Converged Networks (LAN and SAN) For EX
Uploaded by
Tenishan FernandoConverged Networks (LAN and SAN) For EX
Uploaded by
Tenishan FernandoJunos® OS for EX Series Ethernet Switches
Converged Networks (LAN and SAN) for EX Series
Switches
Release
13.2X50
Published: 2013-09-30
Copyright © 2013, Juniper Networks, Inc.
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
®
Junos OS for EX Series Ethernet Switches Converged Networks (LAN and SAN) for EX Series Switches
Release 13.2X50
Copyright © 2013, Juniper Networks, Inc.
All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii Copyright © 2013, Juniper Networks, Inc.
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Part 1 Overview
Chapter 1 Converged Networks Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Understanding FIP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
FC Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
FIP Snooping Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
FIP Snooping Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
FIP Snooping Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Server ENode-Facing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
FCF-Facing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
FCoE Mapped Address Prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
T11 FIP Snooping Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Understanding Using an FCoE Transit Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Understanding Priority-Based Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Reliability of Packet Delivery in Standard Ethernet Networks and in Layer 2
Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Calculations for Buffer Requirements When Using PFC PAUSE . . . . . . . . . . . . 8
How PFC and Congestion Notification Profiles Work With or Without
DCBX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Basic DCBX Functioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
DCBX and PFC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
DCBX and FCoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
DCBX and iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
How DCBX Is Implemented on the Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Features That Are Not Fully Supported by DCBX on EX Series Switches . . . . 12
Copyright © 2013, Juniper Networks, Inc. iii
Converged Networks (LAN and SAN) for EX Series Switches
Understanding DCB Features and Requirements on EX Series Switches . . . . . . . 14
EX Series Switch DCB Features Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
DCBX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Lossless Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
PFC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Buffer Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Understanding DCBX Application Protocol TLV Exchange on EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Basic Steps for Setting Up Application Protocol TLV Exchange . . . . . . . . . . . 16
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Application Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Classifying and Prioritizing Application Traffic . . . . . . . . . . . . . . . . . . . . . . . . . 18
Requirements for Interfaces in Non-FCoE Applications to Exchange
Application Protocol Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Part 2 Configuration
Chapter 2 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Example: Configuring an FCoE Transit Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Example: Configuring DCBX to Support an iSCSI Application . . . . . . . . . . . . . . . . 33
Chapter 3 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch . . . . . . . . . . . . 39
Configuring Priority-Based Flow Control for an EX Series Switch (CLI
Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI
Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Disabling DCBX Application Protocol Exchange on EX Series Switches (CLI
Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Defining an Application for DCBX Application Protocol TLV Exchange . . . . . . . . . 45
Configuring an Application Map for DCBX Application Protocol TLV
Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Disabling the ETS Recommendation TLV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 4 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
[edit class-of-service] Configuration Statement Hierarchy on EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Supported Statements in the [edit class-of-service] Hierarchy Level . . . . . . 51
Unsupported Statements in the [edit class-of-service] Hierarchy Level . . . . 53
[edit ethernet-switching-options] Configuration Statement Hierarchy on EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Supported Statements in the [edit ethernet-switching-options] Hierarchy
Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Unsupported Statements in the [edit ethernet-switching-options] Hierarchy
Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
iv Copyright © 2013, Juniper Networks, Inc.
Table of Contents
[edit protocols dcbx] Configuration Statement Hierarchy on EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Supported Statements in the [edit protocols dcbx] Hierarchy Level . . . . . . . 57
Unsupported Statements in the [edit protocols dcbx] Hierarchy Level . . . . . 58
application (Applications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
application (Application Maps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
applications (Applications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
application-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
application-maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
code-point (Congestion Notification) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
code-points (Application Maps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
congestion-notification-profile (Priority-Based Flow Control) . . . . . . . . . . . . . . . 66
dcbx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
destination-port (Applications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
disable (DCBX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
ether-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
ethernet-switching-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
examine-fip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
fc-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
fcoe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
fcoe-trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
ieee-802.1 (Congestion Notification) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
input (Congestion Notification) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
interface (Access Port Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
interface (DCBX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
policy-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
priority-flow-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
protocol (Applications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
secure-access-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
vlan (Access Port Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Part 3 Administration
Chapter 5 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
clear fip snooping enode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
clear fip snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
clear fip snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
show dcbx neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
show fip snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
show fip snooping enode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
show fip snooping fcf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
show fip snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
show fip snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Copyright © 2013, Juniper Networks, Inc. v
Converged Networks (LAN and SAN) for EX Series Switches
vi Copyright © 2013, Juniper Networks, Inc.
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Part 1 Overview
Chapter 1 Converged Networks Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 3: Input for PFC Congestion Notification Profile and Mapping to Traffic
Class and Egress Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Part 2 Configuration
Chapter 2 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Table 4: Components of the FCoE Security Topology . . . . . . . . . . . . . . . . . . . . . . . 23
Table 5: Components of the DCBX iSCSI Topology . . . . . . . . . . . . . . . . . . . . . . . . 34
Chapter 4 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Table 6: Unsupported [edit protocols dcbx] Configuration Statements on EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Part 3 Administration
Chapter 5 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Table 7: show dcbx neighbors Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Table 8: show fip snooping Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Table 9: show fip snooping enode Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Table 10: show fip snooping fcf Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Table 11: show fip snooping statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . . 128
Table 12: show fip snooping vlan Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Copyright © 2013, Juniper Networks, Inc. vii
Converged Networks (LAN and SAN) for EX Series Switches
viii Copyright © 2013, Juniper Networks, Inc.
About the Documentation
• Documentation and Release Notes on page ix
• Supported Platforms on page ix
• Using the Examples in This Manual on page ix
• Documentation Conventions on page xi
• Documentation Feedback on page xii
• Requesting Technical Support on page xiii
Documentation and Release Notes
®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Supported Platforms
For the features described in this document, the following platforms are supported:
• EX Series
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. The example does not become
active until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiple
hierarchies), the example is a full example. In this case, use the load merge command.
Copyright © 2013, Juniper Networks, Inc. ix
Converged Networks (LAN and SAN) for EX Series Switches
If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the load merge relative command. These procedures are
described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.
For example, copy the following configuration to a file and name the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the
load merge configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:
x Copyright © 2013, Juniper Networks, Inc.
About the Documentation
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the
load merge relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see the CLI User Guide.
Documentation Conventions
Table 1 on page xi defines notice icons used in this guide.
Table 1: Notice Icons
Icon Meaning Description
Informational note Indicates important features or instructions.
Caution Indicates a situation that might result in loss of data or hardware damage.
Warning Alerts you to the risk of personal injury or death.
Laser warning Alerts you to the risk of personal injury from a laser.
Table 2 on page xi defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
Convention Description Examples
Bold text like this Represents text that you type. To enter configuration mode, type
theconfigure command:
user@host> configure
Fixed-width text like this Represents output that appears on the user@host> show chassis alarms
terminal screen.
No alarms currently active
Italic text like this • Introduces or emphasizes important • A policy term is a named structure
new terms. that defines match conditions and
• Identifies guide names. actions.
• Junos OS CLI User Guide
• Identifies RFC and Internet draft titles.
• RFC 1997, BGP Communities Attribute
Copyright © 2013, Juniper Networks, Inc. xi
Converged Networks (LAN and SAN) for EX Series Switches
Table 2: Text and Syntax Conventions (continued)
Convention Description Examples
Italic text like this Represents variables (options for which Configure the machine’s domain name:
you substitute a value) in commands or
configuration statements. [edit]
root@# set system domain-name
domain-name
Text like this Represents names of configuration • To configure a stub area, include the
statements, commands, files, and stub statement at the[edit protocols
directories; configuration hierarchy levels; ospf area area-id] hierarchy level.
or labels on routing platform • The console port is labeled CONSOLE.
components.
< > (angle brackets) Enclose optional keywords or variables. stub <default-metric metric>;
| (pipe symbol) Indicates a choice between the mutually broadcast | multicast
exclusive keywords or variables on either
side of the symbol. The set of choices is (string1 | string2 | string3)
often enclosed in parentheses for clarity.
# (pound sign) Indicates a comment specified on the rsvp { # Required for dynamic MPLS only
same line as the configuration statement
to which it applies.
[ ] (square brackets) Enclose a variable for which you can community name members [
substitute one or more values. community-ids ]
Indention and braces ( { } ) Identify a level in the configuration [edit]
hierarchy. routing-options {
static {
route default {
; (semicolon) Identifies a leaf statement at a
nexthop address;
configuration hierarchy level.
retain;
}
}
}
GUI Conventions
Bold text like this Represents graphical user interface (GUI) • In the Logical Interfaces box, select
items you click or select. All Interfaces.
• To cancel the configuration, click
Cancel.
> (bold right angle bracket) Separates levels in a hierarchy of menu In the configuration editor hierarchy,
selections. select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
[email protected], or fill out the documentation feedback form at
xii Copyright © 2013, Juniper Networks, Inc.
About the Documentation
https://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to include
the following information with your comments:
• Document or topic name
• URL or page number
• Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: http://www2.juniper.net/kb/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Copyright © 2013, Juniper Networks, Inc. xiii
Converged Networks (LAN and SAN) for EX Series Switches
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xiv Copyright © 2013, Juniper Networks, Inc.
PART 1
Overview
• Converged Networks Overview on page 3
Copyright © 2013, Juniper Networks, Inc. 1
Converged Networks (LAN and SAN) for EX Series Switches
2 Copyright © 2013, Juniper Networks, Inc.
CHAPTER 1
Converged Networks Overview
• Understanding FIP Snooping on page 3
• Understanding Using an FCoE Transit Switch on page 6
• Understanding Priority-Based Flow Control on page 7
• Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches on page 10
• Understanding DCB Features and Requirements on EX Series Switches on page 14
• Understanding DCBX Application Protocol TLV Exchange on EX Series
Switches on page 16
Understanding FIP Snooping
Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping is a security
mechanism that is designed to prevent unauthorized access and data transmission to a
Fibre Channel (FC) network. It works by filtering traffic to permit only servers that have
logged in to the FC network to access the network. You enable FIP snooping on FCoE
VLANs when the switch is being used as an FCoE transit switch connecting FC initiators
(servers) on the Ethernet network to FCoE forwarders (FCFs) at the FC storage area
network (SAN) edge.
Through the FIP process, servers that have a converged network adapter (CNA) present
an FCoE Node (ENode) that can log in to the FC network. The login process establishes
a dedicated virtual link between the ENode and the FCF to emulate a point-to-point
connection that passes transparently through the FCoE transit switch.
The FCoE transit switch applies FIP snooping firewall filters at the edge access ports
associated with the FCoE VLANs on which you enable FIP snooping. FIP snooping provides
security for virtual links by automatically creating firewall filters based on information
gathered (snooped) about FC devices during FIP transactions.
This topic describes:
• FC Network Security on page 4
• FIP Snooping Functions on page 4
• FIP Snooping Firewall Filters on page 4
Copyright © 2013, Juniper Networks, Inc. 3
Converged Networks (LAN and SAN) for EX Series Switches
• FIP Snooping Implementation on page 5
• T11 FIP Snooping Specification on page 6
FC Network Security
In traditional pure FC networks, the FCF is a trusted entity and server ENodes connect
directly to the FCF. After an ENode gains access to the network through the fabric login
(FLOGI) process, the FCF enforces zoning configurations, ensures that the ENode uses
valid addresses, monitors the connection, and performs other security functions to prevent
unauthorized access.
FIP snooping firewall filters emulate these security functions by preventing unauthorized
access to the FCF through the transit switch and by ensuring the security of the virtual
link between each ENode and the FCF. FIP snooping also prevents man-in-the-middle
attacks.
FIP Snooping Functions
When you enable FIP snooping, the FCoE transit switch monitors FIP logins, solicitations,
and advertisements that pass through it and gathers information about the ENode address
and the address of the FCF. The transit switch uses the information to construct firewall
filters that permit access only to logged-in ENodes. All other traffic on the VLAN is denied.
For example, when an ENode on an FCoE VLAN performs a successful login, the FCoE
transit switch snoops the FIP information, constructs a firewall filter that permits access
for the ENode, and adds the filter on all transit switch access ports associated with the
FCoE VLAN.
The firewall filters allow FCoE frames to pass through the transit switch only between
the server ENode FCoE port and the FCF FCoE port to which the server ENode has logged
in. This ensures that ENodes can only connect to the FCFs they have successfully logged
in to and that only valid FCoE traffic is transmitted. FIP snooping maintains the filters by
tracking FCoE sessions.
FIP Snooping Firewall Filters
The FIP snooping firewall filters deny any FCoE traffic on the VLAN except for traffic
originating from ENodes that have already logged in to the FCF.
FIP snooping performs these actions and checks to ensure that FCoE traffic is valid:
• Denies ENodes that use the FCF media access control (MAC) address as the source
address.
• Denies all traffic from the ENode other than traffic addressed to the FCF that the Enode
has logged into.
• Restricts the ENode to sending only FCoE protocol traffic on the virtual link.
• Allows the ENode to transmit only FIP and FCoE frames to the FCF address.
• Ensures that the FCoE source address an ENode uses after fabic login and fabric
discovery (FDISC) is the address the FCF assigned to that ENode.
4 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
• Ensures that the FCoE source address the FCF assigns or accepts is only used for FCoE
traffic.
• Ensures that FCoE frames are only addressed to the accepting FCF.
FIP Snooping Implementation
You enable FIP snooping on a per-VLAN basis. The FCoE transit switch snoops FIP frames
at the access ports associated with the FIP snooping-enabled VLANs, then installs the
resulting firewall filters on the access ports to ensure that all snooping occurs on the
FCoE transit switch network edge.
FCoE VLANs can include both access ports and trunk ports. Access ports face the hosts
(FCoE servers and other FCoE initiators), and trunk ports face the FCF. When FIP snooping
is enabled, the FCoE transit switch inspects both FIP frames and FCoE frames.
The FIP snooping implementation includes these considerations:
• Server ENode-Facing Interfaces on page 5
• FCF-Facing Interfaces on page 5
• FCoE Mapped Address Prefix on page 5
Server ENode-Facing Interfaces
We recommend that you enable FIP snooping on all FCoE access ports to ensure secure
connections to FCFs. After you enable FIP snooping on an FCoE VLAN, the transit switch
denies FCoE traffic from any server on that VLAN until the server performs a valid fabric
login with an FCF.
FCF-Facing Interfaces
You must configure the interface that you are using to connect to an FCF as FCoE trusted
interface, and it must be a 10 Gigabit Ethernet interface.
An FCoE trusted interface receives FCoE traffic only from an FCF. The following conditions
apply to FCFs and FCF-facing interfaces:
• By default, FCFs are trusted entities.
• The FCoE transit switch always processes FCF frames because they come from a
trusted source.
FCoE Mapped Address Prefix
When you enable FIP snooping on a VLAN, optionally you can specify the FCoE Mapped
Address Prefix (FC-MAP) value for that VLAN if the network uses the fabric-provided
MAC address (FPMA) addressing scheme. The FC-MAP value is a 24-bit value that
identifies the FCF. The FCF combines the FC-MAP value with a unique 24-bit Fibre Channel
ID (FCID) value for the server during the fabric login process, creating a unique 48-bit
identifier. The FCF assigns the 48-bit value to the server ENode as its MAC address and
unique identifier for the session. Each server session the ENode establishes with the FCF
Copyright © 2013, Juniper Networks, Inc. 5
Converged Networks (LAN and SAN) for EX Series Switches
receives a unique FCID, so a server can host multiple virtual links to an FCF, each with a
unique 48-bit address identifier.
The FIP snooping filter compares the configured FC-MAP value with the FC-MAP value
in the header of frames coming from the server. If the values do not match, the FCoE
transit switch denies access.
T11 FIP Snooping Specification
For more details about FIP snooping, see the Technical Committee T11 organization
document Increasing FCoE Robustness using FIP Snooping at
http://www.t11.org/ftp/t11/pub/fc/bb-5/08-264v3.pdf.
Related • Understanding Using an FCoE Transit Switch on page 6
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Understanding Using an FCoE Transit Switch
You can use an EX4500 switch as a Fibre Channel over Ethernet (FCoE) transit switch.
An FCoE transit switch is a Layer 2 data center bridging (DCB) switch that can transport
FCoE frames and implement FCoE Initialization Protocol (FIP) snooping. The switch can
transport both FCoE and Ethernet LAN traffic over the same network infrastructure while
preserving the class of service (CoS) that Fibre Channel (FC) traffic requires.
An FCoE transit switch does not encapsulate or decapsulate FC frames in Ethernet. It is
an access switch that transports FC frames that have already been encapsulated in
Ethernet between FCoE initiators such as servers and an FCoE forwarder (FCF), which
is in an FC storage area network (SAN). The transit switch acts as a passthrough switch
and is transparent to the FCF, which detects each connection to an FCoE server as a
direct point-to-point link.
When the switch acts as a transit switch, the VLANs you configure for FCoE traffic can
use any of the switch ingress and egress ports, because the traffic in both directions is
Ethernet traffic. FCoE traffic must use a VLAN dedicated only to FCoE traffic that does
not carry any other traffic.
When the switch acts as a transit switch, you must enable priority-based flow control
(PFC, IEEE standard 802.1Qbb) as a link-level flow control mechanism. See
“Understanding Priority-Based Flow Control” on page 7 for additional information. FIP
snooping adds security by filtering access so that only traffic from servers that have
successfully logged in to the FC network passes through the transit switch and reaches
the FC network.
The transit switch transparently connects FCoE-capable servers in an Ethernet LAN to
an FCF, which has both FCoE and FC interfaces and processes both the FCoE and FC
protocol stacks. The transit switch acts as a transparent access layer between FCoE
servers and the FCF.
6 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
Encapsulated FCoE server traffic flows through the transit switch to the FCoE ports on
the FCF. The FCF removes the Ethernet encapsulation from the FCoE frames to restore
the native FC frames. Native FC traffic travels out FCF FC ports to storage devices in the
FC SAN.
Native FC traffic from storage devices flows to the FCF FC ports, and the FCF encapsulates
that traffic in Ethernet as FCoE traffic. The FCoE traffic flows through the transit switch
to the appropriate server, and the server decapsulates the traffic.
Related • Understanding FIP Snooping on page 3
Documentation
Understanding Priority-Based Flow Control
Priority-based flow control (PFC), IEEE standard 802.1Qbb, is a link-level flow control
mechanism. The flow control mechanism is similar to that used by IEEE 802.3x Ethernet
PAUSE, but it operates on individual priorities. Instead of pausing all traffic on a link, PFC
allows you to selectively pause traffic according to its class.
This topic describes:
• Reliability of Packet Delivery in Standard Ethernet Networks and in Layer 2
Networks on page 7
• Calculations for Buffer Requirements When Using PFC PAUSE on page 8
• How PFC and Congestion Notification Profiles Work With or Without DCBX on page 8
Reliability of Packet Delivery in Standard Ethernet Networks and in Layer 2 Networks
Standard Ethernet does not guarantee that a packet injected into the network will arrive
at its intended destination. Reliability is provided by upper-layer protocols. Generally, a
network path consists of multiple hops between the source and destination. A problem
arises when transmitters send packets faster than receivers can accept them. When
receivers run out of available buffer space to hold incoming flows, they silently drop
additional incoming packets. This problem is generally resolved by upper-layer protocols
that detect the drops and request retransmission.
Applications that require reliability in Layer 2 must have flow control that includes
feedback from a receiver to a sender regarding buffer availability. Using IEEE 802.3x
Ethernet PAUSE control frames, a receiver can generate a MAC control frame and send
a PAUSE request to a sender when a specified threshold of receiver buffer has been filled
to prevent buffer overflow. Upon receiving a PAUSE request, the sender stops transmission
of any new packets until the receiver notifies the sender that it has sufficient buffer space
to accept them again. The disadvantage of using Ethernet PAUSE is that it operates on
the entire link, which might be carrying multiple traffic flows. Some traffic flows do not
need flow control in Layer 2, because they are carrying applications that rely on upper-layer
protocols for reliability. PFC enables you to configure Layer 2 flow control selectively for
the traffic that requires it, such as Fibre Channel over Ethernet (FCoE) traffic, without
impacting other traffic on the link. You can also enable PFC for other traffic types, such
as iSCSI.
Copyright © 2013, Juniper Networks, Inc. 7
Converged Networks (LAN and SAN) for EX Series Switches
Calculations for Buffer Requirements When Using PFC PAUSE
The receive buffer must be large enough to accommodate all data that is received while
the system is responding to a PFC PAUSE frame.
When you calculate buffer requirements, consider the following factors:
• Processing and queuing delay of the PFC PAUSE—In general, the time to detect the
lack of sufficient buffer space and to transmit the PFC PAUSE is negligible. However,
delays can occur if the switch detects a reduction in buffer space just as the transmitter
is beginning to transmit a maximum length frame.
• Propagation delay across the media—The delay amount depends on the length and
speed of the physical link.
• Response time to the PFC PAUSE frame
• Propagation delay across the media on the return path
NOTE: We recommend that you configure at least 20 percent of the buffer
size for the queue that is using PFC and that you do not specify the exact
option.
Because it is mandatory to explicitly configure a certain percentage of buffer
size for PFC, you must also explicity configure some buffer size for any other
forwarding classes that you are planning to use (including the default
forwarding classes and the user-defined forwarding classes). The percentage
that you allocate depends on the usage of the respective classes.
How PFC and Congestion Notification Profiles Work With or Without DCBX
PFC can be applied to an interface regardless of whether the Data Center Bridging
Capability Exchange protocol (DCBX) is enabled (DCBX is enabled by default for
10-Gigabit Ethernet interfaces on EX4500 CEE-enabled switches).
However, automatic control and advertisement of PFC requires DCBX:
• When DCBX is enabled—DCBX detects the data center bridging (DCB) neighbor’s PFC
configuration, uses autonegotiation to advertise local and peer PFC configuration, and
then enables or disables PFC depending on whether the configurations are compatible
or not. When PFC is enabled, it uses the congestion notification profile, which you have
configured and applied to the interface.
• When DCBX is not enabled—Class of service (CoS) triggers PFC when the incoming
frame has a User Priority (UP) field that matches the three-bit pattern specified for
the congestion notification profile.
To manually control the use of PFC on the interface regardless of the configuration of
the peer data center devices, you can explicitly change the configuration of DCBX on the
interface to disable PFC autonegotiation. See “Disabling DCBX to Disable PFC
Autonegotiation on EX Series Switches (CLI Procedure)” on page 44. When PFC
8 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
autonegotiation is disabled, PFC is triggered by the congestion notification profile for
PFC regardless of the configuration of the DCB peer.
NOTE: PFC functions effectively only when the peer devices connected to
the local interface are also using PFC and are configured compatibly with
the local interface. PFC must be symmetrical—if PFC is not configured to use
the same traffic class (code point) on both the local and the peer interface,
it does not have any impact on the traffic.
Table 3 on page 9 shows the one-to-one mapping between the UP field of an IEEE
802.1Q tagged frame, the traffic class, and the egress queue. In addition to setting a PFC
congestion notification profile on an ingress port, you must set a forwarding class to
match the priority specified in the PFC congestion notification profile and to forward the
frame to the appropriate queue.
