver.
Use the no form of this command to
remove the definition of the receiver.
show sflow configuration
[port_id]
Displays the sFlow configuration for
ports that are enabled for Flow
sampling or Counters sampling.
Dell PowerConnect 55xx Systems User Guide 373
The following is an example of the CLI commands:
console(config)# sflow receiver 2 1.1.1.1 port 6343
console# show sflow configuration
Receivers
Index IP Address Port Max Datagram Size
----- -------------------- -------- ----------------
1 0.0.0.0 6343 1400
2 172.16.1.2 6343 1400
3 0.0.0.0 6343 1400
4 0.0.0.0 6343 1400
5 0.0.0.0 6343 1400
6 0.0.0.0 6343 1400
7 0.0.0.0 6343 1400
8 0.0.0.0 6343 1400
Interfaces
Interface Flow Counters Max Header Collector Index
Sampling Sampling Interval Size Sampling Counters
--------- --------- ----------------- ------------ ----------- ---------
gi1/0/1 1/2048 60 sec 128 1 1
gi1/0/2 1/4096 Disabled 128 0 2
374 Dell PowerConnect 55xx Systems User Guide
sFlow Interface Settings
To sample datagrams or counters from a port, the port must be associated
with a receiver. sFlow port settings can be configured only after a receiver has
been defined in the sFlow Receiver Settings pages.
To enable sampling and configure the port from which to collect the sFlow
information:
1
Click
System
>
sFlow
>
sFlow Interface Settings
in the tree view to
display the
sFlow Interface Settings: Summary
page.
Figure 9-67. sFlow Interface Settings: Summary
The sflow interface settings are displayed.
2
To associate an sFlow receiver with a port, click
Add
, and enter the fields:
Interface
— Select the unit/port from which information is collected.
Flow Sampling
— Enable/disable flow sampling. Flow sampling
cannot be disabled if
Counters Sampling
is disabled.
Dell PowerConnect 55xx Systems User Guide 375
Flow Sampling Average Sampling Rate(1024–1073741823)
— If x is
entered, a flow sample will be taken for each x frames.
Flow Sampling Receiver Index
— Select one of the indices that was
defined in the
sFlow Receivers Settings
pages.
Flow Sampling Maximum Header Size (20–256)
— Maximum
number of bytes that should be copied from a sampled packet.
Counters Sampling
— Enable/disable counters sampling. Flow
sampling cannot be disabled if
Flow Sampling
is disabled
Counters Sampling Interval (15–86400)
— If x is entered, this
specifies that a counter sample will be taken for each x seconds.
Counters Sampling Receiver Index
— Select one of the indices that
was defined in the
sFlow Receivers Settings
pages.
Configuring sFlow Interfaces Using the CLI Commands
The following table summarizes the CLI commands for configuring sFlow
interfaces.
The following is an example of the CLI commands:
Table 9-74. sflow Interface CLI Commands
CLI Command Description
sflow flow-sampling rate
receiver-index [max-header-size
bytes]
no sflow flow-sampling
Enables sFlow Flow sampling and
configure the average sampling rate
of a specific port.
Use the no form of this command to
disable Flow sampling.
sflow counters-sampling interval
receiver-index
no sflow counters-sampling
Enable sFlow counters sampling and
to configure the maximum interval of
a specific port.
Use the no form of this command to
disable sFlow Counters sampling.
console(config)# interface gi2/0/3
console(config-if)#sflow flow-sampling 1024 1
376 Dell PowerConnect 55xx Systems User Guide
sFlow Statistics
To view sFlow statistics:
1
Click
System
>
sFlow
>
sFlow Statistics
in the tree view to display the
sFlow Statistics
page.
Figure 9-68. sFlow Statistics
The following sflow statistics per interface are displayed:
Interface
— Port for which sample was collected.
Packets Sampled
— Number of packets sampled.
Datagrams Sent to Receiver
— Number of sFlow sampling packets
sent.
2
Click
Clear Statistics
to clear the counters.
Dell PowerConnect 55xx Systems User Guide 377
Viewing sFlow Statistics Using the CLI
The following table summarizes the CLI commands for viewing sFlow
statistics:
The following is an example of the CLI commands:
Table 9-75. sFlow Statistics CLI Command
CLI Command Description
show sflow statistics
[port-id]
Displays sFlow statistics for ports that are
enabled for Flow sampling or Counters
sampling.
clear sflow statistics
[port-id]
Clears sFlow statistics for ports that are
enabled for Flow sampling or Counters
sampling.
console # show sflow statistics
Total sFlow datagrams sent to collectors: 100
Interface Packets Sampled Datagrams Sent to Collector
--------- ------- ------------------------------------
gi1/0/1 30 50
gi1/0/2 10 10
gi2/0/1 0 10
gi2/0/2 0 0
378 Dell PowerConnect 55xx Systems User Guide
10
Ports
This section describes how to configure port functionality.
It contains the following topics:
•Overview
•Jumbo Frames
Green Ethernet Configuration
•Protected Ports
Port Profile
Port Configuration
LAG Configuration
•Storm Control
Port Mirroring
Dell PowerConnect 55xx Systems User Guide 379
Overview
This section includes a description of port features and describes the
following:
Auto-Negotiation
• MDI/MDIX
•Flow Control
•Back Pressure
Port Default Settings
Auto-Negotiation
Auto-negotiation enables automatic detection of speed, duplex mode and
flow control on all switching 10/100/1000BaseT ports. Auto-negotiation is
enabled on all ports by default.
Auto-negotiation is a mechanism established between two link partners to
enable a port to advertise its transmission rate, duplex mode and flow control
abilities to its partner. Both ports then operate at the highest common
denominator.
If connecting a Network Interface Card (NIC) that does not support auto-
negotiation or is not set to auto-negotiation, both the device switching port
and the NIC must be manually set to the same speed and duplex mode.
If the station, on the other side of the link, attempts to auto-negotiate with a
device 100BaseT port that is configured to full duplex, the auto-negotiation
results in the station attempting to operate in half duplex.
MDI/MDIX
The device supports auto-detection of straight-through and crossed cables on
all 10/100/1000BaseT ports. This feature is part of auto-negotiation and is
enabled when Auto-negotiation is enabled.
When the MDI/MDIX (Media Dependent Interface with Crossover) is
enabled, the automatic correction of errors in cable selection is possible, thus
making the distinction between a straight-through cable and a crossover cable
380 Dell PowerConnect 55xx Systems User Guide
irrelevant. The standard wiring for end stations is known as MDI (Media
Dependent Interface), and the standard wiring for hubs and switches is known
as MDIX.
Flow Control
The device supports 802.3x flow control for ports configured to Full Duplex
mode. By default, this feature is enabled on all ports, and it can be disabled
per port.
Flow control creates a lossless link with no packet loss. The flow control
mechanism enables the receiving side to signal to the transmitting side that
transmission must temporarily be halted to prevent buffer overflow. This
signaling is done by sending PAUSE frames. The ports that receives pause
frames stops transmitting traffic.
Flow control on the device works in Receive-Only mode, meaning that the
interfaces with enabled flow control receive PAUSE frames, but do not send
them.
When flow control is enabled, the system buffers are allocated per port so
that if the buffers of one port are consumed, other ports will still have their
free buffers.
Back Pressure
The device supports back pressure for ports configured to Half Duplex mode.
By default, this feature is disabled, and it can be enabled per port. The
back-pressure mechanism prevents the sender from transmitting additional
traffic temporarily. The receiver may occupy a link so it becomes unavailable
for additional traffic.
Port Default Settings
Table 12-1 describes the port default settings.
Table 10-1. Port Default Settings
Function Default Setting
Port speed and mode 10/100/1000 BaseT copper: auto-negotiation
SFP+1000/10G Mbps full duplex, auto discovery
Port forwarding state Enabled
Dell PowerConnect 55xx Systems User Guide 381
Port tagging No tagging
Flow Control On
Back Pressure Off
Table 10-1. Port Default Settings (Continued)
Function Default Setting
382 Dell PowerConnect 55xx Systems User Guide
Jumbo Frames
Jumbo frames are frames of up to 10 Kb in size. If Jumbo frames are not
enabled, the system supports a packet size of up to 1,632 bytes.
To enable jumbo frames:
1
Click
Switching
>
Ports
>
Jumbo Frames
in the tree view to display the
Jumbo Frames
page.
Figure 10-1. Jumbo Frames
The current jumbo frames setting is displayed
2
Enable/disable jumbo frames in the
New Setting (after reset)
field.
NOTE: You must save the configuration and reboot the device in order to make jumbo
frames operational.
Dell PowerConnect 55xx Systems User Guide 383
Configuring Jumbo Frames Using CLI Commands
The following table summarizes the CLI commands for configuring Jumbo
frames.
The following is an example of the CLI commands:
Table 10-2. Jumbo Frames CLI Commands
CLI Command Description
port jumbo-frame
no port jumbo-frame
Enables jumbo frames on the device.
Use the no form of this command to disable
jumbo frames.
console(config)# port jumbo-frame
384 Dell PowerConnect 55xx Systems User Guide
Green Ethernet Configuration
Green Ethernet is a name of a set of features that are designed to reduce the
power consumption of a device, and so make it environmentally friendly.
The Green Ethernet feature reduces overall power usage in the following
ways:
Energy Efficient Ethernet
— When using EEE, systems on both sides of
the link can disable portions of their functionality and save power during
periods of low link utilization. EEE is a hardware feature that is enabled by
default, and is transparent to users.
This feature is defined per port,
regardless of their LAG membership.
Short-Reach Mode
— Power usage is adjusted to the actual cable length.
In this mode, the VCT (Virtual Cable Tester) length test is performed to
measure cable length. If the cable is shorter than a predetermined length,
the switch reduces the power used to send frames over the cable, thus
saving energy. This mode is only supported on RJ45 ports.
Power savings and current power consumption in Short Reach mode can
be monitored. The total amount of saved energy can be viewed as a
percentage of the power that would have been consumed by the physical
interfaces had they not been running in Green Ethernet mode.
Dell PowerConnect 55xx Systems User Guide 385
The above two energy saving modes must be enabled globally and then
configured per port.
Green Ethernet Configuration
To configure Green Ethernet settings:
1
Click
Switching
>
Ports
>
Green Ethernet Configuration
in the tree view
to display the
Green Ethernet Configuration: Summary
page.
Figure 10-2. Green Ethernet Configuration: Summary
2
The amount of energy saved from the last switch reboot is displayed in the
Cumulative Energy Saved
field. This value is updated each time there is
an event that affects power saving. Click
Reset
to reset its value.
3
Enter the fields:
Energy Efficient Ethernet
— Globally enable/disable the Energy
Efficient Ethernet feature.
Link Short-Reach Energy Saving Mode
— Globally enable/disable
Short Reach mode.
386 Dell PowerConnect 55xx Systems User Guide
Current Power Consumption
— Displays the current power
consumption.
Power Saving
s — Displays the percentage of power saved by running
in Green Ethernet mode.
4
Select a unit in the stack to display its power consumption parameters. Its
ports are displayed along with the following settings.
Energy Efficient Ethernet
Oper
— Enabled or not on the port
Remote Peer
—Enabled or not on the remote peer
Short-Reach
Oper
— Enabled or not on the port
Fault Reason
—Reason that short reach is not enabled
Cable Length (Meter)
— Length of cable.
5
Click
LLDP Interface Details
.
6
Select a unit in the stack. The following is displayed for each port on the
unit:
Port
— Port number.
Oper
— Displays the operational status of Green Ethernet.
Resolved Tx Timer
(μsec)
— Integer that indicates the current
Tw_sys_tx is supported by the local system.
Local Tx Timer
(μsec)
— Indicates the time (in micro seconds) that
the transmitting link partner waits before it starts transmitting data
after leaving Low Power Idle (LPI mode).
Resolved Rx Timer
(μsec)
— Integer that indicates the current
Tw_sys_tx supported by the remote system.
Local Rx Timer
(μsec)
— Indicates the time (in micro seconds) that
the receiving link partner requests that the transmitting link partner
waits before transmission of data following Low Power Idle (LPI
mode).
Remote Tx Timer
(μsec)
— Indicates the local link partner’s
reflection of the remote link partner’s Tx value.
Dell PowerConnect 55xx Systems User Guide 387
Remote Rx Timer
(μsec)
— Indicates the local link partner’s
reflection of the remote link partner’s Rx value.
Configuring Green Ethernet Using CLI Commands
The following table summarizes the CLI commands for configuring Green
Ethernet.
Table 10-3. Green Ethernet CLI Commands
CLI Command Description
green-ethernet short-reach
no green-ethernet short-reach
Enables/disables Green Ethernet short
reach mode.
green-ethernet short-reach
force
no green-ethernet short-reach
force
Forces short-reach mode on an
interface.
Use the no form of this command to
return to the default.
green-ethernet short-reach
threshold cable-length
no green-ethernet short-reach
threshold
Set the maximum cable length for
applying short-reach mode.
Use the no form of this command to
return to the default.
green-ethernet power-meter
reset
Resets the power save meter.
eee enable
no eee enable
Enables the EEE mode globally. Can
be used globally or per interface.
Use the no format of the command to
disable the mode.
eee lldp enable
no eee lldp enable
Enables EEE support by LLDP on an
Ethernet port.
Use the no format of the command to
disable the support.
show eee Displays EEE information.
388 Dell PowerConnect 55xx Systems User Guide
Protected Ports
Protected Port Overview
Protected ports provide Layer 2 isolation between interfaces (Ethernet ports
and LAGs) that share the same Broadcast domain (VLAN) with other
interfaces. This can be used to set up a group of ports that receive similar
services.
A protected port does not forward traffic (Unicast, Multicast, or Broadcast) to
any other protected port on the same switch.
A community is a group of protected ports. Protected ports within the same
community can forward traffic to each other.
The following types of ports can be defined:
Protected Port
— Can send traffic only to uplink ports.
Community Port
— A protected port that is associated with a community.
It can send traffic to other protected ports in the same community and to
uplink ports.
Uplink Port
— An uplink port is an unprotected port that can send traffic
to any port.
Isolated Port
A protected port that does not belong to a community
.
Port Protection is independent of all other features and configuration
settings. Two protected ports in a common VLAN cannot communicate with
each other.
Protected Port Restrictions
The following restrictions apply to protected ports:
When a protected port is placed in a LAG, it loses its protected port
attribute and takes upon itself the LAG's protection attributes. When the
port is removed from the LAG, its attributes are re-applied.
Mirrored traffic is not subject to protected ports rules.
Routing is not affected by the protected port forwarding rule, so that if a
packet enters a protected port, it can be routed by the device to another
protected port.
Dell PowerConnect 55xx Systems User Guide 389
Protected Port Configuration
To configure protected ports and establish their communities:
1
Click
Switching
>
Ports
>
Protected Ports
in the tree view to display the
Protected Ports: Summary
page.
Figure 10-3. Protected Ports: Summary
A summary of all the ports and their statuses is displayed.
2
Click
Edit
.
3
Select the unit and interface.
4
Enter values for the following fields:
State
— Select
Protected/Unprotected
to enable/disable port
protection.
Community
— Select the community to which to add the port, or
define the port as
Isolated
.
390 Dell PowerConnect 55xx Systems User Guide
Configuring Protected Ports Using CLI Commands
The following table summarizes the CLI commands for configuring
protected ports.
The following is an example of the CLI commands:
Table 10-4. Protected Ports CLI Commands
CLI Command Description
switchport protected-port
no switchport protected-port
Isolates Unicast, Multicast, and Broadcast
traffic on a port at Layer 2 from other
protected ports on the same switch.
Use the no form of this command to
disable protection on the port.
switchport community
community
no switchport community
Associates a protected port with a
community
Use the no form of this command to
return to default.
show interfaces protected-
ports[gigabitethernet|tengiga
bitethernet] port-number
Displays protected ports configuration.
console(config)# interface gi1/0/3
console(config-if)# switchport protected-port
console(config-if)# switchport community 1
Dell PowerConnect 55xx Systems User Guide 391
Port Profile
Port profiles provide a convenient way to save and share a port configuration.
When a port profile, which is a set of CLI commands having a unique name,
is applied to a port, the CLI commands contained within the profile (macro)
are executed and added to the Running Configuration file.
Port profiles can be applied to a specific interface, a range of interfaces, or
globally.
There are two types of port profiles:
User Defined
— Enables the user to bundle configurations, as a port
profile, and then apply it to one or more interfaces at a time. Up to 20
user-defined macros can be supported. These can only be defined through
CLI commands.
Built-In
— Pre-defined macros that cannot be changed or deleted. The
device includes the following built-in macros:
–Global
–Desktop
– Phone
–Switch
–Router
Wireless Configuration
Before a built-in profile can be applied to an interface, the global profile must
be applied. The global profile enables QoS Advanced mode, sets Advanced
mode parameters, CoS to queue mapping, and DSCP to queue mapping and
defines certain standard ACLs. Use the CLI command show parser macro
name profile-global to display the Global profile contents.
392 Dell PowerConnect 55xx Systems User Guide
To assign a profile to a port:
1
Click
Switching
>
Ports
>
Port Profile
in the tree view to display the
Port
Profiles: Summary
page.
Figure 10-4. Port Profile: Summary
A summary of all the interfaces and their profiles is displayed.
2
To assign the
Global
profile to the system, check
Run Global Profile
.
Apply the global profile before applying a built-in interface profile.
3
To assign a profile to an interface, click
Edit
.
4
Select a unit/interface and a
Assigned Profile
. The
Profile Description
is
displayed.
5
Each profile requires entering various elements of VLAN information.
Enter the fields according to the profile:
VLAN Port Mode
— Displays the port mode applied to ports in the
profile.
VLAN ID-Untagged (1-4094)
— Enter the VLAN for untagged
traffic.
VLAN ID-Tagged (1-4095)
— Enter the VLAN for tagged traffic.
Dell PowerConnect 55xx Systems User Guide 393
Native VLAN ID(1-4094)
— Enter the VLAN ID used for untagged
traffic to trunk ports, or check
None
.
The remaining fields on this page are display-only, and describe the port
configuration of the profile. The following fields are described:
Port Security fields:
Mode
— Learning mode. The possible options are:
Classic Lock
— Locks the port using the classic lock mechanism.
The port is immediately locked, regardless of the number of
addresses that have already been learned.
Limited Dynamic Lock
— Locks the port by deleting the
dynamic MAC addresses associated with the port. The port learns
up to the maximum addresses allowed on the port. Both
relearning and aging MAC addresses are enabled.
Max Entries
— Displays the maximum number of MAC addresses
that can be learned on the port.
Action on Violation
— Action to be applied to packets arriving on a
locked port. The possible options are:
Discard
— Discard the packets from any unlearned source.
Forward
— Forward the packets from an unknown source,
without learning the MAC address.
Shutdown
— Discard the packet from any unlearned source, and
shut down the port. Ports remain shutdown until they are
reactivated, or the device is reset.
Spanning Tree fields:
Point-to-Point Admin Status
— Displays whether a point-to-point
links is established. The possible options are:
Enable
— Enables the device to establish a point-to-point link, or
specifies for the device to automatically establish a point-to-point
link. To establish communications over a point-to-point link, the
originating PPP first sends Link Control Protocol (LCP) packets
to configure and test the data link. After a link is established and
optional facilities are negotiated as needed by the LCP, the
originating PPP sends
Network Control Protocols (NCP) packets
to select and configure one or more network layer protocols.
394 Dell PowerConnect 55xx Systems User Guide
When each of the chosen network layer protocols has been
configured, packets from each network layer protocol can be sent
over the link. The link remains configured for communications
until explicit LCP or NCP packets close the link, or until some
external event occurs. This is the actual switch port link type. It
may differ from the administrative state.
Disable
— Disables point-to-point link.
Auto
— The device automatically establishes a point-to-point
link.
Fast Link
— Displays whether Fast Link mode is enabled for the port.
If this is enabled, the
Port State
is automatically placed in the
Forwarding
state
when the port is up.
BPDU Guard
— Displays whether BPDU Guard is enabled on the
port.
Miscellaneous fields:
Policy Name
— Displays the name of a policy if one is defined on the
port.
Auto Negotiation
— Displays whether auto-negotiation is enabled on
the port. Auto-Negotiation enables a port to advertise its transmission
rate, duplex mode, and Flow Control abilities to other devices.
6
Click
Apply Profile
to apply the profile to the specified interface.
Configuring Port Profile Using CLI Commands
The following table summarizes the CLI commands for configuring port
profiles.
Table 10-5. Port Profiles CLI Commands
CLI Command Description
macro {apply|trace} macro-name
[parameter {value}] [parameter
{value}] [parameter {value}]
Applies a macro to an interface or
traces a macro configuration on an
interface.
Dell PowerConnect 55xx Systems User Guide 395
The following is an example of the CLI commands:
Sample CLI Scripts
This section provides sample scripts of CLI commands. These particular
actions cannot be performed through the GUI, which only allows applying
built-in macros. These scripts describe how to create macros, display them
and apply them.
The following is a script that creates a global macro.
show parser macro
[{brief|description [interface
[gigabitethernet|tengigabitetherne
t] port-number|name macro-name}]
Displays the parameters for all
configured macros or for one
macro on the switch.
Switch(config) # interface gi1/0/2
Switch(config-if) # macro trace dup
Applying command… ‘duplex full’
Applying command… ‘speed auto’
Switch(config) # interface gi1/0/2
Switch(config-if) # macro apply duplex $DUPLEX full
$SPEED auto
Switch(config-if) # exit
Switch(config) # interface gi1/0/3
Switch(config-if) # macro apply dup
Switch(config-if) # exit
Table 10-6. Create a Global Macro Script
CLI Command Description
console#config
console(config)# macro name interswitch
Enter macro commands one per line. End
with the character '@'.
Create a macro called
interswitch.
Table 10-5. Port Profiles CLI Commands (Continued)
CLI Command Description
396 Dell PowerConnect 55xx Systems User Guide
The following is a script that creates an interface macro.
vlan database
vlan 40-50
@
Enter the commands in
the macro, which create
VLANs 40 through 50.
console(config)# do show parser macro
name interswitch
Display the macro.
console(config)# macro global apply
interswitch
Apply the macro.
Table 10-7. Create an Interface Macro Script
CLI Command Description
console#config
console(config)# interface range gi1/0/1-
24
Enter Interface mode
for ports 1-24 on unit 1.
console(config-if-range)# macro name
access_port
Enter macro commands one per line. End
with the character '@'.
Create a macro called
access_port.
disable spanning-tree
@
Enter the commands in
the macro, disables
spanning tree on the
interfaces.
console(config)# do show parser macro
name access_port
Display the macro.
console(config)# macro global apply
access_port
Apply the macro to
ports 1-24 on unit 1.
Table 10-6. Create a Global Macro Script (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 397
Port Configuration
If port configuration is modified while the port is a LAG member, the
configuration change is only effective after the port is removed from the
LAG.
To configure a port:
1
Click
Switching
>
Ports
>
Port Configuration
in the tree view to display
the
Port Configuration: Summary
page.
Figure 10-5. Port Configuration: Summary
All ports on the selected unit and their configuration settings are
displayed.
2
To modify the port settings, click
Edit
and select a port.
3
Enter the following fields:
Description (1 - 64 Characters)
— Enter a user identification
attached to the port.
Port Type
— Displays the type of port.
Admin Status
— Enable/disable traffic forwarding through the port.
Up
— Traffic is enabled through the port.
398 Dell PowerConnect 55xx Systems User Guide
Down
— Traffic is disabled through the port.
Current Port Status
— Displays whether the port is currently
operational or non-operational.
Re-Activate Suspended Port
— Check to reactivate a port if the port
has been disabled through the locked port security option.
Operational Status
— Displays the port operational status. The
possible options are:
Suspended
— Port is currently active, and is not receiving or
transmitting traffic.
Active
— Port is currently active, and is receiving and
transmitting traffic.
Disable
— Port is currently disabled, and is not receiving or
transmitting traffic.
Admin Speed
— Select the configured rate for the port. The port type
determines the available speed setting options. You can designate
Administrative Speed only when port auto-negotiation is disabled.
Current Port Speed
— Displays the actual synchronized port speed
(bps).
Admin Duplex
— Select the port duplex mode (this is only possible if
Auto Negotiation is not enabled). The options are:
Full
— The interface supports transmission between the device
and the client in both directions simultaneously.
Half
— The interface supports transmission between the device
and the client in only one direction at a time.
Current Duplex Mode
— Displays the synchronized port duplex
mode.
Auto Negotiation
— Select to enable auto-negotiation on the port.
Auto-Negotiation enables a port to advertise its transmission rate,
duplex mode, and Flow Control abilities to other devices.
Energy Efficient Ethernet
— Globally enable/disable Energy Efficient
Ethernet and the EEE LLDP advertisement feature.
Current Auto Negotiation
— Displays the current auto-negotiation
setting.
Dell PowerConnect 55xx Systems User Guide 399
Admin Advertisement
— Check the auto-negotiation setting the port
advertises. The possible options are:
Max Capability
— The port advertises all the options that it can
support.
10 Half
— The port advertises for a 10 mbps speed port and half
duplex mode setting.
10 Full
— The port advertises for a 10 mbps speed port and full
duplex mode setting.
100 Half
— The port advertises for a 100 mbps speed port and
half duplex mode setting.
100 Full
— The port advertises for a 100 mbps speed port and full
duplex mode setting.
1000 Full
— The port advertises for a 1000 mbps speed port and
full duplex mode setting.
10000 Full
— The port advertises for a 10000 mbps speed port
and full duplex mode setting.
Current Advertisement
— Displays the port advertises its speed to its
neighbor port to start the negotiation process. The possible field
values are those specified in the
Admin Advertisement
field.
Neighbor Advertisement
— Displays the neighboring port’s
advertisement settings. The field values are identical to the
Admin
Advertisement
field values.
Back Pressure
— Enable/disable Back Pressure mode that is used with
Half Duplex mode to disable ports from receiving messages.
Current Back Pressure
— Displays the current Back Pressure setting.
Flow Control
— Set flow control on the port. The following options
are available:
Enable/Disable
— Enable/disable flow control on the port
(Enabled is the default).
Auto Negotiation
— Enables auto-negotiation of flow control on
the port.
Current Flow Control
— Displays the current Flow Control setting.
400 Dell PowerConnect 55xx Systems User Guide
MDI/MDIX
— Select one of the options that enables the device to
decipher between crossed and uncrossed cables. Hubs and switches
are deliberately wired opposite to the way end stations are wired, so
that when a hub or switch is connected to an end station, a straight
through Ethernet cable can be used, and the pairs are match up
properly. When two hubs/switches are connected to each other, or two
end stations are connected to each other, a crossover cable is used
ensure that the correct pairs are connected. The possible options are:
Auto
— Use to automatically detect the cable type.
MDIX
— Use for hubs and switches.
MDI
— Use for end stations.
Current MDI/MDIX
— Displays the current device MDIX settings.
LAG
— Displays whether the port is part of a LAG.
Configuring Ports Using CLI Commands
The following table summarizes the CLI commands for configuring ports as
displayed in the Port Configuration pages.
Table 10-8. Port Configuration CLI Commands
CLI Command Description
eee enable
no eee enable
Enables the EEE mode globally.
Use the no format of the command
to disable the mode.
eee lldp enable
no eee lldp enable
Enables EEE support by LLDP on
an Ethernet port.
Use the no format of the command
to disable the support.
description string
no description
Adds a description to an interface
configuration.
Use the no form of this command to
remove the description.
shutdown
no shutdown
Disables an interfaces.
Use the no form of this command to
restart a disabled interface.
Dell PowerConnect 55xx Systems User Guide 401
set interface active
{[gigabitethernet|tengigabitethe
rnet] interface|port-channel LAG-
number}
Reactivates an interface that is
shutdown.
speed {10|100|1000|10000}
no speed
Configures the speed of a given
Ethernet interface when not using
auto negotiation.
Use the no form of this command to
restore the default configuration.
duplex {half|full}
no duplex
Configures the full/half duplex
operation of a given Ethernet
interface when not using auto
negotiation.
negotiation [capability1
[capability2capability5]
no negotiation
Enables auto negotiation operation
for the speed and duplex parameters
of a given interface.
Use the no form of this command to
disable auto-negotiation.
back-pressure
no back-pressure
Enables Back Pressure on a given
interface.
Use the no form of this command to
disable back pressure.
flowcontrol {auto|on|off}
no flowcontrol
Configures the flow control on a
given interface.
Use the no form of this command to
disable flow control.
mdix {on|auto}
no mdix
Enables automatic crossover on a
given interface or Port-channel.
Use the no form of this command to
disable cable crossover.
show interfaces configuration
[[gigabitethernet|tengigabitethe
rnet] port-number|port-channel
LAG-number]
Displays the configuration for all
configured interfaces.
Table 10-8. Port Configuration CLI Commands (Continued)
CLI Command Description
402 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
show interfaces advertise Displays the interface’s negotiation
advertisement settings.
show interfaces status
[[gigabitethernet|tengigabitethe
rnet] port-number|port-channel
LAG-number]
Displays the status for all configured
interfaces.
show interfaces description
[[gigabitethernet|tengigabitethe
rnet] port-number|port-channel
LAG-number]
Displays the description for all
configured interfaces.
console(config)# interface gi2/0/1
console(config-if)# description "RD SW#3"
console(config-if)# shutdown
console(config-if)# no shutdown
console(config-if)# speed 100
console(config-if)# duplex full
console(config-if)# negotiation
console(config-if)# back-pressure
console(config-if)# flowcontrol on
console(config-if)# mdix auto
console(config-if)# end
console# show interfaces configuration gi2/0/1
Flow Admin Back Mdix
Port Type Duplex Speed Neg control State Pressure Mode
-------- ------------ ------ ----- -------- ------- ----- -------- ----
gi2/0/1 1G-Copper Full 1000 Enabled Off Up Disabled Auto
console# show interfaces status gi2/0/1
Flow Link Back Mdix
Port Type Duplex Speed Neg ctrl State Pressure Mode
-------- ------------ ------ ----- -------- ---- ----------- -------- ----
gi2/0/1 1G-Copper -- -- -- -- Down -- --
Table 10-8. Port Configuration CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 403
LAG Configuration
Use the LAG Configuration pages to configure LAGs. The device supports
up to 32 LAGs per system, meaning for all units in the stack. For information
about Link Aggregated Groups (LAGs) and assigning ports to LAGs, see
"Link Aggregation" on page 500.
To configure LAGs:
1
Click
Switching
>
Ports
>
LAG Configuration
in the tree view to display
the
LAG Configuration: Summary
page.
Figure 10-6. LAG Configuration: Summary
The LAG parameters are displayed.
2
To configure a LAG, click
Edit
.
3
Select the LAG and enter the fields:
LAG Mode
— Select the LAG mode. The possible options are:
404 Dell PowerConnect 55xx Systems User Guide
Static
— The ports comprise a single logical port for high-speed
connections between networking devices.
LACP
— Link Aggregate Control Protocol. LACP-enabled LAGs
can exchange information with other links in order to update and
maintain LAG configurations automatically.
Description (0 - 64 Characters)
— Enter a user-defined description of
the configured LAG.
LAG Type
— Displays the port types that comprise the LAG.
Admin Status
— Enable/disable the selected LAG.
Current Status
— Displays the LAG is currently operating.
Admin Speed
— Select the configured speed at which the LAG is
operating. The possible options are:
10M
— The LAG is currently operating at 10 Mbps.
100M
— The LAG is currently operating at 100 Mbps.
1000M
— The LAG is currently operating at 1000 Mbps.
10000 Full
— The LAG is currently operating at 1000 Mbps.
Current Speed
— Displays the speed at which the LAG is currently
operating.
Admin Auto Negotiation
— Enable/disable auto-negotiation, which is
a protocol between two link partners that enables a LAG to advertise
its transmission rate, duplex mode and flow control abilities to its
partner.
Current Auto Negotiation
— Displays the current auto-negotiation
setting.
Admin Advertisement
— If auto-negotiation is enabled, select the
auto-negotiation setting the LAG advertises. The possible options are:
Max Capability
— All LAG speeds and Duplex mode settings are
accepted.
10 Full
— The LAG advertises for a 10 mbps speed LAG and full
duplex mode setting.
100 Full
— The LAG advertises for a 100 mbps speed LAG and
full duplex mode setting.
Dell PowerConnect 55xx Systems User Guide 405
1000 Full
— The LAG advertises for a 1000 mbps speed LAG and
full duplex mode setting.
Current Advertisement
— Displays the speed that the LAG advertises
to its neighbor LAG to start the negotiation process. The possible field
values are those specified in the
Admin Advertisement
field.
Neighbor Advertisement
— Displays the neighboring LAG
advertisement settings. The field values are identical to the
Admin
Advertisement
field values.
Admin Flow Control
— Enable/disable flow control on the LAG.
Flow Control mode is effective on the ports operating in Full Duplex
in the LAG. The possible options are:
Enable
— Enables flow control on the LAG (default).
Disable
— Disables flow control on the LAG.
Auto Negotiation
— Enables the auto-negotiation of flow control
on the LAG.
Current Flow Control
— Displays the current Flow Control setting.
Configuring LAGs Using CLI Commands
The following table summarizes the CLI commands for configuring LAGs as
displayed in the LAG Configuration pages.
Table 10-9. LAG Configuration CLI Commands
CLI Command Description
interface port-channel LAG-
number
Enters the interface configuration
mode of a specific LAG.
channel-group port-channel mode
{on|auto}
no channel-group
Sets a mode for a LAG.
Use the no form of this command
restore the default configuration.
description string
no description
Adds a description to a LAG.
Use the no form of this command to
remove the description.
406 Dell PowerConnect 55xx Systems User Guide
shutdown
no shutdown
Disables the LAG.
Use the no form of this command to
restart the LAG.
speed {10|100|1000|10000}
no speed
Configures the speed of the LAG
when not using auto negotiation.
Use the no form of this command to
restore the default configuration.
negotiation [capability1
[capability2capability5]
no negotiation
Enables auto negotiation operation for
the speed and duplex parameters of a
LAG.
Use the no form of this command to
disable auto-negotiation.
flowcontrol {auto|on|off}
no flowcontrol
Configures the flow control on a given
LAG.
Use the no form of this command to
disable flow control.
show interfaces configuration
[port-channel LAG-number]
Displays the configuration for the
LAGs.
show interface advertise Displays the LAG’s negotiation
advertisement settings.
show interfaces status [port-
channel LAG-number]
Displays the status for all configured
LAGs.
show interfaces description
[port-channel LAG-number]
Displays the description for all
configured LAGs.
show interfaces port-channel
[LAG-number]
Displays LAG information.
Table 10-9. LAG Configuration CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 407
The following is an example of the CLI commands:
console(config)# interface port-channel 1
console(config-if)# no negotiation
console(config-if)# speed 100
console(config-if)# flowcontrol on
console(config-if)# exit
console(config)# interface port-channel 2
console(config-if)# shutdown
console(config-if)# exit
console(config-if)# end
console# show interfaces port-channel
Channel Ports
--------- ---------
ch1 Inactive: gi/1/0/(11-13)
ch2 Active: gi/1/0/14
408 Dell PowerConnect 55xx Systems User Guide
Storm Control
When Broadcast, Multicast, or Unknown Unicast frames are received, they
are duplicated, and a copy is sent to all possible egress ports. This means that
in practice, they are sent to all ports belonging to the relevant VLAN. In this
way, one ingress frame is turned into many, creating the potential for a storm.
Storm protection provides the ability to limit the number of frames entering
the switch, and to define the types of frames that are counted towards this
limit.
When a threshold (limit) is configured on the device, the port discards traffic
when that threshold is reached. The port remains blocked until the traffic rate
drops below this threshold. It then resumes normal forwarding.
To configure Storm Control:
1
Click
Switching
>
Ports
>
Storm Control
in the tree view to display the
Storm Control: Summary
page.
Figure 10-7. Storm Control
Dell PowerConnect 55xx Systems User Guide 409
Storm control parameters are displayed for all ports on the selected unit.
2
To configure Storm Control on a port, click
Edit.
3
Select a port from the Port drop-down list and enter the following fields:
Broadcast Control
— Enable/disable forwarding Broadcast packets on
the specific interface.
Broadcast Mode
— Select the counting mode. The possible options
are:
Multicast & Broadcast
— Counts Broadcast and Multicast traffic
together towards the bandwidth threshold.
Broadcast Only
— Counts only Broadcast traffic towards the
bandwidth threshold.
Broadcast Rate Threshold (3500-1000000)
— Enter the maximum
rate (Kbits/sec) at which unknown packets are forwarded.
Configuring Storm Control Using CLI Commands
The following table summarizes the CLI commands for configuring Storm
Control as displayed on the Storm Control pages.
Table 10-10. Storm Control CLI Commands
CLI Command Description
storm-control include-
multicast [unknown-unicast]
no storm-control include-
multicast
Counts Multicast packets in the
Broadcast storm control.
Use the no form of this command to
disable counting of multicast packets in
the Broadcast storm control.
storm-control broadcast enable
no storm-control broadcast
enable
Enables Broadcast storm control.
Use the no form of this command to
disable Broadcast storm control.
storm-control broadcast level
kbps
no storm-control broadcast
level
Configures the maximum Broadcast
rate.
Use the no form of this command to
return the Broadcast level to the default
value.
410 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
show ports storm-control port Displays the storm control
configuration.
console(config)# interface gi1/0/1
console(config-if)# storm-control broadcast enable
console(config-if)# storm-control include-multicast
unknown-unicast
console# show ports storm-control gi1/0/1
Port State Rate [Kbits/Sec] Included
-------- -------- ---------------- ---------------------
gi1/0/1 Disabled 8500 Broadcast
Table 10-10. Storm Control CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 411
Port Mirroring
Switches usually only forward frames to relevant ports. To monitor traffic,
either for information gathering, such as statistical analysis, or for
troubleshooting higher-layer protocol operation, the Mirroring feature
forwards frames to a monitoring port.
Mirroring provides the ability to specify that a desired destination (target)
port will receive a copy of all traffic passing through designated source ports.
The frames arriving at the destination port are copies of the frames passing
through the source port at ingress, prior to any switch action.
It is possible to specify several source ports to be monitored by a single target
port. However, in this case, the traffic sent to the target port is placed in the
target port's queues on a first come, first served basis, and any excess traffic is
silently discarded. This may mean that the traffic actually seen by any device
attached to the target port is an arbitrarily selected subset of the actual traffic
going through the source ports.
Port mirroring is only relevant to physical ports. Therefore, if you want a LAG
to function as the source of a port mirroring session, the member ports must
be individually specified as sources.
Up to eight sources can be mirrored. This can be any combination of eight
individual ports.
Before configuring Port Mirroring, note the following:
Monitored ports cannot operate faster than the monitoring port.
All Rx/Tx packets should be monitored to the same port.
Destination Port Restrictions
The following restrictions apply to destination ports:
Destination
ports cannot be configured as source ports.
Destination
ports cannot be a member of a LAG.
IP interfaces cannot be configured on the
destination
port.
GVRP cannot be enabled on the
destination
port.
•The
destination
port cannot be a member of a VLAN.
•Only one
destination
port can be defined.
412 Dell PowerConnect 55xx Systems User Guide
All QoS/CoS rules that apply to the
destination
port, as an egress, such as
traffic shaping, are suspended for the duration of the mirroring session.
Any such settings, configured on the port during the mirroring session,
take effect only after the port is no longer a
destination
port for a
mirroring session.
Ingress mirrored packets may arrive at the ingress port either with an
802.1q tag or without. When the packets are mirrored to a port analyzer,
they should be transmitted as they are received on the ingress port.
However, in the device, the packet is transmitted out of the port analyzer
as always tagged or always untagged (user configurable), regardless of the
input encapsulation.
Source Port Restrictions
The following restrictions apply to ports specified as source ports:
Source ports cannot be a member of a LAG.
Source ports cannot be configured as a destination port.
Up to eight source ports can be mirrored
.
NOTE: When a port is set to be a target port for a port-mirroring session, all normal
operations on it are suspended. This includes Spanning Tree and LACP. All currently
active protocols and services on that port are suspended.
Dell PowerConnect 55xx Systems User Guide 413
Port Mirroring
To specify source and destination ports for port mirroring:
1
Click
Switching
>
Ports
>
Port Mirroring
in the tree view to display the
Port Mirroring: Summary
page.
Figure 10-8. Port Mirroring: Summary
The previously-defined source ports for the selected
Destination Port
are
displayed, along with the fields defined in the
Add
page and their status.
Status
— Indicates if the port is currently being monitored (
Active
) or
not being monitored (
notReady
), because of some problem.
2
To add a port to be mirrored, click
Add
, and enter the fields:
Source Port
— The port number from which port traffic is copied.
Ty p e
