1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 6125G
  6. Configuration manual

HP 6125G Configuration Manual

Layer 3 - ip services configuration guide
Hide thumbs Also See for 6125G:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HP 6125 Blade Switch Series
Layer 3 - IP Services

Configuration Guide

Part number: 5998-3156
Software version: Release 2103
Document version: 6W100-20120907

Advertisement

Table of Contents
loading

Related Manuals for HP 6125G

Summary of Contents for HP 6125G

  • Page 1: Configuration Guide

    HP 6125 Blade Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-3156 Software version: Release 2103 Document version: 6W100-20120907...
  • Page 2 HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

  • Page 3: Table Of Contents

    Contents Configuring ARP ··························································································································································· 1   Overview ············································································································································································ 1   ARP message format ················································································································································ 1   ARP operation ··························································································································································· 1   ARP table ··································································································································································· 2   Configuring a static ARP entry ········································································································································· 3   Configuring the maximum number of dynamic ARP entries for an interface ······························································ 4  ...
  • Page 4 Configuration guidelines ······································································································································ 23   Configuration prerequisites ·································································································································· 23   Configuration procedure ······································································································································ 23   Displaying and maintaining IP addressing ················································································································· 24   DHCP overview ·························································································································································· 25   DHCP address allocation ·············································································································································· 25   Dynamic IP address allocation process··············································································································· 26  ...
  • Page 5 Configuring DHCP snooping ····································································································································· 48   DHCP snooping functions ·············································································································································· 48   Ensuring that DHCP clients obtain IP addresses from authorized DHCP servers ············································ 48   Recording IP-to-MAC mappings of DHCP clients ······························································································· 48   Application environment of trusted ports ····················································································································· 49  ...
  • Page 6 Configuration example ········································································································································· 71   Configuring TCP attributes ············································································································································ 71   Configuring TCP path MTU discovery ················································································································· 71   Configuring the TCP send/receive buffer size ··································································································· 72   Configuring TCP timers ········································································································································· 72   Configuring ICMP to send error packets ····················································································································· 73  ...
  • Page 7 Symptom ······························································································································································· 105   Solution ································································································································································· 105   DHCPv6 overview ··················································································································································· 106   Introduction to DHCPv6 ··············································································································································· 106   DHCPv6 address/prefix assignment ·························································································································· 106   Rapid assignment involving two messages······································································································· 106   Assignment involving four messages ················································································································· 106   Address/prefix lease renewal ···································································································································· 107  ...
  • Page 8 Configuration prerequisites ································································································································ 130   Configuration guidelines ···································································································································· 130   Configuration procedure ···································································································································· 131   Configuration example ······································································································································· 132   Configuring an ISATAP tunnel ···································································································································· 134   Configuration prerequisites ································································································································ 134   Configuration guidelines ···································································································································· 134   Configuration procedure ···································································································································· 135  ...

  • Page 9: Configuring Arp

    Configuring ARP Overview The Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (Ethernet MAC address, for example). In an Ethernet LAN, a device uses ARP to resolve the IP address of the next hop to the corresponding MAC address.

  • Page 10: Arp Table

    Host A looks in its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.

  • Page 11: Configuring A Static Arp Entry

    Dynamic ARP entry ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down, and it can be overwritten by a static ARP entry. Static ARP entry A static ARP entry is manually configured and maintained.

  • Page 12: Configuring The Maximum Number Of Dynamic Arp Entries For An Interface

    Configuring the maximum number of dynamic ARP entries for an interface An interface can dynamically learn ARP entries, so it may hold too many ARP entries. To solve this problem, you can set the maximum number of dynamic ARP entries that an interface can learn. When the maximum number is reached, the interface stops learning ARP entries.

  • Page 13: Configuring Arp Quick Update

    When dynamic ARP entry check is disabled, the device can learn dynamic ARP entries containing multicast MAC addresses. To enable dynamic ARP entry check: Step Command Remarks Enter system view. system-view Optional. Enable dynamic ARP entry arp check enable check. Enabled by default.

  • Page 14: Displaying And Maintaining Arp

    NLB supports load sharing and redundancy among servers within a cluster. To implement fast failover, NLB requires that the switch forwards network traffic to all servers or specified servers in the cluster, and each server filters out unexpected traffic. In a medium or small data center that uses the Windows Server operating system, the proper cooperation of the switch and NLB is very important.

  • Page 15: Arp Configuration Examples

    Task Command Remarks display arp vpn-instance vpn-instance-name Display the ARP entries for a [ count ] [ | { begin | exclude | include } Available in any view specified VPN instance. regular-expression ] Display the age timer for dynamic display arp timer aging [ | { begin | exclude Available in any view ARP entries.

  • Page 16: Multicast Arp Configuration Example

    [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk permit vlan 10 [Switch-GigabitEthernet1/0/1] quit # Create interface VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 24 [Switch-vlan-interface10] quit # Configure a static ARP entry that has IP address 192.168.1.1, MAC address 00e0-fc01-0000, and output interface GigabitEthernet 1/0/1 in VLAN 10.

  • Page 17: Configuration Procedure

    Configuration procedure This example only describes multicast ARP configuration on the switch, and is only applicable to multicast NLB. For NLB configuration on the servers, see the related documents of the Windows Server. # Specify an IP address for VLAN-interface 2. <Switch>...

  • Page 18: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device.

  • Page 19: Configuration Guidelines

    If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet takes the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet takes the MAC address of the interface on the master router in the VRRP group.

  • Page 20: Configuring Proxy Arp

    Configuring proxy ARP Overview Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on the same network.

  • Page 21: Enabling Common Proxy Arp

    Figure 7 Application environment of local proxy ARP Enable local proxy ARP in one of the following cases: • Hosts connecting to different isolated Layer 2 ports in the same VLAN need to communicate at Layer 3. If an isolate-user-VLAN is configured, hosts in different secondary VLANs of the isolate-user-VLAN •...

  • Page 22: Proxy Arp Configuration Examples

    Task Command Remarks display proxy-arp [ interface interface-type Display whether common proxy interface-number ] [ | { begin | exclude | Available in any view ARP is enabled. include } regular-expression ] display local-proxy-arp [ interface Display whether local proxy ARP is interface-type interface-number ] [ | { begin Available in any view enabled.

