THIS IS AN ACTUAL CONFIGURATION FROM A PRODUCTION DELL NETWORKING MXL 1/10/40G BLADE

SWITCH FOR THE DELL M1000e BLADE SERVER CHASSIS. THIS DOCUMENT IS JUST ONE OF MANY TOOLS
THAT CAN BE USED TO HELP NEWCOMERS UNDERSTAND HOW DELL NETWORKING SWITCHES ARE
CONFIGURED TO ENABLE THE MOST COMMON PROTOCOLS AND TECHNOLOGIES IN A L2/SWITCHED
ENVIRONMENT.
THE ACTUAL CONFIGURATION LINES ARE IN BLACK AND THE EXPLANATIONS ARE IN BLUE.

AUTHOR: VICTOR LAMA

DELL NETWORK SOLUTIONS ENGINEER

450-MXL-A1#show running-config
Current Configuration ...
! Version 9.8(0.0)
[This is the Dell Networking OS Version that is presently running on the switch]
! Last configuration change at Thu Jul 23 17:49:01 2015 by default
! Startup-config last updated at Sat May 16 04:52:23 2015 by default
!
boot system stack-unit 0 primary system: A:
boot system stack-unit 0 secondary system: B:
[Each Dell Force10 switch is referred to as “stack-unit 0”. When they remain as standalone (unstacked)
switches, they retain that “0” identifier. If the switches were stacked, their number would change in
accordance with their position in the stack. The range is between 0 and 5.

These boot system statements identify two partitions, A and B. Each can contain a full Dell Networking
OS version in them. “A” is the primary and “B” is the backup. When you reload the switch, it will
automatically load the version of the Dell Networking Operating System (DNOS is the new name for
FTOS, which stood for Force10 Operating System) in the primary partition, unless you specify otherwise
in the boot statement.

The CLI is largely the same for each platform, except for some commands and command outputs. The
CLI is structured in modes for security and management purposes. Different sets of commands are
available in each mode, and you can limit user access to modes using privilege levels.

In Dell Networking OS, after you enable a command, it is entered into the running configuration file. You
can view the current configuration for the whole system or for a particular CLI mode. To save the
current configuration, copy the running configuration to another location.

NOTE: Due to differences in hardware architecture and continued system development, features may
occasionally differ between the platforms. Differences are noted in each CLI description and related
documentation.]
!
redundancy auto-synchronize full
[Embedded in base configuration. Used when stacking to synchronize the stack master with the standby]
!
hostname 450-MXL-A1

Page 1 Dell Networking MXL L2 Switch Configuration Example with Explanations

!
!
username admin password 7 888dc89d1f1bca2882895c1658f993e7 privilege 15
username root password 7 d7acc8a1dcd4f698 privilege 15 role sysadmin
[This is self-explanatory, but take note that DNOS supports aaa, RADIUS and TACACS+. Since no “enable”
or “enable secret” password is defined, the network admin will be placed directly into privileged exec
(hostname#) mode upon entering the first and only password]
!
default vlan-id 11
[Makes VLAN 11 the native/untagged/default VLAN. Recall that a native VLAN is UNtagged.]
!
!
protocol spanning-tree rstp
no disable
bridge-priority 57344
[Enables the 802.1w version of rapid spanning tree. Dell Force10 also supports Cisco’s rapid-PVST+, MST
(802.1s), and STP (802.1D), too.

Take note that, when connecting an 802.1w RSTP STP domain to a Cisco rapid-PVST+ domain, VLAN 1
MUST be allowed on both sides of the trunk/port-channel inter-switch link between the two domains.
This will allow the RSTP domain to converge on the CST, which will be for VLAN 1. Remember, RSTP
recognizes only ONE instance of spanning-tree. That instance is on VLAN 1 and is called the CST, or
Common Spanning Tree.

