An Introduction to the Force10 S25N

By stretch | Wednesday, November 3, 2010 at 12:23 a.m. UTC

In September I had the honor of attending Gestalt IT's first Networking Tech Field Day, where a dozen of us bloggers got to talk with engineers from several prominent networking companies. One of these companies was Force10 Networks, which specializes in high-throughput (10G+) Ethernet switching and routing. Force10 has generously sponsored one of their products, an S25N datacenter switch for the community lab, and I hope to have it available for public use in the next week or so.


Similarities to Cisco IOS

To get acquainted with the device, I walked through the quick start guide. The first thing I noticed, as anyone with Cisco experience will, is that the CLI interface to Force10's operating system, FTOS, is very similar to Cisco's IOS. This is great, as it greatly reduces the learning curve for anyone with prior experience configuring IOS. Some similarities include:

  • Three CLI modes (exec, privileged exec, configuration)
  • Question mark for context-sensitive help
  • Tab auto-completion
  • UNIX-like shortcut keys (up arrow, ctrl+a, ctrl+e, etc.)
  • Use of the preceding keyword no to negate commands
  • The show command is used to glean information
  • Output filtering with the pipe character
  • The do command is used to issue exec commands from configuration mode
  • Running and startup configurations

Here's an example of the CLI as accessed from a freshly-booted switch:

Force10> ?
disable                         Turn off privileged commands            
enable                          Turn on privileged commands             
exit                            Exit from the EXEC                      
ip                              Global IP subcommands                   
monitor                         Monitoring feature                      
quit                            Exit from the EXEC                      
show                            Show running system information         
ssh                             Open a SSH connection                   
ssh-peer-stack-unit             Open a SSH connection to the peer Stack-unit
tdr-cable-test                  Start diagnostics (TDR test) for the cable
telnet                          Open a telnet connection                
telnet-peer-stack-unit          Open a telnet connection to the peer Stack-unit
terminal                        Set terminal line parameters            
test                            Test function                           
traceroute                      Trace route to destination              
Force10> enable
Force10#00:20:51: %STKUNIT0-M:CP %SEC-4-ENABLE_PASSW_NOT_CONFIGURED: Enable password is required for authentication but not configured
00:20:51: %STKUNIT0-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success  on console

Force10# configure
Force10(conf)# hostname MyFirstS25
MyFirstS25(conf)# interface g0/1
MyFirstS25(conf-if-gi-0/1)# description Bldg 123
MyFirstS25(conf-if-gi-0/1)# ip address
MyFirstS25(conf-if-gi-0/1)# ipv6 address 2001:db8:0:f10::1/64
MyFirstS25(conf-if-gi-0/1)# no shutdown

Observe that the above commands are nearly identical to Cisco IOS, with the exception that the subnet mask for the IPv4 interface address is specified in CIDR notation rather than dotted-decimal (though I'm guessing that this is not an unwelcome change for most of us). FTOS also sports a handy command which allows you to view the configuration of an interface quickly, directly from interface configuration mode:

MyFirstS25(conf-if-gi-0/1)# show config
interface GigabitEthernet 0/1
 description Bldg 123
 ip address
 ipv6 address 2001:db8::1/64
 ipv6 address 2001:db8:0:f10::1/64
 no shutdown

Look familiar? In fact, the entire configuration of the device might easily be mistaken for an IOS configuration at first glance:

MyFirstS25# show running-config
Current Configuration ...
! Version
! Last configuration change at Thu Jan  2 00:19:22 1997 by default
redundancy auto-synchronize full
hardware watchdog
hostname MyFirstS25
protocol spanning-tree pvst 
 no disable 
stack-unit 0 provision S25N
interface GigabitEthernet 0/1
 description Bldg 123
 ip address
 ipv6 address 2001:db8::1/64
 ipv6 address 2001:db8:0:f10::1/64
 no shutdown
interface GigabitEthernet 0/2
 no ip address
interface GigabitEthernet 0/24
 no ip address
interface Vlan 1
line console 0
 logging synchronous level 2 limit 20
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9

Some Fundamental FTOS Configuration

Given that we already know so much of FTOS' configuration syntax thanks to IOS, let's look at some FTOS-specific syntaxes.

One aspect of configuration that's quite different under FTOS is VLAN assignment for both trunking and access ports. Assignment of a physical interface to a VLAN is done under VLAN interface (SVI) configuration, after setting the appropriate physical interface(s) to L2 mode with the switchport command. This is opposite of the IOS approach, where VLANs are assigned under interface configuration.

