1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 6125XLG
  6. Configuration manual

HP 6125XLG Configuration Manual

Blade switch layer 3 - ip services
Hide thumbs Also See for 6125XLG:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HP 6125XLG Blade Switch
Layer 3—IP Services

Configuration Guide

Part number: 5998-3718
Software version: Release 2306
Document version: 6W100-20130912

Advertisement

Table of Contents
loading

Related Manuals for HP 6125XLG

Summary of Contents for HP 6125XLG

  • Page 1: Configuration Guide

    HP 6125XLG Blade Switch Layer 3—IP Services Configuration Guide Part number: 5998-3718 Software version: Release 2306 Document version: 6W100-20130912...
  • Page 2 HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

  • Page 3: Table Of Contents

    Contents Configuring ARP ··························································································································································· 1   Overview ············································································································································································ 1   ARP message format ················································································································································ 1   ARP operating mechanism ······································································································································ 1   ARP table ··································································································································································· 2   Configuring a static ARP entry ········································································································································· 3   Configuring a multiport ARP entry ··································································································································· 4  ...
  • Page 4 Network requirements ··········································································································································· 20   Configuration procedure ······································································································································ 20   Verifying the configuration ··································································································································· 20   DHCP overview ·························································································································································· 22   DHCP address allocation ·············································································································································· 22   Allocation mechanisms ········································································································································· 22   Dynamic IP address allocation process··············································································································· 23   IP address lease extension···································································································································· 23  ...
  • Page 5 DHCP relay agent support for Option 82 ·········································································································· 51   DHCP relay agent configuration task list ····················································································································· 51   Enabling DHCP ······························································································································································ 52   Enabling the DHCP relay agent on an interface ········································································································ 52   Specifying DHCP servers on a relay agent ················································································································· 52  ...
  • Page 6 Configuring DNS ······················································································································································· 76   Overview ········································································································································································· 76   Static domain name resolution ····························································································································· 76   Dynamic domain name resolution ······················································································································· 76   DNS proxy ····························································································································································· 77   DNS spoofing ························································································································································ 78   DNS configuration task list ············································································································································ 79   Configuring the IPv4 DNS client ··································································································································...
  • Page 7 Configuring TCP MSS for an interface ······················································································································ 108   Configuring TCP path MTU discovery ······················································································································· 109   Enabling TCP SYN Cookie ·········································································································································· 110   Configuring the TCP buffer size ·································································································································· 110   Configuring TCP timers ················································································································································ 111   Enabling sending ICMP error packets ······················································································································· 111  ...
  • Page 8 Verifying the configuration ································································································································· 137   Troubleshooting IPv6 basics configuration ················································································································ 140   Symptom ······························································································································································· 140   Solution ································································································································································· 140   DHCPv6 overview ··················································································································································· 141   DHCPv6 address/prefix assignment ·························································································································· 141   Rapid assignment involving two messages······································································································· 141   Assignment involving four messages ················································································································· 141  ...
  • Page 9 Configuration example ······································································································································· 180   Displaying and maintaining tunneling configuration ······························································································· 182   Troubleshooting tunneling configuration ··················································································································· 182   Symptom ······························································································································································· 182   Analysis ································································································································································ 182   Solution ································································································································································· 182   Configuring GRE ····················································································································································· 184   Overview ······································································································································································· 184   GRE encapsulation format ··································································································································...

  • Page 10: Configuring Arp

    Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages.

  • Page 11: Arp Table

    If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request comprises the following information: Sender IP address and sender MAC address—Host A's IP address and MAC address Target IP address—Host B's IP address Target MAC address—An all-zero MAC address All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)

  • Page 12: Configuring A Static Arp Entry

    Static ARP entry A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. Static ARP entries include long, short, and multiport ARP entries.

  • Page 13: Configuring A Multiport Arp Entry

    Step Command Remarks • Configure a long static ARP entry: arp static ip-address mac-address vlan-id interface-type interface-number Use either command. Configure a static ARP [ vpn-instance vpn-instance-name ] By default, no static ARP entry is entry. • Configure a short static ARP entry: configured.

  • Page 14: Setting The Aging Timer For Dynamic Arp Entries

    The Layer-2 interface can learn an ARP entry only when both its maximum number and the VLAN interface's maximum number are not reached. To set the maximum number of dynamic ARP entries that an interface can learn: Step Command Remarks Enter system view.

  • Page 15: Configuring Arp Fast Update

    Step Command Remarks By default, dynamic ARP entry check is Enable dynamic ARP entry check. arp check enable enabled. Configuring ARP fast update ARP fast update for MAC move allows the device to update an ARP entry immediately after the output interface for a MAC address changes.

  • Page 16: Static Arp Configuration Example

    Task Command Display the ARP entry for a specific IP display arp ip-address [ slot slot-number ] [ verbose ] address. Display the ARP entries for a specific VPN display arp vpn-instance vpn-instance-name [ count ] instance. Display the aging timer for dynamic ARP display arp timer aging entries.