— Type of traffic (Tx or Rx or both) to be copied.
414 Dell PowerConnect 55xx Systems User Guide
Configuring Port Mirroring Using CLI Commands
The following table summarizes the CLI commands for configuring Port
Mirroring.
The following is an example of the CLI commands:
Table 10-11. Port Mirroring CLI Commands
CLI Command Description
port monitor src-
interface-id [rx|tx]
no port monitor src-
interface-id
Starts a port monitoring session. This must
be performed in Interface Configuration
mode, which is the destination interface.
Use the no form of this command to stop a
port monitoring session.
show ports monitor Displays the port monitoring status.
console(config)# interface gi1/0/1
console(config-if)# port monitor gi1/0/8
console# show ports monitor
Source port Destination Port Type Status
----------- ---------------- ---- -----------
gi1/0/1 gi1/0/8 RX,TX Active
Dell PowerConnect 55xx Systems User Guide 415
416 Dell PowerConnect 55xx Systems User Guide
11
Address Tables
This section describes how MAC addresses are handled on the device.
It contains the following topics:
•Overview
Static Addresses
Dynamic Addresses
Dell PowerConnect 55xx Systems User Guide 417
Overview
MAC addresses, associated with ports, are stored in the Static Address or the
Dynamic Address tables. Packets, addressed to a destination stored in one of
these tables, are forwarded to the associated port.
MAC addresses are dynamically learned when packets arrive at the device.
Addresses are associated with ports by learning the source address of the
frame. Frames, addressed to a destination MAC address that is not associated
with any port, are flooded to all ports of the relevant VLAN. In order to
prevent the bridging table from overflowing, dynamic MAC addresses, from
which no traffic is seen for a certain period, are erased.
Static addresses are manually entered into the table.
418 Dell PowerConnect 55xx Systems User Guide
Static Addresses
Static addresses are manually assigned to a specific interface and VLAN on
the switch. If a static address is seen on another interface, the address is
ignored and it is not written to the address table.
To define a static address:
1
Click
Switch
>
Address Tables
>
Static Address Table
in the tree view to
display the
Static Address Table: Summary
page.
Figure 11-1. Static Address Table
A list of the currently-defined static addresses is displayed.
2
To add a static address, click
Add
.
3
Enter the following fields:
Interface
— Select a port or LAG for the entry.
MAC Address
— Enter the interface MAC address.
VLAN ID
— Check and select the VLAN ID for the port.
or
VLAN Name
— Check and enter the VLAN name.
Status
— Select how the entry in the table will be treated. The
possible options are:
Dell PowerConnect 55xx Systems User Guide 419
Permanent
— The MAC address is never aged out of the table
and, if it is saved to the Startup Configuration, it is retained after
rebooting.
Delete on Reset
— The MAC address is deleted when the device
is reset.
Delete on Timeout
— The MAC address is deleted when a
timeout occurs.
Secure
— The MAC address is secure when the interface is in
classic locked mode.
To prevent Static MAC addresses from being deleted when the Ethernet
device is reset, ensure that the port attached to the MAC address is locked.
Configuring Static Addresses Using CLI Commands
The following table summarizes the CLI commands for configuring static
address parameters as displayed in the Static Address Table pages.
Table 11-1. Static Address CLI Commands
CLI Command Description
mac address-table static mac-
address vlan vlan-id interface
{[gigabitethernet|tengigabitethern
et] port-number|port-channel LAG-
number} [permanent|delete-on-
reset|delete-on-timeout|secure]
no mac address-table static [mac-
address] vlan vlan-id
Adds a MAC-layer station source
address to the MAC address
table.
Use the no form of this
command to delete the MAC
address.
show mac address-table
[dynamic|static|secure] [vlan
vlan]
[[[gigabitethernet|tengigabitether
net] port-number|port-channel LAG-
number]] [address mac-address]
Displays entries in the MAC
address table.
420 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console(config-if)#bridge address 00:60:70:4C:73:FF
permanent gi1/0/8
console# show mac address-table static
Aging time is 300 sec
VLAN MAC Address Port Type
---- ------------------ -------- --------
100:60:70:4C:73:FF gi1/0/8static
100:60:70:8C:73:FF gi1/0/8static
200 00:10:0D:48:37:FF gi1/0/9static
Dell PowerConnect 55xx Systems User Guide 421
Dynamic Addresses
The Dynamic Address Table contains the MAC addresses acquired by
monitoring the source addresses of traffic entering the switch. When the
destination address for inbound traffic is found in the database, the packets
intended for that address are forwarded directly to the associated port.
Otherwise, the traffic is flooded to all ports in the VLAN of the frame.
To prevent the table from overflowing and to make room for new addresses,
an address is deleted from the table if no traffic is received from a dynamic
MAC address for a certain period. This period of time is called the aging
interval.
To configure dynamic addresses:
1
Click
Switch
>
Address Tables
>
Dynamic MAC Address
in the tree view
to display the
Dynamic Address
page.
Figure 11-2. Dynamic Address Table
The current address table is displayed along with other parameters.
2
Enter
Address Aging (10-630)
. The aging time is a value between the user-
configured value and twice that value minus 1. For example, if you entered
300 seconds, the aging time is between 300 and 599 seconds.
422 Dell PowerConnect 55xx Systems User Guide
3
To clear the table, check
Clear Table
.
4
To display a subset of the addresses in a particular order, enter the query
criteria and sort key under
Query By
, and click
Query
. The following fields
are displayed for entries matching the query criteria:
VLAN ID
— VLAN ID in the entry.
MAC Address
— Interface MAC address.
Interface
— Port or LAG associated with the MAC address.
Configuring Dynamic Addresses Using CLI Commands
The following table summarizes the CLI commands for configuring static
address parameters as displayed in the Dynamic Address Table pages.
Table 11-2. Dynamic Address CLI Commands
CLI Command Description
mac address-table aging-time
seconds
no mac address-table aging-time
Sets the aging time of the
address table.
Use the no form of this
command to restore the default.
clear mac address-table dynamic
[interface
[{[gigabitethernet|tengigabitether
net] port-number|port-channel LAG-
number}} [permanent|delete-on-
reset|delete-on-timeout|secure]]
clear mac address-table secure
interface
[gigabitethernet|tengigabitetherne
t] port-number|port-channel LAG-
number
Removes learned or secure
entries from the forwarding
database.
show mac address-table
[dynamic|static|secure] [vlan
vlan] [interface
[gigabitethernet|tengigabitetherne
t] port-number|port-channel LAG-
number] [address mac-address]
Displays entries in the MAC
address table.
Dell PowerConnect 55xx Systems User Guide 423
The following is an example of the CLI commands:
console(config)# mac address-table aging-time 600
console# show mac address-table dynamic
Aging time is 300 sec
VLAN MAC Address Port Type
---- ------------------ -------- --------
1 00:60:70:4C:73:FF gi1/0/8 dynamic
1 00:60:70:8C:73:FF gi1/0/8 dynamic
424 Dell PowerConnect 55xx Systems User Guide
12
GARP
This section describes how to configure Generic Attribute Registration
Protocol (GARP) on the device.
It contains the following topics:
GARP Overview
•GARP Timers
Dell PowerConnect 55xx Systems User Guide 425
GARP Overview
Generic Attribute Registration Protocol (GARP) is a general-purpose protocol
that registers network connectivity or membership-style information. GARP
defines a set of devices interested in a given network attribute, such as VLAN
or Multicast address.
The Generic Attribute Registration Protocol (GARP) provides a generic
framework whereby devices in a bridged LAN, such as end stations and
switches, can register and de-register attribute values, such as VLAN
Identifiers, with each other. In doing so, these attributes are propagated to
devices in the bridged LAN, and these devices form a reachability tree that is
a subset of an active topology. GARP defines the architecture, rules of
operation, state machines and variables for the registration and deregistration
of attribute values.
When configuring GARP, ensure the following:
The leave time must be greater than or equal to three times the join time.
The leave-all time must be greater than the leave time.
Set the same GARP timer values on all Layer 2-connected devices. If the
GARP timers are set differently on the Layer 2-connected devices, GARP
application does not operate successfully.
426 Dell PowerConnect 55xx Systems User Guide
GARP Timers
To enable a GARP timer on an interface:
1
Click
Switching
>
GARP
>
GARP Timers
in the tree view to open the
GARP Timers: Summary
page.
Figure 12-1. GARP Timers: Summary
The GARP timers are displayed.
2
Click
Edit
.
3
Select an interface, and enter the fields:
GARP Join Timer (10 - 2147483640)
— Enter the time, in
milliseconds, during which Protocol Data Units (PDU) are
transmitted.
GARP Leave Timer (10 - 2147483640
) — Enter the time interval, in
milliseconds, which the device waits before leaving its GARP state.
Leave time is activated by a Leave All Time message sent/received,
and cancelled by the Join message received. Leave time must be
greater than or equal to three times the join time.
GARP Leave All Timer (10 - 2147483640)
— Enter time interval, in
milliseconds, which all devices wait before leaving the GARP state.
The leave all time must be greater than the leave time
.
Dell PowerConnect 55xx Systems User Guide 427
Defining GARP Timers Using CLI Commands
This table summarizes the CLI commands for defining GARP timers as
displayed in the GARP Timers pages.
The following is an example of the CLI commands:
Table 12-1. GARP Timer CLI Commands
CLI Command Description
garp timer {join|leave|leaveall}
timer_value
Adjusts the GARP application join,
leave, and leaveall GARP timer val-
ues.
show gvrp configuration
[[gigabitethernet|tengigabitether
net]port-number|vlan vlan-
id|port-channel LAG-number]
Displays GVRP configuration infor-
mation, including timer values,
whether GVRP and dynamic VLAN
creation are enabled, and which ports
are running GVRP.
console(config)# interface gi1/0/1
console(config-if)# garp timer leave 900
console(config-if)# end
console# show gvrp configuration gi1/0/11
GVRP Feature is currently Disabled on the device.
Maximum VLANs: 223
Port(s) GVRP Registration Dynamic VLAN Timers (milliseconds)
Status Creation Join Leave Leave All
---------
-------- ------- ------------ ----------- ------ -----
gi1/0/11 Disabled Normal Enabled 200 900 10000
428 Dell PowerConnect 55xx Systems User Guide
13
Spanning Tree
This chapter describes the Spanning Tree Protocol.
It contains the following topics:
Spanning Tree Protocol Overview
Global Settings
STP Port Settings
STP LAG Settings
Rapid Spanning Tree
Multiple Spanning Tree
Dell PowerConnect 55xx Systems User Guide 429
Spanning Tree Protocol Overview
Spanning Tree Protocol (STP) provides tree topography for any bridge
arrangement. STP eliminates loops by providing a unique path between end
stations on a network.
Loops occur when alternate routes exist between hosts. Loops, in an extended
network, can cause bridges to forward traffic indefinitely, resulting in packets
not arriving at their destination, increased traffic, and reduced network
efficiency.
The device supports the following Spanning Tree versions:
Classic STP
— Provides a single path between end stations, avoiding and
eliminating loops. For more information on configuring Classic STP, see
"Global Settings
" on page 431.
Rapid STP (RSTP)
— Provides faster convergence of the spanning tree
than Classic STP. RSTP is most effective when the network topology is
naturally tree-structured, and therefore faster convergence might be
possible. RSTP is enabled by default.
Although Classic STP is guaranteed to prevent Layer 2 forwarding loops, in
a general network topology, there might be an unacceptable delay before
convergence. This means that before convergence, each bridge or switch in
the network must decide if it should actively forward traffic or not, on each
of its ports.
For more information on configuring Rapid STP, see
"Rapid Spanning
Tree
" on page 444.
Multiple STP (MSTP)
— MSTP is based on RSTP. It detects Layer 2
loops, and attempts to mitigate them by preventing the involved port from
transmitting traffic.
Since loops exist on a per-Layer 2-domain basis, a situation can occur
where there is a loop in VLAN A and no loop in VLAN B. If both VLANs
are on Port X, and STP wants to mitigate the loop, it stops traffic on the
entire port, including VLAN B traffic, where there is no need to stop
traffic.
Multiple Spanning Tree Protocol (MSTP) solves this problem by enabling
several STP instances, so that it is possible to detect and mitigate loops
separately in each instance. By associating instances to VLANs, each
430 Dell PowerConnect 55xx Systems User Guide
instance is associated with the Layer 2 domain on which it performs loop
detection and mitigation. This enables a port to be stopped in one
instance, such as traffic from VLAN A that is causing a loop, while traffic
can remain active in another domain where no loop was seen, such as on
VLAN B.
MSTP provides full connectivity for packets allocated to any VLAN, and
transmits packets assigned to various VLANs, through different multiple
spanning tree (MST) regions.
MST regions act as a single bridge.
For more information on configuring Multiple STP, see
"Multiple
Spanning Tree
" on page 448.
Dell PowerConnect 55xx Systems User Guide 431
Global Settings
To enable STP and select the STP mode on the device:
1
Click
Switching
>
Spanning Tree
>
Global Settings
in the tree view to
display the
Global Settings
page.
Figure 13-1. Global Settings
The currently-defined settings are displayed.
2
Enter the fields:
Spanning Tree State
— Enable Spanning Tree on the device.
STP Operation Mode
— Select the STP mode enabled on the device.
The possible options are:
Classic STP
— Enables Classic STP on the device.
Rapid STP
— Enables Rapid STP on the device. This is the
default value.
Multiple STP
— Enables Multiple STP on the device.
432 Dell PowerConnect 55xx Systems User Guide
BPDU Handling
— Select how Bridge Protocol Data Unit (BPDU)
packets are managed when STP is disabled on the port/device. BPDUs
are used to transmit spanning tree information. The possible options
are:
Filtering
— Filter BPDU packets when spanning tree is disabled
on an interface.
Flooding
— Flood BPDU packets when spanning tree is disabled
on an interface.
Path Cost Default Values
— Select the method used to assign default
path costs to STP ports. The possible options are:
Short
— Specifies 1 through 65,535 range for port path costs.
Long
— Specifies 1 through 200,000,000 range for port path
costs.
The default path costs assigned to an interface vary according to the
selected method:
Bridge Settings
Priority (0-61440 in steps of 4096)
— Enter the bridge priority value.
When switches or bridges are running STP, each is assigned a priority.
After exchanging BPDUs, the device with the lowest priority value
becomes the Root Bridge. The default value is 32768. The port
priority value is provided in increments of 4096. For example, 4096,
8192, 12288, etc.
Hello Time (1-10)
— Check to use the device Hello Time, which is
the interval of time in seconds that a root bridge waits between
configuration messages. Enter a value.
Max Age (6-40
) — Check to use device Maximum Age Time, which is
the time interval in seconds that a bridge waits before sending
configuration messages. Enter a value.
Interface Long Cost Short Cost
LAG 20,000 4
1000 Mbps 20,000 4
100 Mbps 200,000 19
10 Mbps 2,000,000 100
Dell PowerConnect 55xx Systems User Guide 433
Forward Delay (4-30)
— Check to use device forward delay time,
which is the interval of time in seconds that a bridge remains in a
listening and learning state before forwarding packets. Enter a value.
Designated Root
— Displays the following:
Bridge ID
— The bridge priority and MAC address.
Root Bridge ID
— The root bridge priority and MAC address.
Root Port
— The port number that offers the lowest cost path from
this bridge to the Root Bridge. This is significant when the Bridge is
not the Root.
Root Path Cost
— The cost of the path from this bridge to the root.
Topology Changes Counts
— The total amount of STP state changes
that have occurred.
Last Topology Change
— The amount of time that has elapsed since
the bridge was initialized or reset, and the last topographic change
occurred.
Defining STP Global Parameters Using CLI Commands
The following table summarizes the CLI commands for defining STP global
parameters as displayed in the Global Settings pages.
Table 13-1. STP Global Parameter CLI Commands
CLI Command Description
spanning-tree
no spanning-tree
Enables spanning tree functionality.
Use the no form of this command to
disable the spanning-tree functionality.
spanning-tree mode
{stp|rstp|mstp}
no spanning-tree mode
Configures the mode of the spanning tree
protocol.
Use the no form of this command to
restore the default configuration.
spanning-tree bpdu
{filtering|flooding|bridging}
no spanning-tree bpdu
Defines BPDU handling when the
spanning tree is disabled globally or on a
single interface.
Use the no form of this command to
restore the default configuration.
434 Dell PowerConnect 55xx Systems User Guide
spanning-tree pathcost method
{long|short}
no spanning-tree pathcost
method
Sets the default path cost method.
Use the no form of this command to return
to the default configuration.
spanning-tree priority
priority
no spanning-tree priority
Configures the spanning tree priority.
Use the no form of this command to
restore the default device spanning-tree
priority.
spanning-tree hello-time
seconds
no spanning-tree hello-time
Configures the spanning tree bridge Hello
Time, which is how often the device
Broadcasts Hello messages to other
devices.
Use the no form of this command to
restore the default configuration.
spanning-tree max-age seconds
no spanning-tree max-age
seconds
Configures the spanning tree bridge
maximum age.
Use the no form of this command to
restore the default configuration
spanning-tree forward-time
seconds
no spanning-tree forward-time
Configures the spanning tree bridge
forward time, which is the amount of time
a port remains in the listening and learning
states before entering the forwarding state.
Use the no form of this command to
restore the default configuration.
show spanning-tree
[[gigabitethernet|tengigabite
thernet] port-number|port-
channel LAG-number] [instance
instance-id]
Displays spanning tree configuration.
show spanning-tree [detail]
[active|blockedports]
[instance instance-id]
Displays detailed spanning tree
information on active or blocked ports.
show spanning-tree mst-
configuration
Displays spanning tree MST configuration
identifier.
Table 13-1. STP Global Parameter CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 435
The following is an example of the CLI commands:
console(config)# spanning-tree
console(config)# spanning-tree mode rstp
console(config)# spanning-tree priority 12288
console(config)# spanning-tree hello-time 5
console(config)# spanning-tree max-age 12
console(config)# spanning-tree forward-time 25
console(config)# exit
436 Dell PowerConnect 55xx Systems User Guide
STP Port Settings
To assign STP properties to individual ports:
1
Click
Switching
>
Spanning Tree
>
STP Port Settings
in the tree view to
display the
STP Port Settings: Summary
page.
Figure 13-2. STP Port Settings: Summary
The ports and their STP settings are displayed.
2
To modify STP settings on a port, click
Edit
.
3
Select the port, and enter the fields:
STP
— Enable/disable STP on the port.
Fast Link
— Check to enable Fast Link mode for the port. If this is
enabled, the
Port State
is automatically placed in the
Forwarding
state
when the port is up. Fast Link mode optimizes the time it takes for the
STP protocol to converge. STP convergence can take 30-60 seconds in
large networks.
Dell PowerConnect 55xx Systems User Guide 437
BPDU Guard
— Check to enable BPDU Guard on the port.
Root Guard
— Check to prevent devices outside the network core
from being assigned the spanning tree root.
Port State
— Displays the current STP state of a port. If the port state
is not disabled, it determines what forwarding action is taken on
traffic. The possible port states are:
Disabled
— STP is currently disabled on the port. The port
forwards traffic while learning MAC addresses.
Blocking
— The port is currently blocked and cannot be used to
forward traffic or learn MAC addresses. Blocking is displayed
when Classic STP is enabled.
Listening
— The port is currently in the listening mode. The port
cannot forward traffic nor can it learn MAC addresses.
Learning
— The port is currently in the learning mode. The port
cannot forward traffic, however it can learn new MAC addresses.
Forwarding
— The port is currently in the forwarding mode. The
port can forward traffic and learn new MAC addresses.
Role
— Displays the port role assigned by the STP algorithm that
provides STP paths. The possible options are:
Root
— This port provides the lowest cost path to forward packets
to root switch.
Designated
— This port is the interface through which the bridge
is connected to the LAN, which provides the lowest cost path
from the LAN to the Root Bridge.
Alternate
— This port provides an alternate LAG to the root
switch from the root interface.
Backup
— This port provides a backup path to the designated
port. Backup ports occur only when two ports are connected in a
loop by a point-to-point link. Backup ports also occur when a LAN
has two or more connections connected to a shared segment.
Disabled
— This port is not participating in the Spanning Tree.
438 Dell PowerConnect 55xx Systems User Guide
Speed
— Displays the speed at which the port is operating.
Path Cost (1-200000000)
— Enter the port contribution to the root
path cost. The path cost is adjusted to a higher or lower value, and is
used to forward traffic when a path being rerouted.
Default Path Cost
— Check to use the default path cost.
Priority
— Select the priority value that influences the port choice
when a bridge has two ports connected in a loop. The priority value is
provided in increments of 16.
Designated Bridge ID
— Displays the bridge priority and the MAC
address of the designated bridge.
Designated Port ID
— Displays the designated port’s priority and
interface.
Designated Cost
— Displays the cost of the port participating in the
STP topology. Ports with a lower cost are less likely to be blocked if
STP detects loops.
Forward Transitions
— Displays the number of times the port has
changed from the
Forwarding
state to
Blocking
.
LAG
— Displays the LAG to which the port is attached.
Defining STP Port Settings Using CLI Commands
The following table summarizes the CLI commands for defining STP port
parameters as displayed in the STP Port Settings page.
Table 13-2. STP Port Settings CLI Commands
CLI Command Description
spanning-tree disable
no spanning-tree disable
Disables spanning tree on a specific
port.
Use the no form of this command to
enable the spanning tree on a port.
spanning-tree cost cost
no spanning-tree cost
Configures the spanning tree cost
contribution of a port
Use the no form of this command to
restore the default configuration.
Dell PowerConnect 55xx Systems User Guide 439
spanning-tree port-priority
priority
no spanning-tree port-priority
Configures port priority.
Use the no form of this command to
restore the default configuration.
show spanning-tree
[[gigabitethernet|tengigabiteth
ernet] port-number|port-channel
LAG-number][instance instance-
id]
Displays spanning tree configuration.
spanning-tree portfast
no spanning-tree portfast
Enables Fast Link mode.
Use the no form of this command to
disable the PortFast mode.
spanning-tree bpduguard
{enable|disable}
no spanning-tree bpduguard
Shuts down an interface when it
receives a bridge protocol data unit
(BPDU).
Use the no form of this command to
restore the default configuration.
spanning-tree guard root Enables root guard on all spanning tree
instances on the interface.
show spanning-tree [detail]
[active|blockedports] [instance
instance-id]
Displays detailed spanning tree
information on active or blocked ports.
Table 13-2. STP Port Settings CLI Commands (Continued)
CLI Command Description
440 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console> enable
console# configure
console(config)# interface gi1/0/1
console(config-if)# spanning-tree enable
console(config-if)# spanning-tree cost 35000
console(config-if)# spanning-tree port-priority 96
console(config-if)# spanning-tree portfast
console(config-if)# exit
console(config)# exit
console# show spanning-tree gi1/0/15 instance 12
Port gi1/0/15 enabled
State: discarding Role: alternate
Port ID: 128.15 Port cost: 19
Type: P2p (configured: Auto) Internal Port Fast: No
(configured: No)
Designated bridge Priority :
32768
Address:
00:00:b0:07:07:49
Designated port ID: 128.11 Designated path cost: 0
Guard root: Disabled
Number of transitions to forwarding state: 3
BPDU: sent 482, received 1035
Dell PowerConnect 55xx Systems User Guide 441
STP LAG Settings
To assign STP parameters to LAGs:
1
Click
Switching
>
Spanning Tree
>
LAG Settings
in the tree view to
display the
STP LAG Settings: Summary
page.
Figure 13-3. STP LAG Settings: Summary
The LAGs and their STP settings are displayed.
2
To modify STP settings on a LAG, click
Edit
.
3
Select a LAG from the
Select a LAG
drop-down menu.
4
Enter the fields.
STP
— Enable/disable STP on the LAG.
Fast Link
— Check to enable Fast Link mode for the LAG. If Fast
Link mode is enabled for a LAG, the
LAG State
is automatically
placed in
Forwarding
when the LAG is up. Fast Link mode optimizes
the time it takes for the STP protocol to converge. STP convergence
can take from 30-60 seconds in large networks.
BPDU Guard
— Check to enable BPDU Guard on the LAG.
Root Guard
— Check to prevent devices outside the network core
from being assigned the spanning tree root.
442 Dell PowerConnect 55xx Systems User Guide
LAG State
— Displays the current STP state of the LAG. If enabled,
the LAG state determines what forwarding action is taken on traffic. If
the bridge discovers a malfunctioning LAG, the LAG is placed in the
Broken
state. Possible LAG states are:
Disabled
— STP is currently disabled on the LAG. The LAG
forwards traffic while learning MAC addresses.
Blocking
— The LAG is blocked and cannot be used to forward
traffic or learn MAC addresses.
RSTP Discarding State
— The LAG does not learn MAC
addresses and does not forward frames. This state is union of
Blocking and Listening state introduced in STP (802.1.D).
Listening
— The LAG is in the listening mode, and cannot
forward traffic or learn MAC addresses.
Learning
— The LAG is in the learning mode, and cannot
forward traffic, but it can learn new MAC addresses.
Forwarding
— The LAG is currently in the forwarding mode, and
it can forward traffic and learn new MAC addresses.
Broken
— The LAG is currently malfunctioning, and cannot be
used for forwarding traffic.
Role
— Displays the LAG role assigned by the STP algorithm that
provides STP paths. The possible options are:
Root
— This LAG provides the lowest cost path to forward
packets to root switch.
Designated
— This LAG is the interface through which the
bridge is connected to the LAN, which provides the lowest cost
path from the LAN to the Root Bridge.
Alternate
— This LAG provides an alternate LAG to the root
switch from the root interface.
Backup
— This LAG provides a backup path to the designated
port. Backup ports occur only when two ports are connected in a
loop by a point-to-point link. Backup ports also occur when a LAN
has two or more connections connected to a shared segment.
Disabled
— This LAG is not participating in the Spanning Tree.
Dell PowerConnect 55xx Systems User Guide 443
Path Cost (1-200000000)
— Enter the amount the LAG contributes
to the root path cost. The path cost is adjusted to a higher or lower
value, and is used to forward traffic when a path is being rerouted.
The path cost has a value of 1 to 200000000.
Default Path Cost
— Check for the device to use the default path
cost.
Priority
— Select the priority value of the LAG. The priority value
influences the LAG choice when a bridge has looped ports. The
priority value is given in steps of 16.
Designated Bridge ID
— Displays the priority and the MAC address
of the designated bridge.
Designated Port ID
— Displays the ID of the selected interface.
Designated Cost
— Displays the cost of the port participating in the
STP topology. Ports with a lower cost are less likely to be blocked if
STP detects loops.
Forward Transitions
— Displays the number of times the
LAG State
has changed from the
Forwarding
state to a
Blocking state
.
Defining STP LAG Settings Using CLI Commands
For information about CLI commands for defining STP LAG settings, see
Table 15-2.
The following is an example of the CLI commands:
console(config)# interface port-channel 1
console(config-if)# spanning-tree disable
console(config-if)# spanning-tree cost 35000
console(config-if)# spanning-tree port-priority 96
console(config-if)# spanning-tree portfast
444 Dell PowerConnect 55xx Systems User Guide
Rapid Spanning Tree
While classic spanning tree prevents Layer 2 forwarding loops on a general
network topology, convergence can take from 30 to 60 seconds. This delay
provides time to detect possible loops, and propagate status changes.
Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies
that enable a faster convergence of the spanning tree, without creating
forwarding loops.
To configure RSTP:
1
Click
Switching
>
Spanning Tree
>
Rapid Spanning Tree
in the tree view
to display the
Rapid Spanning Tree: Summary
page.
Figure 13-4. Rapid Spanning Tree: Summary
2
To modify RSTP settings on an interface, click
Edit
and enter the fields:
Interface
— Select a port or LAG.
State
— Displays the RSTP state of the selected interface.
Dell PowerConnect 55xx Systems User Guide 445
Role
— Displays the port role assigned by the STP algorithm in order
to provide STP paths. The possible options are:
Root
— This port provides the lowest cost path to forward packets
to root switch.
Designated
— This port is the interface through which the bridge
is connected to the LAN, which provides the lowest cost path
from the LAN to the Root Bridge.
Alternate
— This port provides an alternate LAG to the root
switch from the root interface.
Backup
— This port provides a backup path to the designated
port. Backup ports occur only when two ports are connected in a
loop by a point-to-point link. Backup ports also occur when a LAN
has two or more connections connected to a shared segment.
Disabled
— This port is not participating in the Spanning Tree.
Mode
— Displays if RSTP is enabled.
Fast Link Operational Status
— Displays if Fast Link is enabled or
disabled for the port or LAG. If Fast Link is enabled for an interface,
the interface is automatically placed in the forwarding state. The
possible options are:
Enable
— Fast Link is enabled.
Disable
— Fast Link is disabled.
Auto
— Fast Link mode is enabled a few seconds after the
interface becomes active.
Point-to-Point Admin Status
— Select if a point-to-point links is
established, or permits the device to establish a point-to-point link.
The possible options are:
Enable
— Enables the device to establish a point-to-point link, or
specifies for the device to automatically establish a point-to-point
link. To establish communications over a point-to-point link, the
originating PPP first sends Link Control Protocol (LCP) packets
to configure and test the data link. After a link is established and
optional facilities are negotiated as needed by the LCP, the
originating PPP sends
Network Control Protocols (NCP) packets
to select and configure one or more network layer protocols.
When each of the chosen network layer protocols has been
446 Dell PowerConnect 55xx Systems User Guide
configured, packets from each network layer protocol can be sent
over the link. The link remains configured for communications
until explicit LCP or NCP packets close the link, or until some
external event occurs. This is the actual switch port link type. It
may differ from the administrative state.
Disable
— Disables point-to-point link.
Auto
— The device automatically establishes a point-to-point
link.
Point-to-Point Operational Status
— Displays the Point-to-Point
operating state.
Active Protocol Migration Test
— Check to run a Protocol Migration
test. This discovers whether the link partner using STP still exists, and
if so whether it has migrated to RSTP or MSTP. If it still exists as an
STP link, the device continues to communicate with it by using STP.
Otherwise, if it has been migrated to RSTP or MSTP, the device
communicates with it using RSTP or MSTP, respectively.
Defining Rapid STP Parameters Using CLI Commands
The following table summarizes the CLI commands for defining Rapid STP
parameters as displayed in the Rapid Spanning Tree pages.
Table 13-3. Rapid STP Parameters CLI Command
CLI Command Description
spanning-tree link-type {point-
to-point|shared}
no spanning-tree spanning-tree
link-type
Overrides the default link-type setting
determined by the port duplex mode,
and enables RSTP transitions to the
forwarding state.
Use the no form of this command to
restore the default configuration.
clear spanning-tree detected-
protocols interface
[[gigabitethernet|tengigabiteth
ernet] port-number|port-channel
LAG-number]
Restarts the protocol migration
process.
Dell PowerConnect 55xx Systems User Guide 447
The following is an example of the CLI commands:
show spanning-tree
[[gigabitethernet|tengigabiteth
ernet] port-number|port-channel
LAG-number]
Displays spanning tree configuration.
console(config)# interface gi1/0/5
console(config-if)# spanning-tree link-type shared
Table 13-3. Rapid STP Parameters CLI Command (Continued)
CLI Command Description
448 Dell PowerConnect 55xx Systems User Guide
Multiple Spanning Tree
This section describes Multiple Spanning Tree Protocol (MSTP).
It contains the following topics:
MSTP Overview
MSTP Properties
•VLAN to MSTP Instance
MSTP Instance Settings
MSTP Interface Settings
Dell PowerConnect 55xx Systems User Guide 449
MSTP Overview
MSTP maps VLANs into STP instances, using various load balancing
scenarios. As a result of this partitioning into instances, if port A is blocked in
one STP instance, the same port can be placed in the Forwarding State in
another STP instance.
In addition, packets assigned to various VLANs are transmitted along
different paths within Multiple Spanning Trees Regions (MST Regions).
Regions are one or more Multiple Spanning Tree bridges by which frames can
be transmitted.
MSTP Properties
To set an MSTP region:
1
Click
Switching
>
Spanning Tree
>
MSTP Settings
in the tree view to
display the
MSTP Properties: Summary
page
.
Figure 13-5. MSTP Properties: Summary
450 Dell PowerConnect 55xx Systems User Guide
2
Enter the following fields:
Region Name (1-32 Characters)
— Enter the user-defined MSTP
region name.
Revision (0-65535)
— Enter the unsigned 16-bit number that
identifies the current MST configuration revision. The revision
number is required as part of the MST configuration.
Max Hops (1-40)
— Enter the total number of hops that occur in a
specific region before the BPDU is discarded. Once the BPDU is
discarded, the port information is aged out.
IST Master
— Displays the Internal Spanning Tree Master ID. The
IST Master is the instance 0 root.
Configuring MST Properties Using CLI Commands
The following table summarizes the CLI commands for configuring MST
properties in the MSTP Properties pages.
Table 13-4. MSTP Properties CLI Commands
CLI Command Description
spanning-tree mst
configuration
Enters MST Configuration mode.
spanning-tree mst max-hops
hop-count
no spanning-tree mst max-
hops
Configures the number of hops in an MST
region before the BDPU is discarded and the
port information is aged out (in Global
Configuration mode).
Use the no form of this command to restore
the default configuration.
name string
no name
Sets the MSTP region name.
Use the no form of this command to restore
the default setting.
revision value
no revision
Defines the MST configuration revision
number.
Use the no form of this command to restore
the default configuration.
exit Exits the MST region configuration mode
after applying configuration changes.
Dell PowerConnect 55xx Systems User Guide 451
The following is an example of the CLI commands:
show {current|pending}Displays the current or pending MST region
configuration.
show spanning tree mst-
configuration
Displays the MSTP configuration.
console(config)# spanning-tree mst configuration
console(config-mst)# instance 1 add vlan 10-20
console(config-mst)# name region1
console(config-mst)# revision 1
console(config)# interface gi1/0/1
console(config-if)# spanning-tree mst 1 port-priority 144
console(config)# spanning-tree mst max-hops 10
console(config)# spanning-tree mst configuration
console(config-mst)# instance 2 add vlan 21-30
console(config-mst)# name region1
console(config-mst)# revision 1
console(config-mst)# show pending
Pending MST configuration
Name: Region1
Revision: 1
Instance VLANs Mapped
-------- ------------
0 1-9,31-4094
1 10-20
2 21-30
Table 13-4. MSTP Properties CLI Commands (Continued)
CLI Command Description
452 Dell PowerConnect 55xx Systems User Guide
VLAN to MSTP Instance
To map VLANs to MSTP instances:
1
Click
Switching
>
Spanning Tree
>
VLAN to MSTP Instance
in the tree
view to display the
VLAN to MSTP Instance: Summary
page
.
Figure 13-6. VLAN to MSTP Instance: Summary
The MSTP instances and their associated VLANs are displayed.
2
To associate a VLAN with an MSTP instance, click
Edit
.
3
Select the MSTP instance, the VLAN and whether to add or remove the
VLAN from the MSTP instance association.
4
Enter the fields:
Select MST Instance ID
— Select an MST instance.
VLANs
— Enter the VLANs being mapped to this instance.
Action
— Select the mapping action. The possible options are:
Dell PowerConnect 55xx Systems User Guide 453
Add
—Add these VLANS to the MST instance.
Remove
—Remove these VLANS from the MST instance.
Mapping VLAN to MSTP Instances Using CLI Commands
The following table summarizes the CLI commands for mapping VLANs to
MSTP instances.
The following is an example of the CLI commands:
Table 13-5. Mapping VLAN to MSTP Instances Using CLI Commands
CLI Command Description
spanning-tree mst
configuration
Enters MST Configuration mode.
instance instance-id vlan
vlan-range
no instance instance-id
vlan vlan-range
Maps VLANs to an MST instance.
Use the no form of this command to restore
default mapping.
show spanning-tree detail Displays the spanning-tree configuration
console(config)# spanning-tree mst configuration
console(config-mst)# instance 1 vlan 10-20
454 Dell PowerConnect 55xx Systems User Guide
MSTP Instance Settings
To configure MSTP instances:
1
Click
Switching
>
Spanning Tree
>
MSTP Instance Settings
in the tree
view to display the
MSTP Instance Settings
page
.
Figure 13-7. MSTP Instance Settings
The MSTP instances and their associated VLANs are displayed.
2
Select an
Instance ID
.
3
Enter the
Bridge Priority
(0-61440)
of this bridge for the selected MSTP
instance.
4
The following fields are displayed:
Included VLANs
— Displays VLANs included in this instance.
Designated Root Bridge ID
— Priority and MAC address of the Root
Bridge for the MST instance.
Dell PowerConnect 55xx Systems User Guide 455
Root Port
— Root port of the selected instance.
Root Path Cost
— Root path cost of the selected instance.
Bridge ID
— Bridge priority and the MAC address of this switch for
the selected instance.
Remaining Hops
— Number of hops remaining to the next
destination.
Configuring MSTP Instances Using CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the MSTP Instance pages.
The following is an example of the CLI commands:
Table 13-6. Configuring MSTP Instances CLI Commands
CLI Command Description
spanning-tree mst
configuration
Enters MST Configuration mode.
spanning-tree mst
instance-id priority
priority
no spanning-tree mst
instance-id priority
Configures the device priority for the specified
spanning-tree instance.
Use the no form of this command to restore
the default configuration.
show spanning-tree
detail
Displays the spanning-tree configuration
console(config)# spanning-tree mst configuration
console(config-mst)# spanning-tree mst 1 priority 4096
456 Dell PowerConnect 55xx Systems User Guide
MSTP Interface Settings
To assign interfaces to MSTP instances:
1
Click
Switching
>
Spanning Tree
>
MSTP Interface Settings
in the tree
view to display the
MSTP Interface Settings: Summary
page.
Figure 13-8. MSTP Interface Settings: Summary
MSTP interface settings for the selected instance is displayed.
2
To set MSTP settings for an interface, click
Edit
.
3
Select an instance, and enter the fields:
Interface ID
Assign either ports or LAGs to the selected MSTP
instance.
Port State
Displays whether the port is enabled or disabled in the
specific instance.
Type
Displays whether MSTP treats the port as a point-to-point
port, or a port connected to a hub, and whether the port is internal to
the MST region or a boundary port. A Master port provides
connectivity from a MSTP region to the outlying CIST root. A
Dell PowerConnect 55xx Systems User Guide 457
Boundary port attaches MST bridges to LAN in an outlying region. If
the port is a boundary port, it also indicates whether the device on the
other side of the link is working in RSTP or STP mode.
Role —
Displays the port role assigned by the STP algorithm in order
to provide to STP paths. The possible options are:
Root
— This port provides the lowest cost path to forward packets
to root switch.
Designated
— This port is the interface through which the bridge
is connected to the LAN, which provides the lowest cost path
from the LAN to the Root Bridge.
Alternate
— This port provides an alternate LAG to the root
switch from the root interface.
Backup
— This port provides a backup path to the designated
port. Backup ports occur only when two ports are connected in a
loop by a point-to-point link. Backup ports also occur when a LAN
has two or more connections connected to a shared segment.
Disabled
— This port is not participating in the Spanning Tree.
Interface Priority
Enter the interface priority for specified instance.
Path Cost (1-200,000,000)
— Enter the port contribution to the
Spanning Tree instance. If a loop occurs, the spanning tree considers
path cost when selecting an interface to put in the Forwarding state.
Default Path Cost
— Check to use the default path cost.
Designated Bridge ID —
Displays the bridge ID number that
connects the link or shared LAN to the root.
Designated Port ID
Displays the Port ID number on the
designated bridge that connects the link or the shared LAN to the
root.
Designated Cost —
Displays the cost of the path from the link or the
shared LAN to the root.
Forward Transitions —
Displays the number of times the port
changed to the forwarding state.
Remain Hops —
Displays the number of hops remaining to the next
destination.
458 Dell PowerConnect 55xx Systems User Guide
Defining MSTP Interfaces Using CLI Commands
The following table summarizes the CLI commands for defining MSTP
interfaces as displayed in the MSTP Interfaces pages.
The following is an example of the CLI commands:
Table 13-7. MSTP Interface CLI Commands
CLI Command Description
spanning-tree mst
instance-id cost cost
no spanning-tree mst
instance-id cost
Sets the path cost of the port for MST
calculations (in Interface Configuration
mode).
Use the no form of this command to restore
the default configuration.
spanning-tree mst
instance-id port-
priority priority
Configures the device priority for the specified
spanning-tree instance (in Interface
Configuration mode).
Use the no form of this command to restore
the default configuration.
show spanning-tree mst-
configuration
Displays the MST configuration.
console(config)# interface gi1/0/9
console(config-if)# spanning-tree mst 1 cost 4
Dell PowerConnect 55xx Systems User Guide 459
14
VLANs
This chapter describes how VLANs are configured on the device.
It contains the following topics:
Virtual LAN Overview
VLAN Membership
Port Settings
•LAGs Settings
Protocol Groups
Protocol Port
GVRP Parameters
•Private VLAN
Voice VLAN
460 Dell PowerConnect 55xx Systems User Guide
Virtual LAN Overview
A VLAN is a switched network that is logically segmented on an
organizational basis, by functions, project teams, or applications rather than
on a physical or geographical basis. For example, all workstations and servers
used by a particular workgroup team can be connected to the same VLAN,
regardless of their physical connections to the network, or the fact that they
might be intermingled with other teams. Reconfiguration of the network can