MyFirstS25(conf)# interface g0/2
MyFirstS25(conf-if-gi-0/2)# switchport
MyFirstS25(conf-if-gi-0/2)# interface vlan10
MyFirstS25(conf-if-vl-10)# untagged g0/2
MyFirstS25(conf-if-vl-10)# untagged g0/3
% Error: Port is not in Layer-2 mode Gi 0/3.

Note that we cannot assign an interface to a VLAN until we have designated it as a layer two port; all interfaces operate at layer three by default interfaces must be designated as either switched or routed before they may pass traffic (thanks Venkat). IEEE 802.1Q trunks are defined in a similar manner, with the tagged command.

interface Vlan 11
 no ip address
 tagged GigabitEthernet 0/13
interface Vlan 12
 no ip address
 tagged GigabitEthernet 0/13
interface Vlan 13
 no ip address
 tagged GigabitEthernet 0/13

This may take a moment to wrap one's head around, and (for now, at least) I think I prefer the IOS approach. At any rate, expect to see some articles featuring Force10's FTOS in the near future. Oh, I almost forgot to save my configuration. Hmm, I wonder if that's the same as IOS too...

MyFirstS25# copy run start
File with same name already exist. 
Proceed to copy the file [confirm yes/no]: y
2467 bytes successfully copied

Yep. (By the way, write also works, and doesn't prompt for confirmation.)

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Force10, Switching


IPv6Freely (guest)
November 3, 2010 at 1:04 a.m. UTC

I much prefer the FTOS way of doing VLANs. You can see VLAN membership all in one place. Show VLAN becomes an even more critical command. It's also nice because you can make a template and push it out to hundreds of switches (as I did in a Force10 deployment a few months ago) without having to set different config parameters on the interfaces. The concept of tagged/untagged makes much more sense logically than trunk/access.

Also, it should be mentioned that FTOS doesnt support CDP or EIGRP, for obvious reasons, but does in fact support the (better) standards: LLDP and OSPF, respectively.

November 3, 2010 at 1:43 a.m. UTC

It gets even worse on Juniper switches - you can define both. In fact Juniper's recommended design is to define tagged vlans on the port level, and the define untagged vlans at the vlan level.

For now Im keeping it all on the interface, because we have a bunch of IOS/JunOS networks and its easier to keep a consistant pattern.

Kurt (@networkjanitor)

3c509 (guest)
November 3, 2010 at 4:34 a.m. UTC

Another difference is the "grep" statment. There is no "include" in FTOS.

For example

show runn | grep desc

or just

sh runn | g desc

Didzis Ozolins (guest)
November 3, 2010 at 7:36 a.m. UTC

Guess syntax is a hybrid of a HP ProCurve OS and Cisco IOS. Force10 L3 switches seems really cheap compared to other vendor products, it would be excellent if you could provide some feedback about this switch performance. We are about to buy few new 10G switches for our data center, Force10 looks really tempting.

November 3, 2010 at 12:36 p.m. UTC

I agree with IPv6Freely that using tagged/untagged terminology makes more sense than trunk/access.

While both are correct I find the tagged/untagged line of thought encourages you to think more about what is actually happening at the frame level. Using tagged/untagged terminology on a day-to-day basis would help all of the system engineers who don't realize that an access port is actually UNtagged.

Joe Mama (guest)
November 3, 2010 at 1:04 p.m. UTC

ha ha, I saw this is thought is was the S4810, NSL, but nice draw for the lab

Anon (guest)
November 3, 2010 at 1:57 p.m. UTC

Constructing a CLI comparable to that of the IOS was a wise choice. The use of CIDR notation, and the ability to view the configuration of an interface from interface configuration mode are nuances that I can appreciate.

If their feature set was comparable, and the price more favorable, I'd certainly give them a look.

Today will be the first day I will have looked at their web site. Thanks for the introduction.

November 3, 2010 at 1:59 p.m. UTC

We've been using the S50n for ~6 mo now in a stacked configuration and it's been working great. We haven't upgraded to 10GE yet but should be doing that in the near future.

JaMa (guest)
November 3, 2010 at 2:13 p.m. UTC

I have hundreds of the Force10 S50Ns in production in a large network - I would not say they are 100% as solid as a Cisco but they are a good, high bandwidth, inexpensive alternative. There are certainly a lot of things I like better - such as the VLAN config the previous poster mentioned. Plus, they have full functionality without having to add annoying software like Cisco. If you need a fast TOR or distribution layer device, I would recommend them.