In Cisco IOS and NX-OS, VLAN 1 is the ONLY VLAN that accommodates 3rd party switches that leverage
802.1w. It is ONLY on VLAN 1 that a Cisco switch will send the Cisco proprietary BPDUs, as well as the
BPDUs for the open standard, to the downstream switch for convergence purposes. The 802.1w switch
will consume the open standard BPDU and converge on VLAN 1 accordingly. On the other hand, the
Cisco BPDUs will be “tunneled” through the 3rd party switch to the next hop Cisco peer for Cisco PVST+
convergence.]
!
no iscsi enable
[This disables iSCSI optimizations, such as Jumbo MTU sizes, flow control, unicast storm control, etc,
which are enabled by default in Dell Networking OS]
!
vlt domain 2
peer-link port-channel 10
back-up destination 192.168.2.2
primary-priority 57344
system-mac mac-address 02:01:e8:00:01:02
unit-id 0
[This enables and defines the Virtual Link Trunking (VLT) domain. The purpose of VLT is to enable
downstream devices the ability to connect member ports of the same port-channel across two (2)
separate switch chassis. Since all physical ports belong to the same port channel, spanning tree will not
block any of the ports – since it views it as one logical bundle – and full bi-sectional bandwidth will be
available to the device.
The two VLT peers comprise a domain, which is given a number. The link that connects the peers, known
as the VLTi link, consists of 2 x 40G ports, ports Fo0/33 and Fo0/37 bundled in a port-channel in this

Page 2 Dell Networking MXL L2 Switch Configuration Example with Explanations

configuration. The port channel is defined as 10 on this switch. The VLTi port-channel link can be
assigned any number. All VLT database and protocol state information (MAC address and ARP tables,
IGMP information, interface index identifiers, etc.), are exchanged by both VLT peers across the VLTi
port-channel link. This is how the two VLT peers remain synchronized and effectively present themselves
as a single logical construct to a downstream device. One switch is the VLT primary and the other will be
the secondary. Each plays a certain role in convergence.

The backup destination address is the management address of the VLT peer. When you create a VLT
domain on a switch. Dell Networking OS automatically creates a VLT-system MAC address used for the
internal system operation. You can explicitly configure a default MAC address for the domain by
entering a new MAC address. Use the system-mac command as shown.]
!
stack-unit 0 provision MXL-10/40GbE
!
stack-unit 0 port 41 portmode quad
!
stack-unit 0 port 45 portmode quad
[By default, the 40GbE ports on a 2-Port 40GbE QSFP+ expansion module come up in 8 x 10GbE (quad)
mode as 8 x 10GbE ports. Sometimes that is referred to as breakout mode. If these ports are to be used
for stacking, they must be converted to 40GbE using the steps below. This is contrary to the built-in 40G
ports (Fo0/33 and Fo0/37) that come embedded in the switch. Those default to 40G mode and are
oftentimes used for stacking or for creating the VLTi links between switches.

To combine four 10GbE split ports into a single 40GbE port, enter the command:
switch(conf)# no stack-unit <stack unit number> port <40G port number (33, 37, 41, etc.> portmode
quad]

stack-unit unit-number: Enter the number of the stack unit to be reset. Range: 0-5. To display
the stack-unit number, enter the show system brief command.

port port-number: Enter the port number of the 40GbE QSFP+ port to be split. Valid values on
base module (built-in 40GE ports): 33 or 37; slot 0: 41 or 45; slot 1: 49 or 53

portmode quad: Identifies the port as a split 10GbE SFP+ port.

!
!
!
interface TenGigabitEthernet 0/1
description internal server
no ip address
portmode hybrid
[Enables the port to carry traffic from tagged and untagged VLANs. Similar to Cisco’s “switchport mode
trunk” command]
switchport
[Makes the port a L2 port]
spanning-tree rstp edge-port

Page 3 Dell Networking MXL L2 Switch Configuration Example with Explanations

[Configures the port to bypass the STP Listening and Learning states and the Max Age Timer and go
immediately into the Forwarding state. Used on ports that have edge devices connected to them.
Similar to Cisco’s “portfast” command in Cisco IOS and exactly as it is in NX-OS]
no shutdown
!
!
!
interface fortyGigE 0/33
description port-channel_member_10
no ip address
no shutdown
!
interface fortyGigE 0/37
description port-channel_member_10
-no ip address
no shutdown
!
!
!
interface fortyGigE 0/49
description member port-channel 1
no ip address
port-channel-protocol LACP
port-channel 1 mode active
[Makes port Fo0/49 a physical member port of logical port channel 1 and enables LACP negotiation.]
no shutdown
!
interface fortyGigE 0/53
description member port-channel 1
no ip address
port-channel-protocol LACP
port-channel 1 mode active
no shutdown