Juniper Networks EX Series Ethernet Switches support up to six traffic classes and allow
you to associate those classes with six different congestion notification profiles. (The
switches support up to 16 forwarding classes.)
Table 3: Input for PFC Congestion Notification Profile and Mapping to Traffic Class and Egress
Queue
UP Field of IEEE-802.1Q Tagged
Frame Traffic Class Egress Queue
000 TC 0 queue 0
001 TC 1 queue 1
010 TC 2 queue 2
011 TC 3 queue 3
100 TC4 queue 4
101 TC 5 queue 5
Related • Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Documentation Switches on page 10
• Example: Configuring an FCoE Transit Switch on page 21
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
• schedulers
• congestion-notification-profile on page 66
Copyright © 2013, Juniper Networks, Inc. 9
Converged Networks (LAN and SAN) for EX Series Switches
Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches
Data Center Bridging Capability Exchange protocol (DCBX) is a discovery and exchange
protocol for communicating configuration and capabilities among neighbors to ensure
consistent configuration across the data center bridging network. It is an extension of
Link Layer Discovery Protocol (LLDP). Data center bridging devices use DCBX to exchange
configuration information with directly connected peers (devices such as switches and
servers in a data center bridging network).
On Juniper Networks EX Series Ethernet Switches, you can use DCBX to:
• Discover the data center bridging capabilities of peers
• Detect data center bridging feature misconfiguration or mismatches between peers
• Automatically enable or disable priority-based flow control (PFC) on an interface
depending on whether the PFC configuration of the local interface is the same as the
PFC configuration of the DCB peer
This topic describes:
• Basic DCBX Functioning on page 10
• DCBX and PFC on page 11
• DCBX and FCoE on page 11
• DCBX and iSCSI on page 11
• How DCBX Is Implemented on the Switches on page 12
• Features That Are Not Fully Supported by DCBX on EX Series Switches on page 12
Basic DCBX Functioning
DCBX features support PFC, the Fibre Channel over Ethernet (FCoE) application, and
other Layer 2 or Layer 4 applications (such as iSCSI). DCBX is enabled or disabled on a
per-interface basis. The default autonegotiation behavior is: DCBX is enabled if the peer
device connected to the interface also supports DCBX.
If the peer device connected to the interface does not support DCBX, DCBX remains
enabled on the switch, but the switch detects that DCBX is not enabled on the peer and
reports a misconfiguration for that interface when you issue the show dcbx neighbors
command.
During negotiation of capabilities, the switch pushes the PFC configuration to an attached
peer if the peer is configured as willing to learn the PFC configuration from other peers.
The switch does not support autoprovisioning and does not change its own configuration
during autonegotiation to match the peer configuration—that is, the switch is not willing
to learn the PFC configuration from peers.
10 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
DCBX and PFC
After you enable PFC on a switch interface, DCBX uses autonegotiation to control the
operational state of PFC functionality.
DCB devices must use the same traffic class (code point) on both the local and peer
device. If the peer device connected to the interface supports PFC and is provisioned for
the same traffic class as the switch interface, DCBX sets the PFC operational state to
enabled. If the peer device connected to the interface does not support PFC or is not
provisioned for the same traffic class, DCBX sets the operational state to disabled.
If the peer advertises that it is willing to learn its PFC configuration from the switch, DCBX
pushes the switch’s PFC configuration to the peer and does not check the peer’s
administrative state.
You can manually override DCBX control of the PFC operational state on a per-interface
basis by disabling autonegotiation. If you disable autonegotiation on an interface on
which you have configured PFC, then PFC remains enabled on that interface regardless
of the peer configuration. To disable PFC on an interface, delete any PFC configuration
on the interface.
DCBX and FCoE
DCBX is mandatory for running FCoE applications, because FCoE traffic requires PFC to
ensure lossless transport and PFC is a component of DCBX.
The FCoE application is configured by default on DCBX interfaces. Because of the FCoE
requirement for lossless transport, we recommend that you configure the interfaces that
carry FCoE traffic for PFC. See “Configuring Priority-Based Flow Control for an EX Series
Switch (CLI Procedure)” on page 41.
DCBX advertisement of the FCoE application functions as follows:
• If you configure the fcoe forwarding class and PFC congestion notification profile and
assign these components to the interfaces that carry FCoE traffic, DCBX advertises
their FCoE capability and assigned 802.1p code points to the DCB peer, and DCBX
reports the FCoE capability and assigned 802.1p code points of the DCB peer to the
switch.
DCBX and iSCSI
DCBX is not essential for iSCSI applications. These applications provide a method for
linking data storage facilities over IP networks. Unlike Fibre Channel (FC) communications,
which require special-purpose cabling, iSCSI can be run over long distances by using
existing network infrastructure.
You might want to use iSCSI over DCB to reduce latency in a network that is
oversubscribed. You might also want to use it to provide predictable and certain
application responsiveness, eliminating Ethernet’s dependence on TCP/IP for the
retransmission of dropped Ethernet frames.
Copyright © 2013, Juniper Networks, Inc. 11
Converged Networks (LAN and SAN) for EX Series Switches
DCBX advertises switch interfaces that are configured to support the iSCSI application,
their PFC capability, and their assigned 802.1p code points.
How DCBX Is Implemented on the Switches
On the switches, the implementation of DCBX is:
• Supported on EX4500 switches only (See EX4500 Switch Models for a list of
CEE-capable models.)
• Supported on aggregated Ethernet interfaces composed of 10-Gigabit Ethernet
interfaces
• Enabled by default on all 10-Gigabit Ethernet interfaces
On the switches, DCBX supports the application type-length-value (TLV) —thus, DCBX
interfaces on the switch can exchange information with their DCB peers about application
capability, PFC capability, and 802.1p code-point settings. This implementation includes
the following:
• The FCoE application is enabled by default on DCBX interfaces on the switch. Therefore,
you do not configure an application map for the default FCoE application.
The switches do not have a default FCoE forwarding class—therefore, you must explicitly
configure a forwarding class with the name fcoe and associate that class with the
interfaces carrying FCoE traffic. If PFC is enabled, the 802.1p code points are assigned,
and the interfaces are associated with a forwarding class, the switch negotiates FCoE
application capability on the DCBX interface.
• Do not explicitly configure an FCoE application map, because that generates a commit
error.
• You can configure additional Layer 2 or Layer 4 applications to be supported by the
DCBX application TLV feature. To do this, explicitly configure an application map and
associate the application map with one of the DCBX interfaces. DCBX then advertises
the application capabilities of the associated interface and checks the capabilities of
the connected peer device.
• If the peer device connected to the local interface does not support PFC or the peer’s
PFC configuration is not the same as the local interface’s PFC configuration, DCBX
automatically disables PFC for the local interface.
NOTE: You can manually override DCBX control of the PFC operational
state on a per-interface basis. See “Disabling DCBX to Disable PFC
Autonegotiation on EX Series Switches (CLI Procedure)” on page 44.
Features That Are Not Fully Supported by DCBX on EX Series Switches
The implementation of DCBX on EX Series switches does not fully support the following
features:
12 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
• Enhanced transmission selection (ETS) (IEEE 802.1Qaz)—ETS is a bandwidth
management mechanism to support dynamic allocation of bandwidth for DCBX traffic
classes.
• EX Series switches do not support using ETS to dynamically allocate bandwidth to
specified traffic classes. Instead, the switches handle all DCBX traffic as a single
default traffic class, group 7.
• However, the switches do support the ETS Recommendation TLV. The ETS
Recommendation TLV communicates the ETS settings that the switch wants the
connected DCBX peer interface to use.
• If the peer interface is willing, it changes its configuration to match the configuration
in the ETS Recommendation TLV sent by the switch (group 7).
• The switch also advertises that it is not willing to change its ETS settings.
• The advertisement of ETS TLV is enabled by default for DCBX interfaces. If you want,
you can disable this advertisement. See “Disabling the ETS Recommendation TLV”
on page 48.
• A default FCoE forwarding class—The switch does not have a default FCoE forwarding
class with default mapping to a priority queue for FCoE traffic.
NOTE: Because the switches do not support a default FCoE forwarding
class, you must explicitly configure a forwarding class and name it fcoe.
Related • Understanding DCB Features and Requirements on EX Series Switches on page 14
Documentation
• Understanding Using an FCoE Transit Switch on page 6
• Example: Configuring an FCoE Transit Switch on page 21
Copyright © 2013, Juniper Networks, Inc. 13
Converged Networks (LAN and SAN) for EX Series Switches
Understanding DCB Features and Requirements on EX Series Switches
Data center bridging (DCB) is a set of enhancements to the IEEE 802.1 bridge
specifications. DCB modifies and extends Ethernet behavior to support I/O convergence
in the data center. I/O convergence includes but is not limited to the transport of Ethernet
LAN traffic and Fibre Channel (FC) storage area network (SAN) traffic on the same
physical Ethernet network infrastructure.
A converged architecture saves cost by reducing the number of networks and switches
required to support both types of traffic, reducing the number of interfaces required,
reducing cable complexity, and reducing administration activities.
You can use DCB features on Juniper Networks EX4500 CEE-enabled switches to
transport converged Ethernet and FC traffic while providing the class-of-service (CoS)
characteristics and other characteristics FC requires for transmitting storage traffic.
This topic describes:
• EX Series Switch DCB Features Overview on page 14
• Physical Interfaces on page 14
• DCBX on page 15
• Lossless Transport on page 15
EX Series Switch DCB Features Overview
To accommodate FC traffic, DCB specifications provide:
• High-bandwidth interface
• A discovery and exchange protocol for communicating configuration and capabilities
among neighbors to ensure consistent configuration across the network, called Data
Center Bridging Capability Exchange protocol (DCBX), which is an extension of Link
Layer Discovery Protocol (LLDP, described in IEEE 802.1AB).
• A flow control mechanism called priority-based flow control (PFC, described in IEEE
802.1Qbb) to help provide lossless transport.
NOTE: The switches support the DCBX standards and PFC, but do not support
enhanced transmission selection (ETS) and quantized congestion notification
(QCN).
Physical Interfaces
The switches provide the high-bandwidth interfaces (10-Gigabit Ethernet interfaces)
required to support DCB and converged traffic. Your switch can have both 1-gigabit and
10-gigabit interfaces, depending on the configuration. DCBX works only on 10-gigabit,
full-duplex interfaces. However, LLDP and DCBX are enabled by default on all the
interfaces.
14 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
DCBX
DCB devices use DCBX to exchange configuration information with directly connected
peers (switches and data center devices such as servers). DCBX is an extension of LLDP.
See “Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches” on page 10 for details.
Lossless Transport
FC traffic requires lossless transport (defined as no frames dropped because of
congestion). Standard Ethernet does not support lossless transport, but the DCB
extensions to Ethernet along with proper buffer management enable an Ethernet network
to provide the level of CoS necessary to transport FC frames encapsulated in Ethernet
over an Ethernet network.
This section describes these factors in creating lossless transport over Ethernet:
• PFC on page 15
• Buffer Management on page 15
PFC
PFC is a link-level flow control mechanism similar to Ethernet PAUSE (described in IEEE
802.3x). Ethernet PAUSE stops all traffic on a link for a specified period of time. PFC
allows you to assign special priority to a specific traffic class for a specified period of time
without stopping the traffic assigned to other priorities on the link. You assign this priority
by using a congestion notification profile.
The switches support up to six traffic classes and allow you to associate those classes
with six different congestion notification profiles.
PFC enables you to provide lossless transport for traffic assigned to use the PFC
congestion notification profile and to use standard Ethernet transport for the rest of the
link traffic.
Buffer Management
Buffer management is critical to the proper functioning of PFC, because if buffers are
allowed to overflow, frames are dropped and transport is not lossless.
For each lossless flow priority, the switch requires sufficient buffer space to:
• Store frames sent during the time it takes to send the PFC PAUSE across the cable
between devices
• Store frames that are already on the wire when the sender receives the PFC PAUSE
The amount of buffer space needed to prevent frame loss due to congestion depends
on the cable length, cable speed, and processing speed.
The switch automatically sets the threshold for sending a PFC PAUSE frame to
accommodate delay from cables as long as 984 feet (300 meters) and to accommodate
large frames that might be on the wire when the switch sends the PAUSE. This ensures
Copyright © 2013, Juniper Networks, Inc. 15
Converged Networks (LAN and SAN) for EX Series Switches
that the switch sends PAUSEframes early enough to allow the sender to stop transmitting
before the receive buffers on the switch overflow.
Related • Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Documentation Switches on page 10
• Example: Configuring an FCoE Transit Switch on page 21
Understanding DCBX Application Protocol TLV Exchange on EX Series Switches
Data Center Bridging Capability Exchange protocol (DCBX) discovers the data center
bridging (DCB) capabilities of connected peers. DCBX also advertises the capabilities of
applications on interfaces by exchanging application protocol information through
application type, length, and value (TLV) elements. DCBX is an extension of Link Layer
Discovery Protocol (LLDP). LLDP must remain enabled on every interface on which you
want to use DCBX.
NOTE: LLDP and DCBX are enabled by default on all 10-Gigabit Ethernet
interfaces of EX4500 CEE-enabled switches.
This topic describes:
• Basic Steps for Setting Up Application Protocol TLV Exchange on page 16
• Applications on page 17
• Application Maps on page 17
• Classifying and Prioritizing Application Traffic on page 18
• Requirements for Interfaces in Non-FCoE Applications to Exchange Application Protocol
Information on page 18
Basic Steps for Setting Up Application Protocol TLV Exchange
Setting up application protocol exchange for FCoE applications consists of:
• Configuring the fcoe forwarding class for IEEE 802.1p code point 011
• Configuring PFC tfor IEEE 802.1p code point 011
We recommend that you use code point 011 for the fcoe forwarding class, because this
is the conventional IEEE 802.1p code point for FCoE traffic. We recommend that you
configure PFC to use the same code point. See “Example: Configuring an FCoE Transit
Switch” on page 21.
Setting up application protocol exchange for non-FCoE applications consists of:
• Defining applications
• Mapping the applications to IEEE 802.1p code points
16 Copyright © 2013, Juniper Networks, Inc.
Chapter 1: Converged Networks Overview
• Configuring classifiers to prioritize incoming traffic map and map the incoming traffic
to the application by the traffic code points
• Applying the application maps and classifiers to interfaces
Except for FCoE applications, you must explicitly define and map all applications that
you want an interface to advertise.
NOTE: Do not explicitly configure an FCoE application map, because doing
that generates a commit error.
Applications
Before an interface can exchange application protocol information, you must define the
applications that you want to advertise, except for the FCoE application, which is defined
by default. You can define:
• Layer 2 applications by EtherType
• Layer 4 applications (such as iSCSI applications) by a combination of protocol (TCP
or UDP) and destination port
The EtherType is a two-octet field in the Ethernet frame that denotes the protocol
encapsulated in the frame. For a list of common EtherTypes, see
http://standards.ieee.org/develop/regauth/ethertype/eth.txt on the IEEE standards
organization website. For a list of port numbers and protocols, see the Service Name and
Transport Protocol Port Number Registry at
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
on the Internet Assigned Numbers Authority (IANA) website.
The switch automatically defines the FCoE application as EtherType 0x8906.
Application Maps
An application map maps defined applications to one or more IEEE 802.1p code points.
Each application map contains one or more applications. DCBX includes the configured
application code points in the protocol TLVs exchanged with the connected peer.
To exchange protocol TLVs for an application, you must include the application in an
application map (with the exception of the FCoE application).
Mapping an application to code points does two things:
• Maps incoming traffic with the same code points to that application.
• Allows you to configure classifiers that map incoming application traffic, by code point,
to a forwarding class and a loss priority to apply class of service (CoS) to application
traffic and prioritize application traffic.
You apply an application map to an interface to enable DCBX application protocol
exchange on that interface for each application specified in the application map.
Applications that you want an interface to advertise must be configured in the application
Copyright © 2013, Juniper Networks, Inc. 17
Converged Networks (LAN and SAN) for EX Series Switches
map that you apply to the interface (except the FCoE application). Do not explicitly
configure an FCoE application map, because doing that generates a commit error.
Classifying and Prioritizing Application Traffic
When traffic arrives at an interface, the interface classifies the incoming traffic based on
its code points. Classifiers map code points to loss priorities and forwarding classes. The
loss priority prioritizes the traffic. The forwarding class determines the traffic output
queue and CoS service level.
When you map an application to an IEEE 802.1p code point in an application map and
apply the application map to an interface, incoming traffic on the interface that matches
the application code points is mapped to the appropriate application. The application
receives the loss priority and the CoS associated with the forwarding class for those code
points, and its trafffic is placed in the output queue associated with the forwarding class.
You can use the default classifier or you can configure a classifier to map the application
code points defined in the application map to forwarding classes and loss priorities.
Traffic for the FCoE application is classified and prioritized by your configuration of the
fcoe forwarding class.
Requirements for Interfaces in Non-FCoE Applications to Exchange Application Protocol
Information
For non-FCoE applications, interfaces on which you want to exchange application protocol
TLVs must include the following two items:
• The application map that contains the application
• A classifier
See “Defining an Application for DCBX Application Protocol TLV Exchange” on page 45
and “Configuring an Application Map for DCBX Application Protocol TLV Exchange” on
page 46.
Related • Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Documentation Switches on page 10
• Understanding DCB Features and Requirements on EX Series Switches on page 14
• Understanding Priority-Based Flow Control on page 7
• Disabling DCBX Application Protocol Exchange on EX Series Switches (CLI Procedure)
on page 44
18 Copyright © 2013, Juniper Networks, Inc.
PART 2
Configuration
• Configuration Examples on page 21
• Configuration Tasks on page 39
• Configuration Statements on page 51
Copyright © 2013, Juniper Networks, Inc. 19
Converged Networks (LAN and SAN) for EX Series Switches
20 Copyright © 2013, Juniper Networks, Inc.
CHAPTER 2
Configuration Examples
• Example: Configuring an FCoE Transit Switch on page 21
• Example: Configuring DCBX to Support an iSCSI Application on page 33
Example: Configuring an FCoE Transit Switch
You can use an EX4500 CEE-enabled switch as a Fibre Channel over Ethernet (FCoE)
transit switch, enabling it to transport both FCoE and Ethernet LAN traffic. Using the
same switch to support both your storage network and traditional IP-based data
communications reduces the costs of powering, cooling, provisioning, maintaining, and
managing your network.
This example includes:
• FIP snooping for security
• Priority-based flow control (PFC) for lossless transport
• The FCoE forwarding class for the DCBX application protocol type, length, value (TLV)
exchange
• A trusted port connecting to the FCoE forwarder (FCF)
• Enlarged maximum transmission unit (MTU) size for handling FCoE traffic
This example shows how to configure an FCoE transit switch:
• Requirements on page 21
• Overview and Topology on page 22
• Configuration on page 24
• Verification on page 30
Requirements
This example uses the following hardware and software components:
• One EX4500 switch (CEE-capable model)
• Junos OS Release 12.1 or later for EX Series switches
Copyright © 2013, Juniper Networks, Inc. 21
Converged Networks (LAN and SAN) for EX Series Switches
• One FCoE Node (ENode)
• One FCoE forwarder (FCF)
Before you begin, be sure you have:
• Configured the VLAN fcoe-vlan on the switch. See Configuring VLANs for EX Series
Switches (CLI Procedure).
Overview and Topology
FCoE transmissions are vulnerable to address spoofing and man-in-the-middle attacks,
because they are not actually sent through point-to-point links. This example describes
how to configure the switch so that it provides security similar to that provided by
traditional Fibre Channel (FC) networks. The switch is transparent to the ENode and the
FCF, so the ENode and FCF communicate just as they would for a point-to-point link.
FIP snooping is disabled by default. You enable FIP snooping on a per-VLAN basis for
VLANs that carry FCoE traffic. Ensure that a VLAN that carries FCoE traffic carries only
FCoE traffic, because enabling FIP snooping denies access for all other Ethernet traffic.
This example shows how to configure FIP snooping on a VLAN of the EX4500 switch
that is connected with one ENode, that is, a server equipped with converged network
adapters (CNAs). The setup for this example includes the VLAN fcoe-vlan on the switch.
This example also shows how to configure PFC on the interfaces that are being used for
FCoE traffic and how to configure an FCoE trusted port to handle traffic between the
switch and the FCF gateway to the storage area network (SAN).
You must configure PFC properties for the interfaces that are carrying FCoE traffic,
because flow control must be implemented on the link level for this type of traffic.
NOTE: Data Center Bridging Capability Exchange protocol (DCBX) is enabled
by default on all 10-Gigabit Ethernet interfaces on EX4500 switches. DCBX
automatically controls whether PFC is enabled or disabled on the interface.
However, you must configure the PFC properties selecting the traffic class
and queue. See “Configuring Priority-Based Flow Control for an EX Series
Switch (CLI Procedure)” on page 41.
You configure trunk interfaces that connect to the FCF as trusted interfaces. The switch
must use the same FCoE MAC Address Prefix (FC-MAP) value that is being used by the
FCF. Therefore, if the FCF is using a nondefault FC-MAP value, you must configure the
FC-MAP value on the switch to match that value.
You must also enlarge the MTU size for all interfaces (both access and trunk) that are
handling FCoE traffic to accommodate the maximum FC frame and Ethernet header
sizes.
This example also includes configuring the fcoe forwarding class to be used for the FCoE
traffic, so that it can take advantage of DCBX support for the Application Protocol TLV
22 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
Exchange. See “Understanding Data Center Bridging Capability Exchange Protocol for
EX Series Switches” on page 10 for additional information.
NOTE: Configuring and applying PFC and a forwarding class fcoe on the
DCBX interfaces automatically enables the DCBX FCoE application protocol
exchange on those interfaces. Do not explicitly configure an FCoE application
map, because doing that generates a commit error. See “Understanding Data
Center Bridging Capability Exchange Protocol for EX Series Switches” on
page 10 for additional information.
NOTE: PFC is supported only on 10-Gigabit Ethernet interfaces.
NOTE: We recommend that you also:
• Configure the PFC congestion notification profile for the same 802.1p code
points that you are using for the fcoe forwarding class. We recommend
code point 011, because this is the conventional IEEE 802.1p code point for
FCoE traffic.
• Configure at least 20 percent of the buffer for the queue that is using PFC.
• Do not specify the exact option when configuring the buffer for the queue
that is using PFC.
• Configure the loss-priority statement to low for a traffic class that is using
PFC.
• Configure an appropriate percent of the buffer for any other forwarding
classes (default forwarding classes and the user-defined forwarding
classes) that you are using
The components of the topology for this example are shown in Table 4 on page 23.
Table 4: Components of the FCoE Security Topology
Properties Settings
Switch hardware One EX4500 CEE-enabled switch
VLAN name and ID fcoe-vlan, tag 20
Forwarding class for FCoE traffic fcoe, code point 011
Interfaces in fcoe-vlan xe-0/0/1
xe-0/0/2
xe-0/0/3
xe-0/0/30
FCoE trusted port to the FCF xe-0/0/30
Copyright © 2013, Juniper Networks, Inc. 23
Converged Networks (LAN and SAN) for EX Series Switches
Table 4: Components of the FCoE Security Topology (continued)
Properties Settings
PFC interfaces xe-0/0/1
xe-0/0/2
xe-0/0/3
xe-0/0/30
CoS forwarding-class interface xe-0/0/30
CoS scheduler-map interface xe-0/0/30
Interfaces configured with MTU of 2500 xe-0/0/1
xe-0/0/2
xe-0/0/3
xe-0/0/30
In this example, the switch has already been configured as follows:
• All access ports are untrusted, which is the default setting.
