Configuring Forced Port Link-up
The Ethernet standard requires a port to have an active RX connection to a peer device to be able to negotiate link parameters (for example, for auto-negotiation purposes) before the port can be brought into up state.
In some special cases, though, (for example for security purposes) using both RX/TX wire connections/fiber strands in a port is not required when only unidirectional connectivity is being used: in such cases, in fact, only the RX wire connections/fiber strands are expected to receive traffic from the TX of the peer device (whose RX is unused). This unidirectionality is expected when one peer port is supposed to only receive traffic and the other one is supposed to only transmit it. However, in normal circumstances, connecting only the RX on one port to the TX on the other would not generate a link-up on the latter.
In other words, for security purposes, to prevent traffic from going back into the production network, only one half of the cable (TX to RX) is connected, where the traffic only goes out of the production network and not back into the network.
Starting from NetVisor OS version 7.0.0, the forced port link-up feature is available on the following platforms:
- Dell: S5248F-ON, S5232F-ON, S5224F-ON, S5048F-ON, Z9264F-ON
- Edgecore: AS7312-54XS, AS7712-32X, AS7816-64X, AS7726-32X, AS7326-56X, AS5835-54X/AS5835-54T, AS5812-54T/AS5812-54X
- Freedom: F9572L-V, F9532L-C, F9664-C, F9432-C, F9480-V, F9460-X/F9460-T, F9372-T/F9372-X
Note: The forced port link-up feature can be enabled both in VirtualWire mode as well as in switch mode by using virtual Port Groups (vPGs) for Network Packet Broker deployments.
When a port is enabled for forced link-up:
- Port with only TX connection can transmit packets.
- When configuration changes are done on the TX port, RX port should also come up. That is, both ports (port with TX connection and the peer switch with only RX connection) should be in Up state.
You can configure the forced port link-up feature by using the port-force-linkup-add command.
Note: Run the above command only on the switch with the TX connection port. That disables fault detection on the TX connection port as well as disables the RX connection on the TX port. That is, the forced port link-up feature cannot be enabled if the RX and TX cables are connected between ports. Running the above command also ensures disabling of TX connection and fault detection on the peer switch, enabling the RX port to come up.
For the forced port link-up feature, Arista recommends the following:
- Port speed of 1, 10, 25, 40, or 100 Gbps.
- Optical LC cable type
- Any optical transceiver (QSFP and SFP) with an LC connector
You can configure a port(s) to be forced link-up even when its RX connector/fiber is not connected to any peer device by using the port-force-linkup-add command:
CLI (network-admin@switch) > port-force-linkup-add
port-id port-id-number |
Specify the port numbers allowed for force linkup. |
mode tx|rx |
Specify the RX or TX side of the port. The default value is TX. Note: If two Arista switches are used, then there is no need to set RX only mode on the peer side. |
The ports that are forced link-up remain persistent on switch reboot and so to disable the forced link-up ports, use the port-force-linkup-remove port-id port-id-number command.
To view the ports that are forced link-up with no RX connection, use the port-force-linkup-show command.
Below is an example to configure force link-up on port 6 by using the command:
CLI (network-admin@switch) > port-force-linkup-add ports 6 mode tx
CLI (network-admin@switch) > port-force-linkup-show
switch ports mode
------ ----- ----
switch 6 tx
CLI (network-admin@switch) > port-show
switch port bezel-port ip mac hostname status config
------ ---- ---------- ----------- ----------------- --------- ------------------------------------------- -------
switch 0 0 169.254.2.1 66:0e:94:d6:8e:2e switch up,PN-internal,stp-edge-port
switch 2 2 169.254.2.1 66:0e:94:7c:a8:33 switch1 up,PN-switch,PN-other,STP-BPDUs,LLDP,vlan-up fd,10g
switch 6 6 up,vlan-up fd,10g
switch 42 42 169.254.2.1 66:0e:94:dc:f4:59 switch2 up,PN-switch,PN-other,STP-BPDUs,LLDP,vlan-up fd,10g
switch 55 52 169.254.2.1 66:0e:94:7c:a8:33 switch1 up,PN-switch,PN-other,STP-BPDUs,LLDP,vlan-up fd,100g
Port 6 above has no RX connection, but with this configuration the software is able to force the port in up state.
Use the following command to disable this configuration:
CLI (network-admin@leaf1) > port-force-linkup-remove ports 6
To view the transceiver details for port 6, use the command:q
CLI (network-admin@switch) > port-xcvr-show port 6
port bezel-port vendor-name part-number serial-number temp[C] vcc33[V] tx-bias[mA] rx-pwr[dBm]
---- ---------- ------------- ----------- ------------- ------- -------- ----------- -----------
6 29 FINISAR CORP. FTL4C3QE1C UTC135L 35.38 3.32 37.16 -inf
Guidelines while Configuring Forced Port Link-Up
Before configuring forced port link-up, ensure the following on the TX port:
- Auto-negotiation is disabled.
- The link-learning feature is disabled.
- Port flexing (breaking a high speed port to lower speed ports) is not allowed after enabling the force link-up feature.
- Fault detection is disabled to implement the forced port link-up feature. Hence if the TX cable gets disabled for any reason, to identify the issue, you must use the port-xcvr-show command on the TX connected port.
Note: The forced port link-up feature can be used in VirtualWire setups and Network Packet Broker deployments.
For details about these features, see the:
- Configuring Network Packet Broker section in the Configuring and Using Network Management and Monitoring chapter of this Guide.
Limitations
- The forced port link-up feature is not supported on ports that are flexed (that is, you cannot enable force link-up if the port is flexed).
- The forced port link-up feature cannot be enabled if a duplex cable is used to connect ports.
- Link training is disabled for this feature and so the ports shows as down in lldp-show output.