  • Page 17: Multiport Arp Entry Configuration Example

    # Create VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 8 [Switch-vlan-interface10] quit # Configure a static ARP entry that has IP address 192.168.1.1, MAC address 00e0-fc01-0000, and output interface Ten-GigabitEthernet 1/1/5 in VLAN 10. [Switch] arp static 192.168.1.1 00e0-fc01-0000 10 Ten-GigabitEthernet 1/1/5 # Display information about static ARP entries.
  • Page 18 # Add Ten-GigabitEthernet 1/1/5, Ten-GigabitEthernet 1/1/6, and Ten-GigabitEthernet 1/1/7 to VLAN 10. [Switch] interface Ten-GigabitEthernet 1/1/5 [Switch-Ten-GigabitEthernet1/1/5] port access vlan 10 [Switch-Ten-GigabitEthernet1/1/5] quit [Switch] interface Ten-GigabitEthernet 1/1/6 [Switch-Ten-GigabitEthernet1/1/6] port access vlan 10 [Switch-Ten-GigabitEthernet1/1/6] quit [Switch] interface Ten-GigabitEthernet 1/1/7 [Switch-Ten-GigabitEthernet1/1/7] port access vlan 10 [Switch-Ten-GigabitEthernet1/1/7] quit # Create VLAN-interface 10 and specify its IP address.

  • Page 19: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: Determine whether its IP address is already used by another device. If the IP address is already used, •...

  • Page 20: Configuration Procedure

    If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router in the VRRP group.

  • Page 21: Configuring Proxy Arp

    Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP.

  • Page 22: Common Proxy Arp Configuration Example

    Common proxy ARP configuration example Network requirements As shown in Figure 6, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch (Host A belongs to VLAN 1, and Host D belongs to VLAN 2). No default gateway is configured on Host A and Host D.
  • Page 23 After the configuration, Host A and Host D can ping each other.

  • Page 24: Configuration Procedure

    Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. If you enable ARP snooping on a VLAN, ARP packets received by any interface in the VLAN are redirected to the CPU.

  • Page 25: Configuring Ip Addressing

    Configuring IP addressing The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) and PPP address negotiation are beyond the scope of this chapter.

  • Page 26: Special Ip Addresses

    Class Address range Remarks 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 Multicast addresses. Reserved for future use, except for the broadcast 240.0.0.0 to 255.255.255.255 address 255.255.255.255. Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses: IP address with an all-zero net ID—Identifies a host on the local network.

  • Page 27: Assigning An Ip Address To An Interface

    Assigning an IP address to an interface An interface must have an IP address to communicate with other hosts. You can either manually assign an IP address to an interface, or configure the interface to obtain an IP address through BOOTP, or DHCP. If you change the way an interface obtains an IP address, the new IP address will overwrite the previous address.

  • Page 28: Configuration Guidelines

    Configuration guidelines Follow these guidelines when you configure IP unnumbered: • An interface cannot borrow an IP address from an unnumbered interface. Multiple interfaces can use the same unnumbered IP address. • If an interface has multiple manually configured IP addresses, only the manually configured primary •...

  • Page 29: Ip Address Configuration Example

    IP address configuration example Network requirements As shown in Figure 9, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24. To enable the hosts on the two network segments to communicate with the external network through the switch, and to enable the hosts on the LAN to communicate with each other: Assign a primary IP address and a secondary IP address to VLAN-interface 1 on the switch.
  • Page 30 Ping 172.16.1.2 (172.16.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 172.16.1.2: icmp_seq=0 ttl=254 time=7.000 ms 56 bytes from 172.16.1.2: icmp_seq=1 ttl=254 time=0.000 ms 56 bytes from 172.16.1.2: icmp_seq=2 ttl=254 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 172.16.1.2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss...

  • Page 31: Dhcp Overview

    DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 10 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent.

  • Page 32: Dynamic Ip Address Allocation Process

    Dynamic IP address allocation process Figure 11 Dynamic IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.

  • Page 33: Dhcp Message Format

    DHCP message format Figure 12 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 12 DHCP message format • op—Message type defined in options field. 1 = REQUEST, 2 = REPLY htype, hlen—Hardware address type and length of the DHCP client.

  • Page 34: Dhcp Options

    DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information to clients. Figure 13 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.
  • Page 35 The DHCP client can obtain the following information through Option 43: • ACS parameters, including the ACS URL, username, and password. PXE server address, which is used to obtain the boot file or other control information from the PXE • server.

  • Page 36: Protocols And Standards

    Relay agent option (Option 82) Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.
  • Page 37 RFC 1542, Clarifications and Extensions for the Bootstrap Protocol • • RFC 3046, DHCP Relay Agent Information Option RFC 3442, The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) • version 4...

  • Page 38: Configuring The Dhcp Server

    Configuring the DHCP server Overview The DHCP server is well suited to networks where: • Manual configuration and centralized management are difficult to implement. IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users •...
  • Page 39 If the matching user class has no assignable addresses, the DHCP server matches the client against the next user class. If all the matching user classes have no assignable addresses, the DHCP server selects an IP address from the common address range. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command.

  • Page 40: Ip Address Allocation Sequence

    IP address allocation sequence The DHCP server selects an IP address for a client in the following sequence: IP address statically bound to the client's MAC address or ID. IP address that was ever assigned to the client. IP address designated by the Option 50 field in the DHCP-DISCOVER message sent by the client. Option 50 is the Requested IP Address option.

  • Page 41: Creating A Dhcp Address Pool

    Tasks at a glance Perform at least one of the following tasks: • Specifying IP address ranges for a DHCP address pool • Specifying gateways for the client • Specifying a domain name suffix for the client • Specifying DNS servers for the client •...
  • Page 42 Step Command Remarks Enter system view. system-view Required for client classification. Create a DHCP user class and dhcp class class-name enter DHCP user class view. By default, no DHCP user class exists. Required for client classification. if-match option option-code [ hex Configure the match rule for the hex-string [ offset offset length length By default, no match rule is...
  • Page 43 request, the DHCP server selects an address from the primary subnet. If no assignable address is found, the server selects an address from the secondary subnets in the order they are configured. In scenarios where the DHCP server and the DHCP clients reside on different subnets and the DHCP clients obtain IP addresses through a DHCP relay agent, the DHCP server needs to use the same address pool to assign IP addresses to clients in different subnets.

