DELL Force10 : Interface Configuration and VLANs

Physical interface configuration

Physical switch interface configuration is a basic operation with any switch device. DELL Force10 switch is no exception. However, one thing is very unique on Force10 switches. Everything, including physical interfaces, on Force10 switch, is disabled by default, therefore, interfaces are in downstate and must be configured before any use. Someones are saying it is strange behavior but in my opinion, that's pretty good behavior because it is a much more secure approach. You will not disrupt the whole network by connecting and cabling new switch into your enterprise network until you configure something. If you will do bad configuration than it is your fault and not device fault.

Ok, so when you want to use some switch interface you have to enable interface explicitly. Before that, you should be absolutely sure your new Force10 switch is ready to be connected to the network. Think for example about spanning tree protocol configuration. Let's assume you know what you do and you want to enable the particular physical interface. It is easy. I think the example below is self-explanatory

conf
  interface tengigabit 0/1
  no shutdown

So your interface is up but another important note is that all physical interfaces are Layer 3 by default. You can assign IP address to Layer 3 (routed) interface and your L3 switch is configured as a router device. IP address assignment is shown below.

conf
  interface tengigabit 0/1
  ip address 192.168.1.11/24
  no shutdown

Cool, but there is a chance you want configure Layer 2 interface to work as a switch port and not routed port. It is pretty easy, you have to tell it to your interface to not have IP address and behave as a switch port.

conf
  interface tengigabit 0/1
  no ip address
  switchport
  no shutdown

Physical Interface Numbering

So far we have used similar interface identification as follows

interface tengigabit 0/13

General interface identification convention parts have following format

interface “Interface Type” “Stack Unit Number”/”Interface Number”

where

·       Interface Type - can have values gigabit (gi), tengigabit (te), fortygigabit (fo)

·       Stack Unit Number - is stack ID number if classic stacking is configured otherwise there is 0 as it is a single unit switch

·       Interface Number - is a sequential port number on particular stack unit

Interface ranges

You can leverage interface ranges to simplify interface and VLAN configurations.

conf

interface range  te 0/1-3, te 0/5-7

interface range vlan 100-110
interface range vlan 4, vlan 11, vlan 22-26, vlan 100

I think you can see the benefit. All configurations are applied to all interfaces on the range.

VLANs

In configurations above everything is happening in default VLAN which is by default VLAN 1. This is a single broadcast domain. In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN. Source: wikipedia. Nowadays VLANs are used very often for network separation (security) and broadcast domain split (availability, performance). If you are familiar with CISCO VLAN configuration then you have to create VLAN id in VLAN database and you can assign VLAN/VLANs to the particular interface. In Force10 it is a little bit different. You have to create VLAN id, that's the same. However, you are not assigning VLAN per interface but assigning interfaces to VLAN. See example below.

conf
  interface vlan 100
  description "VLAN for mission critical servers"
  untagged TenGigabitEthernet 0/1-3
  tagged TenGigabitEthernet 0/0

In the example above we have created VLAN 100 for three mission-critical servers. Servers are connected to ports Te 0/1, Te 0/2 and Te 0/3 without VLAN tagging (aka access mode in Cisco terminology). The particular switch port in "access" mode is configured in Force10 in following way

interface TenGigabitEthernet 0/1

  description "Mission critical server 1" 

  no ip address

  switchport

  spanning-tree rstp edge-port bpduguard 

  no shutdown

Switch interface Te 0/0 is uplink to the rest of the network, therefore, more VLANs has to be configured on this particular port, therefore, the port is configured as a trunk port with more tagged VLANs. Switch uplinks are usually configured redundantly in a high availability mode, therefore, there is a big chance you would like to use port-channel (aka LAG) as a switch uplink. LAGs are explained in next section. Port-channel is nothing else as a special virtual interface, therefore, port-channel VLAN configuration is very similar to physical interfaces.

conf
interface vlan 100
  description "VLAN for mission critical servers"
  untagged TenGigabitEthernet 0/1-3
  tagged Port-channel 1

There is another switch port mode which is typical for ESXi hosts. It is the server, but you want one VLAN to be configured as a native (usually for ESXi management) and also to configure trunk of multiple VLANs for virtual networking (VMware portgroups). Force10 call this port configuration as a hybrid. Switch port configuration will look similar as an example below

interface GigabitEthernet 0/11

  description ESX11

  no ip address

  mtu 9252

  portmode hybrid

  switchport

  spanning-tree rstp edge-port

  no shutdown

and for such hybrid switch port, we can have one VLAN configured as an untagged (aka native in Cisco terminology) and multiple VLANs as tagged. VLAN configuration should look similar to ...

interface Vlan 4

  description DC-MGMT

  ip address 192.168.4.254/24

  untagged GigabitEthernet 0/4,6,11-14,34-36,41,43

  no shutdown

VLAN 4 is a used for ESXi management but multiple other VLANs can be carried to the ESXi host as tagged VLANs. This is depicted in configuration snippet below ...

interface Vlan 22

 description VMOTION

 name VMOTION

 no ip address

 tagged GigabitEthernet 0/11-14,34-36

 shutdown

!