  • Page 23: Local Proxy Arp Configuration Example In Case Of Port Isolation

    # Enable proxy ARP on interface VLAN-interface 1. [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit # Specify the IP address of interface VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable proxy ARP on interface VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable After completing preceding configurations, use the ping command to verify the connectivity between Host A and Host D.

  • Page 24: Local Proxy Arp Configuration Example In Isolate-User-Vlan

    [SwitchB-GigabitEthernet1/0/3] port-isolate enable [SwitchB-GigabitEthernet1/0/3] quit [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port-isolate enable [SwitchB-GigabitEthernet1/0/1] quit Configure Switch A: # Create VLAN 2, and add GigabitEthernet 1/0/2 to VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port GigabitEthernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 From Host A, ping Host B.
  • Page 25 Configuration procedure Configure Switch B: # Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add GigabitEthernet 1/0/3 to VLAN 2, GigabitEthernet 1/0/1 to VLAN 3, and GigabitEthernet 1/0/2 to VLAN 5. Configure VLAN 5 as the isolate-user-VLAN, and VLAN 2 and VLAN 3 as secondary VLANs. Configure the mappings between isolate-user-VLAN and the secondary VLANs.

  • Page 26: Configuring Arp Snooping

    Configuring ARP snooping Overview The ARP snooping feature is used in Layer 2 switching networks. It creates ARP snooping entries using ARP packets, and the entries can be used by manual-mode MFF to answer ARP requests from a gateway. For more information about MFF, see Security Configuration Guide. If ARP snooping is enabled on a VLAN of a device, ARP packets received by the interfaces of the VLAN are redirected to the CPU.

  • Page 27: Configuring Ip Addressing

    Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) are beyond the scope of this chapter. Overview This section describes the IP addressing basics. IP addressing uses a 32-bit address to identify each host on a network. To make addresses easier to read, they are written in dotted decimal notation, each address being four octets in length.

  • Page 28: Special Ip Addresses

    Class Address range Remarks 224.0.0.0 to Multicast addresses. 239.255.255.255 240.0.0.0 to Reserved for future use except for the broadcast address 255.255.255.255 255.255.255.255. Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses. IP address with an all-zero net ID—Identifies a host on the local network.

  • Page 29: Assigning An Ip Address To An Interface

    Assigning an IP address to an interface You can assign an interface one primary address and multiple secondary addresses. Generally, you only need to assign the primary address to an interface. In some cases, you need to assign secondary IP addresses to the interface. For example, if the interface connects to two subnets, to enable the device to communicate with all hosts on the LAN, you need to assign a primary IP address and a secondary IP address to the interface.
  • Page 30 Figure 13 Network diagram 172.16.1.0/24 Switch Host B Vlan-int1 172.16.1.1/24 172.16.1.2/24 172.16.2.1/24 sub 172.16.2.2/24 Host A 172.16.2.0/24 Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1. <Switch> system-view [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0 [Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub # Set the gateway address to 172.16.1.1 on the hosts attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the hosts attached to subnet 172.16.2.0/24.

  • Page 31: Configuring Ip Unnumbered

    Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/25/26 ms The output shows that the switch can communicate with the hosts on subnet 172.16.2.0/24. # From a host on subnet 172.16.2.0/24, ping a host on subnet 172.16.1.0/24 to verify the connectivity.

  • Page 32: Displaying And Maintaining Ip Addressing

    Step Command Remarks Specify the current interface to The interface does not borrow IP ip address unnumbered interface borrow the IP address of the addresses from other interfaces by interface-type interface-number specified interface. default. Displaying and maintaining IP addressing Task Command Remarks Display IP configuration information...

  • Page 33: Dhcp Overview

    DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. DHCP uses the client/server model. Figure 14 A typical DHCP application A DHCP client can obtain an IP address and other configuration parameters from a DHCP server on another subnet via a DHCP relay agent.

  • Page 34: Dynamic Ip Address Allocation Process

    Dynamic IP address allocation process Figure 15 Dynamic IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. A DHCP server offers configuration parameters such as an IP address to the client, in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.

  • Page 35: Dhcp Message Format

    DHCP message format Figure 16 shows the DHCP message format, which is based on the BOOTP message format although DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 16 DHCP message format op—Message type defined in option field.

  • Page 36: Dhcp Options

    DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for dynamic address allocation and to provide additional configuration information to clients. Figure 17 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.
  • Page 37 Service provider identifier, which is acquired by the Customer Premises Equipment (CPE) from the • DHCP server and sent to the ACS for selecting vender-specific configurations and parameters. Preboot Execution Environment (PXE) server address, which is used to obtain the bootfile or other •...
  • Page 38 Figure 20 PXE server address sub-option value field Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.
  • Page 39 Figure 22 Sub-option 2 in normal padding format Verbose padding format • Sub-option 1—Contains the user-specified access node identifier (ID of the device that adds Option 82 in DHCP messages), and the type, number, and VLAN ID of the interface that received the client's request.

  • Page 40: Protocols And Standards

    Figure 26 Sub-option 9 in private padding format • Standard padding format Sub-option 1—Contains the VLAN ID of the interface that received the client's request, module (subcard number of the receiving port) and port (port number of the receiving port). The value of the sub-option type is 1, and the value of the circuit ID type is 0.
  • Page 41 RFC 3442, The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) • version 4...

  • Page 42: Configuring Dhcp Relay Agent

    Configuring DHCP relay agent The DHCP relay agent configuration is supported only on VLAN interfaces. Overview Via a relay agent, DHCP clients can communicate with a DHCP server on another subnet to obtain configuration parameters. DHCP clients on different subnets can contact the same DHCP server rather than having a DHCP server on each subnet.

  • Page 43: Dhcp Relay Agent Support For Option 82

    Figure 29 DHCP relay agent work process After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode. Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters to the relay agent, and the relay agent conveys them to the client.

  • Page 44: Dhcp Relay Agent Configuration Task List

    If a client's Handling requesting Padding format The DHCP relay agent will… strategy message has… Forward the message after adding the verbose Option 82 padded in verbose format. Forward the message after adding the user-defined user-defined Option 82. DHCP relay agent configuration task list Task Remarks Enabling DHCP...