  • Page 44: Specifying Gateways For The Client

    Step Command Remarks Except for the IP address of the DHCP server interface, IP addresses in all address pools (Optional.) Exclude the specified dhcp server forbidden-ip are assignable by default. IP addresses from dynamic start-ip-address [ end-ip-address ] allocation globally. To exclude multiple address ranges globally, repeat this step.

  • Page 45: Specifying A Domain Name Suffix For The Client

    The gateway-list command issued in DHCP address pool view specifies gateway addresses for all DHCP clients that obtain IP addresses from this address pool. To specify gateways for clients that obtain IP addresses from a secondary subnet, use the gateway-list command in secondary subnet view. If you specify gateways in both address pool view and secondary subnet view, DHCP preferentially assign the gateway addresses specified in the secondary subnet view to the clients on the secondary subnet.

  • Page 46: Specifying Wins Servers And Netbios Node Type For The Client

    Specifying WINS servers and NetBIOS node type for the client A Microsoft DHCP client using NetBIOS protocol must contact a WINS server for name resolution. You can specify up to eight WINS servers for such clients in a DHCP address pool. In addition, you must specify a NetBIOS node type for the clients to approach name resolution.

  • Page 47: Specifying The Tftp Server And Boot File Name For The Client

    Specifying the TFTP server and boot file name for the client To implement client auto-configuration, you must specify the IP address or name of a TFTP server and the boot file name for the clients, and there is no need to perform any configuration on the DHCP clients. A DHCP client obtains these parameters from the DHCP server, and uses them to contact the TFTP server to get the configuration file used for system initialization.

  • Page 48: Configuring Option 184 Parameters For The Client

    Configuring Option 184 parameters for the client To assign calling parameters to DHCP clients with voice service, you must configure Option 184 on the DHCP server. For more information about Option 184, see "Option 184." To configure option 184 parameters in a DHCP address pool: Step Command Remarks...

  • Page 49: Enabling Dhcp

    Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. option code { ascii ascii-string | hex Configure a self-defined By default, no self-defined DHCP hex-string | ip-address DHCP option. option is configured. ip-address&<1-8> } Table 2 Common DHCP options Corresponding Recommended option Option...

  • Page 50: Applying An Address Pool On An Interface

    Step Command Remarks By default, the DHCP Enable the DHCP server on dhcp select server server on the interface the interface. is enabled. Applying an address pool on an interface Perform this task to apply a DHCP address pool on an interface. Upon receiving a DHCP request from the interface, the DHCP server assigns configuration parameters from the address pool to the client.

  • Page 51: Enabling Handling Of Option 82

    Enabling handling of Option 82 Perform this task to enable the DHCP server to handle Option 82. Upon receiving a DHCP request with Option 82, the DHCP server adds Option 82 into the DHCP response. If you disable the DHCP to handle Option 82, it does not add Option 82 into the response message. You must enable handling of Option 82 on both the DHCP server and the DHCP relay agent to ensure normal operation of Option 82.

  • Page 52: Configuring The Dhcp Server To Send Bootp Responses In Rfc 1048 Format

    To configure the DHCP server to ignore BOOTP requests: Step Command Remarks Enter system view. system-view Configure the DHCP server to By default, the DHCP server dhcp server bootp ignore ignore BOOTP requests. processes BOOTP requests. Configuring the DHCP server to send BOOTP responses in RFC 1048 format Not all BOOTP clients can send requests compatible with RFC 1048.

  • Page 53: Dhcp Server Configuration Examples

    Task Command Display information about DHCP address display dhcp server pool [ pool-name ] pools. Clear information about IP address conflicts. reset dhcp server conflict [ ip ip-address ] Clear information about lease-expired IP reset dhcp server expired [ ip ip-address | pool pool-name ] addresses.

  • Page 54: Dynamic Ip Address Assignment Configuration Example

    <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server: # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit # Create DHCP address pool 0.
  • Page 55 Figure 18 Network diagram Configuration procedure Configure the IP addresses of the VLAN interfaces. (Details not shown.) Configure the DHCP server: # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 10 and VLAN-interface 20. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select server [SwitchA-Vlan-interface10] quit...

  • Page 56: Dhcp User Class Configuration Example

    [SwitchA-dhcp-pool-2] domain-name aabbcc.com [SwitchA-dhcp-pool-2] dns-list 10.1.1.2 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Verifying the configuration After the preceding configuration is complete, clients on networks 10.1.1.0/25 and 10.1.1.128/25 can obtain correct IP addresses and other network parameters from Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients.

  • Page 57: Self-Defined Option Configuration Example

    [SwitchB-dhcp-class-tt] if-match option 82 [SwitchB-dhcp-class-tt] quit # Create DHCP address pool aa, specify the address range for the address pool and the address range for user class tt. Specify gateway and DNS server address. [SwitchB] dhcp server ip-pool aa [SwitchB-dhcp-pool-aa] network 10.10.1.0 mask 255.255.255.0 [SwitchB-dhcp-pool-aa] address range 10.10.1.2 10.10.1.100 [SwitchB-dhcp-pool-aa] class tt range 10.10.1.2 10.10.1.10 [SwitchB-dhcp-pool-aa] gateway-list 10.10.1.254...

  • Page 58: Troubleshooting Dhcp Server Configuration

    # Configure DHCP address pool 0. [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] option 43 hex 800B0000020102030402020202 Verifying the configuration After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and the PXE server addresses from the Switch A.