be done through software rather than by physically unplugging and moving
devices or wires.
A VLAN can be thought of as a Broadcast domain that exists within a defined
set of switches. A VLAN consists of a number of end systems, either hosts or
network equipment (such as bridges and routers), connected by a single
bridging domain. The bridging domain is supported on various pieces of
network equipment; for example, LAN switches that operate bridging
protocols between them with a separate bridge group for each VLAN.
VLANs are created to provide the segmentation services traditionally
provided by routers in LAN configurations. VLANs address scalability,
security, and network management. Routers in VLAN topologies provide
broadcast filtering, security, address summarization, and traffic flow
management.
None of the switches, within a defined group, will bridge any frames, not even
broadcast frames, between two VLANs.
Dell PowerConnect 55xx Systems User Guide 461
Frame Flow
Figure 16-1 describes the flow of VLAN frames from the Ingress port to the
Egress port:
Figure 14-1. Frame Flow Through a VLAN
When a frame is received, it must be assigned a VLAN. VLAN assignment is
accomplished by the following steps:
1
If the frame contains a VLAN tag, that tag is used, otherwise the frame is
classified by the port's default VLAN (PVID), if it is defined.
2
After classification, the frame may pass (if enabled) through ingress
filtering, where the frame is dropped if the frame's VLAN ID is not one of
the VLANs to which the ingress port belongs.
3
A forwarding decision is made, as a function of the VLAN ID and the
destination MAC address.
4
The egress rules define whether the frame is to be sent as tagged or
untagged.
Special-case VLANs
VLAN#1 and VLAN#4095 are special-case VLANs:
VLAN1
— Defined as the default VLAN, and may only be used as a Ports
Default VLAN ID (PVID). This means that if the VLAN, whose VID is the
current port's PVID, is deleted from the port (or from the system), that
port's PVID is set to 1. VLAN#1 cannot be deleted from the system.
VLAN #4095
— Defined (according to standard and industry practice) as
the "discard" VLAN. A frame classified to this VLAN is silently dropped.
Ingress Egress
VLAN
Classification Ingress
Filtering Egress
Filtering
Progress
Forwarding
Decision
Filtering
Database
Received
Frame Transmitted
Frame
Ingress Egress
VLAN
Classification Ingress
Filtering
VLAN
Classification Ingress
Filtering Egress
Filtering
Progress
Forwarding
Decision
Filtering
Database
Received
Frame Transmitted
Frame
462 Dell PowerConnect 55xx Systems User Guide
QinQ Tagging
QinQ tagging enables you to add an additional tag to previously-tagged
packets. The added tag provides a VLAN ID to each customer, which ensures
private and segregated network traffic. The VLAN ID tag is assigned to a
customer port in the service provider network. The designated port then
provides additional services to the packets with the double-tags. This enables
administrators to expand service to VLAN users.
Port Modes
Ports participating in Layer 2 switching may be classified as:
Access Ports
Ports set to Access mode belong to a single VLAN, whose VID is the
currently set PVID (default =1). These ports accept all untagged frames,
and all frames tagged with the VID, currently set as the port's PVID. All
traffic is sent untagged. If the VLAN, whose VID is set as the current PVID
of the port, is deleted from the system, or deleted from the port, the port's
PVID will be set to 1, meaning that the port will be made a member of
VLAN#1, the default VLAN.
Ingress filtering is always enabled for ports in Access mode.
Setting an Access port’s PVID to 4095 effectively shuts it down, as no
frames will be transferred in either direction.
Access mode ports are intended to connect end-stations to the system,
especially when the end-stations are incapable of generating VLAN tags.
Trunk Ports
Ports set to Trunk mode may belong to multiple VLANs. The default
VLAN membership of a trunk port is all VLANs (1-4094). A PVID must be
set on the port (it can be a non-existing VLAN). Trunk ports accept tagged
and untagged frames. Untagged frames will be classified to the VLAN
whose VLAN ID (VID) is configured as the port’s PVID.
Frames, sent from the port in the VLAN, whose VID is the current PVID,
are sent untagged. Frames sent in all other VLANs active on the port are
sent tagged.
Dell PowerConnect 55xx Systems User Guide 463
Ingress filtering is always enabled on Trunk-mode ports. Incoming frames
will undergo ingress filtering, and if correctly tagged, (tagged with a VID of
one of the VLANs to which the port currently belongs) are admitted.
The default PVID is 1 (the default VLAN). If another VID is configured as
the port’s PVID, and the corresponding VLAN is deleted from the port or
from the system, the port’s PVID reverts to 1, meaning that the port is
made a member of the default VLAN.
Setting a trunk-port’s PVID to 4095 limits traffic to tagged frames.
Incoming untagged frames are silently discarded, and no frames are sent
untagged.
Trunk-mode ports are intended for switch-to-switch links, where traffic is
usually tagged.
General Ports
Ports set to General mode may be members of multiple VLANs. Each of
these VLANs may be configured to be tagged or untagged. This setting
applies to transmitted frames. Incoming untagged frames are classified
into the VLAN whose VID is the currently configured PVID.
Ingress filtering may be disabled on General ports. Ingress filtering is
enabled by default.
Promiscuous Ports
A promiscuous port can communicate with all ports of the same Private
VLAN (PVLAN), including the isolated ports of the same PVLAN.
•Isolated
An isolated port has complete Layer 2 isolation from the other ports within
the same PVLAN, but not from the promiscuous ports. Isolated ports can
communicate with promiscuous ports.
In the factory default configuration, all ports are designated as Access ports,
and are associated with the default VLAN.
464 Dell PowerConnect 55xx Systems User Guide
Acceptable Frame Type
The acceptable frame type can be set on a port to accept all frames (tagged
and untagged), tagged only, or untagged only. This setting takes precedence
over all other settings, so that if the acceptable frame type is tagged only,
incoming untagged frames are silently discarded, even if the port has a valid
PVID.
Dell PowerConnect 55xx Systems User Guide 465
VLAN Membership
The device supports up to 2-4094 VLANs.
Ports are assigned to a VLAN in the Port Settings pages.
To view the ports in a VLAN, and assign various parameters:
1
Click
Switching
>
VLAN
>
VLAN Membership
in the tree view to
display the
VLAN Membership: Summary
page.
Figure 14-2. VLAN Membership: Summary
The ports in the selected unit/VLAN are displayed along with their
statuses.
Each port/LAG is labeled with one of the following codes, regarding its
membership in the VLAN:
466 Dell PowerConnect 55xx Systems User Guide
T
— Tagged. The interface is a member of a VLAN. All packets
forwarded by the interface are tagged. The packets contain VLAN
information.
U
— Untagged. The interface is a member of a VLAN. Packets
forwarded by the interface are untagged.
F
— Forbidden. The interface is denied membership to a VLAN.
Blank
— The interface is not a VLAN member. Packets associated
with the interface are not forwarded.
2
Enter the fields:
Show VLAN
— Check one of the possible options:
VLAN ID
— Check VLAN ID, and select a VLAN ID to view.
VLAN Name
— Check VLAN Name, and select a VLAN ID to
view.
VLAN Name (0-32 Characters)
— Enter a new VLAN name.
Status
— The VLAN type. Possible values are:
Dynamic
— The VLAN was dynamically created through GVRP.
Static
— The VLAN is user-defined.
Authentication Not Required
— Enable/disable authentication on
the VLAN.
3
To define a new VLAN, click
ADD
, and enter the fields. The fields in this
page are described above.
Defining VLAN Membership Using CLI Commands
The following table summarizes the CLI commands for defining VLAN
membership as displayed in the VLAN Membership pages.
Table 14-1. VLAN Membership CLI Commands
CLI Command Description
vlan database Enters the VLAN configuration mode.
Dell PowerConnect 55xx Systems User Guide 467
The following is an example of the CLI commands:
vlan {vlan-range}[name vlan-
name]
no vlan vlan-range
Creates a VLAN.
Use the no form of this command to
restore the default configuration or
delete a VLAN.
name string Adds a name to a VLAN.
dot1x auth-not-req
no dot1x auth-not-req
Enables unauthorized devices access to
the VLAN.
Use the no form of this command to
disable access to the VLAN.
console(config)# vlan database
console(config-vlan)# vlan 1972
console(config-vlan)# end
console(config)# interface vlan 1972
console(config-if)# name Marketing
console(config-vlan)# dot1x auth-not-req
console(config-if)# end
Table 14-1. VLAN Membership CLI Commands (Continued)
CLI Command Description
468 Dell PowerConnect 55xx Systems User Guide
Port Settings
After a VLAN has been defined, assign ports to it.
To assign a VLAN to untagged packets, arriving on the device, enter the port
default VLAN ID (PVID). All untagged packets arriving to the device are
tagged by the ports PVID.
All ports must have a defined PVID. If no other value is configured, the
default VLAN PVID is used. VLAN ID #1 is the default VLAN, and cannot
be deleted from the system.
To configure ports on a VLAN:
1
Click
Switching
>
VLAN
>
Port Settings
in the tree view to display the
Port Settings: Summary
page.
Figure 14-3. Port Settings: Summary
All interfaces on the selected unit and their settings are displayed.
2
To modify the port settings, click
Edit,
and enter the fields:
Interface
— Enter the unit/port number to be modified.
Switchport Mode
— Select whether the port is in Layer 2 or Layer 3.
If the port is in Layer 2, enter the parameters described below,
otherwise the fields are not relevant.
Dell PowerConnect 55xx Systems User Guide 469
Port VLAN Mode
— Enter the port VLAN mode. The possible
options are:
General
— The port belongs to VLANs, and each VLAN is
user-defined as tagged or untagged (full 802.1Q mode).
Access
— The port belongs to a single untagged VLAN. When a
port is in Access mode, the packet types that are accepted on the
port cannot be designated. Ingress filtering cannot be
enabled/disabled on an access port.
Trunk
— The port belongs to VLANs on which all ports are tagged
(except for one port that can be untagged).
Customer
— When a port is in Customer mode, an added tag
provides a VLAN ID to each customer, ensuring private and
segregated network traffic for that customer.
Private VLAN Promiscuous
— The port is a promiscuous port.
Private VLAN Host
— The port is an isolated port
Current Reserved VLAN
— Displays the VLAN currently designated
by the system as the reserved VLAN.
Reserve VLAN for Internal Use
(1-4094)
— Check to enter a reserved
VLAN, and enter its ID. If none is required, check
None
.
PVID (1-4095)
— Enter a VLAN ID to be added to untagged packets.
The possible values are 1-4095. VLAN 4095 is defined according to
standard and industry practice as the discard VLAN. Packets classified
to the discard VLAN are dropped.
VLAN List (I - Inactive Configuration)
Enter the VLAN(s) to
which this port belongs, and indicate its type. The possible options are:
T
— Tagged. The port is a member of a VLAN. All packets
forwarded by the LAG are tagged. The packets contain VLAN
information.
U
— Untagged. The port is a member of a VLAN. Packets
forwarded by the LAG are untagged.
F
— Forbidden. The port is denied membership to a VLAN.
Click
Add
to move the port to the VLAN list together with its type.
470 Dell PowerConnect 55xx Systems User Guide
Frame Type
— Select the packet type accepted on the port. The
possible options are:
Admit All
— Both tagged and untagged packets are accepted on
the port.
Admit Tagged Only
— Only tagged packets are accepted on the
port.
Admit Untagged Only
— Only untagged packets are accepted on
the port.
Ingress Filtering
— Enable/disable ingress filtering, which discards
packets that are destined to VLANs of which the specific port is not a
member.
Native VLAN ID(1-4094)
— Enter VLAN used for untagged traffic to
trunk ports.
Multicast VLAN ID(1-4094)
— Enter VLAN used for Multicast TV
VLAN traffic on access ports.
Customer VLAN ID(1-4094)
— Enter VLAN used for customer
ports.
Assigning Ports to VLAN Groups Using CLI Commands
The following table summarizes the CLI commands for assigning ports to
VLAN groups.
Table 14-2. Port-to-VLAN Group Assignments CLI Commands
CLI Command Description
switchport general acceptable-
frame-type {tagged-only|untagged-
only|all}
no switchport general acceptable-
frame-type
Configures ingress filtering based
on packet type tagged/untagged.
Use the no form of this command
to return to default.
switchport mode
{access|trunk|general}
Configures the VLAN
membership mode of a port.
Dell PowerConnect 55xx Systems User Guide 471
switchport access vlan {vlan-
id|none}
no switchport access vlan
Configures the VLAN ID when
the interface is in access mode.
Use the no form of this command
to restore the default
configuration.
switchport trunk allowed vlan
{all|none|add vlan-list|remove
vlan-list|except vlan-list}
no switchport trunk allowed vlan
Sets the trunk characteristics
when the interface is in Trunking
mode.
Use the no form of this command
to reset a trunking characteristic
to the default.
switchport trunk native vlan {vlan-
id|none}
no switchport trunk native vlan
Defines the native VLAN when
the interface is in trunk mode.
Use the no form of this command
to restore the default
configuration.
switchport general allowed vlan
{add|remove} vlan-list
[tagged|untagged]
no switchport general allowed vlan
Sets the general characteristics
when the interface is in general
mode.
Use the no form of this command
to reset a general characteristic to
the default.
switchport general pvid vlan-id
no switchport general pvid
Configures the PVID when the
interface is in general mode.
Use the no form of this command
to restore the default
configuration.
switchport customer vlan vlan-id
no switchport customer vlan
Sets the port's VLAN when the
interface is in customer mode.
Use the no form of this command
to restore the default
configuration.
Table 14-2. Port-to-VLAN Group Assignments CLI Commands (Continued)
CLI Command Description
472 Dell PowerConnect 55xx Systems User Guide
switchport mode
{access|trunk|general|private-vlan
{promiscuous|host}|customer}
no switchport mode
Configure the VLAN membership
mode of a port.
Use the no form of this command
to restore the default
configuration.
Table 14-2. Port-to-VLAN Group Assignments CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 473
The following is an example of the CLI commands:
console(config)# vlan database
console(config-vlan)# vlan 23-25
console(config-vlan)# end
console(config)# interface vlan 23
console(config-if)# name Marketing
console(config-if)# end
console(config)# interface gi1/0/8
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 23
console(config-if)# end
console(config)# interface gi1/0/9
console(config-if)# switchport mode trunk
console(config-if)# switchport mode trunk allowed vlan add
23-25
console(config-if)# end
console(config)# interface gi1/0/11
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add
23,25 tagged
console(config-if)# switchport general pvid 25
474 Dell PowerConnect 55xx Systems User Guide
LAGs Settings
VLANs can either be composed of individual ports or of LAGs. Untagged
packets entering the device are tagged with the LAGs ID specified by the
PVID.
To configure LAGS on a VLAN:
1
Click
Switching
>
VLAN
>
LAG Settings
in the tree view to display the
VLAN LAG Settings
page.
Figure 14-4. VLAN LAG Settings
All LAGs and their settings are displayed.
2
To modify the LAG settings, click
Edit
, and enter the fields:
LAG
— Select the LAG to be modified.
Switchport Mode
— Select whether the LAG is in Layer 2 or Layer 3.
If the LAG is in Layer 2, enter the parameters described below,
otherwise the fields are not relevant.
Dell PowerConnect 55xx Systems User Guide 475
Port VLAN Mode
— Enter the port VLAN mode. The possible
options are:
General
— The port belongs to VLANs, and each VLAN is
user-defined as tagged or untagged (full 802.1Q mode).
Access
— The port belongs to a single untagged VLAN. When a
port is in Access mode, the packet types that are accepted on the
port cannot be designated. Ingress filtering cannot be
enabled/disabled on an access port.
Trunk
— The port belongs to VLANs on which all ports are tagged
(except for one port that can be untagged).
Customer
— When a port is in Customer mode, an added tag
provides a VLAN ID to each customer, ensuring private and
segregated network traffic for that customer.
Private VLAN Promiscuous
— The port is a promiscuous port.
Private VLAN Host
— The port is an isolated port
Current Reserved VLAN
— Displays the VLAN currently designated
as the reserved VLAN.
Reserve VLAN for Internal Use
(1-4094)
— Enter the VLAN that is
designated as the reserved VLAN after the device is reset, or select
None
.
PVID (1-4095)
— Assigns a VLAN ID to untagged packets. The possible
VLAN IDs are 1-4095. VLAN 4095 is defined as per standard and
industry practice, as the discard VLAN. Packets classified to this
VLAN are dropped.
VLAN List (I - Inactive Configuration)
Enter the VLAN(s) to
which this LAG belongs, and indicate its type. The possible options are:
T
— Tagged. The LAG is a member of a VLAN. All packets
forwarded by the LAG are tagged. The packets contain VLAN
information.
U
— Untagged. The LAG is a member of a VLAN. Packets
forwarded by the LAG are untagged.
F
— Forbidden. The LAG is denied membership to a VLAN.
Click
Add
to move the LAG to the VLAN list together with its type.
476 Dell PowerConnect 55xx Systems User Guide
Frame Type
— Packet type accepted by the LAG. The possible options
are:
Admit All
— Tagged and untagged packets are both accepted by
the LAG.
Admit Tag Only
— Only tagged packets are accepted by the LAG.
Admit Untagged Only
— Only untagged packets are accepted on
the LAG.
Ingress Filtering
— Enable/disable Ingress filtering by the LAG.
Ingress filtering discards packets that are destined to VLANs of which
the specific LAG is not a member.
Native VLAN ID (1-4094)
— Enter VLAN used for untagged traffic
to trunk ports, or select
None
.
Multicast VLAN ID (1-4094)
— Enter VLAN used for Multicast TV
VLAN traffic on access ports, or select
None
.
Customer VLAN ID (1-4094)
— Enter VLAN used for customer
ports, or select
None
.
Assigning LAGs to VLAN Groups Using CLI Commands
Refer to Table 16-2 for a list of the LAG to VLAN CLI commands.
Dell PowerConnect 55xx Systems User Guide 477
Protocol Groups
Protocol groups are based on protocol-based VLANs.
Protocol-based VLANs
Untagged frames received on a VLAN-aware switch can be classified by
methods others than source port, such as data-link-layer protocol
identification. This classification method is referred to as protocol-based
VLANs.
Protocol-based VLANs are useful for isolating Layer 2 traffic of various Layer
3 protocols. If, for example, a switch serves IP stations and IPX stations that
communicate with a single VLAN-unaware server, without using
protocol-based VLANs, all the Layer 2 Broadcast traffic would reach all the
stations. With protocol-based VLANs, the switch can forward incoming
traffic from the server to stations in a specific VLAN only.
Protocol-based VLANs are only available on General ports.
Classification rules are set on a per-port basis, and may be sensitive to the
frame's encapsulation. The default encapsulation assumed is Ethernet.
On each port, a user can define associations between groups of data-link layer
protocols and ports. For each group/port combination, the user may set the
VLAN to which frames incoming on that port will be classified if they belong
to any of the protocols in the group.
Several protocol-groups may be associated to a single port, and a protocol
group may be assigned to multiple ports, if so desired.
It is not guaranteed that the VLAN to which the frame is classified exists in
the system, or is active on that port.
Restrictions
The following frames (packet) types are supported: Ethernet, RFC 1042, and
LLC Other.
There may be dependencies between protocols and encapsulations, and
specifying one protocol may automatically add additional protocols to the
protocol-group, such as specifying IP implies ARP and vice-versa.
478 Dell PowerConnect 55xx Systems User Guide
Similarly, there may be implied dependencies between encapsulations, so that
specifying an encapsulation implies defining the protocol group for related
encapsulations. An example of this is specifying the Ethernet encapsulation,
even by default, implies IEEE802 encapsulation, as per RFC 1042.
The following standards are relevant:
IEEE802.1V defines VLAN assignment by protocol type.
IETF RFC 10-2 defines a standard for the transmission of IP datagrams
over IEEE 802 Networks
Defining Protocol Groups
Define protocol groups in two steps:
1
Define a protocol group by assigning one or more protocols to the group
and giving it a protocol-group ID (any integer), using the
Protocol Group
pages.
2
Associate the group with a desired VLAN classification, per port, using the
Protocol Port
pages.
Dell PowerConnect 55xx Systems User Guide 479
To define a protocol group:
1
Click
Switching
>
VLAN
>
Protocol Group
in the tree view to display
the
Protocol Group: Summary
page.
Figure 14-5. Protocol Group: Summary
The currently-defined protocol groups are displayed.
2
To add a new protocol group, click
Add
, and enter the fields:
Frame Type
— Select a frame type to be accepted in the protocol
group.
Protocol Value
— Select a protocol name.
or
Ethernet-Based Protocol Value (0600 - FFFF)
— Enter the Ethernet
protocol group type.
Protocol Group ID
— Assign a protocol group ID number.
480 Dell PowerConnect 55xx Systems User Guide
Defining VLAN Protocol Groups Using CLI Commands
The following table summarizes the CLI commands for defining VLAN
Protocol groups.
The following is a sample of the CLI commands:
Table 14-3. VLAN Protocol Groups CLI Commands
CLI Command Description
map protocol protocol
[encapsulation] protocols-
group group
no map protocol protocol
[encapsulation]
Maps a protocol to a protocol group.
Protocol groups are used for protocol-
based VLAN assignment.
Use the no form of this command to
delete a protocol from a group.
console (config)# vlan database
console (config-vlan)# map protocol ip protocols-group 213
Dell PowerConnect 55xx Systems User Guide 481
Protocol Port
A protocol port is a port assigned to a particular protocol group. Traffic from
particular types of frames may be assigned to a protocol group, which has a
port and VLAN associated with it.
To add an interface to a protocol group:
1
Click
Switching
>
VLAN
>
Protocol Port
in the tree view to display the
Protocol Port: Summary
page.
Figure 14-6. Protocol Port: Summary
A list of previously-defined protocol groups is displayed.
2
To assign an interface to a protocol group, click
Add
, and enter the fields:
Interface
— Port or LAG number to be added to a protocol group.
Group ID
— Select a protocol group ID to which the interface is
added.
482 Dell PowerConnect 55xx Systems User Guide
Protocol ports can either be attached to a
VLAN ID or a VLAN name.
VLAN ID (1- 4094)
—Check and enter a VLAN ID.
or
VLAN Name
— Check and enter a VLAN name.
Defining Protocol Ports Using CLI Commands
The following table summarizes the CLI command for defining protocol
ports.
The following is a sample of the CLI commands:
Table 14-4. Protocol Port CLI Commands
CLI Command Description
switchport general map
protocols-group group vlan
vlan-id
no switchport general map
protocols-group group
Sets a protocol-based classification rule.
Use the no form of this command to
delete a classification.
console (config-if)# switchport general map protocols-
group 1 vlan 8
Dell PowerConnect 55xx Systems User Guide 483
GVRP Parameters
GARP VLAN Registration Protocol (GVRP) is provided for automatic
distribution of VLAN membership information among VLAN-aware bridges.
GVRP enables VLAN-aware bridges to automatically learn VLANs-to-bridge-
ports mapping, without having to individually configure each bridge and
register VLAN membership.
To ensure the correct operation of the GVRP protocol, it is advised to set the
maximum number of GVRP VLANs equal to a value which significantly
exceeds:
The number of all static VLANs both currently configured and
expected to be configured.
The number of all dynamic VLANs participating in GVRP, both
currently configured (initial number of dynamic GVRP VLANs is 128)
and expected to be configured.
To set GVRP parameters:
1
Click
Switching
>
VLAN
>
GVRP Parameters
in the tree view to display
the
GVRP Parameters: Summary
page.
Figure 14-7. GVRP Global Parameters
2
Enable/disable GVRP on the device in the
GVRP Global Status
field.
484 Dell PowerConnect 55xx Systems User Guide
3
Check
Unit ID
and select a unit ID to view ports on the unit, or select
LAGs
to view the LAGs in the system.
4
To set GVRP for an interface, click
Edit,
and enter the fields:
Interface
— Specifies port or LAG for editing GVRP settings.
GVRP State
— Enable/disable GVRP on the interface.
Dynamic VLAN Creation
— Enable/disable Dynamic VLAN creation
on the interface.
GVRP Registration
— Enable/disable VLAN registration through
GVRP on the interface.
Configuring GVRP Using CLI Commands
The following table summarizes the CLI commands for configuring GVRP as
displayed in the GVRP Global Parameters page.
Table 14-5. GVRP Global Parameters CLI Commands
CLI Command Description
gvrp enable
no gvrp enable
In Global Configuration mode, this
command enables GVRP globally. In
Interface Configuration mode, it
enables GVRP on the interface.
Use the no form of this command to
disable GVRP on the device.
gvrp vlan-creation-forbid
no gvrp vlan-creation-forbid
Enables or disables dynamic VLAN
creation.
Use the no form of this command to
enable dynamic VLAN creation or
modification.
gvrp registration-forbid
no gvrp registration-forbid
De-registers all dynamic VLANs, and
prevents dynamic VLAN registration on
the port.
Use the no form of this command to
allow dynamic registration of VLANs on
a port.
Dell PowerConnect 55xx Systems User Guide 485
show gvrp configuration
[[gigabitethernet|tengigabitet
hernet] port-number|port-
channel LAG-number]
Displays GVRP configuration
information, including timer values,
whether GVRP and dynamic VLAN
creation is enabled, and which ports are
running GVRP.
show gvrp error-statistics
[[gigabitethernet|tengigabitet
hernet] port-number|port-
channel LAG-number]
Displays GVRP error statistics.
show gvrp statistics
[[gigabitethernet|tengigabitet
hernet] port-number|port-
channel LAG-number]
Displays GVRP statistics.
clear gvrp statistics
[[gigabitethernet|tengigabitet
hernet] port-number|port-
channel LAG-number]
Clears all the GVRP statistics
information.
Table 14-5. GVRP Global Parameters CLI Commands (Continued)
CLI Command Description
486 Dell PowerConnect 55xx Systems User Guide
console(config)# gvrp enable
console(config)# interface gi1/0/1
console(config-if)# gvrp enable
console(config-if)# gvrp vlan-creation-forbid
console(config-if)# gvrp registration-forbid
console(config-if)# end
console# show gvrp configuration
GVRP Feature is currently Disabled on the device.
Maximum VLANs: 4094
Port(s) GVRP-Status Registration Dynamic VLAN Timers(milliseconds)
Creation Join Leave Leave All
-------- ----------- ------------ ------------ ---- ----- --------
gi1/0/1 Disabled Normal Enabled 200 600 10000
gi1/0/2 Disabled Normal Enabled 200 600 10000
gi1/0/3 Disabled Normal Enabled 200 600 10000
gi1/0/4 Disabled Normal Enabled 200 600 10000
gi1/0/5 Disabled Normal Enabled 200 600 10000
gi1/0/6 Disabled Normal Enabled 200 600 10000
gi1/0/7 Disabled Normal Enabled 200 600 10000
gi1/0/8 Disabled Normal Enabled 200 600 10000
gi1/0/9 Disabled Normal Enabled 200 600 10000
Dell PowerConnect 55xx Systems User Guide 487
Private VLAN
Private VLANs (PVLANs) provide Layer 2 isolation between ports that share
the same Broadcast domain, or in other words, they create a
point-to-multipoint Broadcast domain. The ports can be located anywhere in
the Layer 2 network, as opposed to protected ports which must be in the same
stack.
The switch ports can be members of a Private VLAN (PVLAN) in the
following membership types:
Promiscuous ports that can communicate with all ports of the same
PVLAN, including the isolated ports of the same PVLAN.
Isolated ports that have complete Layer 2-isolation from the other ports
within the same PVLAN, but not from the promiscuous ports. Isolated
ports can communicate with promiscuous ports.
The PVLAN entity is implemented by allocating the following VLANs per PVLAN:
Primary VLAN: Carries traffic from promiscuous ports.
Isolated VLAN: Carries traffic from isolated ports.
488 Dell PowerConnect 55xx Systems User Guide
To configure PVLANs:
1
Click
Switching
>
VLAN
>
Private VLAN
in the tree view to display the
Private VLAN: Summary
page.
Figure 14-8. Private VLAN: Summary
The previously-defined private VLANs are displayed.
2
To query by
Associated Primary VLAN ID
, check that field, enter a VLAN
ID, and click
Query
. The associated VLANs are displayed.
3
To define a private VLAN, click
Assign,
and enter the fields:
Private VLAN ID
— Select a VLAN to be assigned.
Private VLAN Type
— Select one of the possible options:
Primary
— Traffic from promiscuous ports flow through this type
of VLAN. This is for the internet or shared servers.
Isolated
—Traffic from isolated ports flow through this type of
VLAN.
Dell PowerConnect 55xx Systems User Guide 489
Associate Primary VLAN
— If the Private VLAN type is Isolated,
check to associate the isolated VLAN with a primary VLAN, thus
allowing traffic between isolated and promiscuous ports.
Primary VLAN ID
— Select a VLAN to be associated with the
isolated VLAN.
4
To assign ports to the private VLAN, click
Membership
.
5
Select a Primary VLAN ID.
6
Select a Isolated VLAN ID.
7
Select the ports to be assigned to each VLAN, and assign each port/LAG a
port type in the Admin row of ports/LAGs. The possible options are:
H - Host (Isolated)
— Port is isolated.
P - Promiscuous
— Port is promiscuous.
C - Conditional (operational state depends on Port VLAN Mode)
Port receives the Port VLAN type set in the
VLAN Port Settings
page.
See "Port Modes" on page 462 for a description of the various port modes.
Configuring Private VLAN Using CLI Commands
The following table summarizes the CLI commands for configuring private
VLANs.
Table 14-6. Private VLAN CLI Commands
CLI Command Description
private-vlan
{primary|isolated}
no private-vlan
Configures a private VLAN.
Use the no form of this command to
return the VLAN to normal VLAN
configuration.
private-vlan association
[add|remove] secondary-vlan-
list
no private-vlan association
Configures the association between the
primary VLAN and the secondary
VLANs.
Use the no form of this command to
remove the association.
490 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
switchport private-vlan
mapping primary-vlan-id
[add|remove] secondary-vlan-
list
no switchport private-vlan
mapping
Configures the VLANs of the private-
vlan promiscuous port.
Use the no form of this command to
reset to default
switchport private-vlan host-
association primary-vlan-id
secondary-vlan-id
no switchport private-vlan
host-association
Configures the VLANs of the private-
vlan host port.
Use the no form of this command to
reset to default.
show vlan private-vlan [tag
vlan-id]
Displays private VLAN information.
console# show vlan private-vlan
Primary Secondary Type Ports
-------- --------- ---------- ---------------------
20 Primary gi1/0/1-2
20 201 Isolated gi1/0/1-8
20 202 Isolated gi1/0/1-2 gi1/09-18
20 203 Isolated gi1/0/1-2 gi1/0/19-21
30 Primary gi1/0/22
30 301 Isolated gi1/0/22-28
30 302 Isolated gi1/0/22, gi1/0/29-38
30 303 Isolated gi1/0/22, gi1/0/39-41
Table 14-6. Private VLAN CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 491
Voice VLAN
The Voice VLAN feature enables you to enhance VoIP service by configuring
ports to carry IP-voice traffic from IP phones on a specific VLAN. This VLAN
is configured with a QoS profile that ensures high voice quality.
Equipment, such as VOIP phones, transmits IP traffic with a pre-configured
Organizational Unique Identifier (OUI) prefix in the source MAC address.
This enables the switch to dynamically identify ports connected to the VoIP
equipment and automatically add these ports to the Voice VLAN.
IP phones use one of the following modes, both of which are supported by the
device:
Use only tagged packets for all communications.
Initially use untagged packets while retrieving the initial IP address
through DHCP. Then the phone uses the Voice VLAN and starts sending
tagged VoIP packets.
Non-VoIP traffic is dropped from the Voice VLAN when the device is in Auto
Voice VLAN secured mode.
The Voice VLAN feature also provides QoS actions to VoIP, ensuring that the
quality of voice does not deteriorate if the IP traffic is received unevenly.
To summarize, when Voice VLAN is enabled and configured, and VoIP
equipment is connected to one of the switch ports, the VoIP traffic triggers
the switch’s Voice VLAN feature to add this port to the Voice VLAN (a VLAN
that usually carries only voice traffic), and to assign traffic from this port a
specific QoS profile, ensuring high voice quality.
The device supports a single voice VLAN.
492 Dell PowerConnect 55xx Systems User Guide
Properties
To set voice VLAN parameters that apply to the voice VLAN on the device:
1
Click
Switching
>
VLAN
>
Voice VLAN
>
Properties
in the tree view to
display the
Properties
page.
Figure 14-9. Properties
2
Enter the fields:
Voice VLAN State
— Select
Enable
to use the Voice VLAN feature on
the device.
Voice VLAN ID
— Select the VLAN that is to be the voice VLAN.
Class of Service
— Select to add a CoS level to untagged packets,
received on the voice VLAN. The possible values are 0 to 7, where 7 is
the highest priority. 0 is used as a best-effort, and is invoked
automatically when no other value has been set.
Remark CoS
— Displays whether the Remark CoS is enabled.
Dell PowerConnect 55xx Systems User Guide 493
Voice VLAN Aging Time
— Enter the interval of time after which the
port exits the voice VLAN, if no voice packets are received.
The aging time starts after the MAC address is aged out from the
Dynamic MAC Address table. The default time is 300 sec. For more
information on defining MAC address age out time, see "Dynamic
Addresses" on page 421.
Defining Voice VLAN Properties Using CLI Commands
The following table summarizes the CLI command for defining voice VLAN
properties.
Table 14-7. Voice VLAN Properties CLI Commands
CLI Command Description
voice vlan enable
no voice vlan enable
Enables automatic voice VLAN
configuration for a port.
Use the no form of this command to
disable automatic voice VLAN
configuration.
voice vlan id vlan-id
no voice vlan id
Enables the voice VLAN and configures
the voice VLAN ID in Global
Configuration mode.
Use the no form of this command to
disable voice VLAN.
voice vlan cos cos-queue
[remark]
no voice vlan cos
Sets the voice VLAN Class of Service
(CoS) queue.
Use the no form of this command to
restore the default configuration.
voice vlan aging-timeout
minutes
no voice aging-timeout
Sets the voice VLAN aging timeout in
Global Configuration mode.
Use the no form of this command to
return to default.
show voice vlan
[[gigabitethernet|tengigabite
thernet] port-number|port-
channel LAG-number]
Use the show voice vlan EXEC command
to display the voice VLAN status.
494 Dell PowerConnect 55xx Systems User Guide
The following is an example of some of the CLI commands:
console# show
voice vlan
Aging timeout:
OUI table
1440 minutes
MAC Address -
Prefix
Description
00:E0:BB 3COM
00:03:6B Cisco
00:E0:75 Veritel
00:D0:1E Pingtel
00:01:E3 Siemens
00:60:B9 NEC/Philips
00:0F:E2 Huawei-3COM
00:09:6E Avaya
Voice VLAN VLAN
ID: 8
CoS: 6
Remark: Yes
Interface Enabled Secure Activated
--------- -------- ------ ---------
gi1/0/1 Yes Yes Yes
gi1/0/2 Yes Yes Yes
gi1/0/3 Yes Yes Yes
gi1/0/4 Yes Yes Yes
Dell PowerConnect 55xx Systems User Guide 495
Port Setting
To configure voice VLAN ports properties:
1
Click
Switching
>
VLAN
>
Voice VLAN
>
Port Setting
in the tree view
to display the
Port Setting: Summary
page.
Figure 14-10. Voice VLAN Port Setting
A list of the ports and their voice VLAN settings is displayed.
2
To modify the voice VLAN settings for an interface, click
Edit
, and enter
the fields:
Interface
— Enter the specific port or LAG to which the Voice VLAN
settings are applied.
Voice VLAN Mode
— Select the Voice VLAN mode. The possible
options are:
496 Dell PowerConnect 55xx Systems User Guide
None
— Disables the selected port/LAG on the Voice VLAN. This
is the default.
Static
— Statically adds the port to the Voice VLAN. This is
usually done for VoIP uplink ports that connect the device to VoIP
PBX, for example.
Auto
— Indicates that if traffic with an IP phone MAC address is
transmitted on the port/LAG, the port/LAG joins the Voice
VLAN. The port/LAG is aged out of the voice VLAN if the IP
phone’s MAC address (with an OUI prefix) is aged out. If the
MAC address of the IP phones OUI was added manually to a
port/LAG in the voice VLAN, the user cannot add it to the Voice
VLAN in Auto mode, only in Static mode.
Voice VLAN Security
— Enable/disable security on the interface.
Security ensures that packets arriving with an unrecognized OUI are
dropped (for example data packets).
Defining Voice VLAN Port Settings Using CLI Commands
The following table summarizes the CLI command for defining Voice VLAN
port settings.
Table 14-8. Voice VLAN Port Settings CLI Commands
CLI Command Description
voice vlan enable
no voice vlan enable
Enables automatic voice VLAN
configuration on a port.
Use the no form of this command to disable
automatic voice VLAN configuration on a
port.
voice vlan secure
no voice vlan secure
Configures secure mode for the voice VLAN.
Use the no form of this command to disable
secure mode.
Dell PowerConnect 55xx Systems User Guide 497
The following is an example of the CLI commands:
OUI
Organizationally Unique Identifiers (OUIs) are a 24-bit numbers assigned by
the Institute of Electrical and Electronics Engineers, Incorporated (IEEE)
Registration Authority to equipment manufacturers.
Up to 128 OUIs can be stored on the switch. Nine specific OUIs of popular
VoIP phones manufacturers are stored by default.
Traffic from each type of IP phone contains the OUI for the phone
manufacturer. When frames are received, in which the source MAC address’s
first three octets match one of the OUIs in the OUI list, the port on which
they are received is automatically assigned to the Voice VLAN.
console(config)# interface gi1/0/1
console(config-if)# voice vlan enable
console(config-if)# voice vlan secure
console(config-if)#
498 Dell PowerConnect 55xx Systems User Guide
To view existing OUIs, and add new OUIs:
1
Click
Switching
>
VLAN
>
Voice VLAN
>
OUI
in the tree view to
display the
OUI Summary
.
Figure 14-11. OUI: Summary
The previously-defined OUIs are displayed.
2
To add a new OUI, click
Add
, and enter the fields:
Telephony OUI
— Enter a new OUI.
Description
— Enter an OUI description up to 32 characters.
Dell PowerConnect 55xx Systems User Guide 499
Defining Voice VLAN OUIs Using CLI Commands
The following table summarizes the CLI command for defining Voice VLAN
OUIs.
The following is an example of the CLI commands:
Table 14-9. Voice VLAN OUIs CLI Commands
CLI Command Description
voice vlan oui-table {add
mac-address-prefix|remove
mac-address-prefix}
[text]
no voice vlan oui-table
Configures the voice OUI table.
Use the no form of this command to restore
the default configuration.
console(config)# voice vlan oui-table add 00:E0:BB
console(config)#
500 Dell PowerConnect 55xx Systems User Guide
15
Link Aggregation
This section describes link aggregation of ports.
It contains the following topics:
Link Aggregation Overview
LACP Parameters
LAG Membership
Dell PowerConnect 55xx Systems User Guide 501
Link Aggregation Overview
Link Aggregation optimizes port usage by linking a group of ports together to
form a single LAG (aggregated group). Aggregating ports multiplies the
bandwidth between the devices, increases port flexibility, and provides link
redundancy.
The device supports the following types of LAGs:
Static LAGs
— Manually-configured LAGs.
Link Aggregation Control Protocol (LACP) LAGs
— LACP LAGs
negotiate aggregating a port’s links with other LACP ports located on a
different device. If the other device ports are also LACP ports, the devices
establishes a LAG between them.
When you aggregate ports, the ports and LAG must fulfill the following
conditions:
All ports within a LAG must be the same media type.
A VLAN is not configured on the port.
The port is not assigned to another LAG.
Auto-negotiation mode is not configured on the port.
The port is in full-duplex mode.
All ports in the LAG have the same ingress filtering and tagged modes.
All ports in the LAG have the same back pressure and flow control modes.
All ports in the LAG have the same priority.
All ports in the LAG have the same transceiver type.
The device supports up to 32 LAGs, and eight ports in each LAG.
Ports can be configured as LACP ports only if the ports are not part of a
previously configured LAG.
502 Dell PowerConnect 55xx Systems User Guide
Ports added to a LAG lose their individual port configuration. When ports are
removed from the LAG, the original port configuration is applied to the ports.
The device uses a hash function to assign packets to a LAG member. The
hash function statistically load-balances the aggregated link members. The
device considers an Aggregated Link to be a single logical port.
Aggregate ports can be linked into link-aggregation port-groups. Each group
comprises ports with the same speed, set to full-duplex operations.
Ports in a LAG can contain different media types if the ports are operating at
the same speed. Aggregated links can be manually or automatically
configured by enabling LACP on the relevant links.
Dell PowerConnect 55xx Systems User Guide 503
LACP Parameters
To define LACP LAGs, configure LACP global and port parameters, such as
LACP system priority, timeout, and port priority.
With all factors equal, when the LAG is configured with more candidate ports
than the maximum number of active ports allowed, the switch activates the
highest priority candidate ports from the dynamic LAG.
To set LACP parameters:
1
Click
Switching
>
Link Aggregation
>
LACP Parameters
in the tree
view to display the
LACP Parameters
page.
Figure 15-1. LACP Parameters
The LACP parameters for all ports are displayed.
2
Enter the global
LACP System Priority
(1-65535)
value that determines
which candidate ports will become members of the LAG.
The page displays the LACP settings of the ports on the selected unit.
3
To modify LACP parameters for a particular port, click
Edit
, and enter the
following fields:
Port
— Select the port for which timeout and priority values are
assigned.
504 Dell PowerConnect 55xx Systems User Guide
LACP Port Priority (1-65535)
— Enter the LACP priority value for
the port.
LACP Timeout
— Select the rate of periodic transmissions of LACP
PDUs. The possible options are:
Long
— Slow transmission rate
Short
— Fast transmission rate
Configuring LACP Parameters Using CLI Commands
The following table summarizes the CLI commands for configuring LACP
parameters as displayed in the LACP Parameters page.
Table 15-1. LACP Parameters CLI Commands
CLI Command Description
lacp system-priority value Configures the system priority.
lacp port-priority value Configures the priority value for
physical ports.
lacp timeout{long|short}Assigns an administrative LACP
timeout.
show lacp
[gigabitethernet|tengigabitether
net] port-number
[parameters|statistics|protocol-
state]
Displays LACP information for
ethernet ports.
Dell PowerConnect 55xx Systems User Guide 505
The following is an example of the CLI commands:
console (config)# lacp system-priority 120
console (config)# interface gi1/0/11
console (config-if)# lacp port-priority 247
console (config-if)# lacp timeout long
console (config-if)# end
console# show lacp gi1/0/11 statistics
Port gi1/0/11 LACP Statistics:
LACP PDUs sent:2
LACP PDUs received:2
506 Dell PowerConnect 55xx Systems User Guide
LAG Membership
Each device supports up to 32 LAGs per system, and eight ports per LAG.
When you add a port to a LAG, the port acquires the LAG’s properties. If the
port cannot be configured with the LAG’s properties, it is not added to the
LAG and an error message is generated.
If the first port joining the LAG cannot be configured with the LAG settings,
the port is added to the LAG, using the port default settings, and an error
message is generated. Since this is the only port in the LAG, the entire LAG
operates with the port’s settings, instead of the LAG’s defined settings.
To assign ports to LAGs:
1
Click
Switching