Makes port Fo0/53 a physical member port of logical port channel 1 and enables LACP negotiation.]
!
!
interface ManagementEthernet 0/0
ip address 192.168.2.2/24
no shutdown
[This is a virtual Out-of-Band port that is linked internally to the M1000e’s Chassis Management
Controller (CMC). The CMC is basically a L2 switch that allows a management LAN to be built within the
chassis to support the virtual management interfaces on the switches, as well as the server iDRAC
connections. All should be on the same L2 VLAN that is built inside the Dell M1000e chassis. The CMC
has an external RJ-45 port for connectivity to an external Out-of-Band switch.]
!
!
!

Page 4 Dell Networking MXL L2 Switch Configuration Example with Explanations

interface Port-channel 1
description Port-Channel to S6000 switches
no ip address
switchport
vlt-peer-lag port-channel 1
[Defines port channel 1 as a VLT port-channel. Typically, a VLT port channel, or simply a VLT (Virtual Link
Trunk), is one whose physical member ports span across two separate switch chassis, thereby offering
full bi-sectional bandwidth and preventing STP from blocking one leg of the port channel. Otherwise
known as a “split LAG.” All the ports in that split LAG will be forwarding and spanning tree will NOT block
any of them because it views all the ports as belonging to the same logical construct (port-channel).

Ports that are not port of a VLT are known as orphaned ports. For example, a server with a single
connection to a switch that is part of a VLT domain would be connected to an orphaned port.]
no shutdown
!
!
!
interface Port-channel 10
description VLTi link to 450-MXL-A2
no ip address
channel-member fortyGigE 0/33,37
[This exemplifies a different way of establishing which physical member ports will comprise the port
channel. This method is used for creating static port channels, instead of leveraging LACP negotiation.
The VLTi port-channel must always be built statically and not through LACP negotiation. This is a Dell
best practice. This differs from the way ports Fo0/49 and Fo0/53 were placed in port channel 1. See
above.]
no shutdown
!
!
interface Vlan 1
no ip address
tagged TenGigabitEthernet 0/1-32
tagged Port-channel 1
[Defines VLAN 1 as a tagged VLAN that will traverse ports Te0/1-32 and port-channel 1. As a reminder, a
“tagged VLAN” simply means that the Ethernet frame header includes the 32-bit dot1Q tag, which
includes the VLAN ID number, CoS markings and the 0x8100 hexadecimal label that identifies the frame
as an Ethernet frame. As with other vendors, it is a best practice to NOT use VLAN 1 for any purpose, as
it is used by several protocols to exchange control plane information. Control plane traffic should never
have to contend with data traffic. ]
no shutdown
!
!
interface Vlan 2
description WAN_VLAN
no ip address
tagged TenGigabitEthernet 0/1-32
tagged Port-channel 1

Page 5 Dell Networking MXL L2 Switch Configuration Example with Explanations

[Defines VLAN 2 as a tagged VLAN that will traverse ports Te0/1-32 and port-channel 1. As a reminder, a
“tagged VLAN” simply means that the Ethernet frame header includes the 32-bit dot1Q tag, which
includes the VLAN ID number, CoS markings and the 0x8100 hexadecimal label that identifies the frame
as an Ethernet frame.]
no shutdown
!
!
interface Vlan 3
description WAN_Monitoring
no ip address
tagged TenGigabitEthernet 0/1-32
tagged Port-channel 1
[Defines VLAN 3 as a tagged VLAN that will traverse ports Te0/1-32 and port-channel 1. As a reminder, a
“tagged VLAN” simply means that the Ethernet frame header includes the 32-bit dot1Q tag, which
includes the VLAN ID number, CoS markings and the 0x8100 hexadecimal label that identifies the frame
as an Ethernet frame.]
no shutdown
!
interface Vlan 11
description vlan 11
untagged TenGigabitEthernet 0/1-32
untagged Port-channel 10
[Defines VLAN 11 as an UNtagged VLAN that will traverse ports Te0/1-32 and port-channel 1. This means
that the dot1Q tag or shim does not exist in the Ethernet frame header. All frames received on a switch
port from a host that does not tag its outbound traffic will be placed by the switch in VLAN 11.]
!
!
!--------------------------------------------IMPORTANT CISCO COMPARISON NOTE-----------------------------------------

[Perhaps the only significant difference in the way a Dell Force10 switch is configured and a Cisco switch
is configured revolves around placing ports in VLANs and creating trunks.