  • Page 59: Configuring The Dhcp Relay Agent

    Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 21 shows a typical application of the DHCP relay agent.

  • Page 60: Dhcp Relay Agent Support For Option 82

    Figure 22 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to locate the DHCP client for security and accounting purposes, and to assign IP addresses in a specific range to clients.

  • Page 61: Enabling Dhcp

    Tasks at a glance (Optional.) Configuring the DHCP relay agent to release an IP address (Optional.) Configuring Option 82 Enabling DHCP You must enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command Remarks Enter system view. system-view Enable DHCP.

  • Page 62: Configuring The Dhcp Relay Agent Security Functions

    To specify a DHCP server address on a relay agent: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no DHCP server Specify a DHCP server dhcp relay server-address address is specified on the relay address on the relay agent.

  • Page 63: Enabling Dhcp Starvation Attack Protection

    Step Command Remarks By default, periodic refresh of Enable periodic refresh of dhcp relay client-information refresh dynamic relay entries is dynamic relay entries. enable enabled. By default, the refresh interval is Configure the refresh dhcp relay client-information refresh auto, which is calculated based interval.

  • Page 64: Configuring The Dhcp Relay Agent To Release An Ip Address

    Configuring the DHCP relay agent to release an IP address Configure the relay agent to release the IP address for a relay entry. The relay agent sends a DHCP-RELEASE message to the server and meanwhile deletes the relay entry. Upon receiving the DHCP-RELEASE message, the DHCP server releases the IP address.

  • Page 65: Displaying And Maintaining The Dhcp Relay Agent

    Displaying and maintaining the DHCP relay agent Execute display commands in any view and reset commands in user view. Task Command Display information about DHCP servers specified display dhcp relay server-address [ interface on the DHCP relay agent interface. interface-type interface-number ] Display Option 82 configuration information on the display dhcp relay information [ interface interface-type DHCP relay agent.

  • Page 66: Option 82 Configuration Example

    Figure 23 Network diagram DHCP client DHCP client Vlan-int10 Vlan-int20 10.10.1.1/24 10.1.1.2/24 Vlan-int20 10.1.1.1/24 Switch A Switch B DHCP relay agent DHCP server DHCP client DHCP client Configuration procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <SwitchA>...

  • Page 67: Troubleshooting Dhcp Relay Agent Configuration

    [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 # Configure the handling strategies and padding content of Option 82. [SwitchA-Vlan-interface10] dhcp relay information enable [SwitchA-Vlan-interface10] dhcp relay information strategy replace [SwitchA-Vlan-interface10] dhcp relay information circuit-id string company001 [SwitchA-Vlan-interface10] dhcp relay information remote-id string device001 Troubleshooting DHCP relay agent configuration...

  • Page 68: Configuring The Dhcp Client

    Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. The DHCP client configuration is supported on VLAN interfaces and management Ethernet interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be a Windows Server 2000 or Windows Server 2003.

  • Page 69: Configuring A Dhcp Client Id For An Interface

    Configuring a DHCP client ID for an interface A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for specified clients based on the DHCP client ID. Make sure the IDs for different DHCP clients are unique. To configure a DHCP client ID for an interface: Step Command...

  • Page 70: Displaying And Maintaining The Dhcp Client

    Displaying and maintaining the DHCP client Execute display command in any view. Task Command display dhcp client [ verbose ] [ interface interface-type Display DHCP client information. interface-number ] DHCP client configuration example Network requirements As shown in Figure 25, on a LAN, Switch B contacts the DHCP server through VLAN-interface 2 to obtain an IP address, DNS server address, and static route information.

  • Page 71: Verifying The Configuration

    [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 24 [SwitchA-Vlan-interface2] quit # Enable the DHCP service. [SwitchA] dhcp enable # Exclude an IP address from dynamic allocation. [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24.
  • Page 72 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.1.1.0/24 Direct 0 10.1.1.3 Vlan2 10.1.1.0/32 Direct 0 10.1.1.3 Vlan2 10.1.1.3/32 Direct 0 127.0.0.1 InLoop0 10.1.1.255/32 Direct 0 10.1.1.3 Vlan2 20.1.1.0/24 Static 70 10.1.1.2 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1...

  • Page 73: Configuring Dhcp Snooping

    Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.

  • Page 74: Dhcp Snooping Support For Option 82

    Figure 26 Trusted and untrusted ports In a cascaded network as shown in Figure 27, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries. Figure 27 Trusted and untrusted ports in a cascaded network DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the...

  • Page 75: Dhcp Snooping Configuration Task List

    Table 4 Handling strategies If a DHCP request Handling DHCP snooping… has… strategy Drop Drops the message. Keep Forwards the message without changing Option 82. Option 82 Forwards the message after replacing the original Option 82 with Replace the Option 82 padded according to the configured padding format, padding content, and code type.

  • Page 76: Configuring Option 82

    Step Command Remarks Enter system view. system-view By default, DHCP snooping is Enable DHCP snooping. dhcp snooping enable disabled. interface interface-type This interface is connected to the Enter interface view. interface-number DHCP server. By default, all ports are untrusted Specify the port as a trusted dhcp snooping trust ports after DHCP snooping is port.

  • Page 77: Saving Dhcp Snooping Entries

    Step Command Remarks (Optional.) Configure a handling strategy for DHCP dhcp snooping information strategy { drop By default, the handling requests containing Option | keep | replace } strategy is replace. dhcp snooping information circuit-id (Optional.) Configure the By default, the padding { [ vlan vlan-id ] string circuit-id | { normal | padding content and code format is normal and the...