• DCBX is enabled by default on all 10-Gigabit Ethernet interfaces.
• The port connecting the switch to the FCF is configured as a trunk port.
Configuration
To configure an FCoE transit switch, perform these tasks:
CLI Quick To quickly configure an FCoE transit switch, copy the following commands and paste
Configuration them into the switch terminal window:
[edit]
set ethernet-switching-options secure-access-port vlan fcoe-vlan examine-fip fc-map 0x0EFC03
set ethernet-switching-options secure-access-port interface xe-0/0/30 fcoe-trusted
set interfaces xe-0/0/1 ether-options no-flow-control
set interfaces xe-0/0/2 ether-options no-flow-control
set interfaces xe-0/0/3 ether-options no-flow-control
set interfaces xe-0/0/30 ether-options no-flow-control
set class-of-service congestion-notification-profile cn-profile input ieee-802.1 code-point 011 pfc
set class-of-service interfaces xe-0/0/1 congestion-notification-profile cn-profile
set class-of-service interfaces xe-0/0/2 congestion-notification-profile cn-profile
set class-of-service interfaces xe-0/0/3 congestion-notification-profile cn-profile
set class-of-service interfaces xe-0/0/30 congestion-notification-profile cn-profile
set class-of-service classifiers ieee-802.1 pfc-class import default
set class-of-service classifiers ieee-802.1 pfc-class forwarding-class fcoe loss-priority low
code-points 011
set class-of-service interfaces xe-0/0/1 unit 0 classifiers ieee-802.1 pfc-class
set class-of-service interfaces xe-0/0/2 unit 0 classifiers ieee-802.1 pfc-class
set class-of-service interfaces xe-0/0/3 unit 0 classifiers ieee-802.1 pfc-class
set class-of-service interfaces xe-0/0/30 unit 0 classifiers ieee-802.1 pfc-class
set class-of-service forwarding-classes class fcoe queue-num 3
set class-of-service schedulers pfc-sched buffer-size percent 25
set class-of-service schedulers default-sched buffer-size percent 17
24 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
set class-of-service scheduler-maps pfc-map forwarding-class fcoe scheduler pfc-sched
set class-of-service scheduler-maps pfc-map forwarding-class assured-forwarding scheduler
default-sched
set class-of-service scheduler-maps pfc-map forwarding-class best-effort scheduler default-sched
set class-of-service scheduler-maps pfc-map forwarding-class network-control scheduler
default-sched
set class-of-service scheduler-maps pfc-map forwarding-class expedited-forwarding scheduler
default-sched
set class-of-service interfaces xe-0/0/30 scheduler-map pfc-map
set interfaces xe-0/0/1 mtu 2500
set interfaces xe-0/0/2 mtu 2500
set interfaces xe-0/0/3 mtu 2500
set interfaces xe-0/0/30 mtu 2500
Step-by-Step To configure an FCoE transit switch:
Procedure
1. Enable FIP snooping on the VLAN and modify the FC-MAP value to match the
FC-MAP value being used by the FCF:
[edit ethernet-switching-options secure-access-port]
user@switch# set vlan fcoe-vlan examine-fip fc-map 0x0EFC03
2. Set the FCF-facing interface (xe-0/0/30) as FCoE-trusted:
[edit ethernet-switching-options secure-access-port]
user@switch# set interface xe-0/0/30 fcoe-trusted
3. Configure a congestion notification profile, specifying the name of the profile and
applying it to the traffic class that is indicated by the User Priority bits in the 802.1Q
tagged frame of an incoming packet:
NOTE: The ENode and the switch must use the same traffic class for
the FCoE traffic. DCBX advertises the traffic class being used by the
switch and detects the traffic class being used by the ENode. If there is
a mismatch, the switch disables the PFC capability of the switch
interface.
[edit class-of-service]
user@switch# set congestion-notification-profile cn-profile input ieee-802.1 code-point
011 pfc
NOTE: The configuration of PFC includes two different ieee-802.1
configuration statements:
• ieee-802.1 (Congestion Notification)—Use to configure the congestion
notification profile.
• ieee-802.1—Use to configure the CoS classifier.
4. Disable standard flow control on the interfaces that you want to use for the FCoE
VLAN.
Copyright © 2013, Juniper Networks, Inc. 25
Converged Networks (LAN and SAN) for EX Series Switches
NOTE: PFC and standard flow control cannot be enabled on the same
interface, and you must use PFC for FCoE traffic.
[edit interfaces]
user@switch# set xe-0/0/1 ether-options no-flow-control
user@switch# set xe-0/0/2 ether-options no-flow-control
user@switch# set xe-0/0/3 ether-options no-flow-control
user@switch# set xe-0/0/30 ether-options no-flow-control
5. Bind the congestion notification profile to all interfaces of the FCoE VLAN:
[edit class-of-service]
user@switch# set interface xe-0/0/1 congestion-notification-profile cn-profile
user@switch# set interface xe-0/0/2 congestion-notification-profile cn-profile
user@switch# set interface xe-0/0/3 congestion-notification-profile cn-profile
user@switch# set interface xe-0/0/30 congestion-notification-profile cn-profile
6. Create a CoS classifier for the fcoe forwarding class:
[edit class-of-service]
user@switch# set forwarding-classes fcoe queue-num 3
7. Configure this forwarding class (fcoe) to use a low loss priority value and to use the
same code point that is used for PFC:
NOTE: We recommend that you use code point 011, because this is the
conventional IEEE 802.1p code point for FCoE traffic.
[edit class-of-service]
user@switch# set classifiers ieee-802.1 pfc-class forwarding-class fcoe loss-priority low
code-points 011
8. Bind the pfc-class classifier to all interfaces of the FCoE VLAN:
[edit class-of-service]
user@switch# set interfaces xe-0/0/1 unit 0 classifiers ieee-802.1 pfc-class
user@switch# set interfaces xe-0/0/2 unit 0 classifiers ieee-802.1 pfc-class
user@switch# set interfaces xe-0/0/3 unit 0 classifiers ieee-802.1 pfc-class
user@switch# set interfaces xe-0/0/30 unit 0 classifiers ieee-802.1 pfc-class
9. Assign forwarding-class fcoe to an egress queue:
[edit class-of-service]
user@switch# set forwarding-classes fcoe queue-num 3
10. Set a scheduler for this queue, allocating at least 20 percent of the buffer to
pfc-sched:
[edit class-of-service]
user@switch# set schedulers pfc-sched buffer-size percent 25
11. Set a scheduler for the default queue, allocating 17 percent of the buffer to that
queue:
[edit class-of-service]
uuser@switch# set schedulers default-sched buffer-size percent 17
12. Configure a scheduler map (pfc-map) that associates the scheduler (pfc-sched)
with the fcoe forwarding class and associates the default forwarding classes
(assured-forwarding, best-effort and network-control) with the default schedule:
26 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
[edit class-of-service]
user@switch# set scheduler-maps pfc-map forwarding-class fcoe scheduler pfc-sched
user@switch# set scheduler-maps pfc-map forwarding-class assured-forwarding
schedulerdefault-sched
user@switch# set scheduler-maps pfc-map forwarding-class best-effort scheduler
default-sched
user@switch# set scheduler-maps pfc-map forwarding-class network-control scheduler
default-sched
user@switch# set scheduler-maps pfc-map forwarding-class expedited-forwarding
scheduler default-sched
13. Assign the scheduler map (pfc-map) to the FCF-facing interface (xe-0/0/30):
[edit class-of-service]
user@switch# set interfaces xe-0/0/30 scheduler-map pfc-map
14. Enlarge the MTU size to 2500 bytes for all the interfaces (both access and trunk)
that are handling FCoE traffic:
[edit interfaces]
user@switch# set xe-0/0/1 mtu 2500
user@switch# set xe-0/0/2 mtu 2500
user@switch# set xe-0/0/3 mtu 2500
user@switch# set xe-0/0/30 mtu 2500
Results Display the results of the configuration:
[edit]
user@switch#show
interfaces {
xe-0/0/1 {
mtu 2500;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
vlan {
members fcoe-vlan;
}
}
}
}
xe-0/0/2 {
mtu 2500;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
vlan {
members fcoe-vlan;
}
}
}
}
xe-0/0/3 {
mtu 2500;
ether-options {
Copyright © 2013, Juniper Networks, Inc. 27
Converged Networks (LAN and SAN) for EX Series Switches
no-flow-control;
}
unit 0 {
family ethernet-switching {
vlan {
members fcoe-vlan;
}
}
}
}
xe-0/0/30 {
mtu 2500;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members fcoe-vlan;
}
}
}
}
}
class-of-service {
classifiers {
ieee-802.1 pfc-class {
import default;
forwarding-class fcoe {
loss-priority low code-points 011;
}
forwarding-classes {
class fcoe queue-num 3;
}
congestion-notification-profile {
cn-profile {
input {
ieee-802.1 {
code-point 011 {
pfc;
}
}
}
}
}
interfaces {
xe-0/0/1 {
congestion-notification-profile cn-profile;
unit 0 {
classifiers {
ieee-802.1 pfc-class;
}
}
}
xe-0/0/2 {
28 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
congestion-notification-profile cn-profile;
unit 0 {
classifiers {
ieee-802.1 pfc-class;
}
}
xe-0/0/3 {
congestion-notification-profile cn-profile;
unit 0 {
classifiers {
ieee-802.1 pfc-class;
}
}
}
xe-0/0/30 {
congestion-notification-profile cn-profile;
scheduler-map pfc-map;
unit 0 {
classifiers {
ieee-802.1 pfc-class;
}
}
}
scheduler-maps {
pfc-map {
forwarding-class fcoe scheduler pfc-sched;
forwarding-class assured-forwarding scheduler default-sched;
forwarding-class best-effort scheduler default-sched;
forwarding-class network-control scheduler default-sched;
forwarding-class expedited-forwarding scheduler default-sched;
}
}
schedulers {
pfc-sched {
buffer-size percent 25;
}
default-sched {
buffer-size percent 17;
}
}
}
}
ethernet-switching-options {
secure-access-port {
interface xe-0/0/30.0 {
fcoe-trusted;
}
vlan fcoe-vlan {
examine-fip {
fc-map 0x0EFC03;
}
}
}
}
Copyright © 2013, Juniper Networks, Inc. 29
Converged Networks (LAN and SAN) for EX Series Switches
Verification
Confirm that the configuration of the FCoE transit switch is working properly:
• Verifying That FIP Snooping Is Working Correctly on the Switch on page 30
• Verifying That PFC is Enabled, That the FCoE Application Is Advertised, and That the
Switch Interface and DCB Peer Are Using the Same 802.1p Code Points on page 30
Verifying That FIP Snooping Is Working Correctly on the Switch
Purpose Verify that FIP snooping is being implemented on the appropriate VLAN.
Action Send some requests from ENodes to the switch.
Display the FIP snooping information :
user@switch> show fip snooping vlan detail fcoe-vlan
VLAN: fcoe-vlan, FC-MAP: 0e:fc:03
FCF Information
FCF-MAC : 30:10:94:01:00:00
Active Sessions : 2
Configured FKA-ADV : 195
Running FKA-ADV : 73
Enode Information
Enode-MAC: 10:10:94:01:00:01, Interface: xe-0/0/1
Configured FKA-ADV : 195
Running FKA-ADV : 103
Session Information
VN-Port MAC: 0E:FC:03:01:0A:01, FKA-ADV : 178
VN-Port MAC: 0E:FC:03:01:0B:01, FKA-ADV : 194
FCF Information
FCF-MAC : 40:10:94:01:00:00
Active Sessions : 2
Configured FKA-ADV : 258
Running FKA-ADV : 212
Enode Information
Enode-MAC: 20:10:94:01:00:02, Interface: xe-0/0/0
Configured FKA-ADV : 258
Running FKA-ADV : 242
Session Information
VN-Port MAC: 0E:FC:03:02:0C:02, FKA-ADV : 254
VN-Port MAC: 0E:FC:03:02:0D:02, FKA-ADV : 269
Meaning The output for this VLAN (fcoe-vlan) includes the FC MAP value that you configured. It
shows the MAC addresses of the FCF and the ENode that are transmitting FCoE traffic
through the switch.
Verifying That PFC is Enabled, That the FCoE Application Is Advertised, and That
the Switch Interface and DCB Peer Are Using the Same 802.1p Code Points
Purpose Verify that PFC is enabled on the local switch interface and on the peer interface, and
that the local interface and the peer interface are using the same code point.
30 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
Action Send some requests from ENodes to the switch.
Display the DCBX information advertised by the configured CoS forwarding class interface
(xe-0/0/30) and detected by the switch:
user@switch> show dcbx neighbors interface xe-0/0/30
Interface : xe-0/0/30.0
Protocol-State: in-sync
Local-Advertisement:
Operational version: 0
sequence-number: 1, acknowledge-id: 1
Peer-Advertisement:
Operational version: 0
sequence-number: 1, acknowledge-id: 1
Feature: PFC, Protocol-State: in-sync
Operational State: Enabled
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Disabled
100 Disabled
011 Enabled
110 Disabled
111 Disabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Disabled
100 Disabled
011 Enabled
110 Disabled
111 Disabled
Feature: Application, Protocol-State: in-sync
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Copyright © 2013, Juniper Networks, Inc. 31
Converged Networks (LAN and SAN) for EX Series Switches
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001000 Enabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001000 Enabled
Meaning PFC is a requirement for transmitting FCoE traffic and PFC works only when the local
and peer devices are both enabled for PFC and are both using the same traffic class
(code point) for transmitting the PFC traffic.
In the output for Feature: PFC, check the status of Local-Advertisement to verify that PFC
is enabled. If DCBX detects a misconfiguration with the DCB peer, it disables the PFC
capability. In this example, the PFC Operational State is enabled, because PFC is configured
symmetrically on the switch and the DCB peer. Both devices are using code point 011 for
forwarding the traffic.
If the results show that PFC is disabled, you van use the information provided by this
command to reconfigure the congestion notification profile to match the code point
being used for PFC by the peer device. See “Configuring Priority-Based Flow Control for
an EX Series Switch (CLI Procedure)” on page 41.
Appl-Name shows the default FCoE application. The FCoE application always indicates
Ethernet-Type 0x8906. The Priority-Map for the FCoE application shows the 8-bit format
of the code-point setting that was specified for the PFC congestion notification profile.
In this case, the three bit code point is 3, 011. So the Priority-Map for the default FCoe
application is 00001000.
The fcoe forwarding-class and PFC were configured; and the configuration of the
application on the switch and on the DCB are synchronized. Therefore, the Status of the
FCoE application is Enabled.
If the configuration of the FCoE application on the switch did not match the FCoE
application of the DCB peer, the status of the application would appear as Disabled.
Related • Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Documentation
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
32 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
• Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches on page 10
Example: Configuring DCBX to Support an iSCSI Application
Data Center Bridging Capability Exchange protocol (DCBX) support for the application
protocol type, length, and value (TLV) enables you to implement DCBX for various Layer
2 and Layer 4 applications. Internet small computer system interface (iSCSI) is a Layer
4 storage application that can benefit from DCBX. Implementing iSCSI over data center
bridging (DCB) reduces latency in networks that are oversubscribed and provides a
predictable and certain application responsiveness, eliminating Ethernet’s dependence
on TCP/IP for the retransmission of dropped Ethernet frames. Although DCBX is not a
requirement for such applications, it adds the reliability required for enterprise data
storage.
NOTE: You can configure and apply priority flow control (PFC) for any DCBX
interfaces, but it is not a requirement for applications other than Fiber Channel
over Ethernet (FCoE).
This example shows how to configure DCBX to support an iSCSI application:
• Requirements on page 33
• Overview and Topology on page 33
• Configuration on page 34
• Verification on page 35
Requirements
This example uses the following hardware and software components:
• One EX4500 switch (CEE-capable model)
• Junos OS Release 12.1 or later for EX Series switches
Overview and Topology
You can use the same switch to support your LAN traffic and your storage area network
(SAN) traffic—including both FCoE and iSCSI traffic. The DCBX application protocol TLV
allows you to associate a specific DCBX interface with a specific application map.
DCBX discovers the DCB capabilities of peers by exchanging feature configuration
information, detects feature misconfiguration and mismatches, and can configure DCB
on peers. DCBX is an extension of Link Layer Discovery Protocol (LLDP). LLDP must
remain enabled on every interface for which you want to use DCBX.
The switch supports DCBX information exchange for other applications, such as iSCSI,
as specified in your configuration by EtherType or by the destination port and protocol.
Copyright © 2013, Juniper Networks, Inc. 33
Converged Networks (LAN and SAN) for EX Series Switches
To take advantage of this feature for non-FCoE applications, you must configure the
application and application map and associate the application map with the interface
that is carrying the application’s traffic. This configuration includes specifying the 802.1
code points to be used for this application.
When you configure an iSCSI application, you must always designate destination-port
3260.
NOTE: DCBX is enabled by default on all 10-Gigabit Ethernet interfaces on
EX4500 switches (CEE-capable models).
This example shows how to configure an iSCSI application on a DCBX interface of the
EX4500 switch that is connected to an iSCSI storage device.
The components of the topology for this example are shown in Table 5 on page 34.
Table 5: Components of the DCBX iSCSI Topology
Properties Settings
Switch hardware One EX4500 switch (CEE capable model)
Application iSCSI
Application map code points 101
Interface for iSCSI application xe-0/0/37
Destination port 3260
In this example, the switch has already been configured as follows:
• DCBX is enabled by default on all 10-Gigabit Ethernet interfaces.
Configuration
To configure DCBX to support an iSCSI application, perform these tasks:
CLI Quick To quickly configure a DCBX interface for an iSCSI application, copy the following
Configuration commands and paste them into the switch terminal window:
[edit]
set applications application iscsi protocol tcp destination-port 3260
set policy-options application-maps iscsi-map application iscsi code-points 101
set protocols dcbx interface xe-0/0/37 application-map iscsi-map
Step-by-Step Configure a DCBX interface for an iSCSI application:
Procedure
1. Create the application:
[edit]
user@switch# set applications application iscsi protocol tcp destination-port 3260
2. Create the application map:
34 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
[edit policy-options]
user@switch# set application-maps iscsi-map application iscsi code-points 101
3. Apply the application map to the DCBX interface that you want to use for iSCSI:
[edit protocols]
user@switch# set dcbx interface xe-0/0/37 application-map iscsi-map
Results Check the results of the configuration:
user@switch> show configuration
protocols {
dcbx {
interface all;
interface xe-0/0/37.0 {
application-map iscsi-map;
}
}
lldp {
interface all;
}
}
policy-options {
application-maps {
iscsi-map {
application iscsi code-points 101;
}
}
}
applications {
application iscsi {
protocol tcp;
destination-port 3260;
}
}
Verification
To confirm that the configuration is working properly:
• Verifying That the iSCSI Application Is Advertised and That the Switch Interface and
DCB Peer Are Using the Same 802.1p Code Points on page 35
Verifying That the iSCSI Application Is Advertised and That the Switch Interface
and DCB Peer Are Using the Same 802.1p Code Points
Purpose Verify that both the switch and the DCB peer are using a DCBX iSCSI application
configured for the same 802.1p code points.
Copyright © 2013, Juniper Networks, Inc. 35
Converged Networks (LAN and SAN) for EX Series Switches
Action Send some requests from the switch to the DCB peer.
Display the DCBX information advertised by DCBX interface (xe-0/0/37) and detected
by the switch:
user@switch> show dcbx neighbors interface
Interface : xe-0/0/37.0
Protocol-State: in-sync
Active-application-map: iscsi-map
Local-Advertisement:
Operational version: 0
sequence-number: 1, acknowledge-id: 1
Peer-Advertisement:
Operational version: 0
sequence-number: 1, acknowledge-id: 1
Feature: PFC, Protocol-State: in-sync
Operational State: Disabled
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Disabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Disabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
Feature: Application, Protocol-State: in-sync
Local-Advertisement:
36 Copyright © 2013, Juniper Networks, Inc.
Chapter 2: Configuration Examples
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
iscsi 3260 00100000 Enabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
iscsi 3260 00100000 Enabled
Meaning Check the status for Local-Advertisement in the section Feature: Application.
If there is misconfiguration between the switch and the DCB peer, the status displays
Error: Yes.
In this example, there is no error. The output for Feature: Application, Protocol-State,
displays a list of DCBX applications under Appl-Name.
This field displays information for the user-configured application iscsi. When you configure
an iSCSI application, you must always designate the destination port as 3260. The output
displays this as the Socket-Number .
The Priority-Map for the iSCSI application reflects the 802.1p code points that were
specified in this example for the iSCSI-map. The example specified 101 for the iSCSI
application map code points. The Priority-Map is an 8-bit code point format of the 802.1p
code points; thus, 0010000.
The Status of the iSCSI application is Enabled, because the switch and the DCB are using
the same code points for the iSCI application.
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Defining an Application for DCBX Application Protocol TLV Exchange on page 45
• Configuring an Application Map for DCBX Application Protocol TLV Exchange on
page 46
• Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange on page 47
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
Copyright © 2013, Juniper Networks, Inc. 37
Converged Networks (LAN and SAN) for EX Series Switches
38 Copyright © 2013, Juniper Networks, Inc.
CHAPTER 3
Configuration Tasks
• Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI
Procedure) on page 41
• Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI
Procedure) on page 44
• Disabling DCBX Application Protocol Exchange on EX Series Switches (CLI
Procedure) on page 44
• Defining an Application for DCBX Application Protocol TLV Exchange on page 45
• Configuring an Application Map for DCBX Application Protocol TLV Exchange on page 46
• Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange on page 47
• Disabling the ETS Recommendation TLV on page 48
Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch
VN_Port to VF_Port (VN2VF_Port) Fibre Channel over Ethernet (FCoE) Initialization
Protocol (FIP) snooping uses information gathered during FIP discovery and login to
create firewall filters that provide security against unauthorized access to the FC switch
or FCoE forwarder (FCF) through the EX4500 or QFX Series when the switch is acting
as an FCoE transit switch. The firewall filters allow only FCoE devices that succeed at
logging in to the FC fabric to access the FCF through the transit switch. VN2VF_Port FIP
snooping provides security for the point-to-point virtual links that connect host FCoE
Nodes (ENodes) and FCFs in the FCoE VLAN by denying access to any device that does
not successfully log in to the FCF.
VN2VF_Port FIP snooping is disabled by default. You enable VN2VF_Port FIP snooping
on a per-VLAN basis for VLANs that carry FCoE traffic. Ensure that a VLAN that carries
FCoE traffic carries only FCoE traffic, because enabling VN2VF_Port FIP snooping denies
access for all other Ethernet traffic.
Copyright © 2013, Juniper Networks, Inc. 39
Converged Networks (LAN and SAN) for EX Series Switches
NOTE: All of the transit switch ports are untrusted by default. If an ENode
on an FCoE device logs in to an FCF before you enable VN2VF_Port FIP
snooping on the VLAN and you then enable VN2VF_Port FIP snooping, the
transit switch denies traffic from the ENode because the transit switch has
not snooped (learned) the ENode state. The following process automatically
logs the ENode back in to the FCF to reestablish the connection:
1. VN2VF_Port FIP snooping is enabled on an FCoE VLAN on the switch.
2. The switch denies existing connections between servers and the FCF on
the FCoE VLAN by filtering the FCoE traffic and FIP traffic, so no keepalive
messages from the ENodes reach the FCF.