IPv6Freely (guest)
November 3, 2010 at 9:43 p.m. UTC

@kwbales: I wouldnt say JUNOS is "worse". More like.. its flexible to the point that you can complicate things. Just follow best practice and you'll be fine. (and make use of interface-range)

@Didzis: Not really. Its probably 99% IOS with some minor changes, some of which is somewhat similar to HP. In my opinion, FTOS is better than IOS, except for the features lacking, like reflexive ACLs (and being able to specify ICMP types in ACLs)

The F10 10GigE performance is quite wonderful. I don't have figures in front of me, but the large campus rollout I did of S50V's and C-Series chassis was flawless and easy to configure. However, you have to keep in mind that while FTOS works the same as IOS, it's not the same under the covers - so who knows how stable it is (not that I've had any issues besides a minor bug on the C-Series).

I'd recommend them for a campus or something that isn't EXTREMELY mission critical. But for the price difference, you could always have full redundancy built in, as well as a couple spares sitting on a shelf.

Oh, and they also have no issues with 3rd party SFPs.

Kris (guest)
November 4, 2010 at 1:02 p.m. UTC

stretch, could you please take a closer look at the power consumption? how reliable are the specs?

Steve B (guest)
November 4, 2010 at 6:48 p.m. UTC

@IPv6Freely: I guess Didzis was thinking in terms of the Tagged/Untagged VLAN assignment as that is identical to ProCurve. I know after being Cisco only then getting trained up on ProCurve (I work for HP...) it is a massive difference and you then associate Tagged/Untagged with HP only.

Thanks to Force10 and Stretch we know now otherwise though ;-)

November 5, 2010 at 7:31 a.m. UTC

The 'show config' command is very nice. As a matter of fact, Huawei routers have that command too, it's 'display this'.

DcUK (guest)
November 5, 2010 at 3:11 p.m. UTC

You can use EEM to add a similar configuration review command under IOS, take a look at:

November 7, 2010 at 9:48 a.m. UTC

Reminds me of Foundry/Brocade. Very easy to configure.

Also has the tagged/untagged format which I much prefer

Dano (guest)
November 10, 2010 at 1:45 p.m. UTC

We checked out this switch a while back and couldn't commit to buying because we have some older 7940 and 7960 phones which we could not figure out how to get to work right.

The problem was you would have to go to the phone and manually insert the administrative vlan before the phone would register. I think this is usually done somehow via CDP and since the switch only supports LLDP and the phones only support CDP it would not work.

I would like to hear if anyone has had this issue and how it was resolved.

Venkat (guest)
November 14, 2010 at 1:32 p.m. UTC

Good Article stretch.. I would like to clarify that by default all interfaces are neither L2 nor L3. It means when you send packet to an interface which has default config ("no shut" configured), all packets would be dropped unless that interface is configured with L2 ("switchport") or L3 ("ip address")...

Force10 TAC

November 15, 2010 at 4:52 a.m. UTC

That is pretty clever of Force10, having the default config for the ports as "no shut", it makes it a lot easier to clear vlan information, when you need to clear or reset a switch. You dont have the issue of the default switchport mode being dynamic desirable as you have on Cisco switches, which can be hassle as it will form a trunk if the opposite port is in default dynamic desirable or trunk mode. If it forms a trunk, with VTP is running, and the switch whic is connected to the reset switch happens to have a lower bridge ID, or a VLAN domain name other than null, it will pull the VLAN information although it is by default a VTP Server.

Venkat (guest)
November 15, 2010 at 2:06 p.m. UTC

Let me clarify, Default configuration on a port is "no ip address, shutdown".

F10#show run int gi 0/1
interface GigabitEthernet 0/1
 no ip address

I meant default configuration along with "no shutdown" command in previous comment..

November 16, 2010 at 2:59 a.m. UTC

Interesting... stp seems to be disabled by default.

Force10#show spanning-tree 0
% Error: No active spanning tree.
Force10#conf t
Force10(conf)#protocol spanning-tree 0
Force10(conf-stp)#no disable
00:36:15: %STKUNIT0-M:CP %SPANMGR-5-STP_ROOT_CHANGE: STP root changed. My Bridge ID: 32768:0001.e8d6.7b25 Old Root: 32768:0000.0000.0000 New Root: 32768:0001.e8d6.7b25

Force10(conf-stp)# (guest)
December 12, 2010 at 4:05 p.m. UTC

Very good switching company. Last year they add MPLS to thier Terascale Switches and their command line is so CISCO like! enjoy

manikb (guest)
June 19, 2012 at 7:16 a.m. UTC


Comments have closed for this article due to its age.