  • Page 78: Enabling Dhcp Starvation Attack Protection

    Step Command Remarks (Optional.) Set the amount of time to wait after a DHCP dhcp snooping binding database snooping entry changes The default interval is 300 seconds. update interval seconds before updating the database file. Enabling DHCP starvation attack protection A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests that contain identical or different sender MAC addresses in the chaddr field to a DHCP server.

  • Page 79: Configuring Dhcp Packet Rate Limit

    compares the entry with the message information. If they are consistent, the message is considered as valid and forwarded to the DHCP server. If they are different, the message is considered as a forged message and is discarded. If no matching entry is found, the message is considered valid and forwarded to the DHCP server.

  • Page 80: Dhcp Snooping Configuration Examples

    Task Command Remarks Display Option 82 configuration display dhcp snooping information { all | information on the DHCP snooping Available in any view. interface interface-type interface-number } device. Display DHCP packet statistics on the display dhcp snooping packet statistics Available in any view. DHCP snooping device.

  • Page 81: Option 82 Configuration Example

    [SwitchB-Ten-GigabitEthernet1/1/5] dhcp snooping trust [SwitchB-Ten-GigabitEthernet1/1/5] quit # Enable DHCP snooping to record clients' IP-MAC bindings on Ten-GigabitEthernet 1/1/6. [SwitchB] interface Ten-GigabitEthernet 1/1/6 [SwitchB-Ten-GigabitEthernet1/1/6] dhcp snooping binding record [SwitchB-Ten-GigabitEthernet1/1/6] quit Verifying the configuration After the preceding configuration is complete, the DHCP client can obtain an IP address and other configuration parameters only from the authorized DHCP server.
  • Page 82 [SwitchB-Ten-GigabitEthernet1/1/6] dhcp snooping information strategy replace [SwitchB-Ten-GigabitEthernet1/1/6] dhcp snooping information circuit-id string company001 [SwitchB-Ten-GigabitEthernet1/1/6] dhcp snooping information remote-id string device001 [SwitchB-Ten-GigabitEthernet1/1/6] quit # Configure Option 82 on Ten-GigabitEthernet 1/1/7. [SwitchB] interface Ten-GigabitEthernet 1/1/7 [SwitchB-Ten-GigabitEthernet1/1/7] dhcp snooping information enable [SwitchB-Ten-GigabitEthernet1/1/7] dhcp snooping information strategy replace [SwitchB-Ten-GigabitEthernet1/1/7] dhcp snooping information circuit-id verbose node-identifier sysname format ascii [SwitchB-Ten-GigabitEthernet1/1/7] dhcp snooping information remote-id string device001...

  • Page 83: Configuring The Bootp Client

    Configuring the BOOTP client BOOTP client configuration applies to VLAN interfaces and management Ethernet interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server.

  • Page 84: Configuring An Interface To Use Bootp For Ip Address Acquisition

    Configuring an interface to use BOOTP for IP address acquisition Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, an interface does not Configure an interface to use ip address bootp-alloc use BOOTP for IP address BOOTP for IP address acquisition.

  • Page 85: Configuring Dns

    Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. The domain name-to-IP address mapping is called a DNS entry.

  • Page 86: Dns Proxy

    Figure 30 shows the relationship between the user program, DNS client, and DNS server. The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store latest DNS entries in the dynamic domain name cache.

  • Page 87: Dns Spoofing

    Figure 31 DNS proxy application A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution cache after receiving the request.

  • Page 88: Dns Configuration Task List

    Figure 32 DNS spoofing application DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server. Without DNS spoofing, the proxy does not answer or forward a DNS request if it cannot find a matching DNS entry and it cannot reach the DNS server.

  • Page 89: Configuring The Ipv4 Dns Client

    Tasks at a glance (Optional.) Configuring the DNS trusted interface Configuring the IPv4 DNS client Configuring static domain name resolution Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses. Follow these guidelines when you configure static domain name resolution: On the public network or a VPN, each host name maps to only one IPv4 address.

  • Page 90: Configuring The Ipv6 Dns Client

    An IPv4 name query is first sent to the DNS server IPv4 addresses. If no reply is received, it is sent • to the DNS server IPv6 addresses. You can specify domain name suffixes for the public network and up to 1024 VPNs, and specify a •...

  • Page 91: Configuring Dynamic Domain Name Resolution

    Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, you must enable dynamic domain name resolution and configure DNS servers. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority.

  • Page 92: Configuring Dns Spoofing

    A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS servers, and if no reply is received, it forwards the request to IPv4 DNS servers. To configure the DNS proxy: Step Command...

  • Page 93: Configuring The Dns Trusted Interface

    DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specific IP address. In such cases, you must specify the source interface for the DNS packets so that the device can always uses the primary IP address of the specified source interface as the source IP address of DNS packets.

  • Page 94: Ipv4 Dns Configuration Examples

    Task Command Display the domain name resolution display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] table. Display IPv4 DNS server information. display dns server [ dynamic ] [ vpn-instance vpn-instance-name ] Display IPv6 DNS server information. display ipv6 dns server [ dynamic ] [ vpn-instance vpn-instance-name ] Display DNS suffixes.

  • Page 95: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 34, the device wants to access the host by using an easy-to-remember domain name rather than an IP address, and to request the DNS server on the network for an IP address by using dynamic domain name resolution.
  • Page 96 Figure 35 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 36 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.

  • Page 97: Dns Proxy Configuration Example

    Figure 37 Adding a mapping between domain name and IP address Configure the DNS client: # Specify the DNS server 2.1.1.2. <Sysname> system-view [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1.
  • Page 98 As shown in Figure • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Configure the IP address of the DNS proxy on Device B. DNS requests of Device B are forwarded •...