Link Aggregation

LAG Membership
in the tree view
to display the
LAG Membership: Summary
page.
Figure 15-2. LAG Membership: Summary
Dell PowerConnect 55xx Systems User Guide 507
The LACP and static LAGs on each unit are displayed along with their
member ports.
This page displays the following fields:
LACP
— Aggregates the port to a LAG, using LACP.
LAG
— Adds a port to a LAG, and indicates the specific LAG to
which the port belongs.
2
Click
Edit
to change the status of a port in a LAG.
3
Select the LAG.
4
In the LACP row (the first row), toggle the button under the port number
to assign either the LACP or the static LAG.
5
In the LAG row (the second row), toggle the button to a specific number
to aggregate or remove the port to that LAG number.
Adding Ports to LAGs Using CLI Commands
The following table summarizes the CLI commands for assigning ports to
LAGs as displayed in the LAG Membership pages.
The following is an example of the CLI commands:
Table 15-2. LAG Membership CLI Commands
CLI Command Description
channel-group LAG-number
mode {on|auto}
no channel-group
Associates a port with a port-channel with or
without a LACP operation.
Use the no form of this command to remove
the channel-group configuration from the
interface.
show interfaces port-
channel [LAG-number]
Displays port-channel information for all port
channels or for a specific port channel.
console(config)# interface gi1/0/11
console(config-if)# channel-group 1 mode on
508 Dell PowerConnect 55xx Systems User Guide
16
Multicast
This chapter describes Multicast support on the device.
It contains the following topics:
Multicast Support Overview
Global Parameters
Bridge Multicast Groups
Bridge Multicast Forward All
•IGMP Snooping
Unregistered Multicast
•Multicast TV VLAN
Multicast TV VLAN Mapping
Dell PowerConnect 55xx Systems User Guide 509
Multicast Support Overview
Multicast forwarding enables a single packet to be forwarded to multiple
destinations. Layer 2 Multicast service is based on a Layer 2 device receiving a
single packet addressed to a specific Multicast address. Multicast forwarding
creates copies of the packet, and transmits the packets to the relevant ports.
There are two types of Multicast groups:
Registered Multicast Group
— When traffic addressed to a registered
Multicast group is received, it is handled according to its entry in the
Multicast Filtering Database and forwarded only to the registered
ports.
Unregistered Multicast Group
— If traffic addressed to an
unregistered Multicast group is received, it is handled by a special
entry in the Multicast Filtering Database. The default setting of this is
to flood all such traffic (traffic in unregistered Multicast groups).
The device supports:
Forwarding L2 Multicast Packets
— Forwards Layer 2 Multicast
packets. Layer 2 Multicast filtering is enabled by default, and is not
user-configurable.
Filtering L2 Multicast Packets
— Forwards Layer 2 packets to
interfaces. If Multicast filtering is disabled, Multicast packets are
flooded to all relevant ports.
NOTE: The system supports Multicast filtering for 256 Multicast groups.
Layer 2 Switching
Layer 2 switching forwards Multicast packets to all relevant VLAN ports by
default, managing the packet as a single Multicast transmission. While
Multicast traffic forwarding is effective, it is not optimal, as irrelevant ports
also receive the Multicast packets. The excess packets cause increased
network traffic. Multicast forwarding filters enable forwarding of Layer 2
packets to a subset of ports instead of to all ports.
510 Dell PowerConnect 55xx Systems User Guide
IGMP
Internet Group Multicast Protocol (IGMP) adds IGMP packets to Multicast
traffic. When IGMP Snooping is enabled globally, all IGMP packets are
forwarded to the CPU. The CPU analyzes the incoming packets and
determines:
Which ports want to join which Multicast groups.
Which ports have Multicast routers generating IGMP queries.
What routing protocols are forwarding packets and Multicast traffic.
Ports requesting to join a specific Multicast group issue an IGMP report,
specifying that the Multicast group is accepting members. This results in the
creation of an entry in the Multicast filtering database.
Dell PowerConnect 55xx Systems User Guide 511
Global Parameters
To enable Multicast filtering and IGMP Snooping:
1
Click
Switching
>
Multicast Support
>
Global Parameters
in the tree
view to display the
Global Parameters
page.
Figure 16-1. Global Parameters
2
Enter the fields:
Bridge Multicast Filtering
— Enable/disable Multicast filtering.
Disabled is the default value.
IGMP Snooping Status
— Enable/disable IGMP Snooping on the
device. Disabled is the default value.
512 Dell PowerConnect 55xx Systems User Guide
Enabling Multicast Filtering and IGMP Snooping Using CLI Commands
The following table summarizes the CLI commands for enabling Multicast
Filtering and IGMP snooping as displayed on the Global Parameters page.
The following is an example of the CLI commands:
Table 16-1. Multicast Filtering and Snooping CLI Commands
CLI Command Description
bridge multicast filtering
no bridge multicast filtering
Enables filtering of Multicast addresses.
Use the no form of this command to
disable multicast address filtering.
ip igmp snooping
no ip igmp snooping
Enables Internet Group Membership
Protocol (IGMP) snooping.
Use the no form of this command to
disable IGMP snooping.
console(config)# bridge multicast filtering
console(config)# ip igmp snooping
Dell PowerConnect 55xx Systems User Guide 513
Bridge Multicast Groups
The Bridge Multicast Group: Summary page
displays the ports and LAGs
attached to a Multicast service group and the manner in which the port or
LAG joined it.
To add and configure a Multicast group:
1
Click
Switching
>
Multicast Support
>
Bridge Multicast Group
in the
tree view to display the
Bridge Multicast Group: Summary
page.
Figure 16-2. Bridge Multicast Group: Summary
The ports and LAGs in the selected Multicast Group are displayed.
514 Dell PowerConnect 55xx Systems User Guide
2
Select a VLAN and enter the Multicast group IP address in
Bridge
Multicast Address
.
Two rows of ports and LAGs are displayed: for each unit
Static
— Displays available static ports/LAGs. These port/LAGs can
be included or excluded from the Multicast groups, as described
below.
Current
— Displays status of ports/LAGs in the Multicast group, as
actually applied.
3
For each port in the VLAN, toggle to
S
to join the port to the selected
Multicast group as a static port. Toggle a port to
F
to indicate that it is
Forbidden
to this group. Leave the field empty if it is not involved in the
VLAN.
4
To add a new Multicast group, click
Add
, and enter the fields:
VLAN ID
— Select the VLAN ID to set its forwarding method.
New Bridge IP Multicast
— Enter a Multicast group IP address.
New Bridge MAC Multicast
— Enter a Multicast group MAC
address.
Ports
— Select the ports to be added to a Multicast service. Toggle a
port to
S
to join the port to the selected Multicast group as a static
port. Toggle a port to
F
to indicate that it is
Forbidden
to this service.
Leave the field empty if it is not involved in the VLAN.
LAGs
— Select the LAGs to be added to a Multicast service. Toggle a
LAG to
S
to join the port to the selected Multicast group as a static
LAG. Toggle a port to
F
to indicate that it is
Forbidden
to this service.
Leave the field empty if it is not involved in the VLAN.
The following table describes the codes used for the interface in this page:
Table 16-2. IGMP Port/LAG Members Table Control Settings
Port Control Definition
S Attaches the port to the Multicast group as static member in the static row.
The port/LAG has joined the Multicast group statically in the current row.
F Forbidden. The port cannot belong to the Multicast group.
Blank The port is not attached to a Multicast group, but it is also not forbidden.
Dell PowerConnect 55xx Systems User Guide 515
Managing Bridge Multicast Groups Using CLI Commands
The following table summarizes the CLI commands for managing Multicast
service members as displayed in the Bridge Multicast Group pages.
The following is an example of the CLI commands:
Table 16-3. Bridge Multicast Group CLI Commands
CLI Command Description
bridge multicast address {mac-
multicast-address|ip-multicast-
address}
no bridge multicast filtering
Registers MAC-layer Multicast
addresses to the bridge table, and
adds static ports to the group.
Use the no form of this command to
disable Multicast address filtering.
bridge multicast forbidden
address {mac-multicast-
address|ip-multicast-
address}[add|remove]
{[gigabitethernet|tengigabitethe
rnet] interface-list|port-
channel LAG-number-list}
no bridge multicast forbidden
address {mac-multicast-address}
Forbids adding a specific Multicast
address to specific ports. Use the no
form of this command to return to
default
Use the no form of this command to
restore the default configuration.
show bridge multicast address-
table [vlan vlan-id] [address
{mac-multicast-address|ip-
multicast-address}] [format
ip|mac]
Displays Multicast MAC address
table information.
console(config-if)# bridge multicast address 0100.5e02.0203
add gi1/0/11,gi1/0/12
console(config-if)# end
console # show bridge multicast address-table
VLAN MAC Address Type Ports
---- ----------- ----- ----------
1 0100.5e02.0203 static gi1/0/11,
gigi1/0/12
Forbidden ports for multicast addresses:
516 Dell PowerConnect 55xx Systems User Guide
VLAN MAC Address Ports
---- ----------- ----------
1 0100.5e02.0203 gi1/0/8
19 0100.5e02.0208 gi1/0/8
console # show bridge multicast address-table format ip
VLAN IP Address Type Ports
---- ----------- ----- ----------
1 224-239.130|2.2.3 static gi1/0/11, gi1/0/12
Forbidden ports for multicast addresses:
VLAN IP Address Ports
---- ----------- ----------
1 224-239.130|2.2.3 gi1/0/8
Dell PowerConnect 55xx Systems User Guide 517
Bridge Multicast Forward All
Use the
Bridge
Multicast Forward All
page to attach ports or LAGs to a device
that is attached to a neighboring Multicast router/switch. After IGMP
Snooping is enabled, Multicast packets are forwarded to the appropriate port
or VLAN.
To attach interfaces to a Multicast service:
1
Click
Switching
>
Multicast Support
>
Bridge
Multicast Forward All
in
the tree view to display the
Bridge
Multicast Forward All
page.
Figure 16-3. Bridge Multicast Forward All
2
Select a unit/VLAN and click on the ports and LAGs to be attached to the
Multicast service. Toggle a port to
S
to join the port to the selected
Multicast group as a static port. Toggle a port to
F
to add it as a Forbidden
port.
Two rows of ports and LAGs are displayed:
518 Dell PowerConnect 55xx Systems User Guide
Static
— Displays available static ports/LAGs. These port/LAGs can
be included or excluded from the Multicast groups, as described
below.
Current
— Displays status of ports/LAGs, as actually applied, in the
Multicast group.
Managing LAGs and Ports Attached to Multicast Routers Using CLI Commands
The following table summarizes the CLI commands for managing LAGs and
ports attached to Multicast routers as displayed on the Bridge Multicast
Forward All page.
The following is an example of the CLI commands:
Table 16-4. Managing LAGs and Ports Attached to Multicast Routers CLI Commands
CLI Command Description
show bridge multicast filtering
vlan-id
Displays the Multicast filtering
configuration.
bridge multicast forward-all
{add|remove}
{[gigabitethernet|tengigabitethe
rnet] interface-list|port-
channel LAG-number-list}
Enables forwarding of all Multicast
packets on a port.
Use the no form of this command to
return to default.
console(config)# interface vlan 1
console(config-if)# bridge multicast forward-all add
gi1/0/3
console(config-if)# end
console# show bridge multicast filtering 1
Filtering: Enabled
VLAN: Forward-All
Port Static Status
------- ----------------- -----------
gi1/0/11 Forbidden Filter
gi1/0/12 Forward Forward(s)
gi1/0/13 - Forward(d)
Dell PowerConnect 55xx Systems User Guide 519
IGMP Snooping
IGMP Snooping can be enabled globally, as described in the Global
Parameters page. It can also be enabled per VLAN to support selective IPv4
Multicast forwarding. In this case, Bridge Multicast filtering must also be
enabled.
By default, a Layer 2 switch forwards Multicast frames to all ports of the
relevant VLAN, essentially treating the frame as if it were a Broadcast. When
IGMP Snooping is enabled per VLAN, the switch forwards Multicast frames
to ports that have registered as Multicast clients in the VLAN.
NOTE: The switch supports IGMP Snooping only on static VLANs. It does not
support IGMP Snooping on dynamic VLANs.
520 Dell PowerConnect 55xx Systems User Guide
The IGMP Snooping Querier is used to support a Layer 2 Multicast domain
of snooping switches in the absence of a Multicast router, for example, where
Multicast content is provided by a local server, but the router (if one exists)
on that network does not support Multicast.
There should only be a single IGMP Querier in a Layer 2 Multicast domain.
The switch supports standards-based IGMP Querier election when more than
one IGMP Querier is present in the domain.
The speed of IGMP Querier activity should be aligned with the IGMP-
snooping-enabled switches. Queries should be sent at a rate that is aligned to
the snooping table aging time. If queries are sent at a rate lower than the
aging time, the subscriber cannot receive the Multicast packets.
To enable IGMP Snooping on a VLAN:
1
Click
Switching

Multicast Support

IGMP Snooping
in the tree view
to display the
IGMP Snooping
page.
Figure 16-4. IGMP Snooping
The IGMP snooping information for the VLANs on the switch is
displayed.
2
To enable IGMP Snooping on a VLAN, click
Edit
and select the VLAN
from the
VLAN ID
drop down menu.
Dell PowerConnect 55xx Systems User Guide 521
3
Enter the fields:
IGMP Snooping Status
— Enable/disable the monitoring of network
traffic to determine which hosts have asked to be sent Multicast
traffic. The switch performs IGMP snooping only if IGMP snooping
and Bridge Multicast filtering are both globally enabled.
Operational IGMP Snooping Status
— Displays whether IGMP
Snooping is enabled.
MRouter Ports Auto Learn
— Enables or disables auto learning of the
ports to which the Mrouter is connected.
Query Robustness (1-7)
— Enter the Robustness variable value to be
used. The Robustness value enables tuning for the expected packet
loss on a link. If a link is expected to have losses, the Robustness Value
may be increased.
Operational Query Robustness
— Displays the robustness variable
sent by the elected querier.
Query Interval (30-18000)
— Enter the interval between general
queries sent by the querier .
Operational Query Interval
— The time interval in seconds between
general queries sent by the elected querier
Query Max Response Interval (5-20)
— Enter the amount of time in
which a host should respond to a query.
Operational Query Max Response Interval
— Displays the actual
delay.
Last Member Query Counter (1-7)
— Enter the number of IGMP
group-specific queries sent before the switch assumes there are no
local members. To use the default, check
Use Default
.
Operational Last Member Query Counter
— Displays the
operational value of the Last Member Query counter.
Last Member Query Interval (100-25500)
Enter the time between
two consecutive group-specific queries that are sent by the querier.
Operational Last Member Query Interval
Displays the Last
Member Query Interval sent by the elected querier.
Intermediate Leave
— Enable/disable an immediate timeout period.
The default timeout is 10 seconds.
522 Dell PowerConnect 55xx Systems User Guide
IGMP Querier Status
— Enables or disables the IGMP Querier. The
IGMP Querier simulates the behavior of a Multicast router, enabling
snooping of the Layer 2 Multicast domain even though there is no
Multicast router.
Querier Source IP Address
— Select the IP address of the IGMP
Querier. Use either the VLAN’s IP address or define a unique IP
address that will be used as a source address of the querier.
Operational Source Querier IP Address
— Operational Querier IP
address.
Configuring IGMP Snooping Using CLI Commands
The following table summarizes the CLI commands for configuring IGMP
snooping on a VLAN:
Table 16-5. IGMP Snooping CLI Commands
CLI Command Description
ip igmp snooping vlan vlan-id
no ip igmp snooping vlan vlan-
id
Enables IGMP snooping on a specific
VLAN.
Use the no form of this command to
disable IGMP snooping on a VLAN
interface.
ip igmp snooping vlan vlan-id
mrouter learn pim-dvmrp
no ip igmp snooping vlan vlan-
id mrouter learn pim-dvmrp
Enables automatic learning of
Multicast router ports in the context of
a specific VLAN.
Use the no form of this command to
remove the configuration.
ip igmp robustness count
no ip igmp robustness
Changes the value of the IGMP
robustness variable.
Use the no format of the command to
return to default.
ip igmp query-interval seconds
no ip igmp query-interval
Configures the Query interval.
Use the no format of the command to
return to default.
Dell PowerConnect 55xx Systems User Guide 523
ip igmp query-max-response-
time seconds
no ip igmp query-max-response-
time
Configures the Query Maximum
Response time.
Use the no format of the command to
return to default.
ip igmp last-member-query-
count count
no ip igmp last-member-query-
count
Configures the Last Member Query
Counter.
Use the no format of the command to
return to default.
ip igmp snooping vlan vlan-id
immediate-leave
no ip igmp snooping vlan vlan-
id immediate-leave
Enables the IGMP Snooping
Immediate-Leave processing on a
VLAN.
Use the no format of the command to
disable IGMP Snooping Immediate-
Leave processing.
ip igmp snooping vlan vlan-id
querier
no ip igmp snooping vlan vlan-
id querier
Enables the IGMP querier on a specific
VLAN.
Use the no form of this command to
disable the IGMP querier on a VLAN
interface.
ip igmp snooping querier
address source-ip-address
no ip igmp snooping querier
address
Defines the source IP address that the
IGMP Snooping querier would use.
Use the no form of this command to
return to default.
show ip igmp snooping groups
[vlan vlan-id] [address ip-
multicast-address]
Displays the Multicast groups learned
by IGMP snooping.
show ip igmp snooping
interface vlan-id
Displays IGMP snooping configuration.
show ip igmp snooping mrouter
[interface vlan-id]
Displays information about
dynamically learned Multicast router
interfaces.
Table 16-5. IGMP Snooping CLI Commands (Continued)
CLI Command Description
524 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console (config)# ip igmp snooping
console (config)# interface vlan 1
console (config-if)# ip igmp snooping mrouter learn-pim-dvmrp
console (config)# interface vlan 1
console (config-if)# ip igmp snooping leave-time-out 60
console # do show ip igmp snooping groups
VLAN IP Address Querier Ports
---- ---------- ------ ----------------------
1 224-239.130 |2.2.3 Yes gi1/0/1, gi1/0/2
console # show ip igmp snooping interface 1
IGMP Snooping is globaly disabled
IGMP Snooping admin: Enabled
IGMP Snooping oper mode: Disabled
Routers IGMP version: 3
IGMP snooping querier admin: disabled
IGMP snooping querier oper: disabled
IGMP snooping querier address admin:
IGMP snooping querier address oper: 10.5.234.232
IGMP snooping robustness: admin 2 oper 2
IGMP snooping query interval: admin 125 sec oper 125 sec
IGMP snooping query maximum response: admin 10 sec oper 10 sec
IGMP snooping last member query counter: admin 2 oper 2
IGMP snooping last member query interval: admin 1000 msec oper
1000 msec
IGMP snooping last immediate leave: disable
Automatic learning of Multicast router ports is enabled
Dell PowerConnect 55xx Systems User Guide 525
Unregistered Multicast
Multicast frames are generally forwarded to all ports in the VLAN. If IGMP
Snooping is enabled, the device learns about the existence of Multicast
groups and tracks which ports have joined what Multicast group.
Multicast groups can also be statically enabled. This enables the device to
forward the Multicast frames (from a registered Multicast group) only to
ports that are registered to that Multicast group.
Traffic from unregistered Multicast groups, which are the groups that are not
known to the device, can either be filtered or forwarded. After a port has been
set to Forwarding/Filtering, its configuration is valid for any VLAN of which it
is a member (or will be a member of).
To set the action for unregistered Multicast groups on a port:
1
Click
Switching
>
Multicast Support
>
Unregistered Multicast
in the
tree view to display the
Unregistered Multicast: Summary
page.
Figure 16-5. Unregistered Multicast: Summary
526 Dell PowerConnect 55xx Systems User Guide
The action for each port is displayed.
2
To modify the forwarding action for an interface, click
Edit,
and enter the
fields.
Interface
— Select a port or LAG.
Unregistered Multicast
— Select the forwarding status of the selected
interface. The possible options are:
Forwarding
— Enables forwarding of unregistered Multicast
frames on the selected port or port-channel.
Filtering
— Enables filtering of unregistered Multicast frames on
the selected VLAN interface.
Configuring Unregistered Multicast Using CLI Commands
The following table summarizes the CLI commands for configuring
Unregistered Multicast on the device:
The following is an example of the CLI commands:
Table 16-6. Unregistered Multicast CLI Commands
CLI Command Description
bridge multicast unregistered Configures the forwarding state of
unregistered multicast addresses.
show bridge multicast unregistered Displays the unregistered multicast
filtering configuration.
console # show bridge multicast unregistered
Port Unregistered
------- --------
gi1/0/1 Forward
gi1/0/2 Filter
gi1/0/3 Filter
Dell PowerConnect 55xx Systems User Guide 527
Multicast TV VLAN
This section describes the Multicast TV VLAN feature.
It contains the following sections:
Multicast TV VLAN Overview
Multicast TV VLAN Membership
Multicast TV VLAN Mapping
Multicast TV VLAN Overview
The Multicast TV VLAN feature provides the ability to supply Multicast
transmissions to Layer 2-isolated subscribers, without replicating the
Multicast transmissions for all subscriber VLANs. The subscribers are the
only receivers of the Multicast transmissions.
A Multicast TV VLAN can be defined for an Access port (a port that is
in Access mode for VLAN membership).
All static VLANs are permitted to be a Multicast-TV VLAN.
The configuration is performed per port.
One or more IP Multicast address groups can be associated with a Multicast
VLAN. The source port must belong to the Multicast VLAN. Source and
receiver ports do not have to be members of the same VLAN.
An end port is defined as a receiver port for the Multicast VLAN. Receiving
ports can belong to a single user VLAN and additionally to one Multicast
VLAN. The receiver port can be an access member in any VLAN, but not in
the defined Multicast VLAN. In Multicast VLAN, the receiver port can only
receive traffic and not send traffic on it. Receivers of same Multicast VLAN
are isolated in different User (Access port) VLANs and therefore isolated from
each other.
If a Multicast-TV VLAN is defined on an access port, then:
The access port joins the Multicast-TV VLAN.
The Multicast-TV VLAN on the receiver port is always untagged.
The acceptable frame type of the port is set to Admit Untagged Only.
528 Dell PowerConnect 55xx Systems User Guide
Multicast TV VLAN Membership
To view Multicast TV VLANs:
•Click
Switching
>
Multicast Support
>
Multicast TV VLAN
Membership
in the tree view to display the
Multicast TV VLAN
Membership
page.
Figure 16-6. Multicast TV VLAN Membership
The receiver and transceiver ports in the selected TV VLAN are displayed.
Displaying Multicast TV VLAN Membership Using CLI Commands
The following table summarizes the CLI command for displaying Multicast
TV VLAN membership:
Table 16-7. Multicast TV VLAN Membership CLI Commands
CLI Command Description
show vlan multicast-tv
vlan vlan-id
Displays information on the source ports and
receiver ports of multicast-TV VLAN.
Dell PowerConnect 55xx Systems User Guide 529
The following is an example of the CLI commands:
Multicast TV VLAN Mapping
To set the Multicast Group IP address for a TV VLAN:
1
Click
Switching
>
Multicast Support
>
Multicast TV VLAN Mapping
in the tree view to display the
Multicast TV VLAN Mapping: Summary
page.
Figure 16-7. Multicast TV VLAN Mapping: Summary
The Multicast Group IP addresses for the selected TV VLAN are displayed.
2
To add the Multicast Group IP address for a VLAN, click
Add
, and enter
the fields:
VLAN ID
— Enter a VLAN ID.
console # show vlan multicast-tv vlan 1
Source Ports
-------------------------------------
gi1/0/8, gi1/0/9
Receiver Ports
-------------------------------------
gi2/0/1-18, gi3/0/1-18, gi4/0/1-18
530 Dell PowerConnect 55xx Systems User Guide
Multicast Group IP Address
— Enter the Multicast group IP address
for which the IGMP Snooping is enabled.
Mapping Multicast TV VLANs to IP Addresses Using CLI Commands
The following table summarizes the CLI command for mapping Multicast
TV VLANs to Multicast IP addresses:
The following is an example of the CLI commands:
Table 16-8. Unregistered Multicast CLI Commands
CLI Command Description
ip igmp snooping vlan vlan-id
multicast-tv ip-multicast-address
[count number]
no ip igmp snooping vlan vlan-id
multicast-tv ip-multicast-address
[count number]
Defines the Multicast IP
addresses that are associated
with a Multicast-TV VLAN.
Use the no form of this
command to remove all
associations.
show ip igmp snooping multicast-tv
[vlan vlan-id]
Displays the IP addresses associ-
ated with Multicast TV VLANs.
console# show ip igmp snooping multicast-tv
VLAN IP Address
---- -----------
1000 239.255.0.0
1000 239.255.0.1
1000 239.255.0.2
1000 239.255.0.3
1000 239.255.0.4
1000 239.255.0.5
Dell PowerConnect 55xx Systems User Guide 531
17
LLDP
The section describes the Link Layer Discovery Protocol (LLDP).
It contains the following topics:
LLDP Overview
LLDP Properties
LLDP Port Settings
•MED Network Policy
LLDP MED Port Settings
Neighbors Information
532 Dell PowerConnect 55xx Systems User Guide
LLDP Overview
The Link Layer Discovery Protocol (LLDP) enables network managers to
troubleshoot and enhance network management by discovering and
maintaining network topologies over multi-vendor environments. LLDP
discovers network neighbors by standardizing methods for network devices to
advertise themselves to other systems, and to store discovered information.
Discovery information includes:
Device identification
Device capabilities
Device configuration
The advertising device transmits multiple advertisement message sets in a
single LAN packet. The multiple advertisement message sets are sent in the
packet’s Type Length Value (TLV) field.
LLDP devices must support chassis and port ID advertisements, as well as
system name, system ID, system description, and system capability
advertisements.
LLDP Media Endpoint Discovery
(LLDP-MED) increases network flexibility
by enabling various IP systems to co-exist on a single network, and provides
the following features:
Detailed network topology information, including information on which
devices are located on the network and where the devices are located, for
example, which IP phone is connect to which port, which software is
running on which switch, and which port is connected to which device.
Automatic deployment of policies over networks for:
–QoS Policies
Voice VLANs
Emergency Call Service (E-911) via IP phone location information.
Troubleshooting information. LLDP MED sends network managers alerts
for:
Port speed and duplex mode conflicts
QoS policy misconfigurations
Dell PowerConnect 55xx Systems User Guide 533
LLDP Properties
To enable and configure LLDP:
1
Click
System
>
LLDP
>
LLDP Properties
in the tree view to display the
LLDP Properties
page.
Figure 17-1. LLDP Properties
The current LLDP properties are displayed.
2
Enter the fields:
Enable LLDP
Enable/disable LLDP on the device.
Updates Interval (5-32768) —
Enter the rate at which LLDP
advertisement updates are sent.
Hold Multiplier (2-10) —
Enter the hold time to be sent in the
LLDP update packets, as a multiple of the timer value.
534 Dell PowerConnect 55xx Systems User Guide
Reinitializing Delay (1-10)
— Enter the minimum time, in seconds,
that an LLDP port waits before reinitializing LLDP transmission.
Transmit Delay (1-8192)
— Enter the amount of time that passes
between successive LLDP frame transmissions, due to changes in the
LLDP local systems MIB.
To use the default values for any field, select
Use Default
.
Dell PowerConnect 55xx Systems User Guide 535
Configuring LLDP Using CLI Commands
The following commands are used to set the fields in the LLDP Properties
page.
Table 17-1. LLDP Properties CLI Commands
CLI Command Description
lldp run
no lldp run
Enables enable LLDP.
Use the no form of this command to
disable LLDP.
lldp timer seconds
no lldp timer
Specifies how often the software sends
LLDP updates.
Use the no form of this command to
restore the default configuration.
lldp hold-multiplier number
no lldp hold-multiplier
Specifies the time that the receiving
device should hold a Link Layer Discovery
Protocol (LLDP) packet before discarding
it.
Use the no form of this command to
restore the default configuration.
lldp reinit seconds
no lldp reinit
Specifies the minimum time an LLDP
port will wait before reinitializing.
Use the no form of this command to revert
to the default setting.
lldp tx-delay seconds
no lldp tx-delay
Specifies the delay between successive
LLDP frame transmissions.
Use the no form of this command to
restore the default configuration.
536 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console(config)# interface gi1/0/1
console(config-if)# lldp run
console(config)# lldp timer 30
console(config)# lldp hold-multiplier 3
console(config)# lldp reinit 4
Dell PowerConnect 55xx Systems User Guide 537
LLDP Port Settings
LLDP configuration of a port includes activating LLDP notification on it,
and selecting the optional TLVs that will be sent in the LLDP PDU, in
addition to the mandatory ones.
By setting these properties, it is possible to provide additional types of
information to those network devices that support the LLDP.
To configure LLDP per port:
1
Click
System
>
LLDP
>
LLDP Port Settings
in the tree view to display
the
LLDP Port Settings: Summary
page.
Figure 17-2. LLDP Port Settings: Summary
LLDP settings for all ports are displayed.
2
To modify the LLDP settings for a port, click
Edit
and select the port to be
configured.
3
Select the transmission type on which LLDP is to be configured in the
State
field. The possible options are:
Tx Only
— Enables LLDP on transmitting LLDP packets only.
Rx Only
— Enables LLDP on receiving LLDP packets only.
538 Dell PowerConnect 55xx Systems User Guide
Tx & Rx
— Enables LLDP on transmitting and receiving LLDP
packets.
Disable
— LLDP is disabled on the port.
4
Move the optional TLVs that the switch should advertise from the
Available TLV
list to the
Optional TLV
list. The TLVs advertise the
following:
Port Description
— Information about the port, including
manufacturer, product name, and hardware/software version.
System Name
— System's assigned name (in alpha-numeric format).
This value equals the sysName object.
System Description
— Description of the network entity (in alpha-
numeric format). This includes the system's name and versions of the
hardware, operating system, and networking software supported by the
switch. This value equals the sysDescr object.
System Capabilities
— Primary functions of the switch, and whether
or not these functions are enabled in the switch. The capabilities are
indicated by two octets. Bits 0 through 7 indicate Other, Repeater,
Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and
station respectively. Bits 8 through 15 are reserved.
802.3 MAC-PHY
— Duplex and bit rate capability and the current
duplex and bit rate settings of the sending device. It also advertises
whether the current settings are due to auto-negotiation or manual
configuration.
An alternative way to select the TLVs is to select the
Use Default
field, in
which case only mandatory TLVs are used. These are: Chassis subtype
(MAC address), Port subtype (port number), and TTL (time-to-leave).
5
Enter the
Management IP Address
that is advertised from the interface.
Check
Use Default
to use the default Management IP address.
Dell PowerConnect 55xx Systems User Guide 539
Configuring LLDP Port Settings Using CLI Commands
The following commands are used to configure LLDP on ports.
The following is an example of the CLI commands:
Table 17-2. LLDP Port Settings CLI Commands
CLI Command Description
lldp transmit
no lldp transmit
Enables transmitting LLDP on an
interface.
Use the no form of this command to stop
transmitting LLDP on an interface.
lldp receive
no lldp receive
Enables receiving LLDP on an interface.
Use the no form of this command to stop
receiving LLDP on an interface.
lldp optional-tlv tlv1 [tlv2
… tlv5]
Specifies which optional TLVs
from the basic set should be
transmitted
console(config)# interface gi1/0/1
console(config-if)# lldp transmit
console(config-if)# lldp receive
console(config-if)# lldp optional-tlv port-desc
540 Dell PowerConnect 55xx Systems User Guide
MED Network Policy
An LLDP-MED network policy is a set of configuration settings that is
identified by a network policy number. Policies are loaded into LLDP-MED
TLVs, and sent to devices connected to the switch. A network policy instructs
the connected device as to how to send traffic, for example, a policy can be
created for VoIP phones that instructs them to:
Send voice traffic on VLAN 10
Tag voice traffic with DSCP=63
Transmit data-traffic to the switch (from the PC connected to the switch
through the VoIP phone) without modification to traffic sent by the PC
(typically, Untagged).
For network policies to be implemented, they must be created and then
associated with ports.
Before policies are defined, the administrator must create the VLANs, and
configure memberships in the VLANs, based on the specification in the
LLDP-MED network policies.
Dell PowerConnect 55xx Systems User Guide 541
To add a MED network policy:
1
Click
System
>
LLDP
>
MED Network Policy
in the tree view to display
the
MED Network Policy: Summary
page.
Figure 17-3. MED Network Policy: Summary
Previously-defined network policies are displayed.
2
To add a network policy, click
Add
, and enter the fields:
Network Policy Number
— Select an available network policy
number.
Application
— Select the application (type of traffic) for which the
network policy is defined.
VLAN ID
— Enter the VLAN ID to which the traffic should be sent.
VLAN Type
—Select whether the traffic is Tagged or Untagged.
542 Dell PowerConnect 55xx Systems User Guide
User Priority
— Select the traffic priority assigned to the network
application.
DSCP Value
— Select the value to be used by neighbors to mark the
traffic sent to the switch.
Configuring MED Network Policies Using CLI Commands
The following commands are used to configure MED network policies.
The following is an example of the CLI commands:
Table 17-3. LLDP MED Network Policies CLI Commands
CLI Command Description
lldp med network-policy number
application [vlan id] [vlan-type
{tagged|untagged}] [up
priority][dscp value]
no lldp med network-policy number
Defines an LLDP MED network
policy.
Use the no form of this command
to remove an LLDP MED
network policy.
console(config)# lldp med network-policy 1 voice-signaling
vlan 1
Dell PowerConnect 55xx Systems User Guide 543
LLDP MED Port Settings
To assign MED network policies to ports:
1
Click
System
>
LLDP
>
MED Port Settings
in the tree view to display
the
MED Port Settings: Summary
page.
Figure 17-4. MED Port Settings: Summary
2
Select the unit in the stack. All ports on that unit are displayed along with
the following fields:
LLDP MED Status
— Specifies if LLDP-MED is enabled on the
selected port.
Network Policy
— Specifies whether a network policy is assigned to
the port.
Location
— Specifies whether the location is advertised.
PoE
— Specifies whether PoE is enabled on the port.
3
To modify network policies on a port, click
Edit
.
4
Select the port to be configured, and enter the fields for the port:
Enable LLDP-MED
— Enable/disable LLDP-MED on the port.
544 Dell PowerConnect 55xx Systems User Guide
Available TLVs
— Contains a list of available TLVs that can be
advertised by the port. The possible options are:
Network Policy
— Advertises the network policy attached to the
port.
Location
— Advertises the port’s location.
PoE-PSE
— Indicates if the connected media is a PoE or PSE
(Power Sourcing Equipment) device.
Move the TLVs to be published to the
Tx
Optional TLV
s list.
Available Network Policy
— Contains a list of network policies that
can be assigned to a port. Move the network policies to be assigned to
the port to the
Network Policy
list.
Location Coordinate (16 Bytes in Hex)
— Displays the device’s
location map coordinates.
Location Civic Address (6-160 Bytes in Hex)
— Displays the device’s
civic or street address location, for example 414 23rd Ave E.
Location ECS ELIN (10-25 Bytes in Hex)
— Displays the device’s
ECS ELIN location.
5
To view MED details for a port, click
Details
and select a port.
The following fields are displayed for the port:
Auto-Negotiation Status
— Enabled specifies that auto-negotiation is
enabled on the port; Disabled indicates that it is not.
Advertised Capabilities
— The list of port capabilities advertised for
the port.
MAU Type
— The Media Attachment Unit type. The MAU performs
physical layer functions, including digital data conversion from the
Ethernet interfaces' collision detection and bit injection into the
network, for example, 100BASE-TX full duplex mode.
System Name
— The system's assigned name (in alpha-numeric
format). This value equals the sysName object.
System Description
— A description of the network entity (in alpha-
numeric format). This includes the system's name and versions of the
hardware, operating system, and networking software supported by the
switch. This value equals the sysDescr object.
Dell PowerConnect 55xx Systems User Guide 545
Device ID
— The device ID advertised, for example, the device MAC
address.
Device Type
— The type of device.
LLDP MED Capabilities
— The TLVs that are advertised by the
port.
LLDP MED Device Type
— Specifies whether a sender is a network
connectivity device or an endpoint device.
Application
— The following fields are displayed for each possible
application type:
Application Type
— The application type.
Flags
— The VLAN tagging status for the application type:
Tagged or Untagged.
VLAN ID
— The VLAN number for the application type.
User Priority
— The user priority for the application type.
DSCP
— The DSCP value assigned to the network policy.
Location Type
— Displays the port’s LLDP location type:
Coordinates
— Device’s location map coordinates.
Civic Address
— Device’s civic or street address location, for
example 414 23rd Ave E.
ECS ELIN
— Device’s ECS ELIN location.
Location Address
— Displays the port’s LLDP location, according to
the
Location Type
.
546 Dell PowerConnect 55xx Systems User Guide
Configuring MED on Ports Using CLI Commands
The following commands are used to set the fields in the MED Port Settings
pages.
Table 17-4. LLDP Properties CLI Commands
CLI Command Description
lldp med enable [tlv … tlv4]
no lldp med enable
Enables LLDP MED on an interface.
Use the no form of this command to
disable LLDP MED on an interface.
lldp med network-policy
{add|remove} number
no lldp med network-policy
number
Attaches or removes an LLDP MED
network policy on an interface.
Use the no form of this command to
remove all the LLDP MED network
policies from the interface
lldp med location
{{coordinate data}|{civic-
address data}|{ecs-elin
data}}
no lldp med location
{coordinate|civic-
address|ecs-elin}
configure the LLDP MED for an
interface.
Use the no form of this command to
delete location information for an
interface.
show lldp med configuration
[gigabitethernet|tengigabitet
hernet] port-number
Displays the LLDP MED configuration
for all interfaces or for a specific
interface.
show lldp local
[gigabitethernet|tengigabitet
hernet] port-number
Displays the LLDP information that is
advertised from a specific port.
Dell PowerConnect 55xx Systems User Guide 547
The following is an example of the CLI commands:
console(config)# interface gi1/0/3
console(config)# lldp med location civic-address 6162636465
console# show lldp med configuration
Fast Start Repeat Count: 4.
Network policy 1
-------------------
Application type: voiceSignaling
VLAN ID: 1 untagged
Layer 2 priority: 0
DSCP: 0
Port Capabilities Network Location PoE Notif Inventory
Policy ications
--------- -------------- ---------------- ---------- ------
gi1/0/1 Yes Yes Yes No Enabled No
gi1/0/2 Yes Yes No No Enabled No
548 Dell PowerConnect 55xx Systems User Guide
Neighbors Information
Use the Neighbors Information page to view information that was received in
LLDP advertisements from neighboring devices.
The neighbor’s information is deleted after timeout. Timeout is the
maximum interval that can pass without receiving an LLDP PDU from a
neighbor. The timeout value is computed from the neighbor’s Time to Live
TLV.
To view neighbors information:
1
Click
System
>
LLDP
>
Neighbors Information
in the tree view to
display the
Neighbors Information
page.
Figure 17-5. Neighbors Information
The following fields are displayed for each port on the device that has a
discovered neighbor:
Port
— Port number for which neighboring information is displayed
Dell PowerConnect 55xx Systems User Guide 549
Device ID
— Neighboring device ID
System Name
— Name of the neighboring system
Port ID
— Neighboring port ID
Capabilities
— Neighboring device capabilities
2
Click
Clear Neighbors Table
to delete all the entries or select
Remove
to
delete a specific port entry.
3
Click the
Details
button of a port to display the
Neighbors Information:
Details
page for that port.
In addition to the fields displayed in the
MED Port Settings: Details
Advertise Information
page and the
Green Ethernet Configuration
pages,
the following fields are displayed for the neighbors of the selected port:
Power Type
— Port’s power type
Power Source
— Port’s power source
Power Priority
— Port’s power priority
Power Value
— Port’s power value, in Watts
Hardware revision
— Hardware revision
Firmware revision
— Firmware revision
Software revision
— Software revision
Serial number
— Device serial number
Manufacturer name
— Device manufacturer name
Model name
— Device model name
Asset ID
— Asset ID
Configuring LLDP Neighbors Using CLI Commands
The following commands are used to configure LLDP neighbors.
Table 17-5. LLDP Neighbors Information CLI Commands
CLI Command Description
show lldp neighbors
[gigabitethernet|tengigabite
thernet] port-number
Displays information about neighboring
devices discovered using LLDP
550 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console# show lldp neighbors
Port Device ID Port ID System Capabili TTL
Name ties
--------- ----------------- -------- ------- ------- ----
gi2/0/17 00:75:73:71:72:55 1/e21 0 91
gi2/0/33 00:12:cf:7c:63:a0 1/e1 0 92
gi2/0/33 00:11:22:11:22:33 1/g39 0 107
gi2/0/33 00:aa:aa:aa:aa:aa 1/e37 0 106
gi2/0/41 a4:ba:db:57:7c:8d g13 O 97
Dell PowerConnect 55xx Systems User Guide 551
18
Dynamic ARP Inspection
This section describes dynamic ARP inspection.
It contains the following topics:
Dynamic ARP Inspection Overview
Global Settings
Dynamic ARP Inspection List
Dynamic ARP Inspection Entries
VLAN Settings
•Trusted Interfaces
552 Dell PowerConnect 55xx Systems User Guide
Dynamic ARP Inspection Overview
ARP Inspection eliminates man-in-the-middle attacks, where false ARP
packets are inserted into the subnet. ARP requests and responses are
inspected, and their MAC-address-to-IP-address binding is checked according
to the ARP Inspection List defined by the user (in the
Dynamic ARP
Inspection List
and
Dynamic ARP Inspection Entries
pages).
If the packet’s IP
address was not found in the ARP Inspection List, and DHCP Snooping is
enabled for a VLAN, a search of the DHCP Snooping database is performed.
See "How DHCP Snooping Works" on page 564 for an explanation of the
DHCP Snooping database. If the IP address is found the packet is valid, and is
forwarded.
Packets with invalid ARP Inspection bindings are logged and dropped.
Ports are classified as follows:
Trusted — Packets are not inspected.
Untrusted —Packets are inspected as described above.
The following additional validation checks may be configured by the user:
Source MAC — Compares the packet’s source MAC address in the
Ethernet header against the sender’s MAC address in the ARP request.
This check is performed on both ARP requests and responses.
Destination MAC — Compares the packet’s destination MAC address in
the Ethernet header against the destination interface’s MAC address. This
check is performed for ARP responses.
IP Addresses — Compares the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast
addresses.
Dell PowerConnect 55xx Systems User Guide 553
Global Settings
To enable ARP inspection on the device:
1
Click
Switching
>
Dynamic ARP Inspection
>
Global Settings
in the
tree view to display the
Global Settings
page.
Figure 18-1. Global Settings
2
Enter the fields:
Enable ARP Inspection
— Enable/disable ARP inspection.
ARP Inspection Validate
— Enable/disable the following checking
source MAC address, destination MAC address and IP addresses
against the respective addresses in the ARP body.
Minimal Syslog Interval (0 – 86400)
— Enter the minimum time
interval between successive ARP SYSLOG messages.
554 Dell PowerConnect 55xx Systems User Guide
Setting Dynamic ARP Inspection Global Settings Using CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the Global Settings pages.
The following is an example of some of the CLI commands:
Table 18-1. ARP Inspection Global Settings CLI Commands
CLI Command Description
ip arp inspection
no ip arp inspection
Enables ARP inspection.
Use the no form of this command to
disable ARP inspection.
ip arp inspection validate
no ip arp inspection
validate
Performs specific checks for dynamic ARP
inspection.
Use the no form of this command to
restore the default configuration.
ip arp inspection logging
interval {seconds |
infinite}
no ip arp inspection logging
interval
Sets the minimum time interval between
successive ARP SYSLOG messages.
Use the no form of this command to
restore the default configuration.
console(config)# ip arp inspection
console(config)# ip arp inspection validate
Dell PowerConnect 55xx Systems User Guide 555
Dynamic ARP Inspection List
An ARP inspection list consists of entries where each entry is a pair of
MAC/IP addresses.
To create a new ARP inspection list and add the first entry to it:
1
Click
Switching
>
Dynamic ARP Inspection
>
Dynamic ARP
Inspection List
in the tree view to display the
Dynamic ARP Inspection
List: Summary
page.
Figure 18-2. Dynamic ARP Inspection List: Summary
The dynamic ARP lists are displayed.
2
To create a new list and enter the first address pair in it, click
Add
, and
enter the fields:
List Name
— Create and enter a list name.
IP Address
— Enter the IP address that will be mapped to the MAC
address entered below.
MAC Address
— Enter the MAC address that will be mapped to the
IP address entered above.
556 Dell PowerConnect 55xx Systems User Guide
Creating a Dynamic ARP Inspection List Using CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the Dynamic ARP Inspection List pages.
The following is an example of some of the CLI commands:
Table 18-2. Dynamic ARP Inspection List CLI Commands
CLI Command Description
ip arp inspection list
create name
no ip arp inspection list
create name
Creates a static ARP binding list and
enters the ARP list configuration mode.
Use the no form of this command to
delete the list.
console(config)# ip arp inspection list create servers
console(config-ARP-list)#
Dell PowerConnect 55xx Systems User Guide 557
Dynamic ARP Inspection Entries
To add additional addresses to the lists defined in the
Dynamic ARP
Inspection List
page:
1
Click
Switching
>
Dynamic ARP Inspection Entries
>
Dynamic ARP
Inspection Entries
in the tree view to display the
Dynamic ARP
Inspection Entries: Summary
page.
Figure 18-3. Dynamic ARP Inspection Entries: Summary
The dynamic ARP entries for the selected list are displayed.
2
To add a new address pair to a list, click
Add
and select the list.
3
Enter the fields:
IP Address
— Enter the IP address that will be mapped to the MAC
address entered below.
MAC Address
— Enter the MAC address that will be mapped to the
IP address entered above.
558 Dell PowerConnect 55xx Systems User Guide
Adding Entries to a Dynamic ARP Inspection List Using CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the Dynamic ARP Inspection Entries pages.
The following is an example of some of the CLI commands:
Table 18-3. Dynamic ARP Inspection List Entries CLI Commands
CLI Command Description
ip ip-address mac-address
mac-address
no ip ip-address mac-address
mac-address
Creates a static ARP binding.
Use the no form of this command to
delete a static ARP binding..
show ip arp inspection list Displays the static ARP binding list.
console(config)# ip arp inspection list create servers
console(config-arp-list)# ip 172.16.1.1 mac-address
0060.704c.7321
console(config-arp-list)# ip 172.16.1.2 mac-address
0060.704c.7322
console(config-arp-list)# do show ip arp inspection list
List name: servers
Assigned to VLANs:
IP MAC
--------------- ------------------
172.16.1.1 00:60:70:4c:73:21
172.16.1.2 00:60:70:4c:73:22
console(config-arp-list)#
Dell PowerConnect 55xx Systems User Guide 559
VLAN Settings
To assign a list of IP/MAC address pairs, defined in the Dynamic ARP
Inspection List pages, to a VLAN:
1
Click
Switching
>
Dynamic ARP Inspection Entries
>
VLAN Settings
in
the tree view to display the
VLAN Settings: Summary
page.
Figure 18-4. VLAN Settings: Summary
The VLANs and their associated lists of IP/MAC address pairs are
displayed.
2
To designate a VLAN to be associated with an ARP inspection list, click
Add VLAN
and enter the VLAN ID.
3
Click
Assign
and select the
List Name
to be associated with the VLAN.
560 Dell PowerConnect 55xx Systems User Guide
Assigning IP/MAC Address Pairs to VLANs Using CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the VLAN Settings pages.
The following is an example of some of the CLI commands:
Table 18-4. Assigning IP/MAC Address Pairs to VLANs CLI Commands
CLI Command Description
ip arp inspection vlan vlan-
id
Enables ARP inspection on a VLAN, based
on the DHCP Snooping database.
Use the no form of this command to
disable ARP inspection on a VLAN.
ip arp inspection list
assign vlan-id name
no ip arp inspection list
assign vlan
Assigns a static ARP binding list to a
VLAN.
Use the no form of this command to
delete the assignment.
console(config)# ip arp inspection list assign 37 servers
Dell PowerConnect 55xx Systems User Guide 561
Trusted Interfaces
Interfaces are untrusted if the packet is received from an interface outside the
network or from an interface beyond the network firewall. Trusted interfaces
receive packets only from within the network or the network firewall.
To configure an interface to be trusted:
1
Click
Switching