  • Page 45: Correlating A Dhcp Server Group With A Relay Agent Interface

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable the DHCP relay agent dhcp select relay Disabled by default on the current interface. Correlating a DHCP server group with a relay agent interface To improve reliability, you can specify several DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface with the server group.

  • Page 46: Configuring The Dhcp Relay Agent Security Functions

    Configuring the DHCP relay agent security functions Configuring address check Address check can block illegal hosts from accessing external networks. With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after they obtain IP addresses through DHCP. This feature also supports static bindings. You can also configure static IP-to-MAC bindings on the DHCP relay agent, so users can access external networks using fixed IP addresses.

  • Page 47: Enabling Unauthorized Dhcp Server Detection

    If the server returns a DHCP-ACK message or does not return any message within a specified • interval, the DHCP relay agent ages out the entry. If the server returns a DHCP-NAK message, the relay agent keeps the entry. • To configure periodic refresh of dynamic client entries: Step Command...

  • Page 48: Enabling Offline Detection

    address field of the frame. If they are the same, the DHCP relay agent decides this request as valid and forwards it to the DHCP server. If not, it discards the DHCP request. To enable MAC address check: Step Command Remarks Enter system view.

  • Page 49: Configuring The Dhcp Relay Agent To Support Option 82

    Step Command Remarks Enter system view. system-view Configure the DHCP relay agent to The IP address must be in a dhcp relay release ip client-ip release an IP address. dynamic client entry. Configuring the DHCP relay agent to support Option 82 Configuration prerequisites Before you perform this configuration, complete the following tasks: Enable DHCP.

  • Page 50: Setting The Dscp Value For Dhcp Packets

    Step Command Remarks Optional. • Configure the padding format for By default, Option 82: dhcp relay information format • The padding format for Option 82 { normal | verbose [ node-identifier is normal. { mac | sysname | user-defined • The code type for the circuit ID node-identifier } ] } sub-option depends on the padding...

  • Page 51: Dhcp Relay Agent Configuration Examples

    Task Command Remarks display dhcp relay information { all | Display Option 82 configuration interface interface-type interface-number } [ | information on the DHCP relay Available in any view { begin | exclude | include } agent. regular-expression ] display dhcp relay security [ ip-address | Display information about bindings dynamic | static ] [ | { begin | exclude | Available in any view...

  • Page 52: Dhcp Relay Agent Option 82 Support Configuration Example

    Figure 30 Network diagram DHCP client DHCP client Vlan-int1 Vlan-int2 10.10.1.1/24 10.1.1.2/24 Switch DHCP server DHCP relay agent IP:10.1.1.1/24 DHCP client DHCP client Configuration procedure The DHCP relay agent and server are on different subnets, so configure a static route or dynamic routing protocol to make them reachable to each other.

  • Page 53: Troubleshooting Dhcp Relay Agent Configuration

    Configuration procedure Configurations on the DHCP server are also required to make the Option 82 configurations function normally. # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <Switch> system-view [Switch] dhcp enable # Add DHCP server 10.1.1.1 into DHCP server group 1. [Switch] dhcp relay server-group 1 ip 10.1.1.1 # Enable the DHCP relay agent on VLAN-interface 1.

  • Page 54: Configuring Dhcp Client

    Configuring DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters such as an IP address from the DHCP server. Configuration restrictions • The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition •...

  • Page 55: Displaying And Maintaining The Dhcp Client

    Step Command Remarks Set the DSCP value for DHCP Optional. packets sent by the DHCP dhcp client dscp dscp-value By default, the DSCP value is 56. client. Displaying and maintaining the DHCP client Task Command Remarks display dhcp client [ verbose ] [ interface Display specified interface-type interface-number ] [ | { begin | Available in any view...

  • Page 56: Configuring Dhcp Snooping

    Configuring DHCP snooping The DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. DHCP snooping functions DHCP snooping can: Ensure that DHCP clients obtain IP addresses from authorized DHCP servers.

  • Page 57: Application Environment Of Trusted Ports

    including IP addresses, MAC addresses, and CVLANs, before sending the packets to clients. For more information, see Layer 2—LAN Switching Configuration Guide. Application environment of trusted ports Configuring a trusted port connected to a DHCP server As shown in Figure 32, the DHCP snooping device port that is connected to an authorized DHCP server should be configured as a trusted port.

  • Page 58: Dhcp Snooping Support For Option 82

    Figure 33 Configuring trusted ports in a cascaded network Table 3 Roles of ports Trusted port disabled from Trusted port enabled to Device Untrusted port recording binding entries record binding entries Switch A GigabitEthernet 1/0/1 GigabitEthernet 1/0/3 GigabitEthernet 1/0/2 GigabitEthernet 1/0/3 and Switch B GigabitEthernet 1/0/1 GigabitEthernet 1/0/2...

  • Page 59: Dhcp Snooping Configuration Task List

    If a client's Handling requesting message Padding format The DHCP snooping device… strategy has… Forwards the message after replacing the original Option 82 with the Option 82 padded normal in normal format. Forwards the message after replacing the Replace verbose original Option 82 with the Option 82 padded in verbose format.

  • Page 60: Configuring Dhcp Snooping Basic Functions

    Task Remarks Enabling DHCP-REQUEST message attack protection Optional Configuring DHCP snooping basic functions Follow these guidelines when configure DHCP snooping basic functions: You must specify the ports connected to the authorized DHCP servers as trusted to make sure that • DHCP clients can obtain valid IP addresses.
  • Page 61 You can only enable DHCP snooping to support Option 82 on Layer 2 Ethernet ports, and Layer 2 • aggregate interfaces. If a Layer 2 Ethernet port is added to an aggregation group, enabling DHCP snooping to support • Option 82 on the interface will not take effect. After the interface quits the aggregation group, the configuration will be effective.

  • Page 62: Configuring Dhcp Snooping Entries Backup

    Step Command Remarks Optional. By default, • The padding format for Option 82 is • Configure the padding format for normal. Option 82: dhcp-snooping information format • The code type for the circuit ID { normal | private private | sub-option depends on the padding standard | verbose [ node-identifier format of Option 82.