  • Page 99: Ipv6 Dns Configuration Examples

    56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms --- Ping statistics for host.com --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements...

  • Page 100: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 40, the device wants to access the host by using an easy-to-remember domain name rather than an IPv6 address. The IPv6 address of the DNS server is 2::2/64, and the server has a com domain, which stores the mapping between domain name host and IPv6 address 1::1/64.
  • Page 101 Figure 41 Creating a zone On the DNS server configuration page, right-click zone com, and select Other New Records. Figure 42 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type.
  • Page 102 Figure 43 Selecting the resource record type Type host name host and IPv6 address 1::1. Click OK. The mapping between the IPv6 address and host name is created.
  • Page 103 Figure 44 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Specify the DNS server 2::2. <Device> system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 1::1.

  • Page 104: Dns Proxy Configuration Example

    DNS proxy configuration example Network requirements When the IPv6 address of the DNS server changes, you must configure the new IPv6 address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.

  • Page 105: Troubleshooting Ipv4 Dns Configuration

    Verifying the configuration # Use the ping host.com command on Device B to verify that the connection between the device and the host is normal and that the translated destination IP address is 3000::1. [DeviceB] ping host.com Ping6(56 data bytes) 2000::1 --> 3000::1, press CTRL_C to break 56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.000 ms 56 bytes from 3000::1, icmp_seq=1 hlim=128 time=0.000 ms 56 bytes from 3000::1, icmp_seq=2 hlim=128 time=1.000 ms...

  • Page 106: Configuring Ddns

    Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers to direct you to the latest IP address mapping to a domain name.

  • Page 107: Ddns Client Configuration Task List

    NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts. DDNS client configuration task list Tasks at a glance (Required.) Configuring a DDNS policy (Required.) Applying the DDNS policy to an interface Configuring a DDNS policy A DDNS policy contains the DDNS server address, port number, login ID, password, time interval, associated SSL client policy, and update time interval.

  • Page 108: Configuration Prerequisites

    HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols. The URL address for an update request can start with: http://—The HTTP-based DDNS server. •...

  • Page 109: Applying The Ddns Policy To An Interface

    Step Command Remarks (Optional.) Specify the parameter By default, http-get is used. transmission method for sending method { http-get | Use the method http-post command to DDNS update requests to http-post } specify the POST method for DDNS update HTTP/HTTPS-based DDNS with a DHS server.

  • Page 110: Displaying Ddns

    Displaying DDNS Execute display commands in any view. Task Command Display information about the DDNS policy. display ddns policy [ policy-name ] DDNS configuration examples DDNS configuration example with www.3322.org Network requirements As shown in Figure 47, Switch is a Web server with the domain name whatever.3322.org. Switch acquires the IP address through DHCP.

  • Page 111: Ddns Configuration Example With Peanuthull Server

    [Switch-ddns-policy-3322.org] password simple nevets # Set the interval for sending DDNS update requests to 15 minutes. [Switch-ddns-policy-3322.org] interval 0 0 15 [Switch-ddns-policy-3322.org] quit # Specify the IP address of the DNS server as 1.1.1.1. [Switch] dns server 1.1.1.1 # Apply DDNS policy 3322.org to VLAN-interface 2 to enable DDNS update and dynamically update the mapping between domain name whatever.3322.org and the primary IP address of VLAN-interface [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy 3322.org fqdn whatever.3322.org...
  • Page 112 # Specify for DDNS update requests the URL address with the login ID steven and plaintext password nevets. [Switch-ddns-policy-oray.cn] url oray://phservice2.oray.net [Switch-ddns-policy-oray.cn] username steven [Switch-ddns-policy-oray.cn] password simple nevets # Set the DDNS update request interval to 12 minutes. [Switch-ddns-policy-oray.cn] interval 0 0 12 [Switch-ddns-policy-oray.cn] quit # Specify the IP address of the DNS server as 1.1.1.1.

  • Page 113: Basic Ip Forwarding On The Device

    Basic IP forwarding on the device Upon receiving a packet, the device uses the destination IP address of the packet to find a match from the forwarding information base (FIB) table, and then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table.
  • Page 114 Task Command Display FIB entries. display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ]...

  • Page 115: Optimizing Ip Performance

    Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. Enabling an interface to receive and forward directed broadcasts destined for the directly connected network A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

  • Page 116: Configuring Mtu For An Interface

    Figure 49 Network diagram Configuration procedure # Specify an IP address for VLAN-interface 3. <Switch> system-view [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 1.1.1.2 24 [Switch-Vlan-interface3] quit # Specify an IP address for VLAN-interface 2, and enable VLAN-interface 2 to forward directed broadcasts destined for the directly connected network.

  • Page 117: Configuring Tcp Path Mtu Discovery

    is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, it fragments the segment according to the receiver's MSS. If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.

  • Page 118: Enabling Tcp Syn Cookie

    When the TCP source device receives an ICMP error message, it reduces the path MTU and starts • an age timer for the path MTU. After the age timer expires, the source device uses a larger MSS in the MTU table as described in •...

  • Page 119: Configuring Tcp Timers

    Configuring TCP timers You can configure the following TCP timers: • SYN wait timer—TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection. FIN wait timer—TCP starts the FIN wait timer when the state changes to FIN_WAIT_2.

  • Page 120: Disabling Forwarding Icmp Fragments

    If a packet does not match any route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source. If a packet is destined for the device but the transport layer protocol of the packet is not supported by the device, the device sends a Protocol Unreachable ICMP error packet to the source.