3. The FCF port timer for each ENode and for each VN_Port on each ENode
expires.
4. The FCF sends each ENode whose port timer has expired a Clear Virtual
LInks (CVL) message.
5. The CVL message causes the ENode to log in again.
Because the FCF is a trusted source, you configure interfaces that connect to the FCF as
trusted interfaces. VN2VF_Port FIP snooping continues to run on trusted interfaces so
that the switch learns the FCF state.
NOTE: Do not configure ENode-facing interfaces both with FIP snooping
enabled and as trusted interfaces. FCoE VLANs with interfaces that are
directly connected to FCoE hosts should be configured with FIP snooping
enabled and the interfaces should not be trusted interfaces. Ethernet
interfaces that are connected to an FCF should be configured as trusted
interfaces and should not have FIP snooping enabled. Interfaces that are
connected to a transit switch that is performing FIP snooping can be
configured as trusted interfaces if the FCoE VLAN is not enabled for FIP
snooping.
Optionally, you can specify an FC-MAP value for each FCoE VLAN. On a given FCoE VLAN,
the switch learns only FCFs that have a matching FC-MAP value. The default FC-MAP
value is 0EFC00h for all FC devices. (Enter hexadecimal values for FC-MAP preceded
by the hexadecimal indicator “0x”—for example, 0x0EFC00.) If you change the FC-MAP
value of an FCF, change the FC-MAP value for the FCoE VLAN it belongs to on the switch
and on the servers you want to communicate with the FCF. An FCoE VLAN can have one
and only one FC-MAP value.
To enable VN2VF_Port FIP snooping:
• To enable VN2VF_Port FIP snooping on a single VLAN and specify the optional FC-MAP
value:
[edit ethernet-switching-options secure-access-port]
user@switch# set vlan vlan-name examine-fip fc-map fc-map-value
40 Copyright © 2013, Juniper Networks, Inc.
Chapter 3: Configuration Tasks
For example, to enable VN2VF_Port FIP snooping on a VLAN named san1_vlan and
change the FC-MAP value to 0x0EFC03:
[edit ethernet-switching-options secure-access-port]
user@switch# set vlan san1_vlan examine-fip fc-map 0x0EFC03
NOTE: Changing the FC-MAP value causes all logins to drop and forces
ENodes to log in again.
• To enable VN2VF_Port FIP snooping on all VLANs and use the default FC-MAP value:
[edit ethernet-switching-options secure-access-port]
user@switch# set vlan all examine-fip
• To configure an interface as a trusted interface:
[edit ethernet-switching-options secure-access-port]
user@switch# set interface interface-name fcoe-trusted
For example, to configure interface xe-0/0/30 as a trusted interface:
[edit ethernet-switching-options secure-access-port]
user@switch# set interface xe-0/0/30 fcoe-trusted
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Understanding FIP Snooping on page 3
• Understanding VN_Port to VF_Port FIP Snooping on an FCoE Transit Switch
Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure)
You can configure priority-based flow control (PFC) on EX4500 switches to apply
link-level flow control on a specific traffic class so that different types of traffic can
efficiently use the same network interface card (NIC). You must configure PFC for all
interfaces carrying Fibre Channel over Ethernet (FCoE) traffic. You can also configure
PFC on interfaces carrying other traffic types, such as Internet small computer system
interface (iSCSI) traffic. Using PFC is optional for traffic types other than FCoE.
NOTE:
• PFC is supported only on 10-Gigabit Ethernet interfaces.
• If you are using PFC for a non-FCoE DCBX application, use the same 802.1p
code points for the PFC congestion notification profile and for the
application map that is carrying that application traffic.
Data Center Bridging Capability Exchange protocol (DCBX) is enabled by default on all
10-Gigabit Ethernet interfaces on EX4500 switches. DCBX enables or disables PFC on
the local interface depending on whether the PFC configuration on that interface is the
same as the PFC configuration of the connected interface on the data center bridging
(DCB) peer.
Copyright © 2013, Juniper Networks, Inc. 41
Converged Networks (LAN and SAN) for EX Series Switches
NOTE: When you configure PFC, we recommend that you:
• Configure at least 20 percent of the buffer for the queue that is using PFC.
• Configure an appropriate percent of the buffer for any other forwarding
classes (default forwarding classes and the user-defined forwarding
classes) that you are using.
• Do not specify the exact option when configuring the buffer for the queue
that is using PFC.
• Configure the loss-priority statement to low for a traffic class that is using
PFC.
• Verify that the PFC configurations of the local interfaces are the same as
the PFC configurations of the connected interfaces on the DCB peer. See
show dcbx neighbors.
EX Series switches support up to six congestion notification profiles for PFC.
To configure PFC:
1. Configure a congestion notification profile, specifying the name of the profile and
specifying the three-bit pattern of the User Priority bits in an incoming frame that will
trigger the priority-based flow control on that traffic class:
[edit class-of-service]
user@switch# set congestion-notification-profile profile-name input ieee-802.1 code-point
up-bits pfc
2. Disable standard Ethernet flow control on the interfaces that will be used for the
traffic class that you have selected for PFC:
[edit interfaces]
user@switch# set interface-name ether-options no-flow-control
NOTE: You cannot apply PFC to interfaces that are using standard Ethernet
flow control. You must first disable flow control on those interfaces.
3. Bind the congestion notification profile to the interfaces that will be used for the traffic
class that you have selected for PFC:
[edit class-of-service]
user@switch# set interfaces interface-name congestion-notification-profile profile-name
4. Create a CoS classifier for a traffic class that will use PFC:
[edit class-of-service]
user@switch# set classifiers ieee-802.1 classifier-name import default
5. Configure this traffic class (classifier-name) to use a user-defined or default forwarding
class with a low loss priority value and specify the 802.1p code points::
[edit class-of-service]
user@switch# set classifiers ieee-802.1 classifier-name forwarding-class class-name
loss-priority low code-points 3 bit-patterns
6. Bind the classifier-name classifier to all interfaces that require PFC:
42 Copyright © 2013, Juniper Networks, Inc.
Chapter 3: Configuration Tasks
[edit class-of-service]
user@switch# set interfaces interface-name unit logical-unit-number classifiers ieee-802.1
classifier-name
7. Assign the specified forwarding-class to an egress queue:
[edit class-of-service]
user@switch# set forwarding-classes class-name queue-number
8. Set a scheduler for this queue, allocating at least 20 percent of the buffer to be used
for FCoE traffic:
[edit class-of-service]
user@switch# set schedulers scheduler-name buffer-size percent
9. Set a scheduler to allocate buffer space for forwarding classes carrying other traffic:
NOTE: You must explicitly allocate some buffer space for the other
forwarding classes. The default allocation of buffer space for forwarding
classes is overridden when you manually configure the requisite amount
of buffer space for the FCoE traffic.
[edit class-of-service]
user@switch# set scheduler-name buffer-size percent
10. Configure a scheduler map that associates the specified scheduler with the specified
forwarding class:
[edit class-of-service]
user@switch# set scheduler-maps map-name forwarding-class class-name scheduler
scheduler-name
For example:
[edit class-of-service]
user@switch# set scheduler-maps pfc-map forwarding-class af2 scheduler pfc-sched
user@switch# set scheduler-maps pfc-map forwarding-class best-effort scheduler
default-sched user@switch# set scheduler-maps pfc-map forwarding-class network-control
scheduler default-sched
user@switch# set scheduler-maps pfc-map forwarding-class expedited-forwarding scheduler
default-sched
11. Assign the scheduler map to the egress interface:
[edit class-of-service]
user@switch# set interfaces interface-name scheduler-map pfc-map
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Understanding Priority-Based Flow Control on page 7
Copyright © 2013, Juniper Networks, Inc. 43
Converged Networks (LAN and SAN) for EX Series Switches
Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI Procedure)
As part of its autonegotiation capabilities, the Data Center Bridging Capability Exchange
protocol (DCBX) automatically does the following:
• Advertises the priority flow control (PFC) configuration of the local interfaces to directly
connected peers (switches and data center devices such as servers)
• Detects the PFC capabilities of the connected peers
• Enables the local interface’s PFC capabilities if DCBX detects that the peer interface’s
PFC configuration is the same as the PFC configuration of the local interface.
• Disables the local interface’s PFC capabilities if DCBX detects that the peer interface’s
PFC configuration is not the same as the PFC configuration of the local interface.
DCBX is enabled by default on all 10-Gigabit Ethernet interfaces on EX4500 switches.
You can manually override DCBX control of the PFC operational state on a per-interface
basis. You might want to disable autonegotiation if the DCB peer does not support PFC.
To disable the DCBX control of the PFC operational state:
• On an individual interface:
[edit protocols]
user@switch# set dcbx interface interface-name priority-flow-control no-auto-negotiation
• On all 10-Gigabit Ethernet interfaces:
[edit protocols]
user@switch# set dcbx interface all priority-flow-control no-auto-negotiation
Related • show dcbx neighbors on page 95
Documentation
• Understanding DCB Features and Requirements on EX Series Switches on page 14
Disabling DCBX Application Protocol Exchange on EX Series Switches (CLI Procedure)
You can disable the Data Center Bridging Capability Exchange protocol (DCBX)
Application Protocol exchange on a specific interface or on all interfaces.
To disable the DCBX application protocol exchange for any DCBX application, do the
following:
NOTE: The format of the configuration statement specifies the fcoe
application, however, this applies to any DCBX application (both FCoE
applications and non-FCoE applications) on that interface.
• For a specific interface:
[edit protocols]
user@switch# set dcbx interface interface-name applications fcoe no-auto-negotiation
44 Copyright © 2013, Juniper Networks, Inc.
Chapter 3: Configuration Tasks
• For all interfaces:
[edit protocols]
user@switch# set dcbx interface all applications fcoe no-auto-negotiation
NOTE: If you disable the DCBX application protocol exchange, the show
dcbx neighbors command displays Feature: Application, Protocol-State:
not-applicable.
Related • show dcbx neighbors on page 95
Documentation
• Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI Procedure)
on page 44
• Understanding DCB Features and Requirements on EX Series Switches on page 14
Defining an Application for DCBX Application Protocol TLV Exchange
Define each application for which you want DCBX to exchange application protocol
information. You can define Layer 2 and Layer 4 applications. After you define applications,
you map them to IEEE 802.1p code points, and then apply the application map to the
interfaces on which you want DCBX to exchange application protocol information with
connected peers. (See Related Documentation for how to configure application maps
and apply them to interfaces, and for an example of the entire procedure that also includes
classifier configuration.)
NOTE: In Junos OS Release 12.1, the FCoE application was configured by
default, so you did not need to configure it in an application map. In Junos
OS Release 12.2, if you want DCBX to advertise the FCoE application on an
interface and you apply an application map to that interface, you must
explicitly configure FCoE in the application map. You also must enable
priority-based flow control (PFC) on the FCoE code point on all interfaces
that you want to advertise FCoE. If you apply an application map to an
interface, the interface sends DCBX TLVs only for the applications configured
in the application map.
Define Layer 2 applications by mapping an application name to an EtherType. Define
Layer 4 applications by mapping an application name to a protocol (TCP or UDP) and
a destination port.
• To define a Layer 2 application, specify the name of the application and its EtherType:
[edit applications]
user@switch# set application application-name ether-type ether-type
For example, to configure an application named PTP (for Precision Time Protocol)
that uses the EtherType 0x88F7:
user@switch# set applications application ptp ether-type 0x88F7
Copyright © 2013, Juniper Networks, Inc. 45
Converged Networks (LAN and SAN) for EX Series Switches
• To define a Layer 4 application, specify the name of the application, its protocol (TCP
or UDP), and its destination port:
[edit]
user@switch# set applications application application-name protocol (tcp | udp)
destination-port port-value
For example, to configure an application named iscsi (for Internet Small Computer
System Interface) that uses the protocol TCP and the destination port 3260:
user@switch# set applications application iscsi protocol tcp destination-port 3260
Related • Configuring an Application Map for DCBX Application Protocol TLV Exchange on
Documentation page 46
• Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange on page 47
• Configuring DCBX Autonegotiation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• show dcbx neighbors on page 95
Configuring an Application Map for DCBX Application Protocol TLV Exchange
After you define applications for which you want to exchange DCBX application protocol
information, map the applications to IEEE 802.1p code points. The IEEE 802.1p code
points identify incoming traffic and allow you to map that traffic to the desired application.
You then apply the application map to the interfaces on which you want DCBX to
exchange application protocol information with connected peers. (See Related
Documentation for how to define applications and apply the application map to interfaces,
and for an example of the entire procedure that also includes classifier configuration.)
NOTE: In Junos OS Release 12.1, the FCoE application was configured by
default, so you did not need to configure it in an application map. In Junos
OS Release 12.2, if you want DCBX to advertise the FCoE application on an
interface and you apply an application map to that interface, you must
explicitly configure FCoE in the application map. You also must enable
priority-based flow control (PFC) on the FCoE code point on all interfaces
that you want to advertise FCoE. If you apply an application map to an
interface, the interface sends DCBX TLVs only for the applications configured
in the application map.
Configure an application map by creating an application map name and mapping an
application to one or more IEEE 802.1p code points.
46 Copyright © 2013, Juniper Networks, Inc.
Chapter 3: Configuration Tasks
• To define an application map, specify the name of the application map, the name of
the application, and the IEEE 802.1p code points of the incoming traffic that you want
to associate with the application in the application map:
[edit policy-options]
user@switch# set application-maps application-map-name application application-name
code-points [ aliases ] [ bit-patterns ]
For example, to configure an application map named ptp-app-map that includes an
application named PTP (for Precision Time Protocol) and map the application to IEEE
802.1p code points 001 and 101:
user@switch# set policy-options application-maps ptp-app-map application ptp code points
[ 001 101 ]
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange on page 47
• Configuring DCBX Autonegotiation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• show dcbx neighbors on page 95
Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange
After you define applications and map them to IEEE 802.1p code points in an application
map, apply the application map to the interfaces on which you want DCBX to exchange
the application protocol information with connected peers. (See Related Documentation
for how to define applications and configure application maps to interfaces, and for an
example of the entire procedure that also includes classifier configuration.)
NOTE: In Junos OS Release 12.1, the FCoE application was configured by
default, so you did not need to configure it in an application map. In Junos
OS Release 12.2, if you want DCBX to advertise the FCoE application on an
interface and you apply an application map to that interface, you must
explicitly configure FCoE in the application map. You also must enable
priority-based flow control (PFC) on the FCoE code point on all interfaces
that you want to advertise FCoE. If you apply an application map to an
interface, the interface sends DCBX TLVs only for the applications configured
in the application map.
• To apply an application map to a DCBX interface, specify the DCBX interface and the
application map name:
[edit protocols]
user@switch# set dcbx interface interface-name application-map application-map-name
Copyright © 2013, Juniper Networks, Inc. 47
Converged Networks (LAN and SAN) for EX Series Switches
For example, to apply an application map named ptp-app-map on interface xe-0/0/11:
user@switch# set protocols dcbx interface xe-0/0/11 application-map ptp-app-map
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Configuring an Application Map for DCBX Application Protocol TLV Exchange on
page 46
• Configuring DCBX Autonegotiation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• show dcbx neighbors on page 95
Disabling the ETS Recommendation TLV
The enhanced transmission selection (ETS) Recommendation TLV communicates the
ETS settings that the switch wants the connected peer interface to use. If the peer
interface is “willing,” the peer interface changes its configuration to match the
configuration in the ETS Recommendation TLV. By default, the switch interfaces send
the ETS Recommendation TLV to the peer. The settings communicated are the egress
ETS settings defined by configuring hierarchical scheduling on the interface.
We recommend that you use the same ETS settings on the connected peer that you use
on the switch interface and that you leave the ETS Recommendation TLV enabled.
However, on interfaces that use IEEE DCBX as the DCBX mode, if you want an asymmetric
configuration between the switch interface and the connected peer, you can disable the
ETS Recommendation TLV.
NOTE: Disabling the ETS Recommendation TLV on interfaces that use DCBX
version 1.01 as the DCBX mode has no effect and does not change DCBX
behavior.
If you disable the ETS Recommendation TLV, the switch still sends the ETS Configuration
TLV to the connected peer. The result is that the connected peer is informed about the
switch DCBX ETS configuration, but even if the peer is “willing,” the peer does not change
its configuration to match the switch configuration. This is asymmetric configuration—the
two interfaces can have different parameter values for the ETS attribute.
To disable the ETS Recommendation TLV:
• [edit protocols dcbx interface interface-name]
user@switch# set enhanced-transmission-selection no-recommendation-tlv
Related • Configuring the DCBX Mode
Documentation
• Configuring DCBX Autonegotiation
• Understanding DCBX
48 Copyright © 2013, Juniper Networks, Inc.
Chapter 3: Configuration Tasks
• Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches on page 10
Copyright © 2013, Juniper Networks, Inc. 49
Converged Networks (LAN and SAN) for EX Series Switches
50 Copyright © 2013, Juniper Networks, Inc.
CHAPTER 4
Configuration Statements
• [edit class-of-service] Configuration Statement Hierarchy on EX Series
Switches on page 51
• [edit ethernet-switching-options] Configuration Statement Hierarchy on EX Series
Switches on page 53
• [edit protocols dcbx] Configuration Statement Hierarchy on EX Series
Switches on page 57
[edit class-of-service] Configuration Statement Hierarchy on EX Series Switches
This topic lists supported and unsupported configuration statements in the [edit
class-of-service] hierarchy level on EX Series switches.
• Supported statements are those that you can use to configure some aspect of a
software feature on the switch.
• Unsupported statements are those that appear in the command-line interface (CLI)
on the switch, but that have no effect on switch operation if you configure them.
• Not all features are supported on all switch platforms. For detailed information about
feature support on specific EX Series switch platforms, see EX Series Switch Software
Features Overview
This topic lists:
• Supported Statements in the [edit class-of-service] Hierarchy Level on page 51
• Unsupported Statements in the [edit class-of-service] Hierarchy Level on page 53
Supported Statements in the [edit class-of-service] Hierarchy Level
The following hierarchy shows the [edit class-of-service] configuration statements
supported on EX Series switches:
class-of-service {
classifiers {
(dscp | dscp-ipv6 |ieee-802.1 | inet-precedence) classifier-name {
forwarding-class class-name {
loss-priority (high | low | medium-high | medium-low) {
code-points [ aliases ] [ 6 bit-patterns ];
}
Copyright © 2013, Juniper Networks, Inc. 51
Converged Networks (LAN and SAN) for EX Series Switches
}
import (classifier-name | default);
}
}
code-point-aliases {
(dscp | dscp-ipv6 | ieee-802.1 | inet-precedence) {
alias-name bits;
}
}
drop-profiles {
profile-name {
interpolate {
drop-probability [values];
fill-level [values]
}
}
}
forwarding-classes {
class class-name
queue queue-number;
}
interfaces interface-name {
scheduler-map map-name;
shaping-rate rate;
unit (logical-unit-number | * ) {
classifiers {
(dscp | dscp-ipv6|ieee-802.1 | inet-precedence) (classifier-name | default);
}
forwarding-class class-name ;
}
}
rewrite-rules {
(dscp | dscp-ipv6 | ieee-802.1 | inet-precedence) (rewrite-rule-name | default);
}
}
rewrite-rules {
(dscp | dscp-ipv6 | ieee-802.1 | inet-precedence ) rewrite-name {
import (default | rewrite-name);
forwarding-class class-name {
loss-priority (high | low | medium-high | medium-low) code-point (alias | bits);
}
}
}
scheduler-maps {
map-name {
forwarding-class class-name {
scheduler scheduler-name;
}
}
}
schedulers {
scheduler-name {
buffer-size (exact | percent percentage | remainder);
drop-profile-map {
loss-priority (any | high | medium-high | medium-low);
protocol any;
52 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
{
drop-profile profile-name
}
}
excess-rate {
percent percentage;
}
priority (low | strict-high);
shaping-rate (rate | percent percentage);
transmit-rate (EX Series Switches) (rate | percent percentage | remainder) ;
}
}
shared-buffer {
percent;
}
traceoptions {
file (file-name | files files | match match | no-world-readable | size size | world-readable);
flag ( all | asynch | chassis-scheduler | cos-adjustment | dynamic | hardware-database
| init | parse | performance-monitor | process | restart | route-socket | show | snmp |
util);
no-remote-trace;
}
tri-color;
}
Unsupported Statements in the [edit class-of-service] Hierarchy Level
All statements in the [edit class-of-service] hierarchy level that are displayed in the
command-line interface (CLI) on the switch are supported on the switch and operate
as documented.
Related • Example: Configuring CoS on EX Series Switches
Documentation
• Defining CoS Code-Point Aliases (CLI Procedure) or Defining CoS Code-Point Aliases
(J-Web Procedure)
• Defining CoS Classifiers (CLI Procedure) or Defining CoS Classifiers (J-Web Procedure)
• Defining CoS Forwarding Classes (CLI Procedure) or Defining CoS Forwarding Classes
(J-Web Procedure)
• Configuring CoS Tail Drop Profiles (CLI Procedure)
• Defining CoS Schedulers and Scheduler Maps (CLI Procedure) or Defining CoS Schedulers
(J-Web Procedure)
• Defining CoS Rewrite Rules (CLI Procedure) or Defining CoS Rewrite Rules (J-Web
Procedure)
[edit ethernet-switching-options] Configuration Statement Hierarchy on EX Series
Switches
This topic lists supported and unsupported configuration statements in the [edit
ethernet-switching-options] hierarchy level on EX Series switches.
Copyright © 2013, Juniper Networks, Inc. 53
Converged Networks (LAN and SAN) for EX Series Switches
• Supported statements are those that you can use to configure some aspect of a
software feature on the switch.
• Unsupported statements are those that appear in the command-line interface (CLI)
on the switch, but that have no effect on switch operation if you configure them.
• Not all features are supported on all switch platforms. For detailed information about
feature support on specific EX Series switch platforms, see EX Series Switch Software
Features Overview.