Dynamic ARP Inspection

Trusted Interface
in the
tree view to display the
Trusted Interface: Summary
page.
Figure 18-5. Trusted Interface: Summary
The ports on the selected unit and their trusted status are displayed.
2
To modify the status of an interface, click
Edit.
3
Select the interface and enable/disable its
Trust Status
, which is the
DHCP Snooping Trust mode.
562 Dell PowerConnect 55xx Systems User Guide
Configuring Trusted Interfaces Using CLI Commands
The following table summarizes the CLI commands for configuring the fields
in the Trusted Interface pages.
The following is an example of some of the CLI commands:
Table 18-5. Configuring Trusted Interface Parameters CLI Commands
CLI Command Description
ip arp inspection trust
no ip arp inspection trust
Configures an interface trust state that
determines if incoming ARP packets are
inspected.
Use the no form of this command to
restore the default configuration.
show ip arp inspection
[[gigabitethernet|tengigabit
ethernet] port-number|port-
channel LAG-number]
Displays the ARP inspection configuration
for all interfaces or a specific interface.
console(config)# interface gi1/0/3
console(config-if)# ip arp inspection trust
Dell PowerConnect 55xx Systems User Guide 563
19
DHCP Snooping
This section describes DHCP Snooping and DHCP Relay features.
It contains the following topics:
DHCP Snooping
•DHCP Relay
564 Dell PowerConnect 55xx Systems User Guide
DHCP Snooping
This section describes DHCP snooping.
It contains the following topics:
DHCP Snooping Overview
Global Parameters
VLAN Settings
Trusted Interfaces
Snooping Binding Database
DHCP Snooping Overview
DHCP snooping expands network security by providing layer security
between untrusted interfaces and DHCP servers. By enabling DHCP
snooping, network administrators can differentiate between trusted interfaces
connected to end-users or DHCP Servers, and untrusted interfaces located
beyond the network firewall.
How DHCP Snooping Works
DHCP snooping filters untrusted messages, and stores these messages in a
database. Interfaces are untrusted if the packet is received from an interface
outside the network, or from an interface beyond the network firewall.
Trusted interfaces receive packets only from within the network or the
network firewall.
The DHCP Snooping Binding database contains the untrusted interfaces’
MAC address, IP address, Lease Time, VLAN ID, and interface information.
Table 21-1 describes how DHCP packets are handled when DHCP snooping
is enabled on an interface.
Table 19-1. DHCP Packet Handling when DHCP Snooping is Enabled
Packet Type Arriving from Untrusted
Ingress Interface
Arriving from Trusted
Ingress Interface
DHCPDISCOVER Forward to trusted
interfaces only.
Forwarded to trusted
interfaces only.
Dell PowerConnect 55xx Systems User Guide 565
DHCPOFFER Filter. Forward the packet
according to DHCP
information. If the
destination address is
unknown the packet is
filtered.
DHCPREQUEST Forward to trusted
interfaces only.
Forward to trusted
interfaces only.
DHCPACK Filter. Same as DHCPOFFER
and an entry is added to
the Binding database.
DHCPNAK Filter. Same as DHCPOFFER.
Remove entry if exists.
DHCPDECLINE Check if there is
information in the
database. If the
information exists and
does not match the
interface on which the
message was received, the
packet is filtered.
Otherwise the packet is
forwarded to trusted
interfaces only, and the
entry is removed from
database.
Forward to trusted
interfaces only
DHCPRELEASE Same as
DHCPDECLINE.
Same as
DHCPDECLINE.
DHCPINFORM Forward to trusted
interfaces only.
Forward to trusted
interfaces only.
DHCPLEASEQUERY Filtered. Forward.
Table 19-1. DHCP Packet Handling when DHCP Snooping is Enabled (Continued)
Packet Type Arriving from Untrusted
Ingress Interface
Arriving from Trusted
Ingress Interface
566 Dell PowerConnect 55xx Systems User Guide
As shown in Table 21-1, the DHCP Snooping Binding database is updated by
interception of DHCPACK, DHCPDECLINE and DHCPRELEASE packets,
and is stored in non-volatile memory.
Even if a port is down, its entries are not deleted.
NOTE: Only DHCP requests on untrusted ports are maintained in the Binding
database.
Limitations
The following limitations apply:
Enabling DHCP snooping uses TCAM resources.
The switch writes changes to the binding database only when the switch
system clock is synchronized with SNTP.
The switch does not update the Binding database when a station moves to
another interface.
Global Parameters
Use the Global Parameters page to:
Enable/disable DHCP snooping globally.
Determine whether to forward or filter DHCP packets received from
untrusted interfaces, whose source MAC address and the DHCP client
MAC address do not match.
Determine whether to forward or filter DHCP packets, received from
untrusted interfaces, with option-82 information.
Set Binding database update interval.
Dell PowerConnect 55xx Systems User Guide 567
To configure DHCP snooping on the device:
1
Click
Switching
>
DHCP Snooping
>
Global Parameters
in the tree view
to display the
Global Parameters
page.
Figure 19-1. Global Parameters
2
Enable/disable DHCP snooping on the device in the
DHCP Snooping
Status
field.
3
If DHCP snooping is enabled, enter the fields:
Option 82 Passthrough
— Enable/disable whether to forward (enable)
or filter (disable) DHCP packets, received from untrusted interfaces,
with option-82 information.
Verify MAC Address
— Enable/disable MAC addresses verification.
This determines whether to forward (enable) or filter (disable) DHCP
packets received from untrusted interfaces, whose source MAC
address and the DHCP client MAC address do not match.
Save Binding Database to File
— Enable/disable saving the DHCP
snooping database to flash memory.
Save Binding Database Internal
(600-86400)
— Enter how often, in
seconds, the Binding database is updated.
Configuring DHCP Snooping Global Parameters Using CLI Commands
568 Dell PowerConnect 55xx Systems User Guide
The following table summarizes the CLI commands for configuring DHCP
snooping global parameters.
Table 19-2. DHCP Snooping Global Parameters CLI Commands
CLI Command Description
ip dhcp snooping
no ip dhcp snooping
Globally enables DHCP snooping.
Use the no form of this command to
return to the default setting.
ip dhcp snooping information
option allowed-untrusted
no ip dhcp snooping information
option allowed-untrusted
Allows a device to accept DHCP
packets with option-82 information
from an untrusted port.
Use the no form of this command to
return to the default setting.
ip dhcp snooping verify
no ip dhcp snooping verify
Configures the switch to verify on an
untrusted port that the source MAC
address in a DHCP packet matches the
client hardware address.
Use the no form of this command to
configure the switch to not verify the
MAC addresses.
ip dhcp snooping database
no ip dhcp snooping database
Configures the DHCP snooping
binding file.
Use the no form of this command to
delete the binding file.
ip dhcp snooping database
update-freq seconds
no ip dhcp snooping database
update-freq
Configures the update frequency of
the DHCP snooping binding file.
Use the no form of this command to
return to default.
show ip dhcp snooping
[[gigabitethernet|tengigabiteth
ernet] port-number|port-channel
LAG-number]
Displays the DHCP snooping
configuration.
Dell PowerConnect 55xx Systems User Guide 569
The following is an example of some of the CLI commands:
console(config)# ip dhcp snooping
console(config)# ip dhcp snooping information option
allowed-untrusted
console(config)# ip dhcp snooping verify
console(config)# ip dhcp snooping database
console(config)# ip dhcp snooping database frequency 1200
console# show ip dhcp snooping
DHCP snooping is enabled
DHCP snooping database: enabled
Option 82 on untrusted port is allowed
Verification of hwaddr field is enabled
DHCP snooping file update frequency is configured to: 1200
seconds
Interface Trusted
--------- ----------
gi2/0/1 yes
gi2/0/2 yes
570 Dell PowerConnect 55xx Systems User Guide
VLAN Settings
To separate ports in a VLAN, enable DHCP snooping on it.
Before you enable DHCP snooping on a VLAN, you must globally enable
DHCP snooping on the device.
When DHCP snooping is disabled for a VLAN, the Binding entries that were
collected for that VLAN are removed from the Binding database.
To enable/disable DHCP snooping on a VLAN:
1
Click
Switching
>
DHCP Snooping
>
VLAN Settings
in the tree view to
display the
VLAN Settings
page.
Figure 19-2. VLAN Settings
The list of existing VLANs are displayed in the
VLAN ID
list.
2
Click
Add
to move the VLANs, for which you want to enable DHCP
snooping, from the
VLAN ID
list to the
Enabled VLANs
list. To remove a
VLAN, click
Remove
to move it from the
Enabled
VLANs
list to the
VLAN ID
list.
Dell PowerConnect 55xx Systems User Guide 571
Configuring DHCP Snooping on VLANs Using CLI Commands
The following table summarizes the CLI commands for configuring DHCP
snooping on VLANs .
The following is an example of some of the CLI commands:
Table 19-3. DHCP Snooping on VLANs CLI Commands
CLI Command Description
ip dhcp snooping vlan vlan-id
no ip dhcp snooping vlan-id
Enables DHCP snooping on a VLAN.
Use the no form of this command to
disable DHCP snooping on a VLAN.
console(config)# ip dhcp snooping vlan 1
572 Dell PowerConnect 55xx Systems User Guide
Trusted Interfaces
To define a trusted interface:
1
Click
Switching
>
DHCP Snooping
>
Trusted Interface
in the tree view
to display the
Trusted Interface: Summary
page.
Figure 19-3. Trusted Interfaces: Summary
A list of the interfaces is displayed.
2
To change the trust status of an interface, click
Edit
, and enter the fields:
Interface
— Select a unit and port or LAG.
Trust Status
— Enable/disable DHCP Snooping Trust mode on the
selected port or LAG.
Dell PowerConnect 55xx Systems User Guide 573
Configuring DHCP Snooping Trusted Interfaces Using CLI Commands
The following table summarizes the CLI commands for configuring DHCP
snooping trusted interfaces.
The following is an example of some of the CLI commands:
Snooping Binding Database
Entries in the DHCP Snooping Binding database consist of pairs of MAC/IP
addresses.
In addition to the entries added by DHCP snooping, entries to the Snooping
Binding database can be manually added or deleted. These entries are added
to the Snooping Binding database and Snooping Binding file, if it exists, but
they are not added to the configuration files.
A manually-added entry can be either dynamic or a static. When configuring
a dynamic entry, an expiration date must be assigned.
The refresh time (in seconds) of the binding table is added in the Global
Parameters pages.
Table 19-4. DHCP Snooping Trusted Interfaces CLI Commands
CLI Command Description
ip dhcp snooping trust
no ip dhcp snooping
trust
Configures an interface as trusted for DHCP
snooping purposes.
Use the no form of this command to return to the
default setting.
console(config)# interface gi1/0/5
console(config-if)# ip dhcp snooping trust
574 Dell PowerConnect 55xx Systems User Guide
To query and add IP addresses to the Binding database:
1
Click
Switching
>
DHCP Snooping
>
Binding Database
in the tree view
to display the Binding Database: Summary page.
Figure 19-4. Binding Database
A list of the database entries is displayed.
2
To query the database, enter query criteria and click
Query
. Database
entries matching the query are displayed.
3
To add a entry, click
Add
, and enter the fields:
Ty p e
— Select the entry type. The possible options are:
Static
—IP address was statically configured.
Dynamic
—IP address was dynamically configured.
MAC Address
— Enter the MAC address to be recorded in the entry.
Dell PowerConnect 55xx Systems User Guide 575
VLAN ID
— Select the VLAN ID to which the IP address is
associated in the entry.
IP Address
— Enter the IP address to be recorded in the entry.
Interface
— Select the unit and port or LAG to be recorded in the
entry.
Lease Time
— If the entry is dynamic, enter the amount of time that
the entry will be active in the DHCP Database. If there is no Lease
Time, check
Infinite
.
Configuring DHCP Snooping Binding Database Using CLI Commands
The following table summarizes the CLI commands for configuring the
DHCP Snooping Binding database.
Table 19-5. DHCP Snooping Binding Database CLI Commands
CLI Command Description
ip dhcp snooping database
no ip dhcp snooping database
Enables the DHCP Snooping
binding database file.
Use the no form of this command
to delete the DHCP Snooping
binding database file.
ip dhcp snooping database update-
freq seconds
no ip dhcp snooping database
update-freq
Enables the DHCP Snooping
binding database file.
Use the no form of this command
to delete the DHCP Snooping
binding database file.
ip dhcp snooping binding mac-
address vlan-id ip-address
[gigabitethernet|tengigabitethern
et] port-number|port-channel LAG-
number] expiry {seconds|infinite}
no ip dhcp snooping binding mac-
address vlan-id
Configures the DHCP snooping
binding database and adds
binding entries to the database.
Use the no form of this command
to delete entries from the binding
database.
clear ip dhcp snooping database Clears the DHCP binding
database.
576 Dell PowerConnect 55xx Systems User Guide
The following is an example of some of the CLI commands:
show ip dhcp snooping binding
[mac-address mac-address] [ip-
address ip-address] [vlan vlan-
id][[gigabitethernet|tengigabitet
hernet] port-number|port-channel
LAG-number]]
Displays the DHCP snooping
binding database and
configuration information for all
interfaces or some interfaces on a
switch.
console(config)# ip dhcp snooping database
console(config)# ip dhcp snooping update-freq 3600
console# show ip dhcp snooping binding
Update frequency: 3600
Total number of binding: 2
MAC Address IP Address Lease
(sec)
Type VLAN Interface
----------- ---------- ------ -------- ----- ----------
0060.704C.73FF 10.1.8.1 7983 snooping 3 gi1/0/21
0060.704C.7BC1 10.1.8.2 92332 snooping (s)3 gi1/0/22
Table 19-5. DHCP Snooping Binding Database CLI Commands (Continued)
CLI Command Description
Dell PowerConnect 55xx Systems User Guide 577
DHCP Relay
This section describes DHCP relay.
It contains the following topics:
DHCP Relay Overview
•Option 82
Global Settings
Interface Settings
DHCP Relay Overview
The device can act as a DHCP Relay agent that listens for DHCP messages,
and relays them between DHCP servers and clients, which reside in different
VLANs or IP subnets.
This functionality is intended to be used when the client ingress VLAN is
different than the VLAN on which DHCP servers are connected.
The switch can relay DHCP messages received from its IPv4 interfaces to one
or more configured DHCP servers. The switch puts the IPv4 address into the
message giaddr before relaying it to the servers. It uses the switch’s IPv4
address of the interface where the message is received. The switch uses the
giaddr from the response to determine how to forward the response back to
the DHCP client.
DHCP Relay must be enabled globally and per VLAN.
578 Dell PowerConnect 55xx Systems User Guide
Option 82 Overview
The relay agent information option (Option 82) in the DHCP protocol
enables a DHCP relay agent to send additional client information when
requesting an IP address. Option 82 specifies the relaying switch's MAC
address, the port identifier, and the VLAN that forwarded the packet.
Both DHCP snooping and DHCP relay can insert option 82 into traversing
packets.
DHCP snooping with option 82 insertion provides transparent Layer 2 relay
agent functionality when the DHCP server is on the same VLAN as the
clients.
Limitations
The following limitations exist for DHCP Relay:
It is not supported on IPv6.
It is not relayed to servers on the client’s VLAN.
Packets that have option-82 information, added by other devices, are
discarded.
It does not support Option 82 on non-VLAN interfaces.
It can be enabled only on a VLAN/Port/LAG that has an IP address defined
on it.
Dell PowerConnect 55xx Systems User Guide 579
Option 82
To enable Option82 insertion:
1
Click
Switching
>
DHCP Relay
>
Option 82
in the tree view to display
the
Option 82
page.
Figure 19-5. Option 82
2
Enable/disable Option 82 insertion.
580 Dell PowerConnect 55xx Systems User Guide
Configuring Option 82 Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the Option 82 page.
The following is an example of the CLI command:
Global Settings
To set the DHCP Relay global settings:
1
Click
Switching
>
DHCP Relay
>
Global Settings
in the tree view to
display the
Global Settings: Summary
page.
Figure 19-6. Global Settings: Summary
The currently-define DHCP servers are displayed.
2
Enable/disable DHCP relay.
Table 19-6. CLI Option 82 Commands
CLI Command Description
ip dhcp information option
no ip dhcp information option
Enables DHCP option-82 data insertion.
Use the no form of this command to
disable DHCP option-82 data insertion.
console(config)# ip dhcp information option
Dell PowerConnect 55xx Systems User Guide 581
3
To add a DHCP server, click
Add
.
4
Enter the IP address of the DHCP server in the
DHCP Server IP Address
field.
Defining Global Parameters Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the Global Settings pages.
The following is an example of the CLI commands:
Table 19-7. Global Parameters CLI Commands
CLI Command Description
ip dhcp relay enable
no ip dhcp relay enable
Enables DHCP relay features on the
device.
Use the no form of this command to
disable the DHCP relay agent.
ip dhcp relay address ip-
address
no ip dhcp relay address [ip-
address]
Defines the DHCP servers available for
the DHCP relay.
Use the no form of this command to
remove servers from the list.
show ip dhcp relay Displays the server addresses on the
DHCP relay.
console(config-if)# ip dhcp relay enable
console(config)# ip dhcp relay address 176.16.1.1
console(config)# do show ip dhcp relay
DHCP relay is Enabled
Option 82 is Disabled
Maximum number of supported VLANs without IP Address is 0
DHCP relay is not configured on any port.
DHCP relay is not configured on any VLAN.
Servers: 176.16.1.1
console(config)#
582 Dell PowerConnect 55xx Systems User Guide
Interface Settings
. NOTE: For DHCP Relay to function on an interface, it also must be activated
globally in the Global Settings page.
To enable DHCP relay on a port, LAG, or VLAN:
1
Click
Switching
>
DHCP Relay
>
Interface Settings
in the tree view to
display the
Interface Settings: Summary
page.
Figure 19-7. Interface Settings: Summary
The currently-define DHCP interfaces are displayed.
2
To enable DHCP relay on an interface, click
Add
.
3
Select the interface.
Dell PowerConnect 55xx Systems User Guide 583
Defining Interface Settings Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the Interface Settings pages.
The following is an example of the CLI commands that enable DHCP Relay
on VLAN 2, assign it an IP address and show the DHCP Relay status:
Interface Settings Parameters CLI Commands
CLI Command Description
ip dhcp relay enable
no ip dhcp relay enable
Enables the DHCP relay features on the
interface (in Interface Configuration
mode).
Use the no form of this command to
disable the DHCP relay agent feature on
the interface.
ip dhcp relay address ip-
address
no ip dhcp relay address
Defines a DHCP servers available for
DHCP relay.
Use the no form of this command to
remove servers from the list.
console(config)# interface vlan 2
console(config-if)# ip dhcp relay enable
console(config)# ip dhcp relay address 176.16.1.1
console> show ip dhcp relay
DHCP relay is Enabled
Option 82 is Disabled
Maximum number of supported VLANs without IP Address is 0
DHCP relay is not configured on any port.
DHCP relay is not configured on any vlan.
No servers configured
584 Dell PowerConnect 55xx Systems User Guide
20
iSCSI Optimization
This section describes iSCSI optimization.
It contains the following topics:
Optimizing iSCSI Overview
Global Parameters
•iSCSI Targets
iSCSI Sessions
Configuring iSCSI Using CLI
Dell PowerConnect 55xx Systems User Guide 585
Optimizing iSCSI Overview
The Internet Small Computer System Interface (iSCSI) is an IP-based
storage networking standard for linking data storage facilities. By carrying
SCSI commands over IP networks, iSCSI is used to facilitate data transfers
over intranets, and to manage storage over long distances.
iSCSI can be used to transmit data over local area networks (LANs), wide area
networks (WANs), or the Internet, and can enable location-independent data
storage and retrieval.
Unlike traditional Fiber channels, which requires special-purpose cabling,
iSCSI can be run over long distances, using existing network infrastructure.
The protocol enables clients (called initiators) to send SCSI commands
(CDBs) to SCSI storage devices (targets) on remote servers. This enables
organizations to consolidate storage into data center storage arrays, while
providing hosts (such as database and web servers) with the illusion of
locally-attached disks.
The targets listen on a well-known TCP port (or any other TCP port that has
been explicitly specified) for incoming connections. The login process is
started when the initiator establishes a TCP connection to the desired target,
through the TCP port that was explicitly specified.
The group of iSCSI TCP connections that link an initiator with a target is
called an iSCSI session.
When you connect an EqualLogic device to the switch, and iSCSI
optimization is enabled, the switch automatically recognizes the port to
which the EqualLogic equipment is connected to, and configures the STP
Mode to RSTP to support fast network convergence.
Optimizing iSCSI
iSCSI optimization provides the following features:
Ability to assign a specific QoS profile to the iSCSI flows
Display of iSCSI session details (connections, initiator, target, and so on)
Identification of (self-discovered) iSCSI sessions
Identification of iSCSI session termination
Identification of non-active iSCSI sessions
586 Dell PowerConnect 55xx Systems User Guide
Limitations
The following limitations exist:
All iSCSI connections receive the relevant QoS, regardless of whether they
are being monitored or not. If, for example, a feature was disabled for some
period and was enabled again, it is possible that there are iSCSI TCP
connections that were established during this period of time. These cannot
be monitored, because all relevant information was already passed at the
beginning of the session. But these unidentified sessions will still be
assigned to iSCSI QoS.
The maximum number of iSCSI TCP connections, which is also the
default setting, is 1K. This can be changed after reset.
The number of iSCSI connections affects other system features.
iSCSI-aware, DHCP Snooping, and ACL rules all use the TCAM system
resource. If the number of iSCSI connections has been increased, the
other application rules (DHCP Snooping or ACL) can be removed after
reset.
If the target uses redirect messages upon the initiator request, and, as a
result, the initiator opens a connection to a different target, the new target
must be configured as part of the general configuration.
Only iSCSI flows to targets that use the iSCSI well-known port or other
explicit user-defined configuration are assigned QoS.
The aging configuration works for each connection. The mechanism
checks connection activities in a group of 28 TCP iSCSI connections,
within the aging time. In the worst case, when the maximum number of
1K TCP connections are monitored and are not terminated gracefully, the
mechanism causes inaccuracy, namely, the last 28 TCP iSCSI connections
are aged out after (1K/28)*aging-time.
In general, the greater the number of ungracefully terminated iSCSI TCP
connections, the greater the inaccuracy is. Not all iSCSI TCP connections
are monitored for aging at the same time. Sessions, whose associated TCP
connections are not being currently monitored, will show unchanged aging
time.
Encryption (Ipsec) must not be applied on iSCSI traffic, otherwise a QoS
profile will not be assigned to iSCSI.
iSCSI optimization does not work with IP fragmented frames.
Dell PowerConnect 55xx Systems User Guide 587
Each session supports at most four TCP connections. If a new TCP
connection of an already opened iSCSI session arrives, and there are
already four TCP connections, the new connection replaces the oldest one,
within this specific iSCSI session.
A short flow interruption, caused by STP topology change or
administrative port-down action, might cause the TCP connection to
reinitiate without closing the iSCSI session. If the actual iSCSI session
used only one TCP connection, the reinitiated one will be added to the
monitoring table, for an aging-time period. After that, it is removed from
the list.
588 Dell PowerConnect 55xx Systems User Guide
Global Parameters
Use the Global Parameters page to enable iSCSI and to set iSCSI QoS frame
priority. You may also enable Remark to change the DSCP or CoS user
priority field in the packet. In the QoS Properties pages, you can then set the
queuing to
strict priority
or
WRR
, and map the CoS or DSCP to the desired
queue in the CoS to Queue or DSCP to Queue pages.
To enable iSCSI and set its QoS parameters:
1
Click
System >
iSCSI Optimization
>
Global Parameters
in the tree
view to display the
Global Parameters
page.
Figure 20-1. Global Parameters
2
Enter the fields:
iSCSI Status
— Enable/disable iSCSI optimization.
iSCSI COS Status
— Enable/disable the Class of Service profile to
apply to iSCSI flows.
Classification
— Select whether the priority of iSCSI packets is
determined by
CoS
or
DSCP
. Check the classification, and select the
desired value.
Remark
— Enable/disable whether iSCSI frames will be remarked
with the CoS or DSCP value.
Dell PowerConnect 55xx Systems User Guide 589
iSCSI Aging Time
— Enter how long the device will wait, after the
last received frame of an iSCSI session, before deleting the session
from the list.
Enabling iSCSI automatically enables Jumbo frames and enables Flow
Control on all interfaces. Jumbo frames are only enabled after copying the
Running configuration to the Startup configuration and resetting the device
(the Flow Control changes are effective immediately).
Defining iSCSI Global Parameters Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the iSCSI Global Parameters pages.
Table 20-1. iSCSI Global Parameters CLI Commands
CLI Command Description
iscsi enable
no iscsi enable
Enables iSCSI awareness.
Use the no form of the command to
disable iSCSI awareness.
iscsi cos {vpt vpt|dscp dscp}
[remark]
no iscsi cos
Sets the quality of service profile that will
be applied to iSCSI flows.
Use the no form of the command to
return to default.
iscsi aging time minutes
no iscsi aging time
Sets the aging time for iSCSI sessions.
Use the no form of the command to
cancel aging.
show iscsi Displays iSCSI settings.
590 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console(config)# iscsi enable
console(config)# iscsi cos dscp 31
console(config)# iscsi aging time 10
console# show iscsi
Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678
--------------------------------------------------------
Session 1:
---------
Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12.
storage:sys1.xyz
Time started: 23-Jul-2002 10:04:50
Time for aging out: 10 min
ISID: 11
Initiator Initiator Target Target
IP Address TCP Port IP Address IP port
---------- --------- ---------- -------
172.16.1.3 49154 172.16.1.20 30001
Dell PowerConnect 55xx Systems User Guide 591
iSCSI Targets
To add an iSCSI target:
1
Click
System > iSCSI Optimization > iSCSI Targets
in the tree view to
display the
iSCSI Targets: Summary
page.
Figure 20-2. iSCSI Targets: Summary
The currently-defined targets are displayed.
2
To add a new target, click
Add
.
3
Enter the fields:
TCP Port
— TCP port used by the target for iSCSI communications.
IP Address
— IP address of the target. The IP address 0.0.0.0 is
any
IP
address.
Target Name (0-223 characters)
— Name of the target.
592 Dell PowerConnect 55xx Systems User Guide
Defining iSCSI Targets Using CLI Commands
The following table summarizes the CLI commands for defining fields
displayed in the iSC SI Targ et s Tab le .
The following is an example of the CLI commands:
Table 20-2. iSCSI Targets Table CLI Commands
CLI Command Description
iscsi target port tcp-port-1
[tcp-port-2… tcp-port-8]
[address ip-address] [name
target-name]
no iscsi target port tcp-
port-1 [tcp-port-2… tcp-port-
8] [address ip-address]
Configures iSCSI port/s, target address
and name.
Use the no form of this command to
delete an iSCSI target.
show iscsi sessions Show the current iSCSI targets and
sessions.
console(config)# iscsi target port 30001 address
176.16.1.1 name iqn.1993-11.com.disk
vendor:diskarrays.sn.45678.tape:sys1.xyz
Dell PowerConnect 55xx Systems User Guide 593
iSCSI Sessions
To display information about iSCSI communications to various targets:
1
Click
System > iSCSI Optimization > iSCSI Sessions
in the tree view to
display the
iSCSI Sessions
page.
Figure 20-3. iSCSI Sessions
2
Select a target and click
Details
. The following is displayed:
Target Name
— The name of the target.
Initiator Name
— The name of the initiator.
ISID
— The iSCSI session ID.
Session Life Time
— The amount of time that has passed since the
first frame of the session.
Aging Time
— The time left until the session ages out and is
removed.
594 Dell PowerConnect 55xx Systems User Guide
Initiators/Targets
— The IP address and TCP port used by each
initiator and target in the session is displayed.
Displaying iSCSI Sessions Using CLI Commands
The following table summarizes the CLI commands for displaying iSCSI
sessions.
The following is an example of the CLI commands:
Table 20-3. iSCSI CLI Commands
CLI Command Description
show iscsi sessions
[detailed]
Displays iSCSI sessions
console(config)# show iscsi sessions
Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678
-------------------------------------------------------------
Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12
ISID: 11
Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10
ISID: 222
--------------------------------------------------------------
Target: iqn.103-1.com.storage-vendor:sn.43338.storage.tape:sys1.xyz
--------------------------------------------------------------
Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12
ISID: 44
Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10
ISID: 65
--------------------------------------------------------------
console# show iscsi sessions detailed
Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678
--------------------------------------------------------------
Session 1:
---------
Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12.storage:sys1.xyz
UP Time: 02:10:45 (DD:HH:MM)
Time for aging out: 10 min
ISID: 11
Initiator IP Address Initiator TCP Port Target IP Address Target IP Port
-------------------- ----------------- ---------------- -------------
172.16.1.3 49154 172.16.1.20 3001
172.16.1.3 49154 172.16.1.20 3001
1172.16.1.3 49154 172.16.1.20 3001
30001Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10
Status: Active
UP Time: 00:04:50 (DD:HH:MM)
Time for aging out: 2 min
ISID: 22
Dell PowerConnect 55xx Systems User Guide 595
Configuring iSCSI Using CLI
The following is a sample procedure to configure the iSCSI feature using CLI:
Table 20-4. Sample CLI Script to Configure iSCSI
CLI Command Description
iscsi enable Enable iSCSI.
iscsi cos vpt 2 remark Set iSCSI flow to use VPT 2 (Layer 2
CoS). This VPT value replaces the
original VPT in the packet.
show iscsi sessions Verify that iSCSI is enabled and that the
iSCSI flows are displayed.
Dell PowerConnect 55xx Systems User Guide 596
21
Statistics/RMON
This section describes many of the statistics available on the device. The only
exception is the QoS statistics described in "Quality of Service" on page 640.
It contains the following topics:
•Table Views
RMON Components
•Charts
Dell PowerConnect 55xx Systems User Guide 597
Table Views
This section displays statistics in table form.
It contains the following topics:
Denied ACEs Counters
Utilization Summary
Counter Summary
Interface Statistics
Etherlike Statistics
•GVRP Statistics
•EAP Statistics
598 Dell PowerConnect 55xx Systems User Guide
Denied ACEs Counters
The Denied ACEs counters contain the number of packets that were dropped
(denied) because they did not meet ACL criteria expressed in some ACE.
To display the denied ACE counters:
1
Click
Statistics/RMON
>
Table Views
>
Denied ACEs Counters
in the
tree view to display the
Denied ACEs Counters
page.
Figure 21-1. Denied ACEs Counters
The global number of dropped packets is displayed along with the number
of dropped packets on each interface.
2
To clear the counters, select either a stack unit and port or LAG. All
ports/LAGs in the unit are displayed.
3
Mark the counters to be cleared and click
Clear Counters
.
4
To clear all counters, click
Clear All Counters
.
Dell PowerConnect 55xx Systems User Guide 599
Viewing Denied ACE Counters Statistics Using the CLI Commands
The following table contains the CLI commands for viewing denied ACE
counters statistics.
The following is an example of the CLI commands:
Table 21-1. Denied ACE Counters CLI Commands
CLI Command Description
show interfaces access-lists
counters
[gigabitethernet|tengigabite
thernet] port-number|port-
channel LAG-number]
Displays Access List counters.
console# show interfaces access-lists counters
Interface Denied ACE hits
--------- -------------
gi1/0/1 55
gi1/0/2 33
gi1/0/3 32
600 Dell PowerConnect 55xx Systems User Guide
Utilization Summary
Use the Utilization Summary
page to display interface utilization. This page
is refreshed periodically to minimize impact on performance. Display may be
disrupted during this period.
To display interface utilization statistics:
1
Click
Statistics/RMON > Table Views
>
Utilization Summary
in the tree
view to display the
Utilization Summary
page.
Figure 21-2. Utilization Summary
2
Select a unit and port/LAG.
The following fields are displayed:
Port/LAG
— The port/LAG number.
Interface Status
— The status of the interface:
Up
,
Down
or
Not
Present
when no port is attached to the LAG.
% Interface Utilization
— Network interface utilization percentage,
based on the duplex mode of the interface. The range of this reading is
from 0 to 200%. The maximum reading of 200% for a full duplex
connection indicates that 100% of bandwidth of incoming and
outgoing connections is used by the traffic travelling through the
interface. The maximum reading for a half duplex connection is 100%.
Dell PowerConnect 55xx Systems User Guide 601
% Unicast Received
— Percentage of Unicast packets received on the
interface.
% Non Unicast Packets Received
— Percentage of non-Unicast
packets received on the interface.
% Error Packets Received
— Percentage of packets with errors
received on the interface.
3
Select one of the
Refresh Rate
options to specify how frequently the
statistics should be refreshed.
The CPU utilization chart is displayed.
602 Dell PowerConnect 55xx Systems User Guide
Counter Summary
To display the number of received and transmitted packets on ports, as
numeric figures and not percentages:
1
Click
Statistics/RMON
>
Table Views
>
Counter Summary
in the tree
view to display the
Counter Summary
page.
Figure 21-3. Counter Summary
Counters for the selected units or LAG are displayed.
2
Select a port/LAG.
The following fields are displayed:
Port/LAG
— The interface number.
Interface Status
— Status of the interface:
Up
or
Down
.
Received Unicast Packets
— Number of received Unicast packets on
the interface.
Dell PowerConnect 55xx Systems User Guide 603
Transmitted Unicast Packets
— Number of transmitted Unicast
packets from the interface.
Received Non Unicast Packets
— Number of received non-Unicast
packets on the interface.
Transmitted Non Unicast Packets
— Number of transmitted non-
Unicast packets from the interface.
Received Errors
— Number of received packets with errors on the
interface.
3
Select one of the
Refresh Rate
options to specify how frequently the
counters should be refreshed.
604 Dell PowerConnect 55xx Systems User Guide
Interface Statistics
To display the number of received and transmitted packets on an interface:
1
Click
Statistics/RMON
>
Table Views
>
Interface Statistics
in the tree
view to display the
Interface Statistics
page.
Figure 21-4. Interface Statistics
2
Select a port/LAG.
3
Select one of the
Refresh Rate
options to specify how frequently the
counters should be refreshed.
The following fields are displayed:
Receive Statistics
Total Bytes (Octets)
— Amount of octets received on the selected
interface.
Dell PowerConnect 55xx Systems User Guide 605
Unicast Packets
— Number of Unicast packets received on the
selected interface.
Multicast Packets
— Number of Multicast packets received on the
selected interface.
Broadcast Packets
— Number of Broadcast packets received on the
selected interface.
Packets with Errors
— Number of errors packets received on the
selected interface.
Transmit Statistics
Total Bytes (Octets)
— Number of octets transmitted from the
selected interface.
Unicast Packets
— Number of Unicast packets transmitted from the
selected interface.
Multicast Packets
— Number of Multicast packets transmitted from
the selected interface.
Broadcast Packets
— Number of Broadcast packets transmitted from
the selected interface.
4
Click
Reset All Counters
to clear these counters.
606 Dell PowerConnect 55xx Systems User Guide
Etherlike Statistics
To display interface error statistics:
1
Click
Statistics/RMON
>
Table Views
>
Etherlike Statistics
in the tree
view to display the
Etherlike Statistics
page.
Figure 21-5. Etherlike Statistics
2
Select a port/LAG.
The following fields are displayed:
Frame Check Sequence (FCS) Errors
— Number of frames received
that are an integral number of octets in length but do not pass the
FCS check.
Single Collision Frames
— Number of frames that are involved in a
single collision, and are subsequently transmitted successfully.
Late Collisions
— Number of collisions detected after the first 512
bits of data.
Dell PowerConnect 55xx Systems User Guide 607
Excessive Collisions
— Number of frames for which transmission fails
due to excessive collisions.
Internal MAC Transmit Errors
— Number of frames for which
reception fails due to an internal MAC sublayer receive error.
Oversize Packets
— Number of frames received that exceed the
maximum permitted frame size.
Received Pause Frames
— Number of MAC Control frames received
with a PAUSE operation code.
Transmitted Pause Frames
— Number of MAC Control frames
transmitted on this interface with a PAUSE operation code.
3
Select one of the
Refresh Rate
options to clears the statistics for the
selected interface.
Viewing Interface Statistics Using the CLI Commands
The following table contains the CLI commands for viewing utilization,
counters and interface statistics.
Table 21-2. Interface Statistics CLI Commands
CLI Command Description
show interfaces counters
[[gigabitethernet|tengigabit
ethernet] port-number|port-
channel LAG-number]
Displays traffic seen by the physical
interface.
608 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI command for all ports:
The following is an example of the CLI command for a single port:
console# show interfaces counters
Port InUcastPkts InMcastPkts InBcastPkts InOctets
------- ------------ ----------- ----------- --------
gi2/0/1 0 0 0 0
gi2/0/2 0 0 0 0
gi2/0/3 0 0 0 0
gi2/0/4 0 0 0 0
gi2/0/5 0 0 0 0
Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets
--------- ------------ ------------ ------------ ------------
gi2/0/1 0 0 0 0
gi2/0/2 0 0 0 0
gi2/0/3 0 0 0 0
gi2/0/4 0 0 0 0
console# show interfaces counters gi1/0/1
Port InUcastPkts InMcastPkts InBcastPkts InOctets
-------- ------------- ------------ ------------ ------------
gi1/0/1 0 0 0 0
Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets
-------- ----------- ------------ ------------ ------------
gi1/0/1 0 0 0 0
Alignment Errors: 0
FCS Errors: 0
Single Collision Frames: 0
Multiple Collision Frames: 0
SQE Test Errors: 0
Deferred Transmissions: 0
Late Collisions: 0
Excessive Collisions: 0
Carrier Sense Errors: 0
Oversize Packets: 0
Internal MAC Rx Errors: 0
Symbol Errors: 0
Received Pause Frames: 0
Dell PowerConnect 55xx Systems User Guide 609
GVRP Statistics
To display device GVRP statistics:
1
Click
Statistics/RMON
>
Table Views
>
GVRP Statistics
in the tree view
to display the
GVRP Statistics
page.
Figure 21-6. GVRP Statistics
2
Select a port/LAG.
The number of received and transmitted packets in the following counters
is displayed:
GVRP Statistics Table
Join Empty
— The number of GVRP Join Empty packets.
Empty
— The number of GVRP empty packets.
Leave Empty
— The number of GVRP Leave Empty packets.
Join In
— The number of GVRP Join In packets.
610 Dell PowerConnect 55xx Systems User Guide
Leave In
— The number of GVRP Leave In packets.
Leave All
— The number of GVRP Leave All packets.
GVRP Error Statistics
Invalid Protocol ID
— The number of GVRP Invalid Protocol ID
errors.
Invalid Attribute Type
— The number of GVRP Invalid Attribute ID
errors.
Invalid Attribute Value
— The number of GVRP Invalid Attribute
Value errors.
Invalid Attribute Length
— The number of GVRP Invalid Attribute
Length errors.
Invalid Event
— The number of GVRP Invalid Events errors.
3
Select one of the
Refresh Rate
options to specify how frequently the
statistics should be refreshed.
Viewing GVRP Statistics Using the CLI Commands
The following table contains the CLI commands for viewing GVRP statistics.
Table 21-3. GVRP Statistics CLI Commands
CLI Command Description
show gvrp statistics
[[gigabitethernet|tengigabitethernet
] interface|port-channel LAG-number]
Displays GVRP statistics.
show gvrp error-statistics
[[gigabitethernet|tengigabitethernet
] interface|port-channel LAG-number]
Displays GVRP error
statistics.
Dell PowerConnect 55xx Systems User Guide 611
The following is an example of the CLI commands:
console# show gvrp statistics
GVRP Statistics:
----------------
Legend:
rJE : Join Empty Received rJIn: Join In Received
rEmp : Empty Received rLIn: Leave In Received
rLE : Leave Empty Received rLA : Leave All Received
sJE : Join Empty Sent sJIn: Join In Sent
sEmp : Empty Sent sLIn: Leave In Sent
sLE : Leave Empty Sent sLA : Leave All Sent
Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA
----- ----- ----- ----- ----- ----- ----- ---- ----- ---- --- ---- ---
612 Dell PowerConnect 55xx Systems User Guide
EAP Statistics
For information about EAP, see "Dot1x Authentication" on page 127.
To display EAP statistics:
1
Click
Statistics/RMON
>
Table Views
>
EAP Statistics
in the tree view
to display the
EAP Statistics
page.
Figure 21-7. EAP Statistics
2
Select a port/LAG.
The following fields are displayed:
Frames Received
— The number of valid EAPOL frames received on
the port.
Frames Transmitted
— The number of EAPOL frames transmitted
via the port.
Dell PowerConnect 55xx Systems User Guide 613
Start Frames Receive
— The number of EAPOL Start frames received
on the port.
Log off Frames Receive
— The number of EAPOL Logoff frames
received on the port.
Respond ID Frames Receive
— The number of EAP Resp/ID frames
received on the port.
Respond Frames Receive
— The number of valid EAP Response
frames received on the port.
Request ID Frames Transmit
— The number of EAP Req/ID frames
transmitted via the port.
Request Frames Transmitted
— The number of EAP Request frames
transmitted via the port.
Invalid Frames Receive
— The number of unrecognized EAPOL
frames received on this port.
Length Error Frames Receive
— The number of EAPOL frames with
an invalid Packet Body Length received on this port.
Last Frame Version
— The protocol version number attached to the
most recently received EAPOL frame.
Last Frame Source
— The source MAC address attached to the most
recently received EAPOL frame.
3
Select one of the
Refresh Rate
options to specify how frequently the
statistics should be refreshed.
Viewing EAP Statistics Using the CLI Commands
The following table summarizes the CLI commands for viewing EAP
statistics.
Table 21-4. EAP Statistics CLI Commands
CLI Command Description
show dot1x statistics Displays 802.1X statistics for the
specified interface.
614 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console# show dot1x statistics gi1/0/1
EapolFramesRx: 11
EapolFramesTx: 12
EapolStartFramesRx: 1
EapolLogoffFramesRx: 1
EapolRespIdFramesRx: 3
EapolRespFramesRx: 6
EapolReqIdFramesTx: 3
EapolReqFramesTx: 6
InvalidEapolFramesRx: 0
EapLengthErrorFramesRx: 0
LastEapolFrameVersion: 1
LastEapolFrameSource: 0008.3b79.8787
Dell PowerConnect 55xx Systems User Guide 615
RMON Components
This section describes Remote Monitoring (RMON), which enables network
managers to display network information from a remote location.
It contains the following topics:
• Statistics
History Control
•History Table
•Events Control
•Events Log
•Alarms
616 Dell PowerConnect 55xx Systems User Guide
Statistics
To display device utilization statistics and errors that occurred on the device:
1
Click
Statistics/RMON
>
RMON
>
Statistics
in the tree view to display
the
Statistics
page.
Figure 21-8. Statistics
2
Select a port/LAG.
The following fields are displayed:
Received Bytes (Octets)
— Number of bytes received on the selected
interface.
Received Packets
— Number of packets received on the selected
interface.
Broadcast Packets Received
— Number of good Broadcast packets
received on the interface since the device was last refreshed. This
number does not include Multicast packets.
Dell PowerConnect 55xx Systems User Guide 617
Multicast Packets Received
— Number of good Multicast packets
received on the interface, since the device was last refreshed.
CRC&Align Errors
— Number of packets received with a length
(excluding framing bits, but including FCS octets) of between 64 and
1518 octets, inclusive, but with either a bad Frame Check Sequence
(FCS) with an integral number of octets (FCS Error) or a bad FCS
with a non-integral number of octets (Alignment Error).
Undersize Packets
— Number of packets received, less than 64 octets
long (excluding framing bits, but including FCS octets), and
otherwise well formed.
Oversize Packets
— Number of packets received, longer than 1518
octets (excluding framing bits, but including FCS octets), and
otherwise well formed.
Fragments
— Number of packets received, less than 64 octets in
length (excluding framing bits but including FCS octets), which has
either a bad Frame Check Sequence (FCS) with an integral number of
octets (FCS Error), or a bad FCS with a non-integral number of octets
(Alignment Error).
Jabbers
— Number of packets received, longer than 1518 octets
(excluding framing bits, but including FCS octets), and having either
a bad Frame Check Sequence (FCS) with an integral number of
octets (FCS Error), or a bad FCS with a non-integral number of octets
(Alignment Error).
Collisions
— Number of collisions received on the interface, since the
device was last refreshed.
Frames of 64 Bytes
— Number of 64-byte frames received on the
interface, since the device was last refreshed.
Frames of 65 to 127 Bytes
— Number of 65-127-byte frames received
on the interface, since the device was last refreshed.
Frames of 128 to 255 Bytes
— Number of 128-255-byte frames
received on the interface, since the device was last refreshed.
Frames of 256 to 511 Bytes
— Number of 256-511-byte frames
received on the interface, since the device was last refreshed.
Frames of 512 to 1023 Bytes
— Number of 512-1023-byte frames
received on the interface, since the device was last refreshed.
618 Dell PowerConnect 55xx Systems User Guide
Frames of 1024 to Max Octets
— Number of 1024-Max Octet frames
received on the interface, since the device was last refreshed.
3
Select one of the
Refresh Rate
options to specify how frequently the
statistics should be refreshed.
Configuring RMON Statistics Using the CLI Commands
The following table contains the CLI commands for viewing and enabling
RMON statistics.
The following is an example of the CLI commands:
Table 21-5. Configuring RMON Statistics Using CLI Command
CLI Command Description
show rmon statistics
{[gigabitethernet|tengigabiteth
ernet] interface|port-channel
LAG-number]
Displays RMON Ethernet statistics.
console# show rmon statistics gi1/0/1
Port te1/0/1
Dropped: 0
Octets: 0 Packets: 0
Broadcast: 0 Multicast: 0
CRC Align Errors: 0 Collisions: 0
Undersize Pkts: 0 Oversize Pkts: 0
Fragments: 0 Jabbers: 0
64 Octets: 0 65 to 127 Octets: 1
128 to 255 Octets: 1 256 to 511 Octets: 1
512 to 1023 Octets: 0 1024 to max Octets: 0
Dell PowerConnect 55xx Systems User Guide 619
History Control
To display the requested RMON history group statistics or request a new
sample of interface statistics:
1
Click
Statistics/RMON
>
RMON
>
History Control
in the tree view to
display the
History Control: Summary
page.
Figure 21-9. History Control: Summary
Previously-defined samples are displayed.
2
To add a new entry, click
Add
. The
New History Entry
number, which
uniquely identifies the sample, is displayed.
3
Enter the fields for the entry:
Source Interface
— Sampled Ethernet interface.
Owner (0-20 characters)
— RMON station or user that configured the
entry.
620 Dell PowerConnect 55xx Systems User Guide
Max No. of Samples to Keep (1-50)
— Number of samples to be
saved.
Sampling Interval (1-3600)
— The time interval in seconds between
samples.
Configuring RMON History Control Using the CLI Commands
The following table contains the CLI commands for configuring RMON
history control.
The following is an example of the CLI commands:
Table 21-6. RMON History Control CLI Commands
CLI Command Description
rmon collection stats index
[owner ownername|bucket
bucket-number] [interval
seconds]
no rmon collection stats index
Enables and configures RMON on an
interface.
Use the no form of this command to
remove a specified RMON history
group of statistics.
show rmon collection history
[[gigabitethernet|tengigabitet
hernet] interface|port-channel
LAG-number]
Displays RMON collection history
statistics.
console(config)# interface gi1/0/8
console(config-if)# rmon collection stats 1 interval
2400
Dell PowerConnect 55xx Systems User Guide 621
History Table
The
History Table
page displays interface-specific statistical network
samplings. Each table entry represents the counter values compiled during a
single sample.
To display RMON statistics for a specified sample:
1
Click
Statistics/RMON