  • Page 121: Displaying And Maintaining Ip Performance Optimization

    Displaying and maintaining IP performance optimization Execute display commands in any view and reset commands in user view. Task Command Display brief information about RawIP connections. display rawip [ slot slot-number ] Display detailed information about RawIP display rawip verbose [ slot slot-number [ pcb connections.

  • Page 122: Configuring Udp Helper

    Configuring UDP helper Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.

  • Page 123: Displaying And Maintaining Udp Helper

    Step Command Remarks Specify a destination By default, no destination server udp-helper server ip-address server. is specified. Displaying and maintaining UDP helper Execute display command in any view and reset command in user view. Task Command Display information about packets forwarded display udp-helper interface interface-type interface-number by UDP helper.

  • Page 124: Verifying The Configuration

    [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1 # Enable the interface to receive directed broadcasts destined for the directly connected network. [SwitchA-Vlan-interface1] ip forward-broadcast Verifying the configuration # Display information about packets forwarded by UDP helper on VLAN-interface 1. [SwitchA-Vlan-interface1] display udp-helper interface vlan-interface 1 Interface Server address...

  • Page 125: Configuring Basic Ipv6 Settings

    Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.

  • Page 126: Ipv6 Addresses

    Stateful address autoconfiguration enables a host to acquire an IPv6 address and other • configuration information from a server (for example, a DHCPv6 server). For more information about DHCPv6 server, see "Configuring the DHCPv6 server." Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and •...

  • Page 127: Ipv6 Addresses

    An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network ID and the host ID of an IPv4 address. An IPv6 address prefix is written in IPv6-address/prefix-length notation, where the prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address comprises the address prefix.
  • Page 128 Multicast addresses IPv6 multicast addresses listed in Table 7 are reserved for special purposes. Table 7 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all-nodes multicast address. FF02::1 Link-local scope all-nodes multicast address. FF01::2 Node-local scope all-routers multicast address. FF02::2 Link-local scope all-routers multicast address.

  • Page 129: Ipv6 Nd Protocol

    IPv6 ND protocol The IPv6 Neighbor Discovery (ND) protocol uses the following ICMPv6 messages: Table 8 ICMPv6 messages used by ND ICMPv6 message Type Function Acquires the link-layer address of a neighbor. Neighbor Solicitation (NS) Verifies whether a neighbor is reachable. Detects duplicate addresses.

  • Page 130: Ipv6 Path Mtu Discovery

    Neighbor reachability detection After Host A acquires the link-layer address of its neighbor Host B, Host A can use NS and NA messages to test reachability of Host B as follows: Host A sends an NS message whose destination address is the IPv6 address of Host B. If Host A receives an NA message from Host B, Host A decides that Host B is reachable.

  • Page 131: Ipv6 Transition Technologies

    Figure 55 Path MTU discovery process The source host sends a packet no larger than its MTU to the destination host. If the MTU of a device's output interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host. After receiving the ICMPv6 error packet, the source host uses the returned MTU to limit the packet size, performs fragmentation, and sends the packets to the destination host.

  • Page 132: Ipv6 Basics Configuration Task List

    RFC 2460, Internet Protocol, Version 6 (IPv6) Specification • • RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification RFC 2464, Transmission of IPv6 Packets over Ethernet Networks • RFC 2526, Reserved IPv6 Subnet Anycast Addresses •...

  • Page 133: Configuring An Ipv6 Global Unicast Address

    Configuring an IPv6 global unicast address Use one of the following methods to configure an IPv6 global unicast address for an interface: • EUI-64 IPv6 address—The IPv6 address prefix of the interface is manually configured, and the interface identifier is generated automatically by the interface. Manual configuration—The IPv6 global unicast address is manually configured.

  • Page 134: Configuring An Ipv6 Anycast Address

    one. If you delete the manually assigned address, the automatically generated link-local address becomes effective. Configuring automatic generation of an IPv6 link-local address for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no link-local address is configured on an interface.

  • Page 135: Configuring Ipv6 Nd

    Configuring IPv6 ND This section describes how to configure IPv6 ND. Configuring a static neighbor entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry. The device uniquely identifies a static neighbor entry by the IPv6 address and the local Layer 3 interface number of the neighbor.

  • Page 136: Setting The Aging Timer For Nd Entries In Stale State

    Setting the aging timer for ND entries in stale state ND entries in stale state have an aging timer. If an ND entry in stale state is not refreshed before the timer expires, the ND entry changes to the delay state. If it is still not refreshed in 5 seconds, the ND entry changes to the probe state, and the device sends an NS message three times.

  • Page 137: Configuring Parameters For Ra Messages

    Configuring parameters for RA messages You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations. Table 9 describes the configurable parameters in an RA message.

  • Page 138: Configuring Parameters For Ra Messages

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable sending of RA undo ipv6 nd ra halt The default setting is disabled. messages. By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds.

  • Page 139: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    Step Command Remarks By default, an interface sends NS Set the NS retransmission messages every 1000 milliseconds, and ipv6 nd ns retrans-timer value timer. the value of the Retrans Timer field in RA messages is 0. Set the router preference in ipv6 nd router-preference { high By default, the router preference is RA messages.

  • Page 140: Configuring A Static Path Mtu For A Specific Ipv6 Address

    Step Command Remarks By default, no interface MTU is configured. This command does not take effect on Configure the interface MTU. ipv6 mtu mtu-size an IPv6 multicast packet for a switch does not check the packet size of an IPv6 multicast packet. Configuring a static path MTU for a specific IPv6 address You can configure a static path MTU for an IPv6 address.