  • Page 63: Enabling Dhcp Starvation Attack Protection

    To configure DHCP snooping entries backup: Step Command Remarks Enter system view. system-view Not specified by default. DHCP snooping entries are stored Specify the name of the file for immediately after this command is dhcp-snooping binding storing DHCP snooping used and then updated at the database filename filename entries.

  • Page 64: Enabling Dhcp-Request Message Attack Protection

    Enabling DHCP-REQUEST message attack protection Attackers may forge DHCP-REQUEST messages to renew the IP address leases for legitimate DHCP clients that no longer need the IP addresses. These forged messages keep a victim DHCP server renewing the leases of IP addresses instead of releasing the IP addresses. This wastes IP address resources. To prevent such attacks, you can enable DHCP-REQUEST message check on DHCP snooping devices.

  • Page 65: Dhcp Snooping Configuration Examples

    Task Command Remarks Clear DHCP packet statistics on the reset dhcp-snooping packet statistics Available in user view DHCP snooping device. [ slot slot-number ] DHCP snooping configuration examples DHCP snooping configuration example Network requirements As shown in Figure 34, Switch is connected to a DHCP server through GigabitEthernet 1/0/1, and to two DHCP clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3.
  • Page 66 On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as • company001 and for the remote ID sub-option as device001. On GigabitEthernet 1/0/3, configure the padding format as verbose, access node identifier as • sysname, and code type as ascii for Option 82. Switch forwards DHCP requests to the DHCP server after replacing Option 82 in the requests, so •...

  • Page 67: Configuring Bootp Client

    Configuring BOOTP client Overview BOOTP application After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server. To use BOOTP, an administrator must configure a BOOTP parameter file for each BOOTP client on the BOOTP server.

  • Page 68: Configuring An Interface To Dynamically Obtain An Ip Address Through Bootp

    Configuring an interface to dynamically obtain an IP address through BOOTP Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Configure an interface to By default, an interface does not use dynamically obtain an IP address ip address bootp-alloc BOOTP to obtain an IP address.

  • Page 69: Configuring Ipv4 Dns

    Configuring IPv4 DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into corresponding IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. DNS services can be static or dynamic.

  • Page 70: Configuring The Ipv4 Dns Client

    Dynamic domain name resolution allows the DNS client to store latest mappings between domain names and IP addresses in the dynamic domain name cache. The DNS client does not need to send a request to the DNS server for a repeated query next time. The aged mappings are removed from the cache after some time, and latest entries are required from the DNS server.

  • Page 71: Configuring Dynamic Domain Name Resolution

    Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, dynamic domain name resolution needs to be enabled and a DNS server needs to be configured. In addition, you can configure a DNS suffix that the system will automatically add to the provided domain name for resolution.

  • Page 72: Specifying The Source Interface For Dns Packets

    Step Command Remarks Optional. Set the DSCP value for dns dscp dscp-value By default, the DSCP value for DNS DNS packets. packets is 0. Specifying the source interface for DNS packets By default, the device uses the primary IP address of the output interface of the matching route as the source IP address of a DNS request.

  • Page 73: Static Domain Name Resolution Configuration Example

    Static domain name resolution configuration example Network requirements As shown in Figure 36, the device wants to access the host by using an easy-to-remember domain name rather than an IP address. Configure static domain name resolution on the device so that the device can use the domain name host.com to access the host whose IP address is 10.1.1.2.

  • Page 74: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 37, the device wants to access the host by using an easy-to-remember domain name rather than an IP address, and to request the DNS server on the network for an IP address by using dynamic domain name resolution.
  • Page 75 Figure 38 Creating a zone On the DNS server configuration page, right click zone com, and select New Host. Figure 39 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.

  • Page 76: Verifying The Configuration

    Figure 40 Adding a mapping between domain name and IP address Configure the DNS client: # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the...

  • Page 77: Troubleshooting Ipv4 Dns Configuration

    Troubleshooting IPv4 DNS configuration Symptom After enabling dynamic domain name resolution, the user cannot get the correct IP address. Solution Use the display dns host ip command to verify that the specified domain name is in the cache. If the specified domain name does not exist, verify that dynamic domain name resolution is enabled and that the DNS client can communicate with the DNS server.

  • Page 78: Configuring Ip Performance Optimization

    Configuring IP performance optimization Enabling receiving and forwarding of directed broadcasts to a directly connected network Directed broadcast packets are broadcast on a specific network. In the destination IP address of a directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones. If a device is allowed to forward directed broadcasts to a directly connected network, hackers may mount attacks to the network.

  • Page 79: Configuration Example

    Configuration example Network requirements As shown in Figure 41, the host’s interface and VLAN-interface 3 of the switch are on the same network segment (1.1.1.0/24). VLAN-interface 2 of Switch and the server are on another network segment (2.2.2.0/24). The default gateway of the host is VLAN-interface 3 (IP address 1.1.1.2/24) of Switch. Configure the switch so that the server can receive directed broadcasts from the host to IP address 2.2.2.255.

  • Page 80: Configuring The Tcp Send/Receive Buffer Size

    The TCP source device sends subsequent TCP segments that each are smaller than the MSS (MSS =path MTU–IP header length–TCP header length). If the TCP source device still receives ICMP error messages when the MSS is smaller than 32 bytes, the TCP source device will fragment packets.

  • Page 81: Configuring Icmp To Send Error Packets

    received, the system restarts the timer upon receiving the last non-FIN packet. The connection is broken after the timer expires. The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer To configure TCP timers: Step...

  • Page 82: Disadvantages Of Sending Icmp Error Packets

    If the device receives an IP packet with the destination unreachable, it will drop the packet and send an ICMP destination unreachable error packet to the source. Conditions for sending an ICMP destination unreachable packet: If neither a route nor the default route for forwarding a packet is available, the device will send a "network unreachable"...

  • Page 83: Displaying And Maintaining Ip Performance Optimization

    Displaying and maintaining IP performance optimization Task Command Remarks display tcp statistics [ | { begin | exclude | Display TCP connection statistics. Available in any view include } regular-expression ] display udp statistics [ | { begin | exclude | Display UDP statistics.