RMON

History Table
in the tree view to
display the
History Table
page.
Figure 21-10. History Table
2
Select a
History Entry No
.
The following fields are displayed:
Owner
— RMON station or user that requested the RMON
information.
Sample No.
— Number of the specific sample the information in the
table reflects.
622 Dell PowerConnect 55xx Systems User Guide
Drop Events
— Number of dropped packets due to lack of network
resources during the sampling interval. This may not represent the
exact number of dropped packets, but rather the number of times
dropped packets were detected.
Received Bytes (Octets)
— Number of data octets, including bad
packets, received on the network.
Received Packets
— Number of packets received during the sampling
interval.
Broadcast Packets
— Number of good Broadcast packets received
during the sampling interval.
Multicast Packets
— Number of good Multicast packets received
during the sampling interval.
CRC Align Errors
— Number of packets received during the sampling
session, with a length of between 64-1632 octets, who had a bad
Check Sequence (FCS) with an integral number of octets, or a bad
FCS with a non-integral number.
Undersize Packets
— Number of packets, having less than 64 octets,
received during the sampling session.
Oversize Packets
— Number of packets having more than 1632 octets,
received during the sampling session.
Fragments
— Number of packets, having less than 64 octets and
having a FCS, received during the sampling session.
Jabbers
— Number of packets, having more than 1632 octets and who
had an FCS, received during the sampling session.
Collisions
— Estimated number of packet collision that occurred
during the sampling session. Collisions are detected when repeater
port detects two or more stations transmitting simultaneously.
Utilization
— Estimated main physical layer network usage on an
interface during the session sampling. The value is stated in
hundredths of a percent.
Dell PowerConnect 55xx Systems User Guide 623
Viewing the RMON History Table Using the CLI Commands
The following table contains the CLI commands for viewing the RMON
history table.
The following is an example of a CLI command:
Table 21-7. RMON History Table CLI Commands
CLI Command Description
show rmon history index
{throughput|errors|other
} [period seconds]
Displays RMON Ethernet statistics history.
console# show rmon history 1 throughput
Sample Set: 1
Interface: 1/0/1
Requested samples: 50
Owner: CLI
Interval: 1800
Granted samples: 50
Maximum table size: 500
Time
--------------------
Jan 18 2005 21:57:00
Octets
---------
303595962
Packets
--------
357568
Broadcast
---------
3289
Multicast
----------
7287
Util
--------
19%
624 Dell PowerConnect 55xx Systems User Guide
Events Control
Events are actions that are performed when an alarm is generated (alarms are
defined in the Alarms page).
An event can be any combination of logs/traps. If the action includes logging,
then the events are logged in the Events Log page.
To define an RMON event:
1
Click
Statistics/RMON
>
RMON
>
Events Control
in the tree view to
display the
Events Control: Summary
page.
Figure 21-11. Events Control: Summary
The currently-defined events are displayed. Along with the fields described
in the
Events Control: Add
page, the following field is displayed for the
events:
Time
— The time that the event occurred.
2
To define a new event, click
Add
.
Dell PowerConnect 55xx Systems User Guide 625
3
Enter the fields:
Event Entry
— Displays a new event number.
Community
— Enter the community to which the event belongs or
keep the default community.
Description
— Enter the event description.
Ty p e
— Select the event action. The possible options are:
None
— No action is taken.
Log
— When an alarm occurs, a log entry is recorded.
Trap
— When an alarm occurs, a trap is generated.
Log and Trap
— When an alarm occurs, a log entry is recorded
and a trap is generated.
Owner
— Enter the event owner.
Defining RMON Events Using the CLI Commands
The following table contains the CLI commands for defining RMON events.
Table 21-8. RMON Event Definition CLI Commands
CLI Command Description
rmon event index
{none|log|trap|log-trap}
[community text]
[description text] [owner
name]
no rmon event index
Configures an event.
Use the no form of this command to
remove an event.
show rmon events Displays RMON event table.
626 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console(config)# rmon event 1 log
console(config)# exit
console# show rmon events
Index Description Type Community Owner Last Time
Sent
----- ----------- ------ --------- ----- -----------
1 Errors Log Default
Community
CLI Jan 18 2002
23:58:17
2 High
Broadcast
Log-
Trap
Router Manager Jan 18 2002
23:59:48
Dell PowerConnect 55xx Systems User Guide 627
Events Log
The Events log displays the log of events that occurred. An event is logged
when the type of the event is Log or Log and Trap. The action in the event is
performed when the event is bound to an alarm (see the Alarms page) and
the conditions of the alarm have occurred.
To display the events log:
•Click
Statistics/RMON
>
RMON
>
Events
Log
in the tree view to
display the
Events Control
page.
Figure 21-12. Events Control
The following fields are displayed:
Event
— The event identifier.
Log No.
— The log number.
Log Time
— Time when the log entry was entered.
628 Dell PowerConnect 55xx Systems User Guide
Description
— Description of the log entry.
Viewing Device Events Using the CLI Commands
The following table contains the CLI commands for viewing device events.
The following is an example of the CLI commands:
Alarms
RMON alarms provide a mechanism for setting thresholds and sampling
intervals to generate exception events on a counter or any other SNMP object
counter maintained by the agent.
Both the rising and falling thresholds must be configured in the alarm. After a
rising threshold is crossed, another rising event is not generated until the
companion falling threshold is crossed. After a falling alarm is issued, the next
Table 21-9. Device Event Viewing CLI Commands
CLI Command Description
show rmon log [event]Displays the RMON logging table.
console(config)# rmon event 1 log
console> show rmon log
Maximum table size: 500
Event Description Time
----- --------------- --------------
1 Errors Jan 18 2002 23:58:17
2 High Broadcast Jan 18 2002 23:59:48
Dell PowerConnect 55xx Systems User Guide 629
alarm is issued when a rising threshold is crossed. One or more alarms are
bound to an event. The event indicates the action to be taken when the alarm
occurs.
To add an RMON alarm:
1
Click
Statistics/RMON
>
RMON
>
Alarms
in the tree view to display
the
Alarms: Summary
page.
Figure 21-13. Alarms: Summary
The currently-defined alarms are displayed.
2
To add a new alarm, click
Add
and enter the fields:
Alarm Entry
— Displays a new alarm entry.
Interface
Select the interface for which RMON statistics are
displayed.
Counter Name
— Select the selected MIB variable.
630 Dell PowerConnect 55xx Systems User Guide
Sample Type
— Select the sampling method for the selected variable
and comparing the value against the thresholds. The possible options
are:
Delta
— Subtracts the last sampled value from the current value.
The difference in the values is compared to the threshold.
Absolute
— Compares the values directly with the thresholds at
the end of the sampling interval.
Rising Threshold
(0–2147483647
) — Enter the rising counter value
that triggers the rising event alarm.
Rising Event
— Select one of the previously-defined events.
Falling Threshold
(0–2147483647
) — Enter the falling counter value
that triggers the falling event alarm.
Falling Event
— Select one of the previously-defined events.
Startup Alarm
— Select the trigger that activates the alarm. The
possible options are:
Rising Alarm
— A rising counter value triggers the alarm
Falling Alarm
— A falling counter value triggers the alarm.
Rising and Falling
— Both rising and falling counter values
trigger the alarm.
Interval (1–2147483647)
— Enter the alarm interval time in seconds.
This is the interval in seconds over which the data is sampled and
compared with the rising and falling thresholds.
Owner
— Enter the name of the user or network management system
that receives the alarm.
Dell PowerConnect 55xx Systems User Guide 631
Defining Device Alarms Using the CLI Commands
The following table contains the CLI commands for defining device alarms.
Table 21-10. Device Alarm CLI Commands
CLI Command Description
rmon alarm index
MIB_Object_ID interval
rthreshold fthreshold
revent fevent [type type]
[startup direction] [owner
name]
no rmon alarm index
Configures RMON alarm conditions.
Use the no form of this command to
remove an alarm.
show rmon alarm-table Displays summary of the alarm table.
show rmon alarm number Displays the RMON alarm
configuration.
632 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console(config)# rmon alarm 1000
1.3.6.1.2.1.2.2.1.10.1 360000 1000000 1000000 10 20
console# show rmon alarm-table
Index
-----
123
OID
----------------------
1.3.6.1.2.1.2.2.1.10.1
1.3.6.1.2.1.2.2.1.10.1
1.3.6.1.2.1.2.2.1.10.9
Owner
-------
CLI
Manager
CLI
Dell PowerConnect 55xx Systems User Guide 633
Charts
This section describes how to display statistics as charts.
It contains the following topics:
•Ports
•LAGs
CPU Utilization
Ports
To display port statistics in chart format:
1
Click
Statistics/RMON
>
Charts
>
Ports
in the tree view to display the
Ports
page.
Figure 21-14. Ports
2
Select the unit ID of a unit in the stack for which you want to display
statistics.
634 Dell PowerConnect 55xx Systems User Guide
3
Check the type of statistics to be displayed:
Interface Statistics
— Select the interface statistics to display.
Etherlike Statistics
— Select the frame error statistics to display.
RMON Statistics
— Select the RMON statistics to display.
GVRP Statistics
— Select the GVRP statistics type to display.
Refresh Rate
— Select the amount of time that passes before the
statistics are refreshed.
4
To draw a chart for the selected statistics, click
Draw
. The chart for the
selected statistic is displayed on the page.
Dell PowerConnect 55xx Systems User Guide 635
Viewing Port Statistics Using the CLI Commands
The CLI commands for viewing port statistics are the same CLI commands
described above. The Ports page simply shows the same statistics in chart
form.
LAGs
To display LAG statistics in chart format:
1
Click
Statistics/RMON
>
Charts
>
LAGs
in the tree view to display the
LAGs
page.
Figure 21-15. LAGs
2
Check the type of statistics to be displayed:
Interface Statistics
— Select the interface statistics to display.
Etherlike Statistics
— Select the frame error statistics to display.
RMON Statistics
— Select the RMON statistics to display.
636 Dell PowerConnect 55xx Systems User Guide
GVRP Statistics
— Select the GVRP statistics type to display.
Refresh Rate
— Select the amount of time that passes before the
statistics are refreshed.
3
To draw a chart for the selected statistics, click
Draw
. The chart for the
selected statistic is displayed on the page.
Viewing LAG Statistics Using the CLI Commands
The following table contains the CLI commands for viewing LAG statistics.
Table 21-11. LAG Statistic CLI Commands
CLI Command Description
show interfaces counters
[[gigabitethernet|tengigabitet
hernet] interface|port-channel
LAG-number]
Displays traffic seen by the physical
interface.
show rmon statistics
{[gigabitethernet|tengigabitet
hernet] interface|port-channel
LAG-number}
Displays RMON Ethernet
statistics.
show gvrp statistics
{[gigabitethernet|tengigabitet
hernet] interface|port-channel
LAG-number}
Displays GVRP statistics.
show gvrp-error statistics
{[gigabitethernet|tengigabitet
hernet] interface|port-channel
LAG-number}
Displays GVRP error statistics.
Dell PowerConnect 55xx Systems User Guide 637
The following is an example of the CLI commands:
console# show rmon statistics gi1/0/1
Port gi1/0/1
Dropped: 0
Octets: 0 Packets: 0
Broadcast: 0 Multicast: 0
CRC Align Errors: 0 Collisions: 0
Undersize Pkts: 0 Oversize Pkts: 0
Fragments: 0 Jabbers: 0
64 Octets: 0 65 to 127 Octets: 1
128 to 255 Octets: 1 256 to 511 Octets: 1
512 to 1023 Octets: 0 1024 to max Octets: 0
638 Dell PowerConnect 55xx Systems User Guide
CPU Utilization
Use the CPU Utilization page to display the system’s CPU utilization and
percentage of CPU resources consumed by each unit in the stack. Each unit
in the stack is assigned a color on the graph.
To display CPU utilization in chart format:
1
Click
Statistics/RMON
>
Charts
>
CPU Utilization
in the tree view to
display the
CPU Utilization
page.
Figure 21-16. CPU Utilization
2
Select the
Refresh Rate
to specify how frequently the statistics should be
refreshed.
3
The CPU utilization chart is displayed.
Dell PowerConnect 55xx Systems User Guide 639
Viewing CPU Utilization Using CLI Commands
The following table summarizes the CLI commands for viewing CPU
utilization.
The following is an example of the CLI commands:
Table 21-12. CPU Utilization CLI Commands
CLI Command Description
show cpu utilization Displays CPU utilization.
console# show cpu utilization
CPU utilization service is on.
CPU utilization
--------------------------
five seconds: 5%; one minute: 3%; five minutes: 3%
Dell PowerConnect 55xx Systems User Guide 640
22
Quality of Service
This section provides information for configuring Quality of Service (QoS).
It contains the following topics:
QoS Features and Components
• General
•QoS Basic Mode
QoS Advanced Mode
•QoS Statistics
Dell PowerConnect 55xx Systems User Guide 641
QoS Features and Components
The QoS feature is used to optimize network performance. It provides
classification of incoming traffic into traffic classes, based on one or more
attributes, including:
Device configuration
–Ingress interface
Packet contents
QoS includes the following features:
Traffic Classification
— Classifies each incoming packet, as belonging to
a specific traffic flow, based on the packet contents and/or interface. The
classification is done by an ACL (Access Control List), and only traffic
that meets the ACL criteria is subject to classification.
Assignment to Hardware Queues
— Assigns incoming packets to
forwarding queues. Packets are sent to a particular queue for handling as a
function of the traffic class to which they belong.
Other Traffic Class-Handling Attribute
— Applies QoS mechanisms to
various classes, including bandwidth management.
QoS Modes
A single QoS mode is selected and applies to all interfaces in the system. The
modes are:
Basic Mode — Class of Service (CoS)
.
Traffic is divided into classes that determine how it is treated. All
traffic in a class is treated with the same QoS action. The QoS action
for the class of traffic determines the egress queue on the egress port,
based on the indicated QoS value in the incoming frame.
The QoS value in the incoming frame is:
Layer 2 Packets
— VLAN Priority Tag (VPT) 802.1p value
Layer 3 IPv4 Frames
— Differentiated Service Code Point
(DSCP) value
Layer 3 IPv6 Frames
—Traffic Class (TC) value
When operating in Basic mode, the switch trusts this
externally-assigned QoS value.
642 Dell PowerConnect 55xx Systems User Guide
This is the default QoS mode.
Advanced Mode — Per-flow Quality of Service (QoS)
.
In Advanced mode, a per-flow QoS consists of a class map and a policer:
A class map defines the kind of traffic in a flow, and contains one or
more ACLs. Packets that match the ACLs belong to the flow.
A policer applies the configured QoS to a flow. The QoS configuration
of a flow may consist of the egress queue, the DSCP or CoS value, and
actions on out-of-profile (excess) traffic.
Disable Mode (QoS is not enabled)
In this mode, all traffic is mapped to a single best-effort queue, so that no
type of traffic is prioritized over another.
Only a single mode can be active at a time. When the system is configured to
work in QoS Advanced mode, settings for QoS Basic mode are not active and
vice versa.
When the QoS mode is changed, the following occurs:
When changing from Advanced mode to any other mode, policy profile
definitions and class maps are deleted. ACLs, which are bonded directly to
interfaces, remain bonded.
When changing from Basic mode to Advanced mode, the QoS Trust mode
configuration in Basic mode is not retained.
When disabling QoS, the shaper and queue setting (WRR/SP bandwidth
settings) are reset to default values.
All other user configurations remain intact.
Dell PowerConnect 55xx Systems User Guide 643
General
This section contains the following topics:
•QoS Mode
QoS Properties
•Queue
Mapping to Queue
•Bandwidth
TCP Congestion Avoidance
QoS Mode
To enable/disable the QoS mode:
1
Click
Quality of Service
>
General
>
QoS Mode
in the tree view to
display the
QoS Mode
page.
Figure 22-1. QoS Mode
2
Select the
QoS Mode
. The possible options are:
Basic
— QoS is enabled in Basic mode on the switch
644 Dell PowerConnect 55xx Systems User Guide
Advanced
— QoS is enabled in Advanced mode on the switch.
Disable
— QoS is not enabled on the switch.
Setting QoS Mode Using CLI Commands
The following table summarizes the CLI commands for setting the QoS
mode.
The following is an example of the CLI commands:
Table 22-1. QoS Mode CLI Commands
CLI Command Description
qos [basic|advanced]
no qos
Enables QoS on the device.
Use the no form of this command to disable QoS
on the device
show qos Displays the QoS mode.
console(config)# qos basic
Dell PowerConnect 55xx Systems User Guide 645
QoS Properties
To set the default CoS value on incoming, untagged packets:
1
Click
Quality of Service
>
General
>
QoS Properties
in the tree view to
display the
QoS Properties: Summary
page.
Figure 22-2. QoS Properties: Summary
The default CoS values for all interfaces on the selected unit are displayed.
2
To modify the CoS value for an interface, click
Edit
, and enter the fields:
Interface
— Select a port or LAG if required.
Set Default CoS
— Enter the default CoS tag value for untagged
packets.
646 Dell PowerConnect 55xx Systems User Guide
Configuring QoS Properties Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the QoS Properties: Summary page.
The following is an example of the CLI command:
Queue
The switch supports eight queues for each interface. Queue number eight is
the highest priority queue. Queue number one is the lowest priority queue.
Traffic Limitation Methods
There are two ways of determining how traffic in queues is handled, Strict
Priority and Weighted Round Robin (WRR):
Strict Priority
— Egress traffic from the highest-priority queue is
transmitted first. Traffic from the lower queues is processed only after the
highest queue has been transmitted, thus providing the highest level of
priority of traffic to the lowest-numbered queue.
Weighted Round Robin (WRR)
— In WRR mode, the number of packets
sent from the queue is proportional to the weight of the queue (the higher
the weight, the more frames are sent). For example, if all eight queues are
WRR and the default weights are used, queue 1 receives 1/15 of the
bandwidth (assuming all queues are saturated and there is congestion),
queue 2 receives 2/15, queue 3 receives 4/15, and queue 8 receives 8/15 of
the bandwidth. The type of WRR algorithm used in the device is not the
standard Deficit WRR (DWRR), but rather Shaped Deficit WRR
(SDWRR).
Table 22-2. QoS Properties CLI Commands
CLI Command Description
qos cos default-cos
no qos cos
Defines the default CoS value of a port.
Use the no form of this command to restore the
default configuration.
console(config)# interface gi1/0/15
console(config-if)# qos cos 3
Dell PowerConnect 55xx Systems User Guide 647
Combination of WRR and Strict Priority
The priority for handling traffic can be selected for each queue. When the
queuing mode is Weighted Round Robin for all queues, queues are serviced
according to their weights. If all queues are assigned strict priority, queues are
serviced according to that order.
The following is true if some queues are assigned strict priority and others are
assigned WRR:
If one queue is assigned strict priority, all higher queues are also assigned
strict priority. Conversely, if a queue is assigned a WRR weight, all lower
queues must also have a WRR weight assigned to them.
In the above case, traffic for the strict priority queues is always sent before
traffic from the WRR queues. Traffic from the WRR queues is forwarded
only after the strict priority queues have been emptied. The relative
portion from each WRR queue depends on its weight.
648 Dell PowerConnect 55xx Systems User Guide
To select the priority method and enter WRR weights:
1
Click
Quality of Service
>
General
>
Queue
in the tree view to display
the
Queue
page.
Figure 22-3. Queue
The queues are displayed.
2
Enter the parameters for the queues:
Strict Priority
— Check to indicate that traffic scheduling for the
selected queue, and all higher queues, is based strictly on the queue
priority.
WRR
— Check to indicate that traffic scheduling for the selected
queue is based on WRR. The time period is divided between the
WRR queues that are not empty, meaning they have descriptors to
egress. This happens only if strict priority queues are empty.
Dell PowerConnect 55xx Systems User Guide 649
Scheduling WRR Weight
— If WRR is selected, enter the WRR
weight assigned to the queue.
% of WRR Bandwidth
— Displays the amount of bandwidth assigned
to the queue. These values represent the percent of the WRR weight.
Configuring Queue Settings Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the Queue page.
The following is an example of the CLI commands:
Mapping to Queue
This section provides information for mapping DSCP and CoS values to
service queues, and contains the following topics:
•CoS to Queue
•DSCP to Queue
Table 22-3. Queue Setting CLI Commands
CLI Command Description
priority-queue out num-of-
queues number-of-queues
no priority-queue out num-
of-queues
Configures the number of expedite
queues.
Use the no form of this command to
restore the default configuration.
wrr-queue bandwidth weight1
weight2 ... weight_n
no wrr-queue bandwidth
Assigns WRR weights to egress queues.
Use the no form of this command to
restore the default configuration.
console(config)# priority-queue out num-of-queues 2
console(config-if)# wrr-queue bandwidth 6 6 6 6 6 6
650 Dell PowerConnect 55xx Systems User Guide
CoS to Queue
The CoS to Queue page maps CoS priorities to an egress queue, meaning
that the egress queues of the incoming packets is based on the CoS priority in
their VLAN Tags. For incoming, untagged packets, the CoS priority is the
default CoS priority assigned to ingress ports.
By changing CoS to Queue mapping, Queue schedule method, and
bandwidth allocation, it is possible to achieve the desired quality of services in
a network.
The CoS to Queue mapping is applicable only if one of the following exists:
The switch is in QoS Basic mode, and CoS is the trusted mode.
The switch is in QoS Advanced mode, and the packets belong to flows that
are CoS trusted.
Dell PowerConnect 55xx Systems User Guide 651
To map CoS values to egress queues:
1
Click
Quality of Service
>
General
>
CoS to Queue
in the tree view to
display the
CoS to Queue
page.
Figure 22-4. CoS to Queue
The CoS/queue mappings are displayed.
2
Enter the fields:
Class of Service
— The CoS priority tag values, where zero is the
lowest priority and 7 is the highest priority.
Queue
— The queue to which the CoS priority is mapped.
652 Dell PowerConnect 55xx Systems User Guide
Mapping CoS Priorities to Queues Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the CoS to Queue
page .
The following is an example of the CLI commands:
DSCP to Queue
The DSCP to Queue mapping determines the egress queues of the incoming
IP packets, based on their DSCP values. The original VPT (VLAN Priority
Tag) of the packet is unchanged.
By changing the DSCP to Queue mapping, the Queue schedule method, and
bandwidth allocation, it is possible to achieve improved quality of service in a
network.
The DSCP to Queue mapping is applicable to IP packets when:
The switch is in Basic mode and DSCP is the trusted mode
The switch is in Advanced mode and the packets belongs to flows that are
DSCP trusted
Non-IP packets are always classified to the best-effort queue.
Table 22-4. CoS to Queue CLI Commands
CLI Command Description
wrr-queue cos-map queue-id
cos1 ... cos8
no wrr-queue cos-map [queue-
id]
Maps CoS values to the egress queues.
Use the no form of this command to
restore the default configuration.
console(config)# wrr-queue cos-map 4 7
Dell PowerConnect 55xx Systems User Guide 653
To map DSCP to queues:
1
Click
Quality of Service
>
General
>
DSCP to Queue
in the tree view to
display the
DSCP to Queue
page.
Figure 22-5. DSCP to Queue
The DSCP values in the incoming packet and its associated queues are
displayed.
2
Enter the fields:
DSCP In
— The values of the DSCP field in the incoming packet.
Queue
— The queue to which packets with the specific DSCP value is
assigned. The values are 1-8, where 1 is the lowest value, and 8 is the
highest.
654 Dell PowerConnect 55xx Systems User Guide
Mapping DSCP Values to Queues Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the DSCP to Queue
page.
The following is an example of the CLI command:
Bandwidth
The amount of traffic that can be received and transmitted on an interface
can be limited by the following:
Ingress Rate Limit
— Number of bits per second that can be received
from the ingress interface. Excess bandwidth above this limit is discarded.
Egress Shaping Rates
is defined by the following:
Committed Information Rate (CIR) sets the average maximum
amount of data allowed to be sent on the egress interface, measured in
bits per second
Committed Burst Shape (CBS) sets the maximum burst of data that
is allowed to be sent, even though it is above the CIR. This is defined
in number of bytes of data.
Table 22-5. DSCP to Queue CLI Commands
CLI Command Description
qos map dscp-queue dscp-list to
queue-id
no qos map dscp-queue [dscp-
list]
Modifies the DSCP to queue
mapping.
Use the no form of this command to
restore the default configuration.
console(config)# qos map dscp-queue 33 40 41 to 1
Dell PowerConnect 55xx Systems User Guide 655
To configure bandwidth limitation:
1
Click
Quality of Service
>
General
>
Bandwidth
in the tree view to
display the
Bandwidth: Summary
page.
Figure 22-6. Bandwidth: Summary
The ingress and egress rates are displayed for all ports on the selected unit.
2
To set interface parameters, click
Edit
.
3
Select an interface, and enter the fields:
Enable Ingress Rate Limit
— Enable/disable ingress traffic limit for
the interface. If this field is selected, enter the Ingress Rate Limit.
Ingress Rate Limit
— Enter the ingress traffic limit for the interface.
656 Dell PowerConnect 55xx Systems User Guide
Egress Shaping Rate
— Enable/disable egress traffic limitation. If this
field is selected, enter the following fields.
Committed Information Rate (CIR)
— Enter the average maximum
amount of data allowed to be sent on the egress interface, measured in
bits per second.
Committed Burst Size (CBS)
— Enter the maximum burst of data
that is allowed to be sent on the egress interface, even though it is
above the CIR. This is defined in number of bytes of data.
Configuring Bandwidth Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the Bandwidth pages.
The following is an example of the CLI commands:
Table 22-6. Bandwidth CLI Commands
CLI Command Description
traffic-shape committed-rate
[committed-burst]
no traffic-shape
Sets shaper on egress port.
Use no form in order to disable
the shaper.
rate-limit committed-rate-kbps
[burst committed-burst-byte]
no rate-limit
Limits the rate of the incoming
traffic.
Use the no form to disable rate
limit.
console(config)# interface gi1/0/5
console(config-if)# traffic-shape 124000 9600
console(config-if)# rate-limit 150000
Dell PowerConnect 55xx Systems User Guide 657
TCP Congestion Avoidance
Use the TCP Congestion Avoidance page to activate a congestion avoidance
algorithm. The algorithm breaks up or prevents TCP global synchronization
in a congested node, where the congestion is due to various sources sending
packets with the same byte count.
To configure TCP congestion avoidance:
1
Click
Quality of Service
>
General
>
TCP Congestion Avoidance
in the
tree view to display the
TCP Congestion Avoidance
page.
NOTE: TCP Congestion Avoidance increases network reliability, but it also
increases network traffic. Continue only if you are sure it will improve overall
network performance. For this change to be effective you must save the
configuration and reboot the device.
Figure 22-7. TCP Congestion Avoidance
2
Check
TCP Congestion Avoidance
to enable the algorithm.
658 Dell PowerConnect 55xx Systems User Guide
Configuring TCP Congestion Avoidance Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the
TCP Congestion Avoidance
page.
The following is an example of the CLI commands:
Table 22-7. TCP Congestion Avoidance CLI Commands
CLI Command Description
qos wrr-queue wrtd
no qos wrr-queue wrtd
Enables Weighted Random Tail Drop (WRTD).
Use the no form of this command to disable
WRTD.
console(config)# qos wrr-queue wrtd
This setting will take effect only after copying running
configuration to startup configuration and resetting the
device.
Dell PowerConnect 55xx Systems User Guide 659
QoS Basic Mode
This section describes QoS Basic mode.
It contains the following topics:
•Basic Mode Overview
Workflow to Configure Basic Mode
Global Settings
•DSCP Rewrite
Interface Settings