This topic lists:
• Supported Statements in the [edit ethernet-switching-options] Hierarchy
Level on page 54
• Unsupported Statements in the [edit ethernet-switching-options] Hierarchy
Level on page 56
Supported Statements in the [edit ethernet-switching-options] Hierarchy Level
The following hierarchy shows the [edit ethernet-switching-options] configuration
statements supported on EX Series switches:
ethernet-switching-options {
analyzer {
name {
input {
egress {
interface (all | interface-name);
}
ingress {
interface (all | interface-name);
vlan (vlan-id | vlan-name);
}
}
loss-priority priority;
output {
interface interface-name;
vlan (vlan-id | vlan-name);
}
ratio number;
}
}
authentication-whitelist {
interface;
vlan-assignment;
}
bpdu-block {
disable-timeout timeout;
interface (all | [interface-name]) {
(disable | drop | shutdown);
}
}
dot1q-tunneling {
ether-type (0x8100 | 0x88a8 | 0x9100);
}
54 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
interfaces interface-name {
no-mac-learning;
}
mac-notification {
notification-interval seconds;
}
mac-table-aging-time seconds;
port-error-disable {
disable-timeout timeout;
}
redundant-trunk-group {
group name {
description;
interface interface-name {
primary;
}
preempt-cutover-timer seconds;
}
}
secure-access-port {
dhcp-snooping-file {
location local_pathname | remote_URL;
timeout seconds;
write-interval seconds;
}
interface (all | interface-name) {
allowed-mac {
mac-address-list;
}
(dhcp-trusted | no-dhcp-trusted );
fcoe-trusted;
mac-limit limit action action;
no-allowed-mac-log;
static-ip ip-address {
mac mac-address;
vlan vlan-name;
}
}
uac-policy;
}
vlan (all | vlan-name) {
(arp-inspection | no-arp-inspection );
dhcp-option82 {
disable;
circuit-id {
prefix hostname;
use-interface-description;
use-vlan-id;
}
remote-id {
prefix (hostname | mac | none);
use-interface-description;
use-string string;
}
vendor-id [string];
}
Copyright © 2013, Juniper Networks, Inc. 55
Converged Networks (LAN and SAN) for EX Series Switches
(examine-dhcp | no-examine-dhcp);
examine-fip {
fc-map fc-map-value;
}
(ip-source-guard | no-ip-source-guard);
mac-move-limit limit action action;
}
}
static {
vlan vlan-id {
mac mac-address next-hop interface-name;
}
}
storm-control {
action-shutdown;
interface (all | interface-name) {
bandwidth bandwidth;
multicast;
no-broadcast;
no-multicast;
no-registered-multicast;
no-unknown-unicast;
no-unregistered-multicast;
}
}
traceoptions {
file filename <files number> <no-stamp> <replace> <size size> <world-readable |
no-world-readable>;
flag flag <disable>;
}
unknown-unicast-forwarding {
vlan (all | vlan-name) {
interface interface-name;
}
}
voip {
interface (all | [interface-name | access-ports]) {
forwarding-class (assured-forwarding | best-effort | expedited-forwarding |
network-control);
vlan vlan-name;
}
}
}
Unsupported Statements in the [edit ethernet-switching-options] Hierarchy Level
All statements in the [edit ethernet-switching-options] hierarchy level that are displayed
in the command-line interface (CLI) on the switch are supported on the switch and
operate as documented.
Related • Example: Setting Up Q-in-Q Tunneling on EX Series Switches
Documentation
• Example: Configuring Redundant Trunk Links for Faster Recovery
• Configuring MAC Table Aging (CLI Procedure)
56 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
• Configuring MAC Notification (CLI Procedure)
• Configuring Q-in-Q Tunneling (CLI Procedure)
• Configuring Redundant Trunk Links for Faster Recovery (CLI Procedure)
• Configuring Nonstop Bridging on EX Series Switches (CLI Procedure)
[edit protocols dcbx] Configuration Statement Hierarchy on EX Series Switches
This topic lists supported and unsupported configuration statements in the [edit protocols
dcbx] hierarchy level on EX Series switches.
• Supported statements are those that you can use to configure some aspect of a
software feature on the switch.
• Unsupported statements are those that appear in the command-line interface (CLI)
on the switch, but that have no effect on switch operation if you configure them.
• Not all features are supported on all switch platforms. For detailed information about
feature support on specific EX Series switch platforms, see EX Series Switch Software
Features Overview.
This topic lists:
• Supported Statements in the [edit protocols dcbx] Hierarchy Level on page 57
• Unsupported Statements in the [edit protocols dcbx] Hierarchy Level on page 58
Supported Statements in the [edit protocols dcbx] Hierarchy Level
The following hierarchy shows the [edit protocols dcbx] configuration statements
supported on EX Series switches:
protocols {
dcbx {
disable;
interface (all | interface-name) {
application-map application-map-name;
applications {
fcoe {
no-auto-negotiation;
}
}
disable ;
priority-flow-control {
no-auto-negotiation;
}
}
}
}
Copyright © 2013, Juniper Networks, Inc. 57
Converged Networks (LAN and SAN) for EX Series Switches
Unsupported Statements in the [edit protocols dcbx] Hierarchy Level
All statements in the [edit protocols dcbx] hierarchy level that are displayed in the
command-line interface (CLI) on the switch are supported on the switch and operate
as documented with the following exceptions:
Table 6: Unsupported [edit protocols dcbx] Configuration Statements on EX Series Switches
Statement Hierarchy
NOTE: Variables, such as interface-name, are not shown in the statements or hierarchies.
enhanced-transmission-selection [edit protocols dcbx interface]
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
• Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI Procedure)
on page 44
• Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches on page 10
• [edit protocols] Configuration Statement Hierarchy on EX Series Switches
58 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
application (Applications)
Syntax application application-name {
destination-port port-value;
protocol (tcp | udp);
ether-type type;
}
Hierarchy Level [edit applications]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Configure properties to define an application.
Options application-name—Name of the application.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
Copyright © 2013, Juniper Networks, Inc. 59
Converged Networks (LAN and SAN) for EX Series Switches
application (Application Maps)
Syntax application application-name {
code-points [ aliases ] [ bit-patterns ];
}
Hierarchy Level [edit policy-options application-maps application-map-name]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Add an application to an application map and define the application’s code points.
Options application-name—Name of the application.
The remaining statement is explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Configuring an Application Map for DCBX Application Protocol TLV Exchange on
Documentation page 46
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
60 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
applications (Applications)
Syntax applications {
application application-name {
destination-port port-value;
protocol (tcp | udp);
ether-type type;
}
}
Hierarchy Level [edit]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Define applications that DCBX advertises.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
Copyright © 2013, Juniper Networks, Inc. 61
Converged Networks (LAN and SAN) for EX Series Switches
application-map
Syntax application-map application-map-name;
Hierarchy Level [edit protocols dcbx interface interface-name]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Specify an application map to apply to an interface.
Options application-map-name—Name of the application map.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • show dcbx neighbors on page 95
Documentation
• Applying an Application Map to an Interface for DCBX Application Protocol TLV
Exchange on page 47
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
62 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
application-maps
Syntax application-maps application-map-name {
application application-name {
code-points [ aliases ] [ bit-patterns ];
}
}
Hierarchy Level [edit policy-options]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Define an application map by specifying the applications that belong to the application
map.
Options application-map-name—Name of the application map.
The remaining statements are explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Configuring an Application Map for DCBX Application Protocol TLV Exchange on
Documentation page 46
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
Copyright © 2013, Juniper Networks, Inc. 63
Converged Networks (LAN and SAN) for EX Series Switches
code-point (Congestion Notification)
Syntax code-point up-bits pfc;
Hierarchy Level [edit class-of-service congestion-notification-profile (Priority-Based Flow Control)
profile-name input ieee-802.1],
[edit class-of-service interfaces interface-name congestion-notification-profile profile-name
input ieee-802.1]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Description Configure the IEEE 802.1p (User Priority) code point bits as input for creating the
priority-based flow control (PFC) congestion notification profile, which you will associate
with a particular traffic class.
Options • pfc—PFC flow control method
• up-bits—Three-bit pattern of the User Priority field in an IEEE 802.1Q tag
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
64 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
code-points (Application Maps)
Syntax code-points [ aliases ] [ bit-patterns ];
Hierarchy Level [edit policy-options application-maps application-map-name application application-name]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Define one or more code-point aliases or bit sets for an application.
Options aliases—Name of the alias or aliases.
bit-patterns—Value of the code-point bits, in decimal form.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Configuring an Application Map for DCBX Application Protocol TLV Exchange on
Documentation page 46
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
Copyright © 2013, Juniper Networks, Inc. 65
Converged Networks (LAN and SAN) for EX Series Switches
congestion-notification-profile (Priority-Based Flow Control)
Syntax congestion-notification-profile profile-name {
input {
ieee-802.1 {
code-point up-bits pfc;
Hierarchy Level [edit class-of-service],
[edit class-of-service interfaces interface-name]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Description (EX4500 and EX4550 switches only) Configure a congestion notification profile for
priority-based flow control (PFC).
NOTE: You must configure PFC for FCoE traffic. The interface where PFC is
enabled must be a 10-Gigabit Ethernet interface.
The remaining statements are explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
66 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
dcbx
Syntax dcbx {
disable;
interface (interface-name | all) {
disable;
application-map application-map-name;
applications {
no-auto-negotiation;
}
enhanced-transmission-selection {
no-auto-negotiation;
no-recommendation-tlv;
recommendation-tlv {
no-auto-negotiation;
}
}
dcbx-version (auto-negotiate | ieee-dcbx | dcbx-version-1.01);
priority-flow-control {
no-auto-negotiation;
}
}
}
Hierarchy Level [edit protocols]
Release Information Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement introduced in Junos OS Release 11.3 for EX Series switches.
mode and recommendation-tlv statements introduced in Junos OS Release 12.2 for the
QFX Series.
Description Configure DCBX properties.
Options The statements are explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • show dcbx neighbors on page 95
Documentation
• Understanding DCB Features and Requirements
• Configuring DCBX Autonegotiation
• Understanding DCB Features and Requirements on EX Series Switches on page 14
• Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI Procedure)
on page 44
Copyright © 2013, Juniper Networks, Inc. 67
Converged Networks (LAN and SAN) for EX Series Switches
destination-port (Applications)
Syntax destination-port port-value;
Hierarchy Level [edit applications application application-name]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) destination port
number, which combines with protocol to identify an application type. The Internet
Assigned Numbers Authority (IANA) assigns port numbers. See the IANA Service Name
and Transport Protocol Port Number Registry at
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
for a list of assigned port numbers.
NOTE: To create an application for iSCSI, use the protocol tcp with the
destination port number 3260.
Options port-value—Identifier for the port.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
68 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
disable (DCBX)
Syntax disable
Hierarchy Level [edit protocols dcbx]
[edit protocols dcbx interface interface-name]
Release Information Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement introduced in Junos OS Release 11.3 for EX Series switches.
Description Disable Data Center Bridging Capability Exchange protocol (DCBX) on one or more
10-Gigabit Ethernet interfaces.
Default DCBX is enabled by default on all 10-Gigabit or higher Ethernet interfaces.
DCBX is enabled by default on all 10-Gigabit Ethernet interfaces on EX4500 CEE-enabled
switches.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Configuring DCBX Autonegotiation
Documentation
• Disabling DCBX to Disable PFC Autonegotiation on EX Series Switches (CLI Procedure)
on page 44
• Understanding DCB Features and Requirements
• Understanding DCB Features and Requirements on EX Series Switches on page 14
Copyright © 2013, Juniper Networks, Inc. 69
Converged Networks (LAN and SAN) for EX Series Switches
ether-type
Syntax ether-type ether-type;
Hierarchy Level [edit applications application application-name]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Two-octet field in an Ethernet frame that defines the protocol encapsulated in the frame
payload. See http://standards.ieee.org/develop/regauth/ethertype/eth.txt for a list of
Institute of Electrical and Electronics Engineers (IEEE) EtherTypes.
NOTE: To create a FIP application, use the EtherType 0x8914.
Options type—Identifier for the EtherType.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange
70 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
ethernet-switching-options
Syntax ethernet-switching-options {
analyzer {
name {
loss-priority priority;
ratio number;
input {
ingress {
interface (all | interface-name);
vlan (vlan-id | vlan-name);
}
egress {
interface (all | interface-name);
}
}
output {
interface interface-name;
vlan (vlan-id | vlan-name) {
no-tag;
}
}
}
}
bpdu-block {
disable-timeout timeout;
interface (all | [interface-name]) {
(disable | drop | shutdown);
}
}
dot1q-tunneling {
ether-type (0x8100 | 0x88a8 | 0x9100);
}
interfaces interface-name {
no-mac-learning;
}
mac-notification {
notification-interval seconds;
}
mac-table-aging-time seconds;
nonstop-bridging;
port-error-disable {
disable-timeout timeout;
}
redundant-trunk-group {
group name {
interface interface-name <primary>;
interface interface-name;
}
}
secure-access-port {
dhcp-snooping-file {
location local_pathname | remote_URL;
timeout seconds;
Copyright © 2013, Juniper Networks, Inc. 71
Converged Networks (LAN and SAN) for EX Series Switches
write-interval seconds;
}
interface (all | interface-name) {
allowed-mac {
mac-address-list;
}
(dhcp-trusted | no-dhcp-trusted);
fcoe-trusted;
mac-limit limit action action;
no-allowed-mac-log;
persistent-learning;
static-ip ip-address {
vlan vlan-name;
mac mac-address;
}
}
vlan (all | vlan-name) {
(arp-inspection | no-arp-inspection) [
forwarding-class class-name;
}
dhcp-option82 {
circuit-id {
prefix hostname;
use-interface-description;
use-vlan-id;
}
remote-id {
prefix hostname | mac | none;
use-interface-description;
use-string string;
}
vendor-id [string];
}
(examine-dhcp | no-examine-dhcp) {
forwarding-class class-name;
}
examine-fip {
fc-map fc-map-value;
}
(ip-source-guard | no-ip-source-guard);
mac-move-limit limit action action;
}
static {
vlan name {
mac mac-address {
next-hop interface-name;
}
}
}
storm-control {
action-shutdown;
interface (all | interface-name) {
bandwidth bandwidth;
level level;
multicast;
no-broadcast;
72 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
no-multicast;
no-registered-multicast;
no-unknown-unicast;
no-unregistered-multicast;
}
}
traceoptions {
file filename <files number> <no-stamp> <replace> <size size> <world-readable |
no-world-readable>;
flag flag <disable>;
}
unknown-unicast-forwarding {
vlan (all | vlan-name) {
interface interface-name;
}
}
voip {
interface (all | [interface-name | access-ports]) {
vlan vlan-name ;
forwarding-class (assured-forwarding | best-effort | expedited-forwarding |
network-control);
}
}
}
Hierarchy Level [edit]
Release Information Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description Configure Ethernet switching options.
The remaining statements are explained separately.
Required Privilege system—To view this statement in the configuration.
Level system-control—To add this statement to the configuration.
Related • Understanding Port Mirroring on EX Series Switches
Documentation
• Port Security Overview
• Understanding BPDU Protection for STP, RSTP, and MSTP on EX Series Switches
• Understanding Redundant Trunk Links on EX Series Switches
• Understanding Storm Control on EX Series Switches
• Understanding 802.1X and VoIP on EX Series Switches
• Understanding Q-in-Q Tunneling on EX Series Switches
• Understanding Unknown Unicast Forwarding on EX Series Switches
• Understanding MAC Notification on EX Series Switches
• Understanding FIP Snooping on page 3
• Understanding Nonstop Bridging on EX Series Switches
Copyright © 2013, Juniper Networks, Inc. 73
Converged Networks (LAN and SAN) for EX Series Switches
examine-fip
Syntax examine-fip {
examine-vn2vn {
beacon-period milliseconds;
}
fc-map fc-map-value;
}
Hierarchy Level [edit ethernet-switching-options secure-access-port vlan (all | vlan-name)]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement examine-vn2vn introduced in Junos OS Release 12.2 for the QFX Series.
Description Enable FIP snooping on a specified VLAN. Ensure that the VLAN is a dedicated FCoE
VLAN that transports only FCoE traffic.
(QFX Series only) Enable VN_Port to VN_Port (VN2VN_Port) FIP snooping on a specified
VLAN. The VLAN must be a dedicated FCoE VLAN that transports only VN2VN_Port
traffic. One FCoE VLAN cannot support both VN_Port to VF_Port (VN2VF_Port) FIP
snooping and VN2VN_Port FIP snooping. Configure separate, dedicated FCoE VLANs for
VN2VN_Port FIP snooping and VN2VN_Port FIP snooping.
The remaining statements are explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • vlan on page 87
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
74 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
fc-map
Syntax fc-map fc-map-value;
Hierarchy Level [edit ethernet-switching options secure-access-port vlan (all | vlan-name) examine-fip]
For the QFX Series only:
[edit fc-fabrics fc-fabric-name protocols fip]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description Set the FCoE mapped address prefix (FC-MAP) value for the FCoE VLAN to match the
FC switch (or FCoE forwarder) FC-MAP value for the FC fabric. The FC-MAP value is a
unique MAC address prefix an FC switch uses to identify FCoE traffic for a given FC fabric
(traffic on a particular FCoE VLAN).
You can configure the FC-MAP value or use the default value. The FC switch provides
the FC-MAP value to FCoE nodes (ENodes) in the FIP discovery advertisement message.
If the EX Series switch or the QFX Series FCoE VLAN FC-MAP value does not match the
FC switch FC-MAP value, neither device discovers the FC switch on that VLAN, and the
ENodes on that VLAN cannot access the FC switch. The FC switch accepts only FCoE
traffic that uses the correct FC-MAP value as part of the VN_Port MAC address.
When the QFX Series acts as an FCoE-FC gateway, the FC-MAP value for the gateway
and the FCoE devices must match the FC switch FC-MAP value in order to communicate
with the FC switch.
NOTE: Changing the FC-MAP value causes all logins to drop and forces the
ENodes to log in again.
Options fc-map-value—FC-MAP value, hexadecimal value preceded by “0x”.
Range: 0x0EFC00 through 0x0EFCFF
Default: 0xEFC00
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • examine-fip on page 74
Documentation
• show fip snooping on page 117
• Example: Configuring an FCoE Transit Switch on page 21
• Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Copyright © 2013, Juniper Networks, Inc. 75
Converged Networks (LAN and SAN) for EX Series Switches
fcoe
Syntax fcoe {
no-auto-negotiation;
}
Hierarchy Level [edit protocols dcbx interface interface-name applications]
Release Information Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement introduced in Junos OS Release 12.1 for the EX Series switches.
Description Disable advertising the FCoE state of the interface to the peer. To disable FCoE on the
interface, do not configure the FCoE forwarding class on the interface.
Options no-auto-negotiate—Disable automatic negotiation of FCoE capability.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • show dcbx neighbors on page 95
Documentation
• Understanding DCB Features and Requirements
• Understanding DCB Features and Requirements on EX Series Switches on page 14
76 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
fcoe-trusted
Syntax fcoe-trusted;
Hierarchy Level [edit ethernet-switching-options secure-access-port interface interface-name]
For the QFX Series only:
[edit fc-fabrics fc-fabric-name protocols fip]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement introduced for the FC fabric in Junos OS Release 11.3 for the QFX Series.
Description Configure the specified 10-Gigabit Ethernet interface to trust Fibre Channel over Ethernet
(FCoE) traffic. If an interface is connected to another switch such as an FCoE forwarder
(FCF) or a transit switch, you can configure the interface as trusted so that the interface
forwards FCoE traffic from the switch to the FCoE devices without installing FIP snooping
filters.
(QFX Series only) Configure the specified local Fibre Channel fabric to trust FCoE traffic
on all ports in the fabric. Changing the fabric ports from untrusted to trusted removes
any existing FIP snooping filters from the ports. Changing the fabric ports from trusted
to untrusted by removing the fcoe-trusted configuration from the fabric forces all of the
FCoE sessions on those ports to log out so that when the ENodes and VN_Ports log in
again, the switch can build the appropriate FIP snooping filters.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • show fip snooping on page 117
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Copyright © 2013, Juniper Networks, Inc. 77
Converged Networks (LAN and SAN) for EX Series Switches
ieee-802.1 (Congestion Notification)
Syntax ieee-802.1 {
code-point up-bits pfc ;
}
Hierarchy Level [edit class-of-service congestion-notification-profile profile-name],
[edit class-of-service interfaces interface-name congestion-notification-profile profile-name]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Description Set an association between the traffic class and the congestion notification profile.
The remaining statement is explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • [edit class-of-service] Configuration Statement Hierarchy on EX Series Switches on
Documentation page 51
• Example: Configuring an FCoE Transit Switch on page 21
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
input (Congestion Notification)
Syntax input {
ieee-802.1 {
code-point up-bits pfc ;
}
}
Hierarchy Level [edit class-of-service congestion-notification-profile (Priority-Based Flow Control)
profile-name],
[edit class-of-service interfaces interface-name congestion-notification-profile profile-name]
Release Information Statement introduced in Junos OS Release 10.4 for EX Series switches.
Description Identify the three-bit pattern of the User Priority field that triggers the priority-based
congestion notification profile for a specified traffic class.
The remaining statements are explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
78 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
interface (Access Port Security)
Syntax interface (all | interface-name) {
allowed-mac {
mac-address-list;
}
(dhcp-trusted | no-dhcp-trusted);
fcoe-trusted;
mac-limit limit action action;
no-allowed-mac-log;
persistent-learning;
static-ip ip-address {
vlan vlan-name;
mac mac-address;
}
}
vlan vlan-name {
mac-limit limit action action;
}
}
Hierarchy Level [edit ethernet-switching-options secure-access-port]
Release Information Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description Apply port security features to all interfaces or to the specified interface.
Options all—Apply port security features to all interfaces.
interface-name —Apply port security features to the specified interface.
The remaining statements are explained separately.
Required Privilege system—To view this statement in the configuration.
Level system-control—To add this statement to the configuration.
Related • Example: Configuring Basic Port Security Features
Documentation
• Example: Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snooping
Database Alteration Attacks
• Example: Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses, to
Protect the Switch from Ethernet Switching Table Overflow Attacks
• Example: Configuring MAC Limiting to Protect the Switch from DHCP Starvation Attacks
• Example: Configuring a DHCP Server Interface as Untrusted to Protect the Switch from
Rogue DHCP Server Attacks
• Configuring MAC Limiting (CLI Procedure)
• Enabling a Trusted DHCP Server (CLI Procedure)
• Configuring Static IP Addresses for DHCP Bindings on Access Ports (CLI Procedure)
Copyright © 2013, Juniper Networks, Inc. 79
Converged Networks (LAN and SAN) for EX Series Switches
interface (DCBX)
Syntax interface (interface-name | all) {
disable;
application-map application-map-name;
applications {
no-auto-negotiation;
}
enhanced-transmission-selection {
no-auto-negotiation;
no-recommendation-tlv;
recommendation-tlv {
no-auto-negotiation;
}
}
dcbx-version (auto-negotiate | ieee-dcbx | dcbx-version-1.01);
priority-flow-control {
no-auto-negotiation;
}
}
Hierarchy Level [edit protocols dcbx]
Release Information Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement introduced in Junos OS Release 11.3 for the EX Series switches.
Mode and recommendation-tlv statements introduced in Junos OS Release 12.2 for the
QFX Series.
Description Configure DCBX properties on an interface.
Options interface-name—Name of the interface.
The remaining statements are explained separately.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • show dcbx neighbors on page 95
Documentation
• Configuring DCBX Autonegotiation
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCB Features and Requirements
• Understanding DCB Features and Requirements on EX Series Switches on page 14
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
80 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
interfaces
Syntax interfaces {
interface-name {
congestion-notification-profile profile-name {
input {
ieee-802.1 {
code-point up-bits pfc;
}
}
}
}
scheduler-map map-name;
unit logical-unit-number {
forwarding-class class-name;
classifiers {
(dscp | ieee-802.1 | inet-precedence) (classifier-name | default);
}
}
}
}
Hierarchy Level [edit class-of-service]
Release Information Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description Configure interface-specific class-of-service (CoS) properties for incoming packets.