The combined configurations for VLAN interfaces 1, 2, 3 and 11 denote that ports Te0/1-32 and port-
channel 1 are dot1Q trunks. They carry VLANs 1, 2 and 3 as tagged VLANs and VLAN 11 as the
native/untagged VLAN. On a Cisco switch, the equivalent configuration commands would be placed on
the PHYSICAL ports and the LOGICAL port channel port, accordingly:

Interface Te0/1 (or Po1)

switchport mode trunk
switchport trunk allowed VLAN 1,2,3,11
switchport trunk native VLAN 11]

Imagine you want to make port te0/20 an access port that needs to be in VLAN 100, it would be done in
the following manner:

Interface VLAN 100

description HR_Department_LAN
untagged TenGigabitEthernet 0/20

Page 6 Dell Networking MXL L2 Switch Configuration Example with Explanations

On a Cisco switch, it would be done in the following manner:

Interface TenGigabitEthernet 0/20

switchport mode access
switchport mode access VLAN 100

--------------------------------------------IMPORTANT CISCO COMPARISON NOTE------------------------------------------

!
!
!
management route 0.0.0.0/0 192.168.2.1
[Default route for management VLAN including the next hop/default gateway address]
!
ip domain-name lhric.local
ip domain-lookup
[Creates a switch domain name and enables DNS lookups on the switch itself]
ip name-server 10.3.4.207
ip name-server 10.3.4.204
[Defines DNS servers. This is typically used when a hos name is used instead of an IP address when
testing or performing remote access of another device.]
!
!
!
!
banner login ^C

##########################################################
# #
# WARNING #
# #
# This is a private device and can only be accessed by #
# authorized personal. Use of this resource can be #
# monitored and unauthorized use is strictly prohibited. #
# #
##########################################################

^C
!
ntp server 166.109.254.2
ntp server 166.109.254.4
ntp server 166.109.254.6
[Network Time Protocol server addresses]
!
clock timezone EST -5
clock summer-time EST recurring 2 Sun Mar 02:00 1 Sun Nov 02:00
[Sets time zone as EST and specifies the number of hours difference between EST and GMT]
ip ssh server version 2
[Enables SSH access for management sessions, as opposed to Telnet]

Page 7 Dell Networking MXL L2 Switch Configuration Example with Explanations

!
no dcb enable
[Disables Data Center Bridging. DCB consists of protocol extensions and enhancements to Ethernet that
are leveraged when a lossless fabric must be created for the Ethernet-encapsulated Fibre Channel
frames in an FCoE environment.]
!
!
!
protocol lldp
[Enables the Link Layer Discovery Protocol. Dell Networking S-Series switches use LLDP, instead of
Cisco’s CDP. Dell Networking N-Series switches use ISDP, which is the Cisco CDP equivalent and will
interoperate with it.]
!
!
line console 0
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
[These are the console and Telnet/SSH/Remote management access virtual line ports, as in Cisco. If
TACACS+ or some other form of access-based security was leveraged, there would be command lines
under the different console and VTY lines to enable the security. Also, like Cisco.]
!
reload-type
boot-type normal-reload
[This option tells the switch that it should boot into normal switch mode, as opposed to BMP mode,
upon reboot. BMP means Bare Metal Provisioning. It is a Dell Force10 feature that allows a bare metal
switch to download its config file and OS from a remote server. This is useful in large deployments that
leverage identical switch configs and OS versions, such as in Hadoop or HPC clusters. This is also a very
useful feature with future Open Networking and SDN deployments that leverage a disaggregated
model.]
!
end

Page 8 Dell Networking MXL L2 Switch Configuration Example with Explanations