  • Page 84: Configuring Udp Helper

    Configuring UDP helper Overview UDP helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server. This is helpful when a host cannot obtain network configuration information or request device names through broadcasting because the server or host to be requested is located on another broadcast domain.

  • Page 85: Displaying And Maintaining Udp Helper

    Step Command Remarks interface interface-type Enter interface view. interface-number Specify the destination server udp-helper server [ vpn-instance No destination server is to which UDP packets are to vpn-instance-name ] ip-address specified by default. be forwarded. Displaying and maintaining UDP helper Task Command Remarks...
  • Page 86 # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1 in public network. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1...

  • Page 87: Configuring Ipv6 Basics

    Configuring IPv6 basics Overview Internet Protocol Version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet Protocol version 4 (IPv4). The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits. IPv6 features Header format simplification IPv6 removes several IPv4 header fields or moves them to the IPv6 extension headers to reduce the length...

  • Page 88: Ipv6 Addresses

    Stateful address autoconfiguration enables a host to acquire an IPv6 address and other • configuration information from a server (for example, a DHCP server). Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and • other configuration information by using its link-layer address and the prefix information advertised by a router.
  • Page 89 An IPv6 address prefix is written in IPv6-address/prefix-length notation where the IPv6-address is represented in any of the formats previously mentioned and the prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address comprises the address prefix. IPv6 address types IPv6 addresses fall into the following types: Unicast address—An identifier for a single interface, similar to an IPv4 unicast address.
  • Page 90 A loopback address is 0:0:0:0:0:0:0:1 (or ::1). It cannot be assigned to any physical interface and • can be used by a node to send an IPv6 packet to itself in the same way as the loopback address in IPv4. •...

  • Page 91: Ipv6 Neighbor Discovery Protocol

    On a tunnel interface • The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For more information about tunnels, see "Configuring tunneling."...
  • Page 92 Figure 45 Address resolution The address resolution operates in the following steps: Host A multicasts an NS message. The source address of the NS message is the IPv6 address of the sending interface of Host A and the destination address is the solicited-node multicast address of Host B.

  • Page 93: Ipv6 Path Mtu Discovery

    Host A learns that the IPv6 address is being used by Host B after receiving the NA message from Host B. If receiving no NA message, Host A decides that the IPv6 address is not in use and uses this address.

  • Page 94: Ipv6 Transition Technologies

    Figure 47 Path MTU discovery process The source host compares its MTU with the packet to be sent, performs necessary fragmentation, and sends the resulting packet to the destination host. If the MTU supported by a forwarding interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host.

  • Page 95: Ipv6 Basics Configuration Task List

    RFC 2460, Internet Protocol, Version 6 (IPv6) Specification • • RFC 2464, Transmission of IPv6 Packets over Ethernet Networks RFC 2526, Reserved IPv6 Subnet Anycast Addresses • RFC 2894, Router Renumbering for IPv6 • • RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture •...

  • Page 96: Configuring Basic Ipv6 Functions

    Configuring basic IPv6 functions Enabling IPv6 Enable IPv6 before you perform any IPv6-related configuration. Without IPv6 enabled, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. To enable IPv6: Step Command Remarks Enter system view. system-view Enable IPv6.

  • Page 97: Configuring An Ipv6 Link-Local Address

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number ipv6 address { ipv6-address Configure an IPv6 address By default, no IPv6 global unicast prefix-length | manually. address is configured on an interface. ipv6-address/prefix-length } Stateless address autoconfiguration To configure an interface to generate an IPv6 address by using stateless address autoconfiguration: Step Command...

  • Page 98: Configure An Ipv6 Anycast Address

    Step Command Remarks Optional. By default, no link-local address is Configure the interface to configured on an interface. automatically generate an ipv6 address auto link-local After an IPv6 global unicast address is IPv6 link-local address. configured on the interface, a link-local address is generated automatically.

  • Page 99: Configuring Ipv6 Nd

    Configuring IPv6 ND Configuring a static neighbor entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry. The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local Layer 3 interface number.

  • Page 100: Setting The Age Timer For Nd Entries In Stale State

    Step Command Remarks Optional. Configure the maximum By default, a Layer 2 interface does number of neighbors ipv6 neighbors max-learning-num not limit the number of neighbors dynamically learned by an number dynamically learned, and a Layer interface. 3 interface can learn up to 2048 neighbors dynamically.
  • Page 101 Parameters Description Determines whether hosts use the stateful autoconfiguration to acquire IPv6 addresses. If the M flag is set to 1, hosts use the stateful autoconfiguration (for example, through M flag a DHCP server) to acquire IPv6 addresses. Otherwise, hosts use the stateless autoconfiguration to acquire IPv6 addresses and generate IPv6 addresses according to their own link-layer addresses and the obtained prefix information.

  • Page 102: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    Step Command Remarks Optional. By default, no prefix information is ipv6 nd ra prefix { ipv6-prefix configured for RA messages, and the Configure the prefix prefix-length | IPv6 address of the interface sending RA information in RA ipv6-prefix/prefix-length } messages is used as the prefix messages.

  • Page 103: Configuring Path Mtu Discovery

    To configure the attempts to send an NS message for DAD: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Configure the number of attempts to 1 by default. When the value ipv6 nd dad attempts value send an NS message for DAD.

  • Page 104: Configuring Icmpv6 Packet Sending

    synwait timer—When a SYN packet is sent, the synwait timer is triggered. If no response packet is • received before the synwait timer expires, the IPv6 TCP connection establishment fails. finwait timer—When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered. •...

  • Page 105: Enabling Replying To Multicast Echo Requests

    Step Command Remarks Optional. By default, the capacity of a token bucket is 10 and the update interval is 100 milliseconds. A Configure the capacity ipv6 icmp-error { bucket maximum of 10 ICMPv6 error packets can be and update interval of bucket-size | ratelimit sent within 100 milliseconds.