Options interface-name—Name of the interface.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Example: Configuring CoS on EX Series Switches
Documentation
• Defining CoS Classifiers (CLI Procedure) or Defining CoS Classifiers (J-Web Procedure)
• Defining CoS Forwarding Classes (CLI Procedure) or Defining CoS Forwarding Classes
(J-Web Procedure)
• Defining CoS Schedulers and Scheduler Maps (CLI Procedure) or Defining CoS Schedulers
(J-Web Procedure)
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
Copyright © 2013, Juniper Networks, Inc. 81
Converged Networks (LAN and SAN) for EX Series Switches
policy-options
Syntax policy-options
application-maps application-map-name {
application application-name {
code-points [ aliases ] [ bit-patterns ];
}
}
policy-statement policy-name {
term term-name {
from {
family family-name;
match-conditions;
policy subroutine-policy-name;
prefix-list prefix-list-name;
prefix-list-filter prefix-list-name match-type <actions>;
route-filter destination-prefix match-type <actions>;
source-address-filter source-prefix match-type <actions>;
}
to {
match-conditions;
policy subroutine-policy-name;
}
then actions;
}
}
Hierarchy Level [edit]
Release Information Statement introduced in Junos OS Release 12.1 for the QFX Series.
Statement introduced in Junos OS Release 12.1 for the EX Series.
Description Configure options such as application maps for DCBX application protocol exchange
and policy statements.
Required Privilege storage—To view this statement in the configuration.
Level storage-control—To add this statement to the configuration.
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
82 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
priority-flow-control
Syntax priority-flow-control {
no-auto-negotiation;
}
Hierarchy Level [edit protocols dcbx interface (all | interface-name)]
Release Information Statement introduced in Junos OS Release 11.1 for the QFX Series.
Statement introduced in Junos OS Release 11.3 for EX Series switches.
Description Disable autonegotiation of priority-based flow control (PFC) on one or more Ethernet
interfaces. Autonegotiation enables PFC on an interface only if the switch and the peer
device connected to the switch both support PFC and have the same PFC configuration.
Disabling autonegotiation on an interface forces the interface to use the PFC state
(enabled or disabled) that is configured on the switch by the configuration and assignment
of the congestion notification profile.
Options no-auto-negotiation—Disable automatic negotiation of PFC.
Required Privilege routing—To view this statement in the configuration.
Level routing-control—To add this statement to the configuration.
Related • show dcbx neighbors on page 95
Documentation
• Configuring CoS PFC (Congestion Notification Profiles)
• Configuring Priority-Based Flow Control for an EX Series Switch (CLI Procedure) on
page 41
• Configuring DCBX Autonegotiation
• Example: Configuring CoS PFC for FCoE Traffic
• Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches on page 10
• Understanding Priority-Based Flow Control on page 7
• Understanding DCB Features and Requirements
Copyright © 2013, Juniper Networks, Inc. 83
Converged Networks (LAN and SAN) for EX Series Switches
protocol (Applications)
Syntax protocol (tcp | udp);
Hierarchy Level [edit applications application application-name]
Release Information Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Networking protocol type, which combines with destination-port to identify an application
type.
NOTE: To create an application for iSCSI, use the protocol tcp with the
destination port number 3260.
Options tcp—Transmission Control Protocol
udp—User Datagram Protocol
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Defining an Application for DCBX Application Protocol TLV Exchange on page 45
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCBX Application Protocol TLV Exchange
• Understanding DCBX Application Protocol TLV Exchange on EX Series Switches on
page 16
84 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
secure-access-port
Syntax secure-access-port {
dhcp-snooping-file {
location local_pathname | remote_URL;
timeout seconds;
write-interval seconds;
}
interface (all | interface-name) {
allowed-mac {
mac-address-list;
}
(dhcp-trusted | no-dhcp-trusted);
fcoe-trusted;
mac-limit limit action action;
no-allowed-mac-log;
persistent-learning;
static-ip ip-address {
vlan vlan-name;
mac mac-address;
}
}
vlan (all | vlan-name) {
(arp-inspection | no-arp-inspection) [
forwarding-class class-name;
}
dhcp-option82 {
circuit-id {
prefix hostname;
use-interface-description;
use-vlan-id;
}
remote-id {
prefix hostname | mac | none;
use-interface-description;
use-string string;
}
vendor-id <string>;
}
(examine-dhcp | no-examine-dhcp) {
forwarding-class class-name;
}
examine-fip {
fc-map fc-map-value;
}
(ip-source-guard | no-ip-source-guard);
mac-move-limit limit action action;
}
}
Hierarchy Level [edit ethernet-switching-options]
Release Information Statement introduced in Junos OS Release 9.0 for EX Series switches.
Copyright © 2013, Juniper Networks, Inc. 85
Converged Networks (LAN and SAN) for EX Series Switches
Description Configure port security features, including MAC limiting, dynamic ARP inspection, whether
interfaces can receive DHCP responses, DHCP snooping, IP source guard, DHCP option
82, MAC move limiting, and FIP snooping.
The remaining statements are explained separately.
Required Privilege system—To view this statement in the configuration.
Level system-control—To add this statement to the configuration.
Related • Example: Configuring Basic Port Security Features
Documentation
• Example: Configuring DHCP Snooping, DAI , and MAC Limiting on a Switch with Access
to a DHCP Server Through a Second Switch
• Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a
Voice VLAN
• Example: Setting Up DHCP Option 82 with a Switch with No Relay Agent Between Clients
and a DHCP Server
• Example: Configuring an FCoE Transit Switch on page 21
86 Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
vlan (Access Port Security)
Syntax vlan (all | vlan-name) {
(arp-inspection | no-arp-inspection);
dhcp-option82 {
circuit-id {
prefix (Circuit ID for Option 82) hostname;
use-interface-description;
use-vlan-id;
}
remote-id {
prefix hostname | mac | none;
use-interface-description;
use-string string;
}
vendor-id <string>;
}
(examine-dhcp | no-examine-dhcp);
examine-fip {
fc-map fc-map-value;
}
(ip-source-guard | no-ip-source-guard);
mac-move-limit limit action action;
}
Hierarchy Level [edit ethernet-switching-options secure-access-port]
Release Information Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description Apply any of the following security options to a VLAN:
• DHCP snooping
• DHCP option 82
• Dynamic ARP inspection (DAI)
• FIP snooping
• IP source guard
• MAC move limiting
The remaining statements are explained separately.
TIP: To display a list of all configured VLANs on the system, including VLANs
that are configured but not committed, type ? after vlan or vlans in your
configuration mode command line. Note that only one VLAN is displayed for
a VLAN range.
Options all—Apply the feature to all VLANs.
Copyright © 2013, Juniper Networks, Inc. 87
Converged Networks (LAN and SAN) for EX Series Switches
vlan-name—Apply the feature to the specified VLAN.
Required Privilege system—To view this statement in the configuration.
Level system-control—To add this statement to the configuration.
Related • Example: Configuring Basic Port Security Features
Documentation
• Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate
Address-Spoofing Attacks on Untrusted Access Interfaces
• Example: Setting Up DHCP Option 82 with a Switch with No Relay Agent Between Clients
and a DHCP Server
• Example: Configuring an FCoE Transit Switch on page 21
88 Copyright © 2013, Juniper Networks, Inc.
PART 3
Administration
• Operational Commands on page 91
Copyright © 2013, Juniper Networks, Inc. 89
Converged Networks (LAN and SAN) for EX Series Switches
90 Copyright © 2013, Juniper Networks, Inc.
CHAPTER 5
Operational Commands
Copyright © 2013, Juniper Networks, Inc. 91
Converged Networks (LAN and SAN) for EX Series Switches
clear fip snooping enode
Syntax clear fip snooping enode enode-mac
<vlan vlan-name>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Clear FIP snooping information for the specified FCoE Node (ENode) or (optionally) only
on a specified VLAN. This operation deletes the ENode state from the switch database
and from the FIP snooping firewall filters, which causes the ENode to lose its connection
to the FCoE forwarder (FCF) and to log in to the FCF again.
Options enode-mac—MAC address of the ENode.
vlan vlan-name—(Optional) Name of the VLAN.
Required Privilege view
Level
Related • show fip snooping enode on page 121
Documentation
List of Sample Output clear fip snooping enode enode-mac on page 92
Sample Output
clear fip snooping enode enode-mac
user@switch> clear fip snooping enode 00:10:94:00:00:02
92 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
clear fip snooping statistics
Syntax clear fip snooping statistics
<vlan vlan-name>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Clear FIP snooping statistics globally or on a specified VLAN.
Required Privilege view
Level
Related • show fip snooping statistics on page 128
Documentation
List of Sample Output clear fip snooping statistics on page 93
Sample Output
clear fip snooping statistics
user@switch> clear fip snooping statistics
Copyright © 2013, Juniper Networks, Inc. 93
Converged Networks (LAN and SAN) for EX Series Switches
clear fip snooping vlan
Syntax clear fip snooping vlan vlan-name
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Clear FIP snooping information for the specified VLAN. This operation deletes all ENode
and FCF information for the VLAN from the switch database and causes the ENodes to
lose their connections to the FCFs. After clearing a VLAN, the switch relearns all of the
FCFs and ENodes on the VLAN, and the ENodes must log in to the FCF again.
Options vlan-name—Name of the VLAN.
Required Privilege view
Level
Related • show fip snooping vlan on page 131
Documentation
List of Sample Output clear fip snooping vlan vlan-name on page 94
Sample Output
clear fip snooping vlan vlan-name
user@switch> clear fip snooping vlan fcoevlan1
94 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
show dcbx neighbors
Syntax show dcbx neighbors
<interface interface-name>
<terse>
Release Information Command introduced in Junos OS Release 11.1 for the QFX Series.
Command introduced in Junos OS Release 11.3 for EX Series switches.
Description Display information about Data Center Bridging Capability Exchange protocol (DCBX)
neighbor interfaces.
Options none—Display information about all DCBX neighbor interfaces.
interface-name—(Optional) Display information for the specified interface.
terse—Display the specified level of output.
Required Privilege view
Level
Related • Configuring DCBX Autonegotiation
Documentation
• Example: Configuring DCBX Application Protocol TLV Exchange
• Example: Configuring an FCoE Transit Switch on page 21
• Example: Configuring DCBX to Support an iSCSI Application on page 33
• Understanding DCB Features and Requirements
• Understanding Data Center Bridging Capability Exchange Protocol for EX Series
Switches on page 10
• dcbx on page 67
List of Sample Output show dcbx neighbors interface (QFX Series, DCBX Version 1.01 Mode) on page 108
show dcbx neighbors interface (QFX Series, IEEE DCBX Mode) on page 110
show dcbx neighbors terse (QFX Series) on page 112
show dcbx neighbors (EX4500 Switch: FCoE Interfaces on Both Local and Peer with
PFC Configured Compatibly) on page 112
show dcbx neighbors (EX4500 Switch: DCBX Interfaces on Local and Peer Are
Configured Compatibly with iSCSI Application) on page 113
show dcbx neighbors (EX4500 Switch: Includes ETS) on page 114
Output Fields Table 7 on page 95 lists the output fields for the show dcbx neighbors command. Output
fields are listed in the approximate order in which they appear.
Table 7: show dcbx neighbors Output Fields
Field Name Field Description
Interface Name of the interface.
Copyright © 2013, Juniper Networks, Inc. 95
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Parent Interface Name of the link aggregation group (LAG) interface to which
the DCBX interface belongs.
Active-application-map Name of the application map applied to the interface.
Protocol-Mode (QFX Series) DCBX protocol mode the interface uses:
• IEEE DCBX Version—The interface uses IEEE DCBX mode.
• DCBX Version 1.01—The interface uses DCBX version 1.01.
NOTE: On interfaces that use the IEEE DCBX mode, the show
dcbx neighbors interface interface-name operational command
does not include application, PFC, or ETS operational state
in the output.
Protocol-State (DCBX Version 1.01 only) DCBX protocol state synchronization
status:
• in-sync—The local interface received an acknowledge
message from the peer to indicate that the peer received
a state change message sent by the local interface.
• ack-pending—The local interface has not yet received an
acknowledge message from the peer to indicate that the
peer received a state change message sent by the local
interface.
Local-Advertisement (DCBX Version 1.01 only)
Status of advertisements that the local interface sends to
the peer.
Operational version Version of the DCBX standard used.
sequence-number Number of state change messages sent to the peer.
If the interface Protocol-State value is in-sync, this number
should match the acknowledge-id number in the
Peer-Advertisement section.
If the interface Protocol-State value is ack-pending, this
number does not match the acknowledge-id number in the
Peer-Advertisement section.
acknowledge-id Number of acknowledge messages received from the peer.
If the Protocol-State value is in-sync, this number should
match the sequence-number value in the Peer-Advertisement
section.
If the Protocol-State value is ack-pending, this number does
not match the sequence-number value in the
Peer-Advertisement section.
96 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Peer-Advertisement (DCBX Version 1.01 only)
Status of advertisements that the peer sends to the local
interface.
Operational version Version of the DCBX standard used.
sequence-number Number of state change messages the peer sent to the local
interface.
If this number matches the acknowledge-id number in the
Local-Advertisement field, this indicates that the local
interface has acknowledged all of the peer’s state change
messages and is synchronized.
If this number does not match the acknowledge-id number
in the Local-Advertisement field, this indicates that the peer
has not yet received an acknowledgment for a state change
message from the local interface.
acknowledge-id Number of acknowledge messages the peer has received
from the local interface.
If this number matches the sequence-number value in the
Local-Advertisement field, this indicates that the peer has
acknowledged all of the local interface’s state change
messages and is in synchronization.
If this number does not match the sequence-number value
in the Local-Advertisement field, this indicates that the peer
has not yet sent an acknowledgment for a state change
message from the local interface.
Copyright © 2013, Juniper Networks, Inc. 97
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Feature: PFC Priority-based flow control (PFC) feature DCBX state
information.
Protocol-State (DCBX Version 1.01 only)
DCBX protocol state synchronization status:
• ack-pending—The local interface has not yet received an
acknowledge message from the peer to indicate that the
peer received a PFC state change message sent by the
local interface.
• in-sync—The local interface received an acknowledge
message from the peer to indicate that the peer received
a PFC state change message sent by the local interface.
• not-applicable—PFC autonegotiation is disabled.
Operational State (DCBX Version 1.01 only)
Operational state of the feature: enabled or disabled.
Local- Status of advertisements that the local interface sends to
Advertisement the peer.
Enable (DCBX Version 1.01 only)
State that the local interface advertises to the peer:
• Yes—The feature is enabled.
• No—The feature is disabled.
Willing Willingness of the local interface to learn the PFC
configuration from the peer using DCBX:
• Yes—The local interface is willing to learn the PFC
configuration from the peer.
• No—The local interface is not willing to learn the PFC
configuration from the peer.
Mac auth (IEEE DCBX only)
Bypass
Capability (QFX Series) Media access controller (MAC) authentication
bypass provides access to devices based on MAC address
authentication. This is not supported, so the only value seen
in the local advertisement field is no.
Error (DCBX Version 1.01 only)
Configuration compatibility error status:
• No—No error detected. Local and peer configuration are
compatible.
• Yes—Error detected. Local and peer configuration are not
compatible.
98 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Operational PFC operational state on the interface:
State
• Enabled—PFC is enabled on the interface
• Disabled—PFC is disabled on the interface
Maximum Largest number of traffic classes the local interface supports
Traffic Classes for PFC:
capable to
support PFC • 6 (EX Series switches)
• 8 (QFX Series)
Code Point PFC code point, which is specified in the 3-bit class-of-service
field in the VLAN header.
Admin Mode PFC administrative state for each code point on the local
interface:
• Enabled—PFC is enabled for the code point.
• Disabled—PFC is disabled for the code point.
Operational (QFX Series) PFC operational mode for each code point:
Mode
• Enable—PFC is enabled on the code point.
• Disable—PFC is disabled on the code point.
Peer-Advertisement Status of advertisements that the peer sends to the local
interface.
Enable (DCBX Version 1.01 only)
State that the peer advertises to the local interface:
• Yes—The feature is enabled.
• No—The feature is disabled.
Willing Willingness of the peer to learn the PFC configuration from
the local interface using DCBX:
• Yes—The peer is willing to learn the PFC configuration from
the local interface.
• No—The peer is not willing to learn the PFC configuration
from the local interface.
Error (DCBX Version 1.01 only)
Configuration compatibility error status:
• No—No error detected. Local and peer configuration are
compatible.
• Yes—Error detected. Local and peer configuration are not
compatible.
Copyright © 2013, Juniper Networks, Inc. 99
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Operational PFC operational state on the interface:
State
• Enabled—PFC is enabled on the interface
• Disabled—PFC is disabled on the interface
Mac auth (IEEE DCBX only)
Bypass
Capability (QFX Series) Media access controller (MAC) authentication
bypass provides access to devices based on MAC address
authentication. Although the QFX Series does not support
this feature, the connected peer might support it. This field
reports the peer state:
• Yes—The connected peer supports MAC authentication
bypass.
• No—The connected peer does not support MAC
authentication bypass.
Maximum Largest number of traffic classes the peer supports for PFC:
Traffic Classes
capable to • 6 (EX Series switches)
support PFC • 8 (QFX Series)
Code Point PFC code point, which is specified in the 3-bit class-of-service
field in the VLAN header.
Admin Mode PFC administrative state for each code point on the peer:
• Enabled—PFC is enabled for the code point.
• Disabled—PFC is disabled for the code point.
100 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Feature: Application State information for the DCBX application.
Protocol-State (DCBX Version 1.01 only)
DCBX protocol state synchronization status:
• in-sync—The local interface received an acknowledge
message from the peer to indicate that the peer received
an FCoE state change message sent by the local interface.
• ack-pending—The local interface has not yet received an
acknowledge message from the peer to indicate that the
peer received an FCoE state change message sent by the
local interface.
• not-applicable—The local interface is set to
no-auto-negotiation (autonegotiation is disabled). If the
interface is associated with an FCoE forwarding class, the
interface advertises FCoE capability even if the connected
peer does not advertise FCoE capability.
Local-Advertisement Status of advertisements that the local interface sends to
the peer.
If the local interface is set to no-auto-negotiation
(autonegotiation is disabled), the local advertisement portion
of the output is not shown.
Enable (DCBX Version 1.01 only)
State that the local interface advertises to the peer:
• Yes—The feature is enabled.
• No—The feature is disabled.
Willing (DCBX Version 1.01 only)
Willingness of the local interface to learn the FCoE interface
state from the peer using DCBX:
• Yes—The local interface is willing to learn the FCoE
interface state from the peer.
• No—The local interface is not willing to learn the FCoE
interface state from the peer.
Error (DCBX Version 1.01 only)
Configuration compatibility error status:
• No—No error detected. The local and peer configuration
are compatible.
• Yes—Error detected. The local and peer configuration are
not compatible.
Appl-Name Name of the application:
Copyright © 2013, Juniper Networks, Inc. 101
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Ethernet-Type (DCBX Version 1.01 only)
Ethernet type (EtherType) of the application. For example,
0x8906 indicates the EtherType for the FCoE application.
Either the EtherType (for Layer 2 applications) or the Socket
Number (for Layer 4 applications) of the application is
displayed in the output.
Socket-Number Destination port socket number of the application, if
applicable. Either the EtherType (for Layer 2 applications)
or the Socket Number (for Layer 4 applications) of the
application is displayed in the output.
Priority-Field or Priority assigned to the application.
Priority-Map
For EX Series switches, the priority of the FCoE application
is determined by the PFC congestion notification profile that
has been configured and associated with the FCoE interface.
For other applications, the priority is based on the application
map.
Status (DCBX Version 1.01 only)
Local status when autonegotiation is enabled:
• Enabled—The application feature is enabled on both the
local interface and the peer interface. (The local
configuration and the peer configuration match.)
• Disabled—The local configuration and the peer
configuration do not match.
NOTE: If there is a configuration mismatch in one application
between the switch and the peer, all the other applications
including FCoE are disabled.
Peer-Advertisement Status of advertisements that the peer sends to the local
interface.
Enable (DCBX Version 1.01 only)
State that the peer advertises to the local interface:
• Yes—The feature is enabled.
• No—The feature is disabled.
Willing (DCBX Version 1.01 only)
Willingness of the peer to learn the FCoE interface state from
the local interface using DCBX:
• Yes—The peer is willing to learn the FCoE interface state
from the local interface.
• No—The peer is not willing to learn the FCoE interface state
from the local interface.
102 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Error (DCBX Version 1.01 only)
Configuration compatibility error status:
• No—No error detected. Local and peer configuration are
compatible.
• Yes—Error detected. Local and peer configuration are not
compatible.
Appl-Name Name of the application:
• FCoE—Fibre Channel over Ethernet
Ethernet-Type Ethernet type (EtherType) of the application. For example,
0x8906 indicates the EtherType for the FCoE application.
Either the EtherType (for Layer 2 applications) or the
Socket-Number (for Layer 4 applications) of the application
is displayed in the output.
Socket-Number Destination port socket number of the application, if
applicable. Either the EtherType (for Layer 2 applications)
or the Socket Number (for Layer 4 applications) of the
application is displayed in the output.
Priority-Field or Priority assigned to the application.
Priority-Map
Status (DCBX Version 1.01 only)
Peer interface status:
• Enabled—The application feature is enabled on both the
local interface and the peer interface. (The local
configuration and the peer configuration match.)
• Disabled—The local configuration and the peer
configuration do not match.
Copyright © 2013, Juniper Networks, Inc. 103
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Feature: ETS Enhanced Transmission Selection (ETS) DCBX state
information.
Protocol-State (DCBX Version 1.01 only)
ETS protocol state synchronization status:
• in-sync—The local interface received an acknowledge
message from the peer to indicate that the peer received
an ETS state change message sent by the local interface.
• ack-pending—The local interface has not yet received an
acknowledge message from the peer to indicate that the
peer received an ETS state change message sent by the
local interface.
Operational State (DCBX Version 1.01 only)
Operational state of the feature, enabled or disabled.
Local-Advertisement Status of advertisements that the local interface sends to
the peer.
Enable (DCBX Version 1.01 only)
State that the local interface advertises to the peer:
• Yes—The feature is enabled.
• No—The feature is disabled.
TLV Type (IEEE DCBX only)
Type of ETS TLV:
• Configuration—Advertises the Configuration TLV, which
communicates the local ETS configuration to the peer but
does not ask the peer to use the configuration.
• Recommendation—Advertises the Recommendation TLV,
which communicates the local ETS configuration to the
peer, and if the peer is “willing,” configures the peer
interface to match the local ETS configuration.
• Recommendation-or-Configuration—Advertises both TLVs.
Willing Willingness of the local interface to learn the ETS state from
the peer using DCBX (EX Series switches always advertise
No for this field):
• Yes—Local interface is willing to learn the ETS state from
the peer.
• No—Local interface is not willing to learn the ETS state
from the peer.
Credit Based
Shaper
104 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
(IEEE DCBX only)
Alternative method of flow control to buffer-to-buffer credit.
The QFX Series does not support a credit-based shaper, so
the value of this field is always No.
Error (DCBX Version 1.01 only)
Configuration error status:
• No—No error. This should always be the switch ETS error
state.
• Yes—Error detected.