Basic Mode Overview
In QoS Basic mode, a specific domain in the network can be defined as
trusted. Within that domain, packets are marked with CoS priority and/or
DSCP values, to signal the type of service they require. Nodes within the
domain use these fields to assign the packet to a specific output queue. The
initial packet classification and marking of these fields is done in the ingress
of the trusted domain.
Workflow to Configure Basic Mode
To configure Basic QoS mode, perform the following:
1
Select Basic mode for the system in the
QoS Mode
page
.
2
Select the trust-behavior in the
Global Settings
page.
3
If there is any port that, as an exception, should not trust the incoming
CoS mark, disable the QoS state on that port in the
Interface Settings
pages
.
If a port is disabled without trusted mode, all its ingress packets are
forwarded in best effort. It is recommended that you disable the trusted
mode at the ports where the CoS and/or DSCP values in the incoming
packets are not trustworthy. Otherwise, performance in the network might
be negatively affected.
4
If you selected DSCP Rewrite in the
Global Settings
page, set the DSCP
in/out values in the
DSCP Rewrite
page.
660 Dell PowerConnect 55xx Systems User Guide
Global Settings
Use the Global Settings page to enable Trust on all interfaces on the switch.
This configuration is only active when the QoS mode is Basic. Packets
entering a QoS domain are classified at the edge of the QoS domain.
For more information on setting Trust mode on an interface, see "Interface
Settings" on page 664.
To define Trust configuration:
1
Click
Quality of Service
>
QoS Basic Mode
>
Global Settings
in the tree
view to display the
Global Settings
page.
Figure 22-8. Global Settings
Dell PowerConnect 55xx Systems User Guide 661
2
Enter the fields:
Trust Mode
— Enable/disable Trust mode.
CoS
— Traffic is mapped to queues, based on the VPT field in the
VLAN tag, or based on the per-port default CoS value (if there is
no VLAN tag on the incoming packet). The mapping of the VPT
to queue can be configured in the
CoS to Queue
page.
DSCP
— All IP traffic is mapped to queues, based on the DSCP
field in the IP header. The mapping of the DSCP to queue is
configured in the
DSCP to Queue
page.
Always Rewrite DSCP
— Check to always rewrite the DSCP values in
the incoming packets with the new values set in the
DSCP to Queue
page. When this field is enabled, the switch uses the new DSCP
values to select the egress queue.
Assigning Global Settings Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the
Global Settings
page.
The following is an example of the CLI commands:
Table 22-8. Global Settings CLI Commands
CLI Command Description
qos trust {cos|dscp}
no qos trust
Configures the system to either the
CoS or DSCP trust state.
Use the no form of this command to
return to the default configuration.
qos dscp-mutation
no qos dscp-mutation
Applies the DSCP Mutation map to
system DSCP trusted ports.
Use the no form of this command to
restore the trusted port with no
DSCP mutation.
console(config)# qos trust dscp
console(config)# qos dscp-mutation
662 Dell PowerConnect 55xx Systems User Guide
DSCP Rewrite
Use the
DSCP Rewrite
page
to rewrite the DSCP tags for incoming traffic,
when different DSCP values are used in the incoming and outgoing domains.
Changing the DSCP value used in one domain to the DSCP value used in the
other domain preserves the priority of traffic used in the first domain.
As an example, assume that there are three levels of service: Silver, Gold, and
Platinum. The DSCP incoming values used to mark these levels are 10, 20,
and 30 respectively. If this traffic is forwarded to another service provider that
has the same three levels of service, but uses DSCP values 16, 24, and 48, the
values set in the DSCP Rewrite page are used to change the incoming values
to the outgoing values.
These settings are active globally when the system is in QoS Basic mode.
Dell PowerConnect 55xx Systems User Guide 663
To map DSCP In values to DSCP Out values:
1
Click
Quality of Service
>
QoS Basic Mode
>
DSCP Rewrite
in the tree
view to display the
DSCP Rewrite
page.
Figure 22-9. DSCP Rewrite
664 Dell PowerConnect 55xx Systems User Guide
2
For each
DSCP In
value (DSCP value of the incoming packet) that needs
to be rewritten to an alternative value, set a
DSCP Out
value.
Assigning DSCP Rewrite Values Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the
DSCP Rewrite
page.
The following is an example of the CLI commands:
Interface Settings
QoS Trust mode can be configured on each port of the switch, as follows:
QoS Trust State Disabled on an Interface
— All inbound traffic on the
port is mapped to the best effort queue and no classification/prioritization
takes place.
QoS Trust State Enabled on an Interface
— Port prioritized traffic on
ingress is based on the system- wide configured trusted mode, which is
either CoS Trusted mode or DSCP Trusted mode.
Table 22-9. DSCP Rewrite CLI Commands
CLI Command Description
qos map dscp-mutation in-
dscp to out-dscp
no qos map dscp-mutation
[in-dscp]
Configures the DSCP to DSCP Mutation
table.
Use the no form of this command to restore
the default configuration.
console(config)# qos map dscp-mutation 1 2 4 5 6 to 63
Dell PowerConnect 55xx Systems User Guide 665
To define QoS Trust for an interface:
1
Click
Quality of Service
>
QoS Basic Mode
>
Interface Settings
in the
tree view to display the
Interface Settings: Summary
page.
Figure 22-10. Interface Settings: Summary
Trust mode is displayed for each interface on the selected unit.
2
To change the QoS trust state for an interface, click
Edit
, and select an
interface on a unit.
3
Enable/disable the
QoS Trust State
.
666 Dell PowerConnect 55xx Systems User Guide
Assigning Interface Settings Using CLI Commands
The following table summarizes the CLI commands for configuring fields in
the
Interface Settings
page.
The following is an example of the CLI commands:
Configuring QoS Basic Mode Using CLI Commands
The following is a sample script configuring QoS Basic mode.
Table 22-10. Interface Settings CLI Commands
CLI Command Description
qos trust
no qos trust
Enables each port trust state while the
system is in the basic QoS mode.
Use the no form of this command to
disable the trust state on each port.
show qos interface[buffers |
queueing | policers | shapers
| rate-limit] [interface-id]]
Displays QoS information on the
interface.
console(config)# interface gi1/0/15
console(config-if)# qos trust
Table 22-11. Sample CLI Script to Configure QoS Basic Mode
CLI Command Description
console#configure
console(config)# qos basic
Enable QoS in Basic mode.
console(config)#mac access-list
extended MAC1
Define an ACL named
"MAC1"
console(config-mac-a1)#deny
00:00:00:00:00:11 00:00:00:00:00:ff
any
MAC1 discards all traffic with
source MAC
00:00:00:00:00:XX addresses.
console(config-mac-a1)# permit any
any
MAC1 permits all other
traffic.
console(config-mac-a1)#exit Exit ACL mode.
Dell PowerConnect 55xx Systems User Guide 667
console(config)#interface gi1/0/1 Enter Interface mode on port
gi1/0/1.
console(config-if)#service-acl input
mac1
Bind MAC1 to port gi1/0/1.
Table 22-11. Sample CLI Script to Configure QoS Basic Mode (Continued)
CLI Command Description
668 Dell PowerConnect 55xx Systems User Guide
QoS Advanced Mode
This section describes QoS Advanced mode.
It contains the following topics:
Advanced Mode Overview
Workflow to Configure Advanced QoS Mode
DSCP Mapping
Class Mapping
•QoS Policers
Policy Binding
Advanced Mode Overview
In Advanced mode, the switch uses policies to support per-flow QoS. A policy
and its components have the following characteristics and relationships:
A policy contains one or more class maps.
A class map defines a flow with one or more associated ACLs. Packets that
match the ACL rules (ACEs) in a class map with Permit (forward) action,
belong to the same flow, and are subject to the same quality of service
action. A policy can contain one or more flows, each with a user-defined
QoS action.
The QoS of a class map (flow) may be enforced by the associated policer.
There are two type of policers, as described in "Defining Class Mapping
Using CLI Commands" on page 674.
Per-flow QoS actions are applied to flows by binding the policy maps to the
desired ports. A policy map and its class maps can be bound to one or more
ports, but each port is bound with, at the most, one policy map.
The following points should be considered:
An ACL can be configured to one or more class maps, regardless of
policies.
A class map can belong to only one policy map.
When a class map, using a single policer, is bound to multiple ports, each
port has its own instance of the policer. Each instance applies the QoS
actions on the class map (flow) at a port independent of each other.
Dell PowerConnect 55xx Systems User Guide 669
If you bind a policy map to more than one port and one of its classes
contains a single policer, all policy map rules will be multiplied per port
(using up more TCAM resources).
An aggregate policer applies the QoS to all of its flows in aggregation,
regardless of policies and ports.
Advanced QoS settings consist of the following elements:
Rules — All frames matching a single group of rules are considered to be a
flow.
Actions — To be applied to frames in each flow that match the rules.
Policers
— See "Single Policers" on page 679
Aggregate Policers
— "Aggregate Policers" on page 677
Trust
—"Interface Settings" on page 664, "Policy Class Maps" on
page 682
Set DSCP/CoS
— "Policy Class Maps" on page 682
Set Queue
— "DSCP Mapping" on page 670
Binding — Combination of rules and actions that are bound to one or
more interfaces.
Workflow to Configure Advanced QoS Mode
To configure Advanced QoS mode, perform the following:
1
Select Advanced mode for the system in the
QoS Mode
page
.
2
If external DSCP values are different from those used on incoming
packets, map the external values to internal values in the
DSCP Rewrite
page.
3
Create ACLs, as described in "Network Security" on page 92.
4
When ACLs are defined, create class maps and associate the ACLs with
them in the
Class Mapping
pages
.
5
Create a policy map in the
Policy Class Maps
pages, and associate the
policy map with one or more class maps. Specify the QoS action, if needed,
for example by assigning a policer to a class map, when you associate the
class map to the policy.
670 Dell PowerConnect 55xx Systems User Guide
a
Single Policer
— Create a policy that associates a class map with a
single policer in the
Policy Table
pages and the
Class Mapping
pages.
Within the policy, define the single policer.
b
Aggregate Policer
— Create a QoS action for each flow. This action
sends all matching frames to the same policer (aggregate policer),
defined in the
Aggregate Policer
pages. Create a policy that associates
a class map with the aggregate policer in the
Policy Table
pages.
6
Bind the policy to an interface in the
Policy Binding
pages
.
DSCP Mapping
When a policer is assigned to a class map (flow), you can specify the action to
take when the amount of traffic in the flow(s) exceeds the QoS-specified
limits. The portion of the traffic that causes the flow to exceed its QoS limit
is referred to as out-of-profile packet
s
.
If the exceed action is Remark DSCP (as opposed to Drop), the switch
rewrites the original DSCP value of the out-of-profile IP packets to a new
value, based on the values entered in the DSCP Mapping page. The switch
uses the new values to assign resources and egress queues to these packets.
The switch physically replaces the original DSCP value in the out-of-profile
packets with the new DSCP value.
To use the Remark DSCP exceed action, set the DSCP Out value in the
DSCP Mapping page. Otherwise the action is null, because the DSCP value
in the packet is rewritten to the original DSCP value, set by factory default.
Dell PowerConnect 55xx Systems User Guide 671
To set new DSCP values:
1
Click
Quality of Service
>
QoS Advanced Mode
>
DSCP Mapping
to
display the
DSCP Mapping
page.
Figure 22-11. DSCP Mapping
2
If the
Exceed Action
is
Out-of-Profile
(in the
Policy Class Maps
page) or
Remark DSCP
(in the
Aggregate Policy
page), the
DSCP In
values are
rewritten with the
DSCP Out
values. Set the
DSCP Out
values as
required.
672 Dell PowerConnect 55xx Systems User Guide
Configuring DSCP Mapping Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the DSCP Mapping page.
The following is an example of the CLI commands:
Class Mapping
A Class Map defines a traffic flow associated with ACL(s). A MAC-based
ACL, IP-based ACL, and an IPv6-based ACL can be combined into a class
map. Class maps are configured to match packet criteria on a match-all or
match-any basis. They are matched to packets on a first-fit basis, meaning
that the action associated with the first-matched class map is the action
performed by the system. Packets that match the same class map belong to
the same flow.
There are two possible types of matching:
match-all
— Traffic matches class map if it matches IP/IPV6 and MAC
ACLs
match-any
— Traffic matches class map if it matches at least one of the
ACLs
If a more complex set of rules is needed, several class maps can be grouped
into a super-group called a policy (see "Defining Class Mapping Using CLI
Commands" on page 674).
Table 22-12. DSCP Mapping CLI Commands
CLI Command Description
qos map policed-dscp dscp-list
to dscp-mark-down
no qos map policed-dscp [dscp-
list]
Configures the policed-DSCP map for
remarking purposes.
Use the no form of this command to
restore the default configuration.
console(config)# qos map policed-dscp 3 to 43
Dell PowerConnect 55xx Systems User Guide 673
To define a class map:
1
Click
Quality of Service
>
QoS Advanced Mode
>
Class Mapping
to
display the
Class Mapping: Summary
page.
Figure 22-12. Class Mapping: Summary
The previously-defined class maps are displayed.
2
To add a class map, click
Add
.
A new class map is added by selecting one or two ACLs and assigning them
a class map name. If a class map has two ACLs, specify that a frame must
match both ACLs, or that it must match either one or both of the ACLs
selected.
3
Enter the parameters.
Class Map Name
— Enter the name of a new class map.
674 Dell PowerConnect 55xx Systems User Guide
Match ACL Type
— Enter the criteria that a packet must match in
order to belong to the flow defined by the class map. The possible
options are:
IP
— A packet must match either of the IP-based ACLs in the
class map.
MAC
— A packet must match the MAC-based ACL in the class
map.
IP and MAC
— A packet must match the IP-based ACL and the
MAC-based ACL in the class map (match-all).
IP or MAC
— A packet must match either the IP-based ACL or
the MAC-based ACL in the class map (match-any).
IP
ACL
— Select the IPv4-based ACL or the IPv6-based ACL for the
class map.
MAC ACL
— Select the MAC-based ACL for the class map.
Preferred ACL
— Select whether packets are first matched to an
IP-based ACL or a MAC-based ACL.
Defining Class Mapping Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Class Mapping pages.
Table 22-13. Class Mapping CLI Commands
CLI Command Description
class class-map-name [access-
group acl-name]
no class class-map-name
Defines a traffic classification and
enters the Policy-map Class
Configuration mode.
Use the no form of this command to
detach a class map from the policy
map.
class-map class-map-name
[match-all|match-any]
no class-map class-map-name
Creates or modifies a class map and
enters the Class-map Configuration
mode.
Use the no form of this command to
delete a class map.
Dell PowerConnect 55xx Systems User Guide 675
The following is an example of the CLI commands:
QoS Policers
This section describes QoS policers.
It contains the following topics:
QoS Policers Overview
Aggregate Policers
•Single Policers
match access-group acl-name
no match access-group acl-name
Defines the match criteria for
classifying traffic.
Use the no form of this command to
delete the match criteria.
show class-map [class-map-name]Displays information about the class
map.
console(config)# qos advanced
console(config)# class-map class1 match-all
console(config-cmap)# match access-group enterprise
console(config-cmap)# do show class-map class1
Class Map matchAll class1
Match access-group enterprise
Table 22-13. Class Mapping CLI Commands (Continued)
CLI Command Description
676 Dell PowerConnect 55xx Systems User Guide
QoS Policers Overview
The rate of traffic that matches a pre-defined set of rules can be measured,
and limits, such as limiting the rate of file-transfer traffic that is allowed on a
port, can be enforced.
This is done by using the ACLs in the class map(s) to match the desired
pattern of traffic, and by using a policer to apply QoS on the matching traffic.
A policer is configured with a QoS specification. There are two kinds of
policers:
Single Policer
— A single policer applies the QoS to a single class map,
and to a single flow, based on the policer's QoS specification. When a class
map, using a single policer, is bound to multiple ports, each port has its
own instance of the single policer; each applying the QoS on the class map
(flow) at ports that are otherwise independent of each other. A single
policer is created in the
Policy Table
and
Policy Class Maps
pages.
Aggregate Policer
— An aggregate policer applies QoS to one or more class
maps, and to one or more flows. An aggregation policer can support class
maps from various policies. An aggregate policer applies QoS to all its
flow(s) in aggregation, regardless of policies and ports. An aggregate policer
is created in the
Aggregate Policer
pages.
An aggregate policer is defined if the policer is to be shared with more than
one class.
Each policer is defined with its own QoS specification, and is composed of a
combination of the following parameters:
Committed Information Rate (CIR)
— A maximum allowed rate of
traffic, measured in Kbps.
Committed Burst Size (CBS)
— An amount of traffic, measured in bytes,
which is allowed to pass as a temporary burst, even if it is above the
defined maximum rate.
Exceed Action
— An action to be applied to frames that are over the limits
(called out-of-profile traffic). These frames can be forwarded as is,
dropped, or forwarded, after rewriting their DSCP value with a value that
marks them as lower-priority frames for all subsequent handling within the
device.
A policer is assigned to a class map when a class map is added to a policy.
Dell PowerConnect 55xx Systems User Guide 677
Aggregate Policers
To define an aggregate policer:
1
Click
Quality of Service > QoS Advanced Mode > Aggregate Policer
to
display the
Aggregate Policer: Summary
page.
Figure 22-13. Aggregate Policer: Summary
The existing aggregate policers are displayed.
2
To add an aggregate policer, click
Add
, and enter the fields.
Aggregate Policer Name
— Enter the name of the Aggregate Policer.
Committed Information Rate (CIR)
— Enter the maximum
bandwidth allowed in bits per second. See the description of this field
in "Bandwidth" on page 654.
Committed Burst Size (CBS)
— Enter the maximum burst size
(even if it goes beyond the CIR) in bytes. See the description of this in
the "Bandwidth" on page 654.
678 Dell PowerConnect 55xx Systems User Guide
Exceed Action
— Select the action to be performed on incoming
packets that exceed the CIR. The possible options are:
None
— No action is performed on packets exceeding the defined
CIR value.
Drop
— Packets exceeding the defined CIR value are dropped.
Remark DSCP
— The DSCP values of packets exceeding the
defined CIR value are rewritten to a value entered in the
DSCP
Mapping
pages.
Defining Aggregate Policers Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Aggregate Policer pages.
The following is an example of the CLI commands:
Table 22-14. Aggregate Policer CLI Commands
CLI Command Description
qos aggregate-policer
aggregate-policer-name
committed-rate-kbps excess-
burst-byte[exceed-action
{drop|policed-dscp-transmit}]
no qos aggregate-policer
aggregate-policer-name
Defines the policer parameters that can
be applied to multiple traffic classes
within the same policy map.
Use the no form of this command to
remove an existing aggregate policer.
console(config)# qos aggregate-policer policer1 124000
9600 exceed-action drop
Dell PowerConnect 55xx Systems User Guide 679
Single Policers
Defining Aggregate Policers Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Aggregate Policer pages.
The following is an example of the CLI commands:
Single policers are created by:
1
Create a policy in the
Police Table
pages
2
Configure the policy in the
Policy Class Maps
pages. Here the policy class
can be designated as containing a single policer, or it can be designated as
containing Aggregate policers.
Policy Table
A policy can consist of one of the following:
One or more class maps of ACLs that define the traffic flows in the policy.
One or more aggregate policers that apply the QoS to the traffic flows in
the policy.
Table 22-15. Aggregate Policer CLI Commands
CLI Command Description
qos aggregate-policer
aggregate-policer-name
committed-rate-kbps excess-
burst-byte[exceed-action
{drop|policed-dscp-transmit}]
no qos aggregate-policer
aggregate-policer-name
Defines the policer parameters that can
be applied to multiple traffic classes
within the same policy map.
Use the no form of this command to
remove an existing aggregate policer.
console(config)# qos aggregate-policer policer1 124000
9600 exceed-action drop
680 Dell PowerConnect 55xx Systems User Guide
Only those policies that are bound to an interface are active (see the Policy
Binding pages).
After a policy has been added, class maps can be added in the Policy Table
pages.
To create a QoS policy:
1
Click
Quality of Service
>
QoS Advanced Mode
>
Policy Table
to
display the
Policy Table: Summary
page.
Figure 22-14. Policy Table: Summary
The previously-defined policies are displayed.
2
To create a policy, click
Add
.
3
Enter the name of the new policy in the
Policy Name
field.
4
Add class maps to the new policy in the
Policy Class Maps
page.
Dell PowerConnect 55xx Systems User Guide 681
Defining Policies Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Policy Table page.
The following is an example of the CLI commands:
Table 22-16. Policy Table CLI Commands
CLI Command Description
policy-map policy-map-name
no policy-map policy-map-
name
Creates a policy map and enters the Policy-
map Configuration mode.
Use the no form of this command to
delete a policy map.
console(config)# policy-map policy1
682 Dell PowerConnect 55xx Systems User Guide
Policy Class Maps
One or more class maps can be added to a policy. A class map defines the type
of packets that are considered to belong to the same traffic flow.
To add a class map to a policy:
1
Click
Quality of Service
>
QoS Advanced Mode
>
Policy Class Maps
to
display the
Policy Class Maps: Summary
page.
Figure 22-15. Policy Class Maps: Summary
2
Select a policy in the
Policy Name
field. The class maps in that policy are
displayed.
3
To add a class map, click
Add
.
4
Enter the parameters.
Policy Name
— Select the policy to which the class map is being
added.
Dell PowerConnect 55xx Systems User Guide 683
Class Map Name
— Select an existing class map to be associated with
the policy. Class maps are created in the
Class Mapping
pages.
Action Type
— Select the action regarding the ingress CoS and/or
DSCP value of all the matching packets.
None
— Ignore the ingress CoS and/or DSCP value. The
matching packets are sent as best effort.
Trust CoS, DSCP
— If this option is selected, the switch will
trust the CoS or DSCP value of the matching packet. If a packet
is an IP packet, the switch will put the packet in the egress queue,
based on its DSCP value and the DSCP to Queue mapping.
Otherwise, the egress queue of the packet is based on the packet's
CoS value and the CoS to Queue mapping.
Set
— See the description of this field below.
Set
— If this option is selected, enter a
New Value
, which determines
the egress queue of the matching packets:
DSCP
— If DSCP is selected, the new DSCP value and the
DSCP to Queue mapping determines the egress queue of the
matching packets.
Queue
— If Queue is selected, the new value is the egress queue
number for all matching packets.
CoS
— If CoS is selected, the CoS priority value and the CoS to
Queue mapping determines the egress queue of the matching
packets.
Police Type
— Available in Layer 2 Mode only. Select the policer type
for the policy. The possible options are:
None
— No policy is used.
Single
— The policer for the policy is a single policer.
Aggregate
— The policer for the policy is an aggregate policer.
Aggregate Policer
— Available in Layer 2 Mode only. If Police Type is
Aggregate
, select a previously-defined aggregate policer.
If
Police Type
is Single, enter the following QoS parameters:
Ingress Committed Information Rate (CIR) (Range: 100 - 1000000)
— Enter the CIR in Kbps. See its description in the
Bandwidth
pages.
684 Dell PowerConnect 55xx Systems User Guide
Ingress Committed Burst Size (CBS)
(Range: 3000 - 16769020) —
Enter the CBS in bytes. See its description in the
Bandwidth
pages.
Exceed Action
— Select the action assigned to incoming packets
exceeding the CIR. The possible options are:
None
— No action.
Drop
— Packets exceeding the defined CIR value are dropped.
Out-of-Profile DSCP
— Packets, exceeding the defined CIR, are
forwarded with a new DSCP, derived from the
DSCP Mapping
pages.
Defining Policy Class Maps Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Policy Class Maps pages.
Table 22-17. Policy Class Maps CLI Commands
CLI Command Description
class class-map-name [access-
group acl-name]
no class class-map-name
Defines a traffic classification and
enters the Policy-map Class
Configuration mode.
Use the no form of this command to
detach a class map from the policy
map.
trust [cos-dscp]
no trust
Configures the trust state, which
selects the value that QoS uses as the
source of the internal DSCP value.
Use the no form of this command to
return to the default trust state.
set {dscp new-dscp|queue queue-
id|cos new-cos}
no set
Sets new values in the IP packet.
Use the no form of this command to
return to the default values.
police committed-rate-kbps
committed-burst-byte [exceed-
action {drop|policed-dscp-
transmit}]
no police
Defines the policer for classified traffic.
Use the no form of this command to
remove a policer.
Dell PowerConnect 55xx Systems User Guide 685
The following is an example of the CLI commands:
qos aggregate-policer
aggregate-policer-name
committed-rate-kbps excess-
burst-byte [exceed-action
{drop|policed-dscp-transmit}]
no qos aggregate-policer
aggregate-policer-name
Defines the policer parameters that
can be applied to multiple traffic
classes.
Use the no form of this command to
remove an existing aggregate policer.
show policy-map [policy-map-
name]
Displays all policy maps or a specific
policy map.
console(config)# policy-map policy1
console(config-pmap)# class class1 access-group enterprise
console(config-pmap)# trust cos-dscp
console(config-pmap)# set dscp 56
console(config-pmap)# class class1
console(config-pmap-c)# police 124000 9600 exceed-action
drop
console(config)# qos aggregate-policer policer1 124000
9600 exceed-action drop
Table 22-17. Policy Class Maps CLI Commands (Continued)
CLI Command Description
686 Dell PowerConnect 55xx Systems User Guide
Policy Binding
After policies are created, they must be bound to interfaces (ports or
LAGs).When a policy is bound to a specific interface, it becomes active on it
(subject to time range restrictions). Only one policy can be active on a single
interface, but a single policy can be bound to more than one interface.
When a policy is bound to an interface, it filters and applies QoS to ingress
traffic that belongs to the flows defined in the policy. The policy does not
apply to traffic egress to the same port.
To edit a policy, it must first be removed (unbound) from all those ports to
which it is bound.
To define policy binding:
1
Click
Quality of Service > QoS Advanced Mode > Policy Binding
to
display the
Policy Binding: Summary
page.
Figure 22-16. Policy Binding: Summary
Dell PowerConnect 55xx Systems User Guide 687
Previously-defined policy bindings are displayed.
2
To bind a policy to an interface, click
Add
.
3
Select the interface assigned to the policy.
4
Select the
Policy Name
to be activated on the interface.
Defining Policy Binding Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Policy Binding pages.
The following is an example of the CLI commands:
Table 22-18. Policy Binding CLI Commands
CLI Command Description
service-policy input
policy-map-name
no service-policy
input
Applies a policy map to the input of a particular
interface.
Use the no form of this command to detach a
policy map from an interface.
console(config-if)# service-policy input policy1
688 Dell PowerConnect 55xx Systems User Guide
QoS Statistics
This section describes how to view and manage QoS statistics.
It contains the following topics:
Policer Statistics
Aggregated Policer
Queues Statistics
Dell PowerConnect 55xx Systems User Guide 689
Policer Statistics
A Single Policer is bound to a class map from a single policy. An Aggregate
Policer is bound to one or more class maps from one or more policies.
Use the Policer Statistics pages to view the number of in-profile and out-of-
profile packets received from an interface that meet the conditions defined in
the class map of a policy.
To view policer statistics:
1
Click
Quality of Service