  • Page 106: Enabling Sending Of Icmpv6 Destination Unreachable Messages

    Enabling sending of ICMPv6 destination unreachable messages If the device fails to forward a received IPv6 packet because of one of the following reasons, it drops the packet and sends a corresponding ICMPv6 Destination Unreachable error message to the source. If no route is available for forwarding the packet, the device sends a "no route to destination"...

  • Page 107: Ipv6 Basics Configuration Example

    Task Command Remarks display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface Display neighbor information. Available in any view interface-type interface-number | vlan vlan-id } [ | { begin | exclude | include } regular-expression ] display ipv6 neighbors { { all | dynamic | static } Display the total number of [ slot slot-number ] | interface interface-type...

  • Page 108: Configuration Procedure

    IPv6 is enabled for the host to automatically obtain an IPv6 address through IPv6 ND, and a route • to Switch B is available. Figure 48 Network diagram The VLAN interfaces have been created on the switch. Configuration procedure Configure Switch A: # Enable IPv6.

  • Page 109: Verifying The Configuration

    bytes=56 Sequence=2 hop limit=64 time = 2 ms Reply from 3001::1 bytes=56 Sequence=3 hop limit=64 time = 3 ms Reply from 3001::1 bytes=56 Sequence=4 hop limit=64 time = 9 ms --- 3001::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/3/9 ms # Display the neighbor information of GigabitEthernet 1/0/2 on Switch A.
  • Page 110 ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1 Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...
  • Page 111 ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP...
  • Page 112 InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected.

  • Page 113: Troubleshooting Ipv6 Basics Configuration

    Troubleshooting IPv6 basics configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.

  • Page 114: Dhcpv6 Overview

    DHCPv6 overview Introduction to DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) was designed based on IPv6 addressing scheme and is used for assigning IPv6 prefixes, IPv6 addresses and other configuration parameters to hosts. Compared with other IPv6 address allocation methods (such as manual configuration and stateless address autoconfiguration), DHCPv6 can: •...

  • Page 115: Address/Prefix Lease Renewal

    Figure 50 Assignment involving four messages The assignment involving four messages operates in the following steps: The DHCPv6 client sends out a Solicit message, requesting an IPv6 address/prefix and other configuration parameters. If the Solicit message does not contain a Rapid Commit option, or if the DHCPv6 server does not support rapid assignment even though the Solicit message contains a Rapid Commit option, the DHCPv6 server responds with an Advertise message, informing the DHCPv6 client of the assignable address/prefix and other configuration parameters.

  • Page 116: Configuring Stateless Dhcpv6

    If the DHCPv6 client receives no response from the DHCPv6 servers, the client stops using the address/prefix when the valid lifetime expires. For more information about the valid lifetime and the preferred lifetime, see "Configuring IPv6 basics." Figure 52 Using the Rebind message for address/prefix lease renewal Configuring stateless DHCPv6 After obtaining an IPv6 address/prefix, a device can use stateless DHCPv6 to obtain other configuration parameters from a DHCPv6 server.

  • Page 117: Protocols And Standards

    parameters. If not, the client ignores the configuration parameters. If multiple replies are received, the first received reply will be used. Protocols and standards • RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6 RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) •...

  • Page 118: Configuring Dhcpv6 Relay Agent

    Configuring DHCPv6 relay agent Overview A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 54, if the DHCPv6 server resides on another subnet, the DHCPv6 client can contact the server via a DHCPv6 relay agent, so you do not need to deploy a DHCPv6 server on each subnet.

  • Page 119: Configuring The Dhcpv6 Relay Agent

    After receiving the Solicit message, the DHCPv6 relay agent encapsulates the message into the Relay Message option of a Relay-forward message, and sends the message to the DHCPv6 server. After obtaining the Solicit message from the Relay-forward message, the DHCPv6 server selects an IPv6 address and other required parameters, and adds them to the reply which is encapsulated within the Relay Message option of a Relay-reply message.

  • Page 120: Setting The Dscp Value For Dhcpv6 Packets

    Setting the DSCP value for DHCPv6 packets An IPv6 packet header contains an 8-bit Traffic class field. This field identifies the service type of IPv6 packets. As defined in RFC 2474, the first six bits set the Differentiated Services Code Point (DSCP) value and the last two bits are reserved.

  • Page 121: Configuration Procedure

    Figure 56 Network diagram DHCPv6 client DHCPv6 client Vlan-int3 Vlan-int2 1::1/64 2::1/64 2::2/64 Switch DHCPv6 server DHCPv6 relay agent DHCPv6 client DHCPv6 client Configuration procedure Configure Switch as a DHCPv6 relay agent: # Enable the IPv6 packet forwarding function. <Switch> system-view [Switch] ipv6 # Configure the IPv6 addresses of VLAN-interface 2 and VLAN-interface 3 respectively.
  • Page 122 Packets received SOLICIT REQUEST CONFIRM RENEW REBIND RELEASE DECLINE INFORMATION-REQUEST RELAY-FORWARD RELAY-REPLY Packets sent ADVERTISE RECONFIGURE REPLY RELAY-FORWARD RELAY-REPLY...

  • Page 123: Configuring Dhcpv6 Client

    Configuring DHCPv6 client Overview Serving as a DHCPv6 client, the device only supports stateless DHCPv6 configuration, that is, the device can only obtain other network configuration parameters, except the IPv6 address and prefix from the DHCPv6 server. With an IPv6 address obtained through stateless address autoconfiguration, the device automatically enables the stateless DHCPv6 function after it receives an RA message with the M flag set to 0 and the O flag set to 1.

  • Page 124: Displaying And Maintaining The Dhcpv6 Client

    Step Command Remarks Enter system view. system-view Optional. Set the DSCP value for the DHCPv6 ipv6 dhcp client dscp By default, the DSCP value in packets sent by the DHCPv6 client. dscp-value DHCPv6 packets is 56. Displaying and maintaining the DHCPv6 client Task Command Remarks...

  • Page 125: Verifying The Configuration

    [SwitchB] ipv6 # Configure the IPv6 address of VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 1::1 64 # Set the O flag in the RA messages to 1. [SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag # Enable Switch B to send RA messages. [SwitchB-Vlan-interface2] undo ipv6 nd ra halt Configure Switch A: # Enable the IPv6 packet forwarding function.
  • Page 126 Confirm Renew Rebind Information-request Release Decline...