Maximum (DCBX Version 1.01 only)
Traffic Classes
capable to Largest number of traffic classes the local interface supports
support PFC for PFC.
Maximum (IEEE DCBX only)
Traffic Classes
supported Largest number of traffic classes the local interface supports
for ETS. (EX Series switches support only one traffic class
for ETS. However, a different value might be shown for this
field.)
Code Point PFC code point, which is specified in the 3-bit class-of-service
field in the VLAN header.
Priority-Group Class-of-service (CoS) priority group (forwarding class set)
identification number.
Percentage B/W Configured minimum percentage of link bandwidth allocated
to the priority group. Only explicitly configured values appear
in this output column. If the link bandwidth is the default
percentage, it is not shown. (EX Series switches allocate
100% of link bandwidth to the default priority group, group
7.)
Transmission (IEEE DCBX only)
Selection
Algorithm The transmission selection algorithm used by the interface.
The QFX Series supports ETS but does not support using the
credit-based shaper algorithm, so the only value shown in
this field is ETS.
Peer-Advertisement Status of advertisements that the peer sends to the local
interface.
Enable
Copyright © 2013, Juniper Networks, Inc. 105
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
(DCBX Version 1.01 only)
State that the peer advertises to the local interface:
• Yes—The feature is enabled.
• No—The feature is disabled.
TLV Type (IEEE DCBX only)
Type of ETS TLV:
• Configuration—Advertises the Configuration TLV, which
communicates the local ETS configuration to the peer but
does not ask the peer to use the configuration.
• Recommendation—Advertises the Recommendation TLV,
which communicates the local ETS configuration to the
peer, and if the peer is “willing,” configures the peer
interface to match the local ETS configuration.
• Configuration/Recommendation—Advertises both TLVs.
Willing Willingness of the peer to learn the ETS state from the local
interface using DCBX:
• Yes—Peer is willing to learn the ETS state from the local
interface.
• No—Peer is not willing to learn the ETS state from the local
interface.
Credit Based (IEEE DCBX only)
Shaper
Alternative method of flow control to buffer-to-buffer credit.
The QFX Series does not support a credit-based shaper, so
the value of this field is always No.
Error (DCBX Version 1.01 only)
Configuration error status of the peer:
• No—No error in peer ETS TLV.
• Yes—Error in peer ETS TLV.
Maximum (DCBX Version 1.01 only)
Traffic Classes
capable to Largest number of traffic classes the local interface supports
support PFC for PFC.
Maximum (IEEE DCBX only)
Traffic Classes
supported Largest number of traffic classes the local interface supports
for ETS. (EX Series switches support only one traffic class
for ETS. However, a different value might be shown for this
field.)
Code Point
106 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
PFC code point, which is specified in the 3-bit class-of-service
field in the VLAN header.
Priority-Group CoS priority group (forwarding class set) identification
number.
Percentage B/W Configured minimum percentage of link bandwidth allocated
to the priority group. (EX Series switches allocate 100% of
link bandwidth to the default priority group, group 7.)
Transmission (IEEE DCBX only)
Selection
Algorithm Transmission selection algorithm used by the interface. The
QFX Series supports ETS but does not support using the
credit-based shaper algorithm, so the only value shown in
this field is ETS.
PFC (QFX Series, terse option only) DCBX TLV advertisement
state for PFC:
• Disabled—PFC configuration matches the configuration
on the connected peer and PFC is disabled
• Enabled—PFC configuration matches the configuration
on the connected peer and PFC is enabled
• Not Advt—Interface does not advertise PFC to the
connected peer
ETS (terse option only) Local DCBX TLV advertisement state for
ETS:
• Advt—Interface advertises ETS TLVs
• Disabled—ETS is disabled on the interface (interface does
not advertise ETS)
ETS Rec (terse option only) DCBX TLV peer advertisement state for
ETS (state received from the connected DCBX peer):
• Advt—Peer interface advertises ETS TLVs
• Not Advt—Peer interface does not advertise ETS
NOTE: When the DCBX mode is DCBX version 1.01, no peer
information is displayed.
Copyright © 2013, Juniper Networks, Inc. 107
Converged Networks (LAN and SAN) for EX Series Switches
Table 7: show dcbx neighbors Output Fields (continued)
Field Name Field Description
Version (terse option only) The DCBX version used on the interface
and whether the DCBX version was autonegotiated or
explicitly configured:
• IEEE—The interface uses IEEE DCBX.
• 1.01—The interface uses DCBX version 1.01.
When the DCBX version used is the result of autonegotiation,
the term (Auto) appears next to the version. For example,
IEEE (Auto) indicates that the interface autonegotiated with
the connected peer to use IEEE DCBX. Autonegotiation is
enabled by default.
Sample Output
show dcbx neighbors interface (QFX Series, DCBX Version 1.01 Mode)
user@switch> show dcbx neighbors interface xe-0/0/0
Interface : xe-0/0/0.0 - Parent Interface: ae0.0
Active-application-map: app-map-1
Protocol-State: in-sync
Protocol-Mode: DCBX Version 1.01
Local-Advertisement:
Operational version: 1
sequence-number: 130, acknowledge-id: 102
Peer-Advertisement:
Operational version: 1
sequence-number: 102, acknowledge-id: 130
Feature: PFC, Protocol-State: in-sync
Operational State: Enabled
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 8
Code Point Admin Mode Operational Mode
000 Disabled Disable
001 Disabled Disable
010 Disabled Disable
011 Enabled Enable
100 Enabled Enable
101 Disabled Disable
110 Disabled Disable
111 Disabled Disable
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 8
Code Point Admin Mode
000 Disabled
108 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
001 Disabled
010 Disabled
011 Enabled
100 Enabled
101 Disabled
110 Disabled
111 Disabled
Feature: Application, Protocol-State: in-sync
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001110 Enabled
iSCSI 3260 10000000 Enabled
Peer-Advertisement:
Enable: Yes, Willing: Yes, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 N/A 00001110 Enabled
Feature: ETS, Protocol-State: in-sync
Operational State: Enabled
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 8
Code Point Priority-Group
000 0
001 7
010 7
011 7
100 0
101 1
110 1
111 7
Priority-Group Percentage B/W
0 40%
1 5%
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 8
Code Point Priority-Group
000 0
001 7
010 7
011 7
100 0
101 1
110 1
Copyright © 2013, Juniper Networks, Inc. 109
Converged Networks (LAN and SAN) for EX Series Switches
111 7
Priority-Group Percentage B/W
0 40%
1 5%
show dcbx neighbors interface (QFX Series, IEEE DCBX Mode)
user@switch> show dcbx neighbors interface xe-0/0/0
Interface : xe-0/0/0.0 - Parent Interface: ae0.0
Active-application-map: app-map-1
Protocol-Mode: IEEE-DCBX Version
Feature: PFC
Local-Advertisement:
Willing: No
Mac auth Bypass Capability: No
Operational State: Enabled
Maximum Traffic Classes capable to support PFC: 8
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Enabled
100 Enabled
101 Disabled
110 Disabled
111 Disabled
Peer-Advertisement:
Willing: No
Mac auth Bypass Capability: No
Operational State: Enabled
Maximum Traffic Classes capable to support PFC: 8
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Enabled
100 Enabled
101 Disabled
110 Disabled
111 Disabled
Feature: Application
Local-Advertisement:
Appl-Name Ethernet-Type Socket-Number Priority-field
FCoE 0x8906 00001110
iSCSI 3260 10000000
Peer-Advertisement:
Appl-Name Ethernet-Type Socket-Number Priority-field
110 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
FCoE 0x8906 N/A 00001110
Feature: ETS
Local-Advertisement:
TLV Type: Configuration/Recommendation
Willing: No
Credit Based Shaper: No
Maximum Traffic Classes supported: 3
Code Point Priority-Group
000 0
001 7
010 7
011 7
100 0
101 1
110 1
111 7
Priority-Group Percentage B/W
0 40%
1 5%
Priority-Group Transmission Selection Algorithm
0 Enhanced Transmission Selection
1 Enhanced Transmission Selection
Peer-Advertisement:
TLV Type: Configuration
Willing: No
Credit Based Shaper: No
Code Point Priority-Group
000 0
001 7
010 7
011 7
100 0
101 1
110 1
111 7
Priority-Group Percentage B/W
0 40%
1 5%
Priority-Group Transmission Selection Algorithm
0 Enhanced Transmission Selection
1 Enhanced Transmission Selection
Peer-Advertisement:
TLV Type: Recommendation
Code Point Priority-Group
000 0
001 7
010 7
011 7
100 0
Copyright © 2013, Juniper Networks, Inc. 111
Converged Networks (LAN and SAN) for EX Series Switches
101 1
110 1
111 7
Priority-Group Percentage B/W
0 40%
1 5%
Priority-Group Transmission Selection Algorithm
0 Enhanced Transmission Selection
1 Enhanced Transmission Selection
show dcbx neighbors terse (QFX Series)
user@switch> show dcbx neighbors terse
Interface Parent PFC ETS ETS Version
Interface Rec
xe-0/0/8.0 - Enabled Advt Advt IEEE (Auto)
xe-0/0/9.0 - Disabled Disabled 1.01
xe-0/0/11.0 ae0.0 Enabled Advt Advt IEEE (Auto)
xe-0/0/12.0 ae0.0 Enabled Advt Advt IEEE (Auto)
xe-0/0/32.0 - Enabled Advt Not Advt IEEE
xe-0/0/36.0 - Not Advt Advt Advt IEEE
show dcbx neighbors (EX4500 Switch: FCoE Interfaces on Both Local and Peer with PFC Configured Compatibly)
user@switch> show dcbx neighbors interface xe-0/0/14
Interface : xe-0/0/14.0 - Parent Interface: ae0.0
Protocol-State: in-sync
Local-Advertisement:
Operational version: 0
sequence-number: 6, acknowledge-id: 6
Peer-Advertisement:
Operational version: 0
sequence-number: 6, acknowledge-id: 6
Feature: PFC, Protocol-State: in-sync
Operational State: Enabled
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Enabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
112 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Enabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
Feature: Application, Protocol-State: in-sync
Local-Advertisement:
Enable: Yes, Willing: No, Error: No <<< Error bit will not be set as
there is no miss configuration between local and peer.
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001000 Enabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map
Status
FCoE 0x8906 00001000
Enabled
show dcbx neighbors (EX4500 Switch: DCBX Interfaces on Local and Peer Are Configured Compatibly with
iSCSI Application)
user@switch> show dcbx neighbors interface xe-0/0/14
Interface : xe-0/0/14.0 - Parent Interface: ae0.0
Protocol-State: in-sync
Active-application-map: iscsi-map
Local-Advertisement:
Operational version: 0
sequence-number: 9, acknowledge-id: 12
Peer-Advertisement:
Operational version: 0
sequence-number: 12, acknowledge-id: 9
Feature: PFC, Protocol-State: in-sync
Operational State: Enabled
Copyright © 2013, Juniper Networks, Inc. 113
Converged Networks (LAN and SAN) for EX Series Switches
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Enabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Disabled
001 Disabled
010 Disabled
011 Enabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
Feature: Application, Protocol-State: in-sync
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001000 Enabled
iscsi 3260 00100000 Enabled
Peer-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001000 Enabled
iscsi 3260 00100000 Enabled
show dcbx neighbors (EX4500 Switch: Includes ETS)
user@switch> show dcbx neighbors interface xe-0/0/3
Interface : xe-0/0/3.0
Protocol-State: in-sync
Active-application-map: map_iscsi
Local-Advertisement:
Operational version: 0
114 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
sequence-number: 1, acknowledge-id: 5
Peer-Advertisement:
Operational version: 0
sequence-number: 5, acknowledge-id: 1
Feature: PFC, Protocol-State: in-sync
Operational State: Enabled
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes capable to support PFC: 6
Code Point Admin Mode
000 Enabled
001 Enabled
010 Disabled
011 Disabled
100 Disabled
101 Disabled
110 Disabled
111 Disabled
Peer-Advertisement:
Enable: Yes, Willing: Yes, Error: No
Maximum Traffic Classes capable to support PFC: 8
Code Point Admin Mode
000 Enabled
001 Disabled
010 Disabled
011 Disabled
100 Enabled
101 Disabled
110 Disabled
111 Disabled
Feature: Application, Protocol-State: in-sync
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00000001 Enabled
iscsi 3260 00000010 Enabled
Peer-Advertisement:
Enable: Yes, Willing: Yes, Error: No
Appl-Name Ethernet-Type Socket-Number Priority-Map Status
FCoE 0x8906 00001000 Enabled
iscsi 3260 00010000 Enabled
Feature: ETS, Protocol-State: in-sync
Operational State: Enabled
Copyright © 2013, Juniper Networks, Inc. 115
Converged Networks (LAN and SAN) for EX Series Switches
Local-Advertisement:
Enable: Yes, Willing: No, Error: No
Maximum Traffic Classes supported : 3
Code Point Priority-Group
000 7
001 7
010 7
011 7
100 7
101 7
110 7
111 7
Priority-Group Percentage B/W
7 100%
Peer-Advertisement:
Enable: Yes, Willing: Yes, Error: No
Maximum Traffic Classes supported : 8
Code Point Priority-Group
000 0
001 1
010 0
011 0
100 2
101 0
110 0
111 0
Priority-Group Percentage B/W
0 30%
1 40%
2 30%
116 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
show fip snooping
Syntax show fip snooping
<brief | detail>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Display FIP snooping information.
Options none—Display FIP snooping information.
brief | detail—(Optional) Display the specified level of output.
Required Privilege view
Level
Related • Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• show fip snooping enode on page 121
• show fip snooping fcf on page 125
• show fip snooping interface
• show fip snooping statistics on page 128
• show fip snooping vlan on page 131
List of Sample Output show fip snooping on page 119
show fip snooping brief (QFX Series) on page 119
show fip snooping detail (QFX Series) on page 119
show fip snooping detail on page 120
Output Fields Table 8 on page 117 lists the output fields for the show fip snooping command. Output
fields are listed in the approximate order in which they appear.
Table 8: show fip snooping Output Fields
Level of
Field Name Field Description Output
VLAN Name of the VLAN. All
Mode (QFX Series only) All
Snooping mode enabled on the FCoE VLAN:
• VN2VF Snooping—The FCoE VLAN is configured for FIP snooping
between an ENode VN_Port and a switch VF_Port.
• VN2VN Snooping—The FCoE VLAN is configured for VN_Port to
VN_Port FIP snooping between ENode VN_Ports.
Copyright © 2013, Juniper Networks, Inc. 117
Converged Networks (LAN and SAN) for EX Series Switches
Table 8: show fip snooping Output Fields (continued)
Level of
Field Name Field Description Output
FC-MAP FCoE mapped address prefix of the FCoE forwarder for the VLAN. All
FCF or FCF-MAC MAC address of the FCF. All
Session Count or Active Sessions Current number of virtual link sessions with VN_Ports. All
VN_Port Count (QFX Series only) brief
Number of VN_Ports active on an ENode.
Configured FKA-ADV FIP keepalive interval in seconds configured on the FCF multiplied detail
by three. For example, if the FKA_ADV period configured on the FCF
is 86 seconds, the value of this field is 258.
For the QFX Series only, the output of this field is always 0 (zero) if
the VLAN is an FCoE-FC gateway VLAN. If the VLAN is a FIP snooping
VLAN (a transit switch VLAN), then the output is accurate. This is
because for an FCoE-FC gateway VLAN, FIP snooping is performed
internally and the keepalive advertisements are not tracked by the
switch’s Ethernet module.
Running FKA-ADV Runtime interval in seconds of the last FIP keepalive advertisement detail
the FCF received. This value changes every time the FCF receives
an FKA_ADV.
For the QFX Series only, the output of this field is always 0 (zero) if
the VLAN is an FCoE-FC gateway VLAN. If the VLAN is a FIP snooping
VLAN (a transit switch VLAN), then the output is accurate. This is
because for an FCoE-FC gateway VLAN, FIP snooping is performed
internally and the keepalive advertisements are not tracked by the
switch’s Ethernet module.
Beacon Period (QFX Series only) detail
Beacon period interval in milliseconds.
VN2VN Mode (QFX Series only) detail
Mode of VN2VN_Port snooping:
• Multi-Point—Multiple ENodes are connected to the network and
form multiple virtual links. Each virtual link is created between
one pair of VN_Ports. This is analogous to the loop mode in
traditional FC networks.
• Point-to-Point—Two ENodes are connected to the network and
form a single VN_Port to VN_Port virtual link. This is analogous
to the point-to-point FC link between an FC initiator and an FC
target.
ENode-MAC MAC address of the connected FCoE node (ENode). All
Interface Interface connected to the ENode. detail
VN-Port MAC MAC address of a VN_Port on the ENode. All
118 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 8: show fip snooping Output Fields (continued)
Level of
Field Name Field Description Output
FKA-ADV Runtime interval in seconds of the last FIP keepalive advertisement detail
the ENode sent to the FCF on behalf of the VN_Port (VN_Port
FKA_ADV). This value changes every time the ENode sends a
VN_Port FKA_ADV to the FCF.
Active VN_Ports (QFX Series only) detail
Number of VN_Ports active on an ENode.
Vlink far-end VN-Port-MAC (QFX Series only) detail
Media access control (MAC) address of the VN_Port at the other
end of the virtual link.
Sample Output
show fip snooping
user@switch> show fip snooping
VLAN : fcoevlan1 FC-MAP : 0e:fc:00
FCF : 00:10:94:00:00:01 Session Count : 2
Enode-MAC : 00:10:94:00:00:02
VN-Port-MAC : 0E:FC:00:00:00:05
VN-Port-MAC : 0E:FC:00:00:00:01
show fip snooping brief (QFX Series)
user@switch> show fip snooping brief
VLAN: vlan100, Mode: VN2VF Snooping
FC-MAP: 0e:fc:00
FCF: 30:10:94:01:00:00 Session Count: 2
Enode-MAC: 10:10:94:01:00:01
VN-Port-MAC: 0e:fc:00:01:0d:01
VN-Port-MAC: 0e:fc:00:01:0e:01
VLAN: vlan101, Mode: VN2VN Snooping
FC-MAP: 0e:fc:00
Enode-MAC: 10:10:94:01:00:02 VN_Port count: 1
VN-Port-MAC: 0e:fc:00:01:0a:01 Session Count: 2
Enode-MAC: 10:10:94:01:00:03 VN_Port count: 0
show fip snooping detail (QFX Series)
user@switch> show fip snooping detail
root@sw-pa02v> show fip snooping detail
VLAN: vlan100, Mode: VN2VF Snooping
FC-MAP: 0e:fc:00
FCF Information
FCF-MAC : 30:10:94:01:00:00
Active Sessions : 2
Configured FKA-ADV : 258
Running FKA-ADV : 188
Enode Information
Enode-MAC: 10:10:94:01:00:01, Interface: xe-0/0/10
Configured FKA-ADV : 258
Running FKA-ADV : 230
Session Information
Copyright © 2013, Juniper Networks, Inc. 119
Converged Networks (LAN and SAN) for EX Series Switches
VN-Port MAC: 0e:fc:00:01:0d:01, FKA-ADV : 230
VN-Port MAC: 0e:fc:00:01:0e:01, FKA-ADV : 245
VLAN: vlan101, Mode: VN2VN Snooping
FC-MAP: 0e:fc:00
Beacon_Period: 90000
VN2VN Mode: Multi-Point
Enode Information
Enode-MAC: 10:10:94:01:00:02, Interface: xe-0/0/10
Active VN_Ports : 1
VN_Port Information
VN-Port MAC: 0e:fc:00:01:0a:01
Active Sessions : 2
Session Information
Vlink far-end VN-Port-MAC: 0e:fc:00:01:0b:01
Vlink far-end VN-Port-MAC: 0e:fc:00:01:0c:01
Enode-MAC: 10:10:94:01:00:02, Interface: xe-0/0/11
Active VN_Ports : 0
show fip snooping detail
user@switch> show fip snooping detail
VLAN : fcoevlan1 FC-MAP : 0e:fc:00
FCF Information
FCF-MAC : 00:10:94:00:00:01
Active Sessions : 2
Configured FKA-ADV : 258
Running FKA-ADV : 244
Enode Information
Enode-MAC : 00:10:94:00:00:02 Interface : xe-0/0/1
Configured FKA-ADV : 258
Running FKA-ADV : 248
Session Information
VN-Port MAC : 0E:FC:00:00:00:05 FKA-ADV : 264
VN-Port MAC : 0E:FC:00:00:00:01 FKA-ADV : 260
120 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
show fip snooping enode
Syntax show fip snooping enode enode-mac
<brief | detail>
<vlan vlan-name>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Display FIP snooping FCoE node (ENode) information.
Options brief | detail—(Optional) Display the specified level of output.
enode-mac—Display information for the ENode specified by the MAC address.
vlan vlan-name—(Optional) Display FIP snooping information for the ENode on only the
specified VLAN.
Required Privilege view
Level
Related • Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• show fip snooping on page 117
• show fip snooping fcf on page 125
• show fip snooping interface
• show fip snooping statistics on page 128
• show fip snooping vlan on page 131
List of Sample Output show fip snooping enode on page 123
show fip snooping enode brief (QFX Series) on page 123
show fip snooping enode detail (QFX Series) on page 123
show fip snooping enode detail on page 123
Output Fields Table 9 on page 121 lists the output fields for the show fip snooping enode command.
Output fields are listed in the approximate order in which they appear.
Table 9: show fip snooping enode Output Fields
Level of
Field Name Field Description Output
ENode and ENode MAC MAC address of the ENode. All
VLAN Name of the VLAN. All
Interface Interface connected to the ENode. All
Copyright © 2013, Juniper Networks, Inc. 121
Converged Networks (LAN and SAN) for EX Series Switches
Table 9: show fip snooping enode Output Fields (continued)
Level of
Field Name Field Description Output
Mode (QFX Series only) All
Snooping mode enabled on the FCoE VLAN:
• VN2VF Snooping—The FCoE VLAN is configured for FIP snooping
between an ENode VN_Port and a switch VF_Port.
• VN2VN Snooping—The FCoE VLAN is configured for VN_Port to
VN_Port FIP snooping between ENode VN_Ports.
VN_Port Count (QFX Series only) brief
Number of VN_Ports active on an ENode.
Session Count Current number of virtual link sessions with VN_Ports. All
Configured FKA-ADV FIP keepalive interval in seconds configured on the FCoE forwarder detail
(FCF) multiplied by three. For example, if the FKA_ADV period
configured on the FCF is 86 seconds, the value of this field is 258.
This value remains constant.
For the QFX Series only, the output of this field is always 0 (zero)
if the VLAN is an FCoE-FC gateway VLAN. If the VLAN is a FIP
snooping VLAN (a transit switch VLAN), then the output is accurate.
This is because for an FCoE-FC gateway VLAN, FIP snooping is
performed internally and the keepalive advertisements are not
tracked by the switch’s Ethernet module.
Running FKA-ADV Runtime interval in seconds of the last FIP keepalive advertisement detail
the ENode sent to the FCF. This value changes every time the
ENode sends an FKA_ADV to the FCF.
For the QFX Series only, the output of this field is always 0 (zero)
if the VLAN is an FCoE-FC gateway VLAN. If the VLAN is a FIP
snooping VLAN (a transit switch VLAN), then the output is accurate.