interface Vlan 23

 description VTEP

 name NSX-OVERLAY

 ip address 192.168.23.254/24

 tagged GigabitEthernet 0/11-14,34-36

 no shutdown

!

interface Vlan 24

 description ISCSI

 name ISCSI

 ip address 192.168.24.254/24

 tagged GigabitEthernet 0/11-14,34-36

 untagged GigabitEthernet 0/10

 no shutdown

!

interface Vlan 25

 description NFS

 name NFS

 ip address 192.168.25.254/24

 tagged GigabitEthernet 0/11-14,34-36

 no shutdown

!

interface Vlan 26

 description VSAN

 name VSAN

 no ip address

 tagged GigabitEthernet 0/11-14,34-36

 shutdown

!

interface Vlan 100

 description V2P-PEERING

 name V2P-PEERING

 ip address 172.16.0.254/24

 tagged GigabitEthernet 0/11-14,34

 no shutdown

So the solution above is one way how to do it. VLAN by VLAN, but what if I would like to configure two new ports into existing VLANs?

Let's assume I have two switch ports (gi 0/29 and gi 0/34) which I want to configure for ESXi hypervisor. Below is the basic configuration of switch ports.

interface GigabitEthernet 0/29
 description ESX01-nic1
 no ip address
 mtu 9216
 portmode hybrid
 switchport
 spanning-tree rstp edge-port
 no shutdown

interface GigabitEthernet 0/34
 description ESX01-nic0
 no ip address
 mtu 9216
 portmode hybrid
 switchport
 spanning-tree rstp edge-port
 no shutdown

Those, who are familiar with CISCO switch operating systems, they would expect VLANs configuration along with switch port configuration. Dell FTOS is different because you have to configure VLANs from the VLANs point of view and not from the switch ports point of view. Let's assume we have VLAN 4 for vSphere management network segment where ESXi hosts are connected natively without 802.1Q tagging. The rest of VLANs we would like to expose into ESXi must be tagged. These VLANs are 2-3, 5-9, 11, 13, 22-26, 31-34, 51-52, 100-101. So, below is the FTOS CLI commands to add two particular switch ports to several required VLANs ...

conf
interface vlan 4
  untagged GigabitEthernet 0/29
  untagged GigabitEthernet 0/34

interface range vlan 2-3,vlan 5-9,vlan 11,vlan 13,vlan 22-26,vlan 31-34,vlan 51-52
  tagged GigabitEthernet 0/29
  tagged GigabitEthernet 0/34

interface range vlan 100-101
  tagged GigabitEthernet 0/29
  tagged GigabitEthernet 0/34

Note: In this particular case, I have to use two ranges because the FTOS interface range is limited. See what error message you would get if you try to configure single interface range of all VLANs mentioned above.

 

interface range vlan 2-3,vlan 5-9,vlan 11,vlan 13,vlan 22-26,vlan 31-34,vlan 51-52,vlan 100-101

% Error: Exceeds maximum number of command arguments ( max = 32 ).

LAGs - Link Aggregates 

Link Aggregation is a general term for channeling multiple links into single virtual aggregate also known as a port channel. There are two types of port channels static and dynamic (aka LACP). For more general information about "link aggregation" look here.

Now let's see how you can configure port channels.

Static Port Channel

Below is the example of static port channel bundled with two interfaces (te 0/1 and te 0/2)

interface port-channel 1
  description "Static Port-Channel"
  channel-member tengigabit 0/1
  channel-member tengigabit 0/2
  no ip address
  switchport
  no shutdown

Dynamic Port Channel

Below is the example of dynamic port channel bundled with two interfaces (te 0/1 and te 0/2)

VLT (Virtual Link Trunking) is actually virtual Port Channel spanned across multiple chassis (aka MultiChassis LAG). VLT can be static or dynamic port-channel. When two Force10 switches are configured in single VLT domain you can create VLT port-channel independently on each VLT node. You can read more about VLT here.

You configure VLT port-channel on each node in the absolutely same way as classic port-channels. The only difference is that you will tell FTOS that this particular port-channel is VLT and you can define peer port-channel id which can be different than on another node. However, the best practice is to use same port-channel IDs on both VLT nodes just to keep configuration simple and more readable.

Directive to tell the port-channel is VLT is vlt-peer-lag.

So if port-channel examples above would be VLTs then the configuration is the same only with one additional option. See examples below.

Static VLT Port Channel

interface port-channel 1
  description "Static Port-Channel"
  channel-member tengigabit 0/1
  channel-member tengigabit 0/2
  vlt-peer-lag port-channel 1
  no ip address
  no shutdown

Dynamic VLT Port Channel

interface port-channel 1

  description "Dynamic Port-Channel (LACP)"

  no ip address

  vlt-peer-lag port-channel 1

  switchport

  no shutdown 

interface tengigabit 0/1

  port-channel-protocol lacp

    port-channel 1 mode active

  no shutdown 

interface tengigabit 0/2

  port-channel-protocol lacp

    port-channel 1 mode active

  no shutdown

Conclusion

Interface and VLAN configuration is a basic network operation. If you are familiar with any other switch vendor interface configuration I think Force10 interface configuration is simple for you. The only different approach is with VLAN configuration but it is just a matter of habit.

Hope you found this blog post useful and as always, any comment and feedback are highly appreciated.