  • Page 127: Configuring Tunneling

    Configuring tunneling Overview Tunneling is an encapsulation technology: one network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated and de-encapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data de-encapsulation.
  • Page 128 After determining from the routing table that the packet needs to be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel. Upon receiving the packet, Device B de-encapsulates the packet. Device B forwards the packet according to the destination address in the de-encapsulated IPv6 packet.

  • Page 129: Ipv4 Over Ipv4 Tunneling

    notation. For example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a 6to4 tunnel.

  • Page 130: Ipv4 Over Ipv6 Tunneling

    Figure 61 Principle of IPv4 over IPv4 tunneling Packets traveling through a tunnel undergo encapsulation and de-encapsulation processes, as shown Figure • Encapsulation The encapsulation follows these steps. Device A receives an IP packet from an IPv4 host and submits it to the IP protocol stack. The IP protocol stack determines how to forward the packet according to the destination address in the IP header.

  • Page 131: Ipv6 Over Ipv6 Tunneling

    Figure 62 Principle of IPv4 over IPv6 tunneling The encapsulation and de-encapsulation processes illustrated in Figure 62 are described as follows: Encapsulation • Upon receiving a packet from the attached IPv4 network, Device A examines the destination address of the packet and determines the outgoing interface. If the packet is destined for the IPv4 network attached to Device B, Device A delivers the packet to the tunnel interface pointed to Device B.

  • Page 132: Protocols And Standards

    Figure 63 shows the encapsulation and de-encapsulation processes. • Encapsulation After receiving the IPv6 packet, the interface of Device A connecting private network A submits it to the IPv6 module for processing. The IPv6 module then determines how to forward the packet.

  • Page 133: Configuring A Tunnel Interface

    Configuring a tunnel interface Configure a Layer 3 virtual tunnel interface on each device on a tunnel so that devices at both ends can send, identify, and process packets from the tunnel. Configuration guidelines Follow these guidelines when you configure a tunnel interface: Before configuring a tunnel interface on a switch, you may need create a service loopback group •...

  • Page 134: Configuring An Ipv6 Manual Tunnel

    Step Command Remarks Optional. Set the bandwidth of tunnel bandwidth bandwidth-value By default, the bandwidth of the tunnel the tunnel interface. interface is 64 kbps. Restore the default default Optional. setting. Optional. Shut down the tunnel shutdown interface. By default, the interface is up. Configuring an IPv6 manual tunnel Configuration prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device...

  • Page 135: Configuration Example

    Step Command Remarks • Configure a global unicast IPv6 The link-local IPv6 address address or a site-local address: configuration is optional. ipv6 address { ipv6-address By default: prefix-length | • No IPv6 global unicast address ipv6-address/prefix-length } Configure an IPv6 or site-local address is ipv6 address address for the tunnel...
  • Page 136 Configuration procedure Before configuring an IPv6 manual tunnel, make sure that Switch A and Switch B have the corresponding VLAN interfaces created and can reach to each other. • Configure Switch A: # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit...
  • Page 137 [SwitchB-Vlan-interface101] ipv6 address 3003::1 64 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service. [SwitchB] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP. [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] undo stp enable [SwitchB-GigabitEthernet1/0/3] undo lldp enable [SwitchB-GigabitEthernet1/0/3] port service-loopback group 1...

  • Page 138: Configuring A 6To4 Tunnel

    Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF00:1 FF02::1:FFA8:3201 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: # Ping the IPv6 address of VLAN-interface 101 at the peer end from Switch A.

  • Page 139: Configuration Procedure

    No destination address needs to be configured for a 6to4 tunnel because the destination address • can automatically be obtained from the IPv4 address embedded in the 6to4 IPv6 address. To encapsulate and forward IPv6 packets whose destination address does not belong to the subnet •...

  • Page 140: Configuration Example

    Configuration example Network requirements As shown in Figure 65, two 6to4 networks are connected to an IPv4 network through two 6to4 switches (Switch A and Switch B). Configure a 6to4 tunnel to make Host A and Host B reachable to each other. Figure 65 Network diagram Configuration consideration To enable communication between 6to4 networks, configure 6to4 addresses for 6to4 switches and hosts...
  • Page 141 # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP and LLDP on the interface. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] undo lldp enable [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Configure a 6to4 tunnel. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] ipv6 address 2002:201:101::1/64 [SwitchA-Tunnel0] source vlan-interface 100...

  • Page 142: Configuring An Isatap Tunnel

    [SwitchB-Tunnel0] quit # Configure a static route whose destination address is 2002::/16 and the next hop is the tunnel interface. [SwitchB] ipv6 route-static 2002:: 16 tunnel 0 Verifying the configuration # Ping Host B from Host A or ping Host A from Host B. D:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2 Pinging 2002:501:101:1::2 from 2002:201:101:1::2 with 32 bytes of data:...

  • Page 143: Configuration Procedure

    Configuration procedure To configure an ISATAP tunnel: Step Command Remarks Enter system view. system-view By default, the IPv6 forwarding Enable IPv6. ipv6 function is disabled. Enter tunnel interface view. interface tunnel number • Configure an IPv6 global unicast address or site-local address: The IPv6 link-local address configuration is optional.
  • Page 144 Figure 66 Network diagram Switch ISATAP switch Vlan-int100 Vlan-int101 3001::1/64 1.1.1.1/8 IPv6 network IPv4 network ISATAP tunnel GE1/0/3 Tunnel0 ISATAP host IPv6 host 2001::5EFE:0101:0101/64 3002::2/64 IPv4 address:2.1.1.2/32 IPv6 address: FE80::5EFE:0201:0102 2001::5EFE:0201:0102 Service loopack port Configuration procedure Before configuring an ISATAP tunnel, make sure that the corresponding VLAN interfaces have been created on the switch, and that VLAN-interface 101 on the ISATAP switch and the ISATAP host can reach each other.
  • Page 145 [Switch] ipv6 route-static 2001:: 16 tunnel 0 • Configure the ISATAP host: The specific configuration on the ISATAP host is related to its operating system. The following example shows the configuration of the host running the Windows XP. # Install IPv6. C:\>ipv6 install # On a Windows XP-based host, the ISATAP interface is usually interface 2.