This is because for an FCoE-FC gateway VLAN, FIP snooping is
performed internally and the keepalive advertisements are not
tracked by the switch’s Ethernet module.
VN-Port or VN-Port-MAC MAC address of a VN_Port on the ENode. All
FKA-ADV Runtime interval in seconds of the last FIP keepalive advertisement detail
the ENode sent to the FCF on behalf of the VN_Port (VN_Port
FKA_ADV). This value changes every time the ENode sends a
VN_Port FKA_ADV to the FCF.
FCF or FCF-MAC MAC address of the FCF to which the VN_Port is connected. All
Beacon Period (QFX Series only) detail
Beacon period interval in milliseconds.
122 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 9: show fip snooping enode Output Fields (continued)
Level of
Field Name Field Description Output
VN2VN Mode (QFX Series only) detail
Mode of VN2VN_Port snooping:
• Multi-Point—Multiple ENodes are connected to the network and
form multiple virtual links. Each virtual link is created between
one pair of VN_Ports. This is analogous to the loop mode in
traditional FC networks.
• Point-to-Point—Two ENodes are connected to the network and
form a single VN_Port to VN_Port virtual link. This is analogous
to the point-to-point FC link between an FC initiator and an FC
target.
Vlink far-end VN-Port-MAC (QFX Series only) detail
Media access control (MAC) address of the VN_Port at the other
end of the virtual link.
Sample Output
show fip snooping enode
user@switch> show fip snooping enode 00:10:94:00:00:02
Enode : 00:10:94:00:00:02 VLAN : vlan1 Interface : xe-0/0/1
VN-Port-MAC FCF-MAC
0E:FC:00:00:00:05 00:10:94:00:00:01
0E:FC:00:00:00:01 00:10:94:00:00:01
show fip snooping enode brief (QFX Series)
user@switch> show fip snooping enode 10:10:94:01:00:02 brief
Enode: 10:10:94:01:00:02 , VLAN: vlan101, Interface: xe-0/0/10
Mode: VN2VF Snooping VN_Port Count: 1
VN_Port Information
VN_Port Mac: 0e:fc:00:01:0a:01 Session Count: 2
show fip snooping enode detail (QFX Series)
user@switch> show fip snooping enode 10:10:94:01:00:02 detail
Enode MAC: 10:10:94:01:00:02, VLAN: vlan101, Interface: xe-0/0/10
Mode: VN2VF Snooping VN_Port Count: 1
Beacon_Period: 90000 VN2VN Mode: Multi-Point
VN_Port Information
VN_Port Mac: 0e:fc:00:01:0a:01 Session Count: 2
Vlink far-end VN-Port-MAC: 0e:fc:00:01:0b:01
Vlink far-end VN-Port-MAC: 0e:fc:00:01:0c:01
show fip snooping enode detail
user@switch> show fip snooping enode 00:10:94:00:00:02 detail
Enode MAC : 00:10:94:00:00:02 VLAN : vlan1 Interface : xe-0/0/1
Configured FKA-ADV : 258 Running FKA-ADV : 213
Session Information
Copyright © 2013, Juniper Networks, Inc. 123
Converged Networks (LAN and SAN) for EX Series Switches
VN-Port : 0E:FC:00:00:00:05 FKA-ADV : 229 FCF : 00:10:94:00:00:01
VN-Port : 0E:FC:00:00:00:01 FKA-ADV : 225 FCF : 00:10:94:00:00:01
124 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
show fip snooping fcf
Syntax show fip snooping fcf fcf-mac
<brief | detail>
<vlan vlan-name>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Display FIP snooping FCoE forwarder (FCF) information.
Options brief | detail—(Optional) Display the specified level of output.
fcf-mac—Display information for the FCF specified by the MAC address.
vlan-name—(Optional) Display FIP snooping information for the FCF on only the specified
VLAN.
Required Privilege view
Level
Related • Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• show fip snooping on page 117
• show fip snooping enode on page 121
• show fip snooping interface
• show fip snooping statistics on page 128
• show fip snooping vlan on page 131
List of Sample Output show fip snooping fcf on page 126
show fip snooping fcf detail on page 126
Output Fields Table 10 on page 125 lists the output fields for the show fip snooping fcf command. Output
fields are listed in the approximate order in which they appear.
Table 10: show fip snooping fcf Output Fields
Field Name Field Description Level of Output
FCF or FCF-MAC MAC address of the FCoE forwarder. All
VLAN Name of the VLAN. All
Session Count Current number of virtual link sessions with VN_Ports. None
Copyright © 2013, Juniper Networks, Inc. 125
Converged Networks (LAN and SAN) for EX Series Switches
Table 10: show fip snooping fcf Output Fields (continued)
Field Name Field Description Level of Output
Configured FKA-ADV FIP keepalive interval in seconds configured on the FCF detail
multiplied by three. For example, if the FKA_ADV period
configured on the FCF is 86 seconds, the value of this
field is 258.
Running FKA-ADV Runtime interval in seconds of the last FIP keepalive detail
advertisement the FCF received. This value changes
every time the FCF receives an FKA_ADV.
ENode-MAC MAC address of the connected ENode. All
• Interface Interface connected to the ENode. detail
• Configured FKA-ADV FIP keepalive interval in seconds configured on the FCF detail
multiplied by three. For example, if the FKA_ADV period
configured on the FCF is 86 seconds, the value of this
field is 258. This value remains constant.
• Running FKA-ADV Runtime interval in seconds of the last FIP keepalive detail
advertisement the ENode sent to the FCF. This value
changes every time the ENode sends an FKA_ADV to
the FCF.
• VN-Port MAC MAC address of a VN_Port on the ENode. All
• FKA-ADV Runtime interval in seconds of the last FIP keepalive detail
advertisement the ENode sent to the FCF on behalf of
the VN_Port (VN_Port FKA_ADV). This value changes
every time the ENode sends a VN_Port FKA_ADV to the
FCF.
Sample Output
show fip snooping fcf
user@switch> show fip snooping fcf 00:10:94:00:00:01
FCF : 00:10:94:00:00:01 VLAN : vlan1 Session Count : 2
Enode-MAC : 00:10:94:00:00:02
VN-Port-MAC : 0E:FC:00:00:00:05
VN-Port-MAC : 0E:FC:00:00:00:01
show fip snooping fcf detail
user@switch> show fip snooping fcf 00:10:94:00:00:01 detail
FCF-MAC : 00:10:94:00:00:01 VLAN : vlan1
Configured FKA-ADV : 258 Running FKA-ADV : 222
Enode Information
Enode-MAC : 00:10:94:00:00:02 Interface: xe-0/0/1
Configured FKA-ADV : 258
Running FKA-ADV : 226
Session Information
126 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
VN-Port MAC : 0E:FC:00:00:00:05 FKA-ADV : 242
VN-Port MAC : 0E:FC:00:00:00:01 FKA-ADV : 238
Copyright © 2013, Juniper Networks, Inc. 127
Converged Networks (LAN and SAN) for EX Series Switches
show fip snooping statistics
Syntax show fip snooping statistics
<vlan vlan-name>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Display FIP snooping statistics.
Options vlan vlan-name—(Optional) Display FIP snooping statistics for the specified VLAN.
Required Privilege view
Level
Related • Example: Configuring an FCoE Transit Switch on page 21
Documentation
• Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
• show fip snooping on page 117
• show fip snooping enode on page 121
• show fip snooping fcf on page 125
• show fip snooping interface
• show fip snooping vlan on page 131
List of Sample Output show fip snooping statistics (FIP Snooping) on page 130
show fip snooping statistics (VN2VN_Port Snooping) on page 130
Output Fields Table 11 on page 128 lists the output fields for the show fip snooping statistics command.
Output fields are listed in the approximate order in which they appear.
Table 11: show fip snooping statistics Output Fields
Field Name Field Description
VLAN Name of the VLAN for which a set of statistics is displayed.
Mode (QFX Series only)
Snooping mode enabled on the FCoE VLAN:
• VN2VF Snooping—The FCoE VLAN is configured for FIP
snooping between an ENode VN_Port and a switch VF_Port.
• VN2VN Snooping—The FCoE VLAN is configured for VN_Port
to VN_Port FIP snooping between ENode VN_Ports.
Number of MDS Number of multicast discovery solicitation messages sent on
the VLAN.
Number of UDS Number of unicast discovery solicitation messages sent on the
VLAN.
128 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 11: show fip snooping statistics Output Fields (continued)
Field Name Field Description
Number of FLOGI Number of fabric logins on the VLAN.
Number of FDISC Number of fabric discovery logins on the VLAN.
Number of LOGO Number of fabric logouts on the VLAN.
Number of ENode-keep-alive Number of ENode keepalive messages sent on the VLAN.
Number of VNPort-keep-alive Number of VN_Port keepalive messages sent on the VLAN.
Number of MDA Number of multicast discovery advertisement messages sent
on the VLAN.
Number of UDA Number of unicast discovery advertisement messages sent on
the VLAN.
Number of FLOGI_ACC Number of fabric logins accepted on the VLAN.
Number of FLOGI_RJT Number of fabric logins rejected on the VLAN.
Number of FDISC_ACC Number of fabric discoveries accepted on the VLAN.
Number of FDISC_RJT Number of fabric discoveries rejected on the VLAN.
Number of LOGO_ACC Number of fabric logouts accepted on the VLAN.
Number of LOGO_RJT Number of fabric logouts rejected on the VLAN.
Number of CVL Number of clear virtual links (CVL) actions on the VLAN.
Number of VN_Port Probes Req (QFX Series only)
Number of multicast N_Port_ID probes sent to the
ALL-VN2VN-ENode-MACs multicast address on the VLAN.
Number of VN_Port Claim Notif (QFX Series only)
Number of multicast N_Port_ID claim notifications sent on the
VLAN.
Number of VN_Port Beacons (QFX Series only)
Number of multicast beacons sent on the VLAN.
Number of VN_Port Probes (QFX Series only)
Reply Number of replies to N_Port_ID probes sent on the VLAN. Replies
are unicast to the ENode MAC address of the probe requester.
Number of VN_Port Claim Reply (QFX Series only)
Number of replies to N_Port_ID claim notifications sent on the
VLAN. Replies are unicast to the ENode MAC address of the
claim notifier.
Copyright © 2013, Juniper Networks, Inc. 129
Converged Networks (LAN and SAN) for EX Series Switches
Sample Output
show fip snooping statistics (FIP Snooping)
user@switch> show fip snooping statistics
VLAN: fcoevlan1 Mode: VN2VF Snooping
Number of MDS: 2
Number of UDS: 2
Number of FLOGI: 2
Number of FDISC: 2
Number of LOGO: 0
Number of Enode-keep-alive: 200
Number of VNPort-keep-alive: 200
Number of MDA: 25
Number of UDA: 2
Number of FLOGI_ACC: 2
Number of FLOGI_RJT: 0
Number of FDISC_ACC: 2
Number of FDISC_RJT: 0
Number of LOGO_ACC: 0
Number of LOGO_RJT: 0
Number of CVL: 0
show fip snooping statistics (VN2VN_Port Snooping)
user@switch> show fip snooping statistics
VLAN: vlan101 Mode: VN2VN Snooping
Number of VN_Port Probes Req: 3
Number of VN_Port Claim Notif: 3
Number of VN_Port Beacons: 0
Number of VN_Port Probes Reply: 3
Number of VN_Port Claim Reply: 3
Number of FLOGI: 0
Number of FLOGI_ACC: 0
Number of FLOGI_RJT: 0
Number of FDISC: 0
Number of FDISC_ACC: 0
Number of FDISC_RJT: 0
Number of LOGO: 0
Number of LOGO_ACC: 0
Number of LOGO_RJT: 0
130 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
show fip snooping vlan
Syntax show fip snooping vlan vlan-name
<brief | detail>
Release Information Command introduced in Junos OS Release 10.4 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description Display FIP snooping VLAN information.
Options brief | detail—(Optional) Display the specified level of output.
vlan-name—Display information for the specified VLAN.
Required Privilege view
Level
Related • Configuring VN2VF_Port FIP Snooping on an FCoE Transit Switch on page 39
Documentation
• Example: Configuring an FCoE Transit Switch on page 21
• show fip snooping on page 117
• show fip snooping enode on page 121
• show fip snooping fcf on page 125
• show fip snooping interface
• show fip snooping statistics on page 128
List of Sample Output show fip snooping vlan on page 133
show fip snooping vlan (QFX Series, VN2VF_Port FIP Snooping) on page 133
show fip snooping vlan (QFX Series, VN2VN_Port FIP Snooping) on page 133
show fip snooping vlan detail (QFX Series, VN2VN_Port FIP Snooping) on page 134
show fip snooping vlan detail on page 134
Output Fields Table 12 on page 131 lists the output fields for the show fip snooping vlan command. Output
fields are listed in the approximate order in which they appear.
Table 12: show fip snooping vlan Output Fields
Field Name Field Description Level of Output
VLAN Name of the VLAN. All
Copyright © 2013, Juniper Networks, Inc. 131
Converged Networks (LAN and SAN) for EX Series Switches
Table 12: show fip snooping vlan Output Fields (continued)
Field Name Field Description Level of Output
Mode (QFX Series only) All
Snooping mode enabled on the FCoE VLAN:
• VN2VF Snooping—The FCoE VLAN is configured for
FIP snooping between an ENode VN_Port and a
switch VF_Port.
• VN2VN Snooping—The FCoE VLAN is configured for
VN_Port to VN_Port FIP snooping between ENode
VN_Ports.
VN_Port count (QFX Series only)
Number of VN_Ports active on an ENode when the
mode is VN2VN_Port FIP snooping.
FC-MAP FCoE mapped address prefix of the FCoE forwarder for All
the VLAN.
Beacon_Period (QFX Series only) detail
Beacon period interval in milliseconds.
VN2VN Mode (QFX Series only) detail
Mode of VN2VN_Port snooping:
• Multi-Point—Multiple ENodes are connected to the
network and form multiple virtual links. Each virtual
link is created between one pair of VN_Ports. This is
analogous to the loop mode in traditional FC
networks.
• Point-to-Point—Two ENodes are connected to the
network and form a single VN_Port to VN_Port virtual
link. This is analogous to the point-to-point FC link
between an FC initiator and an FC target.
FCF or FCF-MAC MAC address of the FCF. All
Session Count or Active Sessions Current number of virtual link sessions with VN_Ports. All
Configured FKA-ADV FIP keepalive interval in seconds configured on the FCF detail
multiplied by three. For example, if the FKA_ADV period
configured on the FCF is 86 seconds, the value of this
field is 258.
Running FKA-ADV Runtime interval in seconds of the last FIP keepalive detail
advertisement the FCF received. This value changes
every time the FCF receives an FKA_ADV.
132 Copyright © 2013, Juniper Networks, Inc.
Chapter 5: Operational Commands
Table 12: show fip snooping vlan Output Fields (continued)
Field Name Field Description Level of Output
ENode-MAC MAC address of the connected ENode. All
• Interface Interface connected to the ENode. detail
• Configured FKA-ADV FIP keepalive interval in seconds configured on the FCF detail
multiplied by three. For example, if the FKA_ADV period
configured on the FCF is 86 seconds, the value of this
field is 258. This value remains constant.
• Running FKA-ADV Runtime interval in seconds of the last FIP keepalive detail
advertisement the ENode sent to the FCF. This value
changes every time the ENode sends an FKA_ADV to
the FCF.
• VN-Port MAC MAC address of a VN_Port on the ENode. All
• FKA-ADV Runtime interval in seconds of the last FIP keepalive detail
advertisement the ENode sent to the FCF on behalf of
the VN_Port (VN_Port FKA_ADV). This value changes
every time the ENode sends a VN_Port FKA_ADV to the
FCF.
• Active VN_Ports (QFX Series only) detail
Number of VN_Ports active on an ENode.
• Vlink far-end VN-Port-MAC (QFX Series only) detail
Media access control (MAC) address of the VN_Port at
the other end of the virtual link.
Sample Output
show fip snooping vlan
user@switch> show fip snooping vlan fcoevlan1
VLAN : fcoevlan1 FC-MAP : 0e:fc:00
FCF : 00:10:94:00:00:01 Session Count : 2
Enode-MAC : 00:10:94:00:00:02
VN-Port-MAC : 0E:FC:00:00:00:05
VN-Port-MAC : 0E:FC:00:00:00:01
show fip snooping vlan (QFX Series, VN2VF_Port FIP Snooping)
user@switch> show fip snooping vlan fcoevlan1
VLAN : fcoevlan1 Mode: VN2VF Snooping
FC-MAP : 0e:fc:00
FCF : 00:10:94:00:00:01 Session Count : 2
Enode-MAC : 00:10:94:00:00:02
VN-Port-MAC : 0E:FC:00:00:00:05
VN-Port-MAC : 0E:FC:00:00:00:01
show fip snooping vlan (QFX Series, VN2VN_Port FIP Snooping)
user@switch> show fip snooping vlan vlan101
Copyright © 2013, Juniper Networks, Inc. 133
Converged Networks (LAN and SAN) for EX Series Switches
VLAN: vlan101, Mode: VN2VN Snooping
FC-MAP: 0e:fc:00
Enode-MAC: 10:10:94:01:00:02 VN_Port count: 1
VN-Port-MAC: 0e:fc:00:01:0a:01 Session Count: 2
Enode-MAC: 10:10:94:01:00:03 VN_Port count: 0
show fip snooping vlan detail (QFX Series, VN2VN_Port FIP Snooping)
user@switch> show fip snooping vlan vlan101 detail
VLAN: vlan101, Mode: VN2VN Snooping
FC-MAP: 0e:fc:00
Beacon_Period: 90000
VN2VN Mode: Multi-Point
Enode Information
Enode-MAC: 10:10:94:01:00:02, Interface: xe-0/0/10
Active VN_Ports : 1
VN_Port Information
VN-Port MAC: 0e:fc:00:01:0a:01
Active Sessions : 2
Session Information
Vlink far-end VN-Port-MAC: 0e:fc:00:01:0b:01
Vlink far-end VN-Port-MAC: 0e:fc:00:01:0c:01
Enode-MAC: 10:10:94:01:00:02, Interface: xe-0/0/11
Active VN_Ports : 0
show fip snooping vlan detail
user@switch> show fip snooping vlan fcoevlan1 detail
VLAN : fcoevlan1 FC-MAP : 0e:fc:00
FCF Information
FCF-MAC : 00:10:94:00:00:01
Active Sessions : 2
Configured FKA-ADV : 258
Running FKA-ADV : 235
Enode Information
Enode-MAC : 00:10:94:00:00:02 Interface : xe-0/0/1
Configured FKA-ADV : 258
Running FKA-ADV : 239
Session Information
VN-Port MAC : 0E:FC:00:00:00:05 FKA-ADV : 255
VN-Port MAC : 0E:FC:00:00:00:01 FKA-ADV : 251
134 Copyright © 2013, Juniper Networks, Inc.
You might also like
- Junos Service Provider Switching (JSPX) 1of2100% (1)Junos Service Provider Switching (JSPX) 1of2208 pages
- Networking n3000 Series Administrator Guide10 en UsNo ratings yetNetworking n3000 Series Administrator Guide10 en Us1,782 pages
- Dell EMC Networking N-Series ConfiguracionNo ratings yetDell EMC Networking N-Series Configuracion1,766 pages
- Networking n1500 Series User's Guide15 en UsNo ratings yetNetworking n1500 Series User's Guide15 en Us1,794 pages
- 700 - 7000 Managed Industrial Ethernet Switches Software ManualNo ratings yet700 - 7000 Managed Industrial Ethernet Switches Software Manual153 pages
- Junos OS: Multichassis Link Aggregation Feature Guide For EX Series, MX Series, and QFX Series DevicesNo ratings yetJunos OS: Multichassis Link Aggregation Feature Guide For EX Series, MX Series, and QFX Series Devices420 pages
- HP Notebook PC (Intel) HP 250 G4 Notebook PC HP 256 G4 Notebook PC - Maintenance and Service Guide 15-Ac046tx c04653884No ratings yetHP Notebook PC (Intel) HP 250 G4 Notebook PC HP 256 G4 Notebook PC - Maintenance and Service Guide 15-Ac046tx c04653884476 pages
- (DELL) Networking-n2000-Series Deployment Guide9 En-UsNo ratings yet(DELL) Networking-n2000-Series Deployment Guide9 En-Us1,460 pages
- Switch Plugin Configuration Guide v8 16-3-2025!03!17-13-27-35No ratings yetSwitch Plugin Configuration Guide v8 16-3-2025!03!17-13-27-35145 pages
- Multichassis Link Aggregation Groups PDFNo ratings yetMultichassis Link Aggregation Groups PDF494 pages
- JUNIPER - Do You Need A Broadband Remote Access ServerNo ratings yetJUNIPER - Do You Need A Broadband Remote Access Server13 pages
- Junos Service Interface Configuration GuideNo ratings yetJunos Service Interface Configuration Guide1,484 pages
- Data Center EVPN-VXLAN Fabric Architecture GuideNo ratings yetData Center EVPN-VXLAN Fabric Architecture Guide291 pages
- Stratix 8000 and Stratix 8300 Ethernet Managed Switches: User ManualNo ratings yetStratix 8000 and Stratix 8300 Ethernet Managed Switches: User Manual170 pages
- Book Config Guide Network Interfaces EthernetNo ratings yetBook Config Guide Network Interfaces Ethernet632 pages
- Common Powerconnect-M6220 User's Guide En-UsNo ratings yetCommon Powerconnect-M6220 User's Guide En-Us1,294 pages
- Orin Corporation Product Portfolio 2024No ratings yetOrin Corporation Product Portfolio 202446 pages
- 1071E SLT C6 4/23 U/UTP W1000: Product ClassificationNo ratings yet1071E SLT C6 4/23 U/UTP W1000: Product Classification3 pages
- Barracuda Web Application Firewall DS USNo ratings yetBarracuda Web Application Firewall DS US6 pages
- Cisco Ucs 6536 Fabric Interconnect Spec SheetNo ratings yetCisco Ucs 6536 Fabric Interconnect Spec Sheet48 pages
- EMC® VNX5300™ Hardware Information GuideNo ratings yetEMC® VNX5300™ Hardware Information Guide88 pages
- RG-S6220 Series Data Center Switches Datasheet 2016.10.17No ratings yetRG-S6220 Series Data Center Switches Datasheet 2016.10.179 pages
- Dell Poweredge FN I/O Module: For The Dell Poweredge Fx2 Converged-Infrastructure PlatformNo ratings yetDell Poweredge FN I/O Module: For The Dell Poweredge Fx2 Converged-Infrastructure Platform3 pages
- Quick Installation Guide - Lenovo Storage V3700 V2, V3700 V2 XP and V5030No ratings yetQuick Installation Guide - Lenovo Storage V3700 V2, V3700 V2 XP and V503076 pages
- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide Chapter31No ratings yetCisco Nexus 5000 Series Switch CLI Software Configuration Guide Chapter318 pages
- Vsphere Esxi Vcenter Server 702 Storage GuideNo ratings yetVsphere Esxi Vcenter Server 702 Storage Guide408 pages
- 2V0-621 Examcollection Premium Exam Dumps 218q PDF100% (7)2V0-621 Examcollection Premium Exam Dumps 218q PDF53 pages