QoS Statistics

Policer Statistics
to display the
Policer Statistics: Summary
page.
Figure 22-17. Policer Statistics: Summary
The following statistics for the previously-defined counters are displayed:
Interface
— Statistics are displayed for this interface.
Policy
— Statistics are displayed for this policy.
690 Dell PowerConnect 55xx Systems User Guide
Class Map
— Statistics are displayed for this class map.
In-Profile Bytes
— Number of in-profile bytes received.
Out-of-Profile Bytes
— Number of out-of-profile bytes received.
2
Click
Add
to add a new counter that applies to another policy-class map.
3
Enter the fields:
Interface — Select the interface for which the counter is defined.
Policy - Class Map Name — Select a policy class map pair.
Defining Policer Statistics Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Policer Statistics pages.
The following is an example of the CLI commands:
Table 22-19. Policer Statistics CLI Commands
CLI Command Description
qos statistics policer policy-
map-name class-map-name
no qos statistics policer
policy-map-name class-map-name
Enables counting in-profile and out-of-
profile bytes vis-a-vis a policer.
Use the no form of this command to
disable counting.
clear qos statistics Clears the statistics
show qos statistics Displays the statistics
console(config-if)# qos statistics policer policy1 class1
Dell PowerConnect 55xx Systems User Guide 691
Aggregated Policer
To view aggregated policer statistics:
1
Click
Quality of Service

QoS Statistics

Aggregate Policer
to display
the
Aggregate
Policer: Summary
page.
Figure 22-18. Aggregate Policer: Summary
The following statistics for the previously-defined counters are displayed:
Aggregate Policer Name — Policer on which statistics are based.
In-Profile Bytes — Number of in-profile packets that were received.
Out-of-Profile Bytes — Number of out-of-profile packets that were
received.
2
To add a new counter that applies to another aggregate policer, click
Add
.
692 Dell PowerConnect 55xx Systems User Guide
3Select an aggregate policer in the Aggregate Policer Name field.
Defining Aggregate Policer Statistics Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the Aggregate Policer Statistics pages.
The following is an example of the CLI commands:
Queues Statistics
Queue statistics include statistics of forwarded and dropped packets, based
on interface, queue, and drop precedence. Lowest drop precedence has the
lowest probability of being dropped.
Table 22-20. Aggregate Policer Statistics CLI Commands
CLI Command Description
qos statistics aggregate-policer
aggregate-policer-name
no qos statistics aggregate-
policer aggregate-policer-name
Enables counting in-profile and
out-of-profile bytes vis-a-vis an
aggregate policer.
Use the no form of this command
to disable counting.
clear qos statistics Clears the statistics
show qos statistics Displays the statistics
console (config)# qos statistics aggregate-policer policer1
Dell PowerConnect 55xx Systems User Guide 693
To view Queue Statistics:
1
Click
Quality of Service

QoS Statistics

Queues Statistics
to display
the
Queues Statistics: Summary
.
Figure 22-19. Queues Statistics: Summary
The statistics for previously-defined counters are displayed.
Counter Set
—Number of counter.
Port
—Number of port.
Queue
—Number of queue.
Total Packets
—Number of packets forwarded or tail dropped.
Tail D rop Pa ck et s
—Percentage of packets that were tail dropped.
694 Dell PowerConnect 55xx Systems User Guide
2
To add a new counter, click
Add
, and enter the fields:
Counter Set—Select the counter set. The possible options are:
Set 1
— Displays the statistics that contains all interfaces and
queues with a high DP (Drop Precedence).
Set 2
— Displays the statistics that contains all interfaces and
queues with a low DP.
Interface — Select the unit/interface for which Queue statistics are
displayed.
Queue — Select the queue on which packets were forwarded or tail
dropped.
Defining QoS Statistics Using CLI Commands
The following table summarizes the CLI commands for setting the fields in
the QoS Statistics pages.
The following is an example of the CLI commands:
Table 22-21. QoS Statistics CLI Commands
CLI Command Description
qos statistics queues set-number
{queue|all} {dp|all}
{[gigabitethernet|tengigabitethe
rnet]port-number|all}
no qos statistics queues set-
number
Enables QoS statistics for output
queues.
Use the no form of this command to
disable QoS statistics for output
queues.
clear qos statistics Clears the statistics
show qos statistics Displays the statistics
console(config)# qos statistics queues 1 all all all
Dell PowerConnect 55xx Systems User Guide 695
Glossary
Figure 23-1. This glossary contains key technical words of interest.
A
Access Mode
Specifies the method by which user access is granted to the system.
Access Profiles
Allows network managers to define profiles and rules for accessing the switch
module. Access to management functions can be limited to user groups,
which are defined by the following criteria:
•Ingress interfaces
Source IP address or Source IP subnets
ACL
Access Control List.
Allow network managers to define classification actions
and rules for specific ingress ports.
Aggregated VLAN
Groups several VLANs into a single aggregated VLAN. Aggregating VLANs
enables routers to respond to ARP requests for nodes located on different sub-
VLANs belonging to the same Super VLAN. Routers respond with their MAC
address.
ARP
Address Resolution Protocol
. A protocol that converts IP addresses into
physical addresses.
ASIC
Application Specific Integrated Circuit
. A custom chip designed for a specific
application.
Asset Tag
Specifies the user-defined switch module reference.
A
BCDEFGHI LMNOPQ
RSTUVW
696 Dell PowerConnect 55xx Systems User Guide
Authentication Profiles
Sets of rules which that enables login to and authentication of users and
applications.
Auto-negotiation
Allows 10/100 Mpbs or 10/100/1000 Mbps Ethernet ports to establish for the
following features:
Duplex/Half Duplex mode
•Flow Control
• Speed
B
Back Pressure
A mechanism used with Half Duplex mode that enables a port not to receive
a message.
Backplane
The main BUS that carries information in the switch module.
Backup Configuration Files
Contains a backup copy of the switch module configuration. The Backup file
changes when the Running Configuration file or the Startup Configuration
file is copied to the Backup file.
Bandwidth
Bandwidth specifies the amount of data that can be transmitted in a fixed
amount of time. For digital switch modules, bandwidth is defined in Bits per
Second (bps) or Bytes per Second.
Bandwidth Assignments
The amount of bandwidth assigned to a specific application, user, or
interface.
Baud
The number of signaling elements transmitted each second.
Best Effort
Traffic is assigned to the lowest priority queue, and packet delivery is not
guaranteed.
Dell PowerConnect 55xx Systems User Guide 697
Boot Version
The boot version.
BootP
Bootstrap Protocol.
Enables a workstation to discover its IP address, an IP
address of a BootP server on a network, or a configuration file loaded into the
boot of a switch module.
BPDU
Bridge Protocol Data Unit
. Provide bridging information in a message format.
BPDUs are sent across switch module information with in Spanning Tree
configuration. BPDU packets contain information on ports, addresses,
priorities, and forwarding costs.
Bridge
A device that connect two networks. Bridges are hardware specific, however
they are protocol independent. Bridges operate at Layer 1 and Layer 2 levels.
Broadcast Domain
device sets that receive Broadcast frames originating from any device within a
designated set. Routers bind Broadcast domains, because routers do not
forward Broadcast frames.
Broadcasting
A method of transmitting packets to all ports on a network.
Broadcast Storm
An excessive amount of Broadcast messages simultaneously transmitted
across a network by a single port. Forwarded message responses are heaped
onto the network, overloading network resources or causing the network to
time out.
For more information about Broadcast storms, see "LACP Parameters" on
page 503.
C
CDB
Configuration Data Base.
A file containing a device’s configuration
information.
Class of Service
698 Dell PowerConnect 55xx Systems User Guide
Class of Service (CoS).
Class of Service is the 802.1p priority scheme. CoS
provides a method for tagging packets with priority information. A CoS value
between 0-7 is added to the Layer II header of packets, where zero is the
lowest priority and seven is the highest.
A overlapping transmission of two or more packets that collide. The data
transmitted cannot be used, and the session is restarted.
CLI
Command Line Interface
. A set of line commands used to configure the
system. For more information on using the CLI, see Using the CLI
.
Communities
Specifies a group of users which retains the same system access rights.
CPU
Central Processing Unit
. The part of a computer that processes information.
CPUs are composed of a control unit and an ALU.
D
DHCP Client
A device using DHCP to obtain configuration parameters, such as a network
address.
DHCP Snooping
DHCP Snooping expands network security by providing firewall security
between untrusted interfaces and DHCP servers.
DSCP
DiffServe Code Point (DSCP)
. DSCP provides a method of tagging IP
packets with QoS priority information.
Domain
A group of computers and devices on a network that are grouped with
common rules and procedures.
Duplex Mode
Permits simultaneous transmissions and reception of data. There are two
different types of duplex mode:
Dell PowerConnect 55xx Systems User Guide 699
Full Duplex Mode
— Permits for bisynchronous communication, for
example, a telephone. Two parties can transmit information at the same
time.
Half Duplex Mode
— Permits asynchronous communication, for
example, a walkie-talkie. Only one party can transmit information at a
time.
Dynamic VLAN Assignment (DVA)
Allows automatic assignment of users to VLANs during the RADIUS
server authentication. When a user is authenticated by the RADIUS
server, the user is automatically joined to the VLAN configured on the
RADIUS server.
E
Egress Ports
Ports from which network traffic is transmitted.
End System
An end user device on a network.
Ethernet
Ethernet is standardized as per IEEE 802.3. Ethernet is the most common
implemented LAN standard. Supports data transfer rates of Mpbs, where 10,
100 or 1000 Mbps is supported.
EWS
Embedded Web Server
. Provides device management via a standard web
browser. Embedded Web Servers are used in addition to or in place of a CLI
or NMS.
F
FFT
Fast Forward Table.
Provides information about forwarding routes. If a packet
arrives to a device with a known route, the packet is forwarded via a route
listed in the FFT. If there is not a known route, the CPU forwards the packet
and updates the FFT.
FIFO
700 Dell PowerConnect 55xx Systems User Guide
First In First Out.
A queuing process where the first packet in the queue is the
first packet out of the packet.
Flapping
Flapping occurs when an interfaces state is constantly changing. For example,
an STP port constantly changes from listening to learning to forwarding. This
may cause traffic loss.
Flow Control
Enables lower speed devices to communicate with higher speed devices, that
is, that the higher speed device refrains from sending packets.
Fragment
Ethernet packets smaller than 576 bits.
Frame
Packets containing the header and trailer information required by the physical
medium.
G
GARP
General Attributes Registration Protocol.
Registers client stations into a
Multicast domain.
Gigabit Ethernet
Gigabit Ethernet transmits at 1000 Mbps, and is compatible with existing
10/100 Mbps Ethernet standards.
GVRP
GARP VLAN Registration Protocol. Registers client stations into a VLANs.
H
HOL
Head of Line
. Packets are queued. Packets at the head of the queue are
forwarded before packets at the end of the line.
Host
A computer that acts as a source of information or services to other
computers.
Dell PowerConnect 55xx Systems User Guide 701
HTTP
HyperText Transport Protocol.
Transmits HTML documents between servers
and clients on the internet.
I
IC
Integrated Circuit
. Integrated Circuits are small electronic devices composed
from semiconductor material.
ICMP
Internet Control Message Protocol.
Allows gateway or destination host to
communicate with a source host, for example, to report a processing error.
IEEE
Institute of Electrical and Electronics Engineers.
An Engineering
organization that develops communications and networking standards.
IEEE 802.1d
Used in the Spanning Tree Protocol, IEEE 802.1d supports MAC bridging to
avoid network loops.
IEEE 802.1p
Prioritizes network traffic at the data-link/MAC sublayer.
IEEE 802.1Q
Defines the operation of VLAN Bridges that permit the definition, operation,
and administration of VLANs within Bridged LAN infrastructures.
IGMP Snooping
IGMP Snooping examines IGMP frame contents, when they are forwarded by
the device from work stations to an upstream Multicast router. From the
frame, the device identifies work stations configured for Multicast sessions,
and which Multicast routers are sending Multicast frames.
Image File
System images are saved in two Flash sectors called images (Image 1 and
Image 2). The active image
stores the active copy; while the other image
stores a second copy.
Ingress Port
702 Dell PowerConnect 55xx Systems User Guide
Ports on which network traffic is received.
IP
Internet Protocol.
Specifies the format of packets and there addressing
method. IP addresses packets and forwards the packets to the correct port.
IP Address
Internet Protocol Address
. A unique address assigned to a network device
with two or more interconnected LANs or WANs.
IP Version 6 (IPv6)
A version of IP addressing with longer addresses than the traditional IPv4.
IPv6 addresses are 128 bits long, whereas IPv4 addresses are 32 bits; allowing a
much larger address space.
ISATAP
Intra-Site Automatic Tunnel Addressing Protocol
.
ISATAP is an automatic overlay tunneling mechanism that uses the
underlying IPv4 network as a non-Broadcast/multicast access link layer for
IPv6. ISATAP is designed for transporting IPv6 packets within a site where a
native IPv6 infrastructure is not yet available.
L
LAG
Link Aggregated Group
. Aggregates ports or VLANs into a single virtual port
or VLAN.
For more information on LAGs, see Defining LAG Membership.
LAN
Local Area Networks.
A network contained within a single room, building,
campus or other limited geographical area.
Layer 2
Data Link Layer or MAC Layer
. Contains the physical address of a client or
server station. Layer 2 processing is faster than Layer 3 processing because
there is less information to process.
Layer 3
Dell PowerConnect 55xx Systems User Guide 703
Establishes a connections and ensures that all data arrives to their
destination. Packets inspected at the Layer 3 level are analyzed and
forwarding decisions, based on their applications.
LLDP-MED
Link Layer Discovery Protocol - Media Endpoint Discovery.
LLDP allows
network managers to troubleshoot and enhance network management by
discovering and maintaining network topologies over multi-vendor
environments. MED increases network flexibility by allowing different IP
systems to co-exist on a single network LLDP.
Load Balancing
Enables the even distribution of data or processing packets across available
network resources. For example, load balancing may distribute the incoming
packets evenly to all servers, or redirect the packets to the next available
server.
M
MAC Address
Media Access Control Address
. The MAC Address is a hardware specific
address that identifies each network node.
MAC Address Learning
MAC Address Learning characterizes a learning bridge, in which the packet’s
source MAC address is recorded. Packets destined for that address are
forwarded only to the bridge interface on which that address is located.
Packets addressed to unknown addresses are forwarded to every bridge
interface. MAC Address Learning minimizes traffic on the attached LANs.
MAC Layer
A sub-layer of the
Data Link Control
(DTL) layer.
Mask
A filter that includes or excludes certain values, for example parts of an IP
address.
For example, Unit 2 is inserted in the first minute of a ten-minute cycle, and
Unit 1 is inserted in fifth minute of the same cycle, the units are considered
the same age.
MD5
704 Dell PowerConnect 55xx Systems User Guide
Message Digest 5.
An algorithm that produces a 128-bit hash. MD5 is a
variation of MD4, and increases MD4 security. MD5 verifies the integrity of
the communication, authenticates the origin of the communication.
MDI
Media Dependent Interface
. A cable used for end stations.
MDIX
Media Dependent Interface with Crossover (MDIX)
. A cable used for hubs
and switches.
MIB
Management Information Base
. MIBs contain information describing specific
aspects of network components.
Multicast
Transmits copies of a single packet to multiple ports.
N
NA
Neighbor Advertisement.
ND
Neighbor Discovery.
NS
Neighbor Solicitation.
NMS
Network Management System.
An interface that provides a method of
managing a system.
Node
A network connection endpoint or a common junction for multiple network
lines. Nodes include:
•Processors
• Controllers
• Workstations
Dell PowerConnect 55xx Systems User Guide 705
O
OID
Organizationally Unique Identifiers.
Identifiers associated with a Voice
VLAN.
OUI
Object Identifier.
Used by SNMP to identify managed objects. In the SNMP
Manager/Agent network management paradigm, each managed object must
have an OID to identify it.
P
Packets
Blocks of information for transmission in packet switched systems.
PDU
Protocol Data Unit.
A data unit specified in a layer protocol consisting of
protocol control information and layer user data.
PING
Packet Internet Groper.
Verifies if a specific IP address is available. A packet is
sent to another IP address and waits for a reply.
Port
Physical ports provide connecting components that allow microprocessors to
communicate with peripheral equipment.
Port Mirroring
Monitors and mirrors network traffic by forwarding copies of incoming and
outgoing packets from one port to a monitoring port.
For more information on port mirroring, see Defining Port Mirroring Sessions
.
Protocol
A set of rules that governs how devices exchange information across networks.
PVE
Protocol VLAN Edge.
A port can be defined as a Private VLAN Edge (PVE)
port of an uplink port, so that it will be isolated from other ports within the
same VLAN.
706 Dell PowerConnect 55xx Systems User Guide
Q
QoS
Quality of Service.
QoS allows network managers to decide how and what
network traffic is forwarded according to priorities, application types, and
source and destination addresses.
Query
Extracts information from a database and presents the information for use.
R
RA
RADIUS Advertisement.
RD
RADIUS Discovery.
RS
Router Solicitation.
RADIUS
Remote Authentication Dial-In User Service
. A method for authenticating
system users, and tracking connection time.
RMON
Remote Monitoring
. Provides network information to be collected from a
single workstation.
Router
A device that connects to separate networks. Routers forward packets
between two or more networks. Routers operate at a Layer 3 level.
RSTP
Rapid Spanning Tree Protocol
. Detects and uses network topologies that
allow a faster convergence of the spanning tree, without creating forwarding
loops.
Running Configuration File
Contains all startup configuration file commands, as well as all commands
entered during the current session. After the switch module is powered down
or rebooted, all commands stored in the Running Configuration file are lost.
Dell PowerConnect 55xx Systems User Guide 707
S
Segmentation
Divides LANs into separate LAN segments for bridging. Segmentation
eliminates LAN bandwidth limitations.
Server
A central computer that provides services to other computers on a network.
Services may include file storage and access to applications.
SNMP
Simple Network Management Protocol
. Manages LANs. SNMP based
software communicates with network devices with embedded SNMP agents.
SNMP agents gather network activity and device status information, and send
the information back to a workstation.
SNTP
Simple Network Time Protocol. SNTP assures accurate network switch clock
time synchronization up to the millisecond.
SoC
System on a Chip
. An ASIC that contains an entire system. For example, a
telecom SoC application can contain a microprocessor, digital signal
processor, RAM, and ROM.
Spanning Tree Protocol
Prevents loops in network traffic. The Spanning Tree Protocol (STP) provides
tree topography for any arrangement of bridges. STP provides one path
between end stations on a network, eliminating loops.
SSH
Secure Shell
. Permits logging to another computer over a network, execute
commands on a remote machine, and move files from one machine to
another. Secure Shell provides strong authentication and secure
communications methods over insecure channels.
Startup Configuration
Retains the exact switch module configuration when the switch module is
powered down or rebooted.
Subnet
708 Dell PowerConnect 55xx Systems User Guide
Sub-network. Subnets are portions of a network that share a common address
component. On TCP/IP networks, devices that share a prefix are part of the
same subnet. For example, all devices with a prefix of 157.100.100.100 are
part of the same subnet.
Subnet Mask
Used to mask all or part of an IP address used in a subnet address.
Switch
Filters and forwards packets between LAN segments. Switches support any
packet protocol type.
T
TCP/IP
Transmissions Control Protocol
. Enables two hosts to communicate and
exchange data streams. TCP guarantees packet delivery, and guarantees
packets are transmitted and received in the order their sent.
Telnet
Terminal Emulation Protocol.
Enables system users to log in and use
resources on remote networks.
TFTP
Trivial File Transfer Protocol
. Uses User Data Protocol (UDP) without
security features to transfer files.
Trap
A message sent by the SNMP that indicates that system event has occurred.
Trunking
Link Aggregation.
Optimizes port usage by linking a group of ports together
to form a single trunk (aggregated groups).
U
UDP
User Data Protocol.
Transmits packets but does not guarantee their delivery.
Unicast
A form of routing that transmits one packet to one user.
Dell PowerConnect 55xx Systems User Guide 709
V
VLAN
Virtual Local Area Networks.
Logical subgroups with a Local Area Network
(LAN) created via software rather than defining a hardware solution.
VoIP
Voice over IP.
W
WAN
Wide Area Networks
. Networks that cover a large geographical area.
Wildcard Mask
Specifies which IP address bits are used, and which bits are ignored. A wild
switch module mask of 255.255.255.255 indicates that no bit is important. A
wildcard of 0.0.0.0 indicates that all the bits are important.
710
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Index
Numerics
24/48 G Ports 35
802.1ab (LLDP-MED) 27
802.1d 21
802.1Q 20, 469, 475
A
AC unit 42
Acceptable Frame Type 464
Access Control Lists 30
Access mode 322
Access ports 462
Access Profile Rules (ACEs) 255
Access profiles 254, 265
Accessing the device through the
CLI 67
ACE, IPv4 105
ACL binding 118
ACL, IPv4 104
ACL, IPv6 113
ACLs 30, 98
Active users 268
Address pool 294
Address Resolution Protocol 242,
695
Address Tables 416
Administrator Buttons 87
Advanced QoS 24
Advanced Switch Configuration 63
Aggregate Policer 676, 691
Aggregated VLAN 695
Alarms 628
Anycast 171, 176
Apply&Save 87
ARP 242, 244, 695
ARP inspection 30
ARP, dynamic inspection 551
ARP, dynamic inspection list 555
ARP, dynamic inspection list
entries 557
ARP, global settings 553
ARP, trusted interfaces 561
ARP, VLAN settings 559
Asset 151
Assignment to hardware queues
641
Authentication methods 129
Authentication profiles 262
711
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Auto update, configuration/image
file 331
Automatic aging for MAC
addresses 18
Auto-Negotiation 17
B
Back panel 37, 42
Back Pressure 16, 380
Bandwidth 654
Boot Image Download 81
Booting the Switch 57
BootP 23, 697
BootP and DHCP Clients 23
BPDU 432, 450, 697
BPDU Guard 22
BPDU Handling 432
Bridge Multicast Forward All 517
Bridge Multicast Groups 513
Bridge Protocol Data Unit 697
Broadcast 172, 176
Broadcast Storm Control 19
Buttons 36
C
Cables testing 249
CBC 308
Cipher Block-Chaining 308
Class Mapping 672
Class of Service 698
Classic lock 93
Classic STP 429
CLI 26, 64, 67, 254
CLI macro 30
Clock Source 174
Command Line Interface 26
Command Mode Overview 64
Configuration file 348
Configuration file download 346
Configuration using the Setup
Wizard 58
Configuration Work Flow 55
Configuring Login Banners 74
Configuring the Stack 58
Configuring the Switch 54
Connecting the Switch to the
Terminal 56
Console 262, 265
Console access 284
Copying files 355
CoS 697
CoS 802.1p support 23
CoS to Queue 650
Counter Summary 602
CPU Utilization 638
712
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
D
Daylight Savings Times 163
Default domain names 238
Default Gateway, IPv6 219
Defining device information 151
Denied ACEs Counters 598
Device representation 85
Device structure 34
DHCP 563
DHCP client 23, 290
DHCP limitations 566
DHCP Relay 577
DHCP Relay, global settings 580
DHCP Relay, limitations 578
DHCP Relay, Option 82 Overview
578
DHCP server 31, 290, 292
DHCP server properties 291
DHCP server, retreiving an IP
address 68
DHCP Snooping 30, 564
DHCP, global parameters 566
DHCP, trusted interfaces 572
DHCP, VLAN settings 570
DiffServe Code Point 698
DNS 27, 235
Domain 698
Domain Name System 27, 235
Dot1x 28
Dot1x Authentication 127
Download, boot image 81
Download, system image 79
Download, TFTP 347
Download, USB/HTTP 345
Downloading software 76, 330
DSCP 698
DSCP Mapping 670
DSCP Rewrite 661
DST Times 163
Duplex mode 698
DVA 129, 699
Dynamic ACL
Assignment/Dynamic Policy
Assignment (DACL/DPA) 30
Dynamic Addresses 421
Dynamic addresses 422
Dynamic Policy/ACL Assignment
129
Dynamic VLAN Assignment 136
Dynamic VLAN Assignment
(DVA) 129, 699
E
E-911 532
EAP 28, 127
EAP Statistics 612
713
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Egress ports 699
Egress Shaping Rates 654
Emergency Call Service 532
Enable 275
Enable passwords 274
End System 699
Erase FLASH File 77
Etherlike Statistics 606
Ethernet 699
Events 624
Events log 627
EWS 699
Excluded addresses 299
Excluding addresses 300
Extensible Authentication
Protocol 28, 127
F
Fans 155
Fast Forward Table 699
Fast link 22, 436, 441
FFT 699
FIFO 699
File information 359
Filtering 470, 476, 509
Filtering L2 Multicast Packets 509
Firmware download 346
First In First Out 700
Flapping 700
Flow Control 380, 700
Flow Control Support (IEEE
802.3X) 16
Flow Monitoring (sflow) 25
Forwarding L2 Multicast Packets
509
Fragment 700
Frame 700
Frame Flow 461
Front Panel 35
Full 802.1Q VLAN Tagging
Compliance 20
G
GARP 424, 427, 700
GARP timers 426
GARP VLAN Registration Protocol
20, 700
General Ports 463
General Switch Information 151
Generic Attributes Registration
Protocol 700
Giga Port LEDs 40
Gigabit Ethernet 700
Global Configuration Mode 65
Green Ethernet 16
714
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Green Ethernet Configuration 384
Guest VLAN 21
GVRP 610, 700
GVRP parameters 483
GVRP statistics 609
GVRP Support 20
H
Hardware description 33
Hardware version 364
Hash 174
HDMI port LEDs 41
HDMI ports 35
Head of Line Blocking Prevention
16
Help 87
HMAC-SHA-96 319
HOL 16, 700
Host 700
Host name mapping 240
HTTP 254, 262, 279, 701
HTTP password, configuring 73
HTTPS 254, 257, 262, 279
HyperText Transport Protocol 701
I
IC 701
ICMP 701
Icons 87
Identifying a switch via LED 32
IEEE 701
IEEE 802.1d 701
IEEE 802.1p 701
IEEE 802.1Q 20, 701
IEEE 802.1s Multiple Spanning
Tree 22
IEEE 802.1w Rapid Spanning Tree
22
IGMP 510
IGMP Snooping 19, 519, 701
Image file 701
Image files, active 354
Information Buttons 87
Ingress port 701
Ingress Rate Limit 654
Interface Configuration Mode 66
Interface Statistics 604
IP 702
IP address from a BOOTP Server
69
IP Addressing 202
IP Version 6 (IPv6) Support 15
IPv4 Interfaces 203
IPv6 Default Gateway 219
IPv6 Interfaces 214
715
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
IPv6 Neighbors 228
IPv6 Routes Table 232
IPv6-based ACL 112
ISATAP 222
iSCSI 585
iSCSI Sessions 593, 595
iSCSI Targets 591
iSCSI, global parameters 588
iSCSI, limitations 586
iSCSI, optimization 31, 584
J
Jumbo Frames 382
L
LACP parameters 503
LAG configuration 403
LAG membership 506
LAG statistics 635
LAGs 23, 500, 517, 702
LAGs Settings 474
LAN 702
Layer 2 702
Layer 2 Features 19
Layer 2 Switching 509
Layer 3 702
LED Definitions 38
LEDs 36, 40
LEDs on Front Panel 36
Light Emitting Diodes 38
Limited dynamic lock 93
Line passwords 272
Link Aggregated Group 702
Link aggregation 23, 500, 502
Link Aggregation and LACP 23
Link Control Protocol (LCP)
packets 393, 445
Link Layer Discovery Protocol -
Media Endpoint Discovery 703
Link/Duplex/Activity LEDs 40
LLDP 531
LLDP MED Port Settings 543
LLDP Media Endpoint Discovery
532
LLDP Port Settings 537
LLDP properties 533
LLDP-MED 27, 532, 703
Load Balancing 703
Loading Software into Stack
Members 52
Local User Database 270
Location LED 367
Locked ports 28, 95, 100, 103, 105,
110, 113, 116, 119, 121, 125,
571, 573, 575
716
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Log file in Flash 195
Logging Global Parameters 189
Logging Severity Level - Alert 189
Logging Severity Level - Critical
189
Logging Severity Level - Debug
189
Logging Severity Level -
Emergency 189
Logging Severity Level - Error 189
Logging Severity Level -
Informational 189
Logging Severity Level - Notice
189
Logging Severity Level - Warning
189
Login Banners 74
Login History 196
Logs 188
Loops 429
M
MAC Address Capacity Support 17
MAC address learning 703
MAC addresses 93, 703
MAC addresses, supported
features 17
MAC Layer 703
MAC Multicast Support 18
Mac-based ACE 101
Mac-based ACL 99
Management Access Lists 255
Management Access Methods 265
Management Information Base
307, 704
Management IP Address Conflict
Notification 25
Management methods 257
Management security 254
Managing configuration files on
the stack 52
Manual Time Setting 162
Mask 703
MD5 174, 703
MDI 400, 704
MDI/MDIX 17, 379
MDIX 400, 704
MED Network Policy 540
Media Endpoint Discovery 540
Message Digest 5 174, 704
MIB 307, 704
Monitoring users 141
MPS 42
MST Properties 450
MSTP 22, 449
MSTP Instance Settings 454
MSTP Interface Settings 456
717
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Multicast 508, 517
Multicast TV VLAN 21
Multicast TV VLAN Mapping 529
Multicast TV VLAN Membership
527
Multiple STP (MSTP) 429
N
ND 704
Neighbor Advertisement 704
Neighbor Discovery. 704
Neighbor Solicitation 704
Neighbors 548
Neighbors, IPv6 228
Network Control Protocols 393,
445
Network Management System 704
Network pool 296
NMS 704
NS 704
O
Object ID 308
OID 308
Optical transciever diagnostics 251
Option 82 578
OUI 497
P
Packets 705
Password configuration 71
Password management 29, 279
Password recovery 78
Passwords 84, 275
Path Cost 432
PDU 705
PING 705
PoE 15, 157
Policer Statistics 689
Policers 675
Policy Binding 686
Policy Table 679
Port 705
Port Configuration 397
Port default settings 380
Port LEDs 38, 40
Port mirroring 19, 411, 705
Port modes 462
Port profile 30
Port representation 85
Port security 93
Port settings 468
Port-based Authentication 127
Port-based Authentication
(Dot1x) 28
718
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Port-based Virtual LANs (VLANs)
20
Ports 35, 85, 378, 635
Ports, statistics 633
Power over Ethernet 15
Power supplies 42
Print 87
Private VLAN 21, 487
Privileged EXEC Mode 64
Proprietary Protocol Filtering 31,
120
Protected Port Configuration 389
Protected ports 31, 388
Protected ports, restrictions 388
Protocol 705
Protocol Group 477, 478
Protocol Ports 481
Protocol VLAN Edge 705
PVE 705
PVID 468, 475
Q
QinQ 462
QoS 23, 646, 706
QoS Advanced mode 666
QoS Basic mode 660
QoS Modes 643
QoS Properties 645
QoS, Advanced Mode, Workflow
669
QoS, Aggregate Policer 676
QoS, assignment to hardware
queues 641
QoS, Bandwidth 654
QoS, Basic mode 659
QoS, Basic Mode, Workflow 659
QoS, Class Mapping 672
QoS, DSCP Mapping 670
QoS, DSCP Rewrite 661
QoS, DSCP to Queue 652
QoS, Mapping to Queue 649
QoS, Policer Statistics 689
QoS, Policers 674
QoS, Policy Binding 686
QoS, Policy Class Maps 682
QoS, Policy Table 679
QoS, Queues 646
QoS, Single Policer 676
QoS, Statistics 687
QoS, Traffic Classification 641
QoS, Trust Mode 664
Quality of Service 640, 643, 706
R
RA 706
RADIUS 264, 284, 706
719
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
RADIUS Advertisement 706
RADIUS client 28
RADIUS discovery 706
RADIUS server 284
RAM Log 193
Rapid Spanning Tree 444
Rapid Spanning Tree Protocol 444,
706
Rapid STP 429, 446, 458
RD 706
Rebooting the Stack 52
Refresh 88
Registered Multicast Group 509
Remote Authentication Dial-In
User Service 28, 706
Remote Authorization Dial-In
User Service 284
Remote Log Server 199
Remote Monitoring 26, 706
Reset button 36
Retrieving an IP Address 68
RMON 615, 618, 619, 706
RMON Statistics 615, 616
Router Solicitation 706
Routes Table, IPv6 232
RS 706
RS-232 Console Port 35
RSTP 22, 444, 706
Rules 255
Running Configuration File 330,
706
S
Secure Shell 284
Secure Telnet (SSH) 254, 265
Security Features 28
Security Management 71
Segmentation 707
Selecting the Master and Master
Backup Units 49
Self-Learning MAC Addresses 18
Server 707
Set Terminal Baud-Rate 78
Setup Wizard 58
sFlow 369
sFlow interface 374
sFlow receiver 371
sFlow statistics 376
SFP 42
SFP LEDs 42
Simple Network Management
Protocol 707
Simple Network Time Protocol 27,
171
Single Policer 676
SMMP groups 315
720
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
SNMP 254, 257, 279, 307, 707
SNMP access rights 308
SNMP communities 320
SNMP global parameters 309
SNMP logs 24
SNMP Model OIDs 309
SNMP notification filters 323
SNMP notification recipients 326
SNMP users 317
SNMP Versions 1, 2, and 3 25
SNMP views 312
SNTP 27, 171
SNTP Authentication 177
SNTP Global Settings 176
SNTP Servers 180
Software Download 79
Software version 364
Spanning Tree Protocol 21, 429,
707
SPF LEDs 38, 40
SSH 29, 257, 262, 279, 707
SSH password, configuring 73
SSL 28
Stack ID LED 42
Stack management 44, 361
Stack Menu 78
Stack Support 15
Stacking 44
Stacking failover topology 47
Stacking, adding a unit to the stack
48
Stacking, assigning unit IDs 48
Stacking, automatic assignment of
unit IDs 48
Starting the Application 84
Startup Configuration 330, 707
Startup file 330
Startup Menu 76
Static addresses 418, 419
Static hosts 301, 303
Statistics 596
Statistics, alarms 628
Statistics, Counter Summary 602
Statistics, CPU Utilization 638
Statistics, Denied ACEs Counters
598
Statistics, EAP 612
Statistics, Etherlike 606
Statistics, events control 624
Statistics, events log 627
Statistics, GVRP 609
Statistics, history control 619
Statistics, history table 621
Statistics, Interface Statistics 604
Statistics, LAGs 635
Statistics, ports 633
721
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Statistics, QoS 688
Statistics, Utilization Summary
600
Storm control 408
STP 21, 438
STP BPDU Guard 22
STP mode 431
STP port settings 436
STP, bridge settings 432
STP, classic 431
STP, designated roots 433
STP, LAG settings 441
Subnet 707
Subnet Mask 708
Switch 708
Switching from the Master to the
Backup Master 51
SYSLOG 188
System Image Download 79
System LEDs 38
T
Tab le Views 5 97
TACACS+ 29, 264, 275
TCP Congestion Avoidance 24,
656
TCP/IP 708
TDR technology 249
Telnet 254, 257, 262, 265, 273, 279,
284, 708
Telnet Connection 67
Telnet password, configuring 72
Terminal Access Controller Access
Control System 275
Terminal Connection 68
TFTP 26, 708
Time Domain Reflectometry 249
Time range 122
Time range, absolute 123
Time range, recurring 124
Time synchronization 162
Traffic Classification 641
Traffic limitation methods 646
Traffic limitation, combination of
WRR and Strict Priority 647
Traffic limitation, Strict Priority
646
Traffic limitation, Weighted
Round Robin (WRR) 646
Trap 708
Tree view 84
Trivial File Transfer Protocol 708
Trunk Ports 462
Trunking 708
Tunnel, ISATAP 222
722
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
U
UDP 708
UDP relay 246
Unauthenticated VLAN and Guest
VLANs 130
Understanding the interface 84
Unicast 171, 176
Unit ID 361
Unit identification 367
Unregistered Multicast Group 509
Uploading files 349
Uploading files, TFTP 351
Uploading files, USB/HTTP 350
USB File Transfer Protocol 26
USB port 36
User Data Protocol 708
User Security Model 307
Using Dell OpenManage Switch
Administrator 83
Using the CLI 64
USM 307
Utilization Summary 600
V
Ventilation System 38
Versions, hardware/software 364
Virtual Local Area Networks 709
VLAN 20, 459, 465, 466, 517, 709
VLAN frame flow 461
VLAN membership 465
VLAN settings, DHCP 570
VLAN Support 20
VLAN to MSTP Instance 452
VLAN, ARP settings 559
VLAN, LAG settings 474
VLAN, port settings 468
VLAN, private 487
VLAN, special cases 461
VLAN, voice 491
VLAN-aware MAC-based
Switching 18
Voice VLAN 20, 491
Voice VLAN OUI 497
VoIP 709
W
Warm standby 50
Web access 284
Web management system icons 87
Web-Based Management 25
Weighted Round Robin (WRR)
646
723
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
X
XG Ports 35
724
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
725
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
726
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell
Contax\Dell_ContaxUG_PrintIX.fm
DELL CONFIDENTIAL – PRELIMINARY 5/7/12 - FOR PROOF ONLY
Dell PowerConnect 55xx Systems User Guide 727
25
Revision History
Rev Date Description
A5 May 1, 2012 Added "Auto-Update/Configuration Feature" on
page 331
A4 April 4, 2012 Made the following corrections:
Put a the note (of the recommendation of
using HDMI cable version to 1.4 for stacking)
more clearly.
Fixed RDP description
A4 April 2, 2012 Following corrections made:
Add description regarding the Egress ACL
feature
Enter comments regarding the PVLAN feature.
Fixed RDP abbreviation to Reliable Data
Protocol in ACL section.
Add the recommendation of using HDMI
cable version to 1.4 for stacking
A3 Jan 31, 2012 Corrected command in private VLAN CLI
command.
A2 Sept 21, 2011 Entered comment that enabling iSCSI also
enables flow control on all interfaces.
A1 Sept 9, 2010 Released to customer

Navigation menu