  • Page 146: Configuring An Ipv4 Over Ipv4 Tunnel

    IPv6 address of the tunnel interface of the switch. If the address is successfully pinged, an ISATAP tunnel is established. C:\>ping 2001::5efe:1.1.1.1 Pinging 2001::5efe:1.1.1.1 with 32 bytes of data: Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Ping statistics for 2001::5efe:1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),...

  • Page 147: Configuration Procedure

    Configuration procedure To configure an IPv4 over IPv4 tunnel: Step Command Remarks Enter system view. system-view Enter tunnel interface view. interface tunnel number Configure an IPv4 address ip address ip-address { mask | By default, no IPv4 address is for the tunnel interface. mask-length } [ sub ] configured for the tunnel interface.
  • Page 148 # Configure an IPv4 address for VLAN-interface 101 (configured on the physical interface of the tunnel). [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ip address 2.1.1.1 255.255.255.0 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service. [SwitchA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP on the interface.
  • Page 149 [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] undo stp enable [SwitchB-GigabitEthernet1/0/3] undo lldp enable [SwitchB-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-GigabitEthernet1/0/3] quit # Create interface Tunnel 2. [SwitchB] interface tunnel 2 # Configure an IPv4 address for interface Tunnel 2. [SwitchB-Tunnel2] ip address 10.1.2.2 255.255.255.0 # Configure the tunnel encapsulation mode.

  • Page 150: Configuring An Ipv4 Over Ipv6 Tunnel

    Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 3.1.1.1(Vlan-interface101), destination 2.1.1.1 Tunnel bandwidth 64 (kbps) Tunnel protocol/transport IP/IP Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec 5 packets input, 320 bytes 0 input error 9 packets output, 576 bytes...

  • Page 151: Configuration Procedure

    Configuration procedure To configure an IPv4 over IPv6 tunnel: Step Command Remarks Enter system view. system-view By default, the IPv6 packet forwarding Enable IPv6. ipv6 function is disabled. Enter tunnel interface interface tunnel number view. Configure an IPv4 ip address ip-address { mask | By default, no IPv4 address is configured address for the tunnel mask-length } [ sub ]...
  • Page 152 [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 30.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101 (the physical interface of the tunnel). [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2002::1:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service.
  • Page 153 # Create service loopback group 1 to support the tunnel service. [SwitchB] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP on the interface. [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] undo stp enable [SwitchB-GigabitEthernet1/0/3] undo lldp enable [SwitchB-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-GigabitEthernet1/0/3] quit...

  • Page 154: Configuring An Ipv6 Over Ipv6 Tunnel

    Line protocol current state: UP Description: Tunnel2 Interface The Maximum Transmit Unit is 1460 Internet Address is 30.1.2.2/24 Primary Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 2002::0002:0001, destination 2002::0001:0001 Tunnel bandwidth 64 (kbps) Tunnel protocol/transport IP/IPv6 Last 300 seconds input: 1 bytes/sec, 0 packets/sec Last 300 seconds output: 1 bytes/sec, 0 packets/sec...

  • Page 155: Configuration Procedure

    The IPv6 address of a tunnel interface must not be on the same subnet as the destination address of • the tunnel. The destination address of a route with the tunnel interface as the egress interface must not be on •...

  • Page 156: Configuration Example

    Step Command Remarks Configure the maximum Optional. number of nested encapsulation-limit [ number ] encapsulations of a 4 by default. packet. Return to system view. quit Enable dropping of IPv6 Optional. packets using tunnel discard IPv4-compatible IPv6 ipv4-compatible-packet Disabled by default. addresses.
  • Page 157 # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP on the interface. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] undo lldp enable [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Create interface Tunnel 1. [SwitchA] interface tunnel 1 # Configure an IPv6 address for interface Tunnel 1.
  • Page 158 [SwitchB] interface tunnel 2 # Configure an IPv6 address for interface Tunnel 2. [SwitchB-Tunnel2] ipv6 address 3001::1:2 64 # Configure the tunnel encapsulation mode. [SwitchB-Tunnel2] tunnel-protocol ipv6-ipv6 # Configure the source address for interface Tunnel 2 (IP address of VLAN-interface 101) [SwitchB-Tunnel2] source 2002::22:1 # Configure the destination address for interface Tunnel 2 (IP address of VLAN-interface 101 of Switch A).

  • Page 159: Displaying And Maintaining Tunneling Configuration

    FF02::1 MTU is 1460 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: # Ping the IPv6 address of the peer interface VLAN-interface 100 from Switch A. [SwitchA] ping ipv6 2002:3::1 PING 2002:3::1 : 56 data bytes, press CTRL_C to break...

  • Page 160: Troubleshooting Tunneling Configuration

    Troubleshooting tunneling configuration Symptom After the configuration of related parameters such as tunnel source address, tunnel destination address, and tunnel mode, the tunnel interface is still not up. Solution The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up.

  • Page 161: Support And Other Resources

    Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • • Technical support registration number (if applicable) Product serial numbers •...

  • Page 162: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 163 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 164: Index

    Index A B C D E I O P R S T U Configuring stateless DHCPv6,108 Configuring TCP attributes,71 Address/prefix lease renewal,107 Configuring the DHCP relay agent security Application environment of trusted ports,49 functions,38 ARP configuration examples,7 Configuring the DHCP relay agent to release an IP Assigning an IP address to an interface,21 address,40...
  • Page 165 Displaying and maintaining IPv4 DNS,64 Overview(Configuring UDP helper),76 Displaying and maintaining IPv6 basics Overview(Configuring ARP snooping),18 configuration,98 Overview(Configuring IPv4 DNS),61 Displaying and maintaining proxy ARP,13 Overview(Configuring DHCPv6 relay agent),1 10 Displaying and maintaining the DHCP client,47 Overview(Configuring ARP),1 Displaying and maintaining the DHCP relay agent,42 Overview(Configuring DHCPv6 client),1 15...

This manual is also suitable for:

6125 blade switch series

Table of Contents