  • Page 141: Enabling Replying To Multicast Echo Requests

    Enabling replying to multicast echo requests The device does not respond to multicast echo requests by default. In some scenarios, however, you must enable the device to answer multicast echo requests so the source host can obtain needed information. To enable the device to answer multicast echo requests: Step Command Remarks...

  • Page 142: Enabling Sending Icmpv6 Redirect Messages

    Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts a • timer. If the timer expires before all the fragments arrive, the device sends an ICMPv6 Fragment Reassembly Timeout message to the source. If the device receives large numbers of malicious packets, its performance degrades greatly because it must send back ICMP Time Exceeded messages.
  • Page 143 Task Command display ipv6 neighbors { { ipv6-address | all | dynamic | static } Display neighbor information. [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ] display ipv6 neighbors { { all | dynamic | static } [ slot Display the total number of neighbor slot-number ] | interface interface-type interface-number | vlan entries.

  • Page 144: Ipv6 Basics Configuration Example

    IPv6 basics configuration example Network requirements As shown in Figure 56, a host, Switch A, and Switch B are connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify that they are connected. Switch B can reach the host. Enable IPv6 on the host to automatically obtain an IPv6 address through IPv6 ND.

  • Page 145: Verifying The Configuration

    FE80::215:E9FF:FEA6:7D14 0015-e9a6-7d14 XGE1/1/5 STALE D 1238 2001::15B:E0EA:3524:E791 0015-e9a6-7d14 XGE1/1/5 STALE D 1248 The output shows that the IPv6 global unicast address that Host obtained is 2001::15B:E0EA:3524:E791. Verifying the configuration # Display the IPv6 interface settings on Switch A. All IPv6 global unicast addresses configured on the interface are displayed.
  • Page 146 InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1 Vlan-interface1 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF00:1C0 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds...
  • Page 147 InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es):...

  • Page 148: Troubleshooting Ipv6 Basics Configuration

    # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected. NOTE: When you ping a link-local address, use the -i parameter to specify an interface for the link-local address. [SwitchB] ping ipv6 -c 1 3001::1 PING6(104=40+8+56 bytes) 3001::2 -->...

  • Page 149: Dhcpv6 Overview

    DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 57, rapid assignment operates in the following steps: The DHCPv6 client sends a Solicit message that contains a Rapid Commit option to prefer rapid assignment.

  • Page 150: Address/Prefix Lease Renewal

    Figure 58 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.

  • Page 151: Stateless Dhcpv6

    Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device decides whether to perform stateless DHCP according to the managed address configuration flag (M flag) and the other stateful configuration flag (O flag) in the RA message received from the router during stateless address autoconfiguration.

  • Page 152: Configuring The Dhcpv6 Server

    Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses or IPv6 prefixes to DHCPv6 clients. IPv6 address assignment As shown in Figure 62, the DHCPv6 server assigns IPv6 addresses, domain name suffixes, DNS server addresses, and other configuration parameters to DHCPv6 clients. The IPv6 addresses assigned to the clients fall into the following types: •...

  • Page 153: Concepts

    Figure 63 IPv6 prefix assignment Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers, and uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).

  • Page 154: Dhcpv6 Address Pool

    The DHCPv6 server creates a prefix delegation (PD) for each assigned prefix to record the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and IPv6 address of the requesting client. DHCPv6 address pool The DHCP server selects IPv6 addresses, IPv6 prefixes, and other parameters from an address pool, and assigns them to the DHCP clients.

  • Page 155: Ipv6 Address/Prefix Allocation Sequence

    client against the subnets of all address pools, and selects the address pool with the longest-matching subnet. To avoid wrong address allocation, keep the subnet used for dynamic assignment consistent with the subnet where the interface of the DHCPv6 server or DHCPv6 relay agent resides. IPv6 address/prefix allocation sequence The DHCPv6 server selects an IPv6 address/prefix for a client in the following sequence: IPv6 address/prefix statically bound to the client's DUID and IAID and expected by the client.

  • Page 156: Configuration Guidelines

    Configuration guidelines An IPv6 prefix can be bound to only one DHCPv6 client. You cannot modify bindings that have • been created. To change the binding for a DHCPv6 client, you must delete the existing binding first. • Only one prefix pool can be applied to an address pool. You cannot modify prefix pools that have been applied.

  • Page 157: Configuring Ipv6 Address Assignment

    Configuring IPv6 address assignment Use one of the following methods to configure IPv6 address assignment: • Configure a static IPv6 address binding in an address pool: If you bind a DUID and an IAID to an IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client.

  • Page 158: Configuring Network Parameters Assignment

    Step Command Remarks By default, all IPv6 addresses except for the DHCPv6 server's IP address in a DHCPv6 address pool are assignable. (Optional.) Specify the IPv6 ipv6 dhcp server forbidden-address addresses excluded from start-ipv6-address If the excluded IPv6 address is in dynamic assignment.

  • Page 159: Configuring The Dhcpv6 Server On An Interface

    Step Command Remarks network prefix/prefix-length Specify an IPv6 subnet for By default, no IPv6 subnet is [ preferred-lifetime preferred-lifetime dynamic assignment. specified. valid-lifetime valid-lifetime ] (Optional.) Specify a DNS By default, no DNS server dns-server ipv6-address server address. address is specified. (Optional.) Specify a domain By default, no domain name domain-name domain-name...

  • Page 160: Displaying And Maintaining The Dhcpv6 Server

    Step Command Remarks By default, the interface discards Enable the DHCPv6 ipv6 dhcp select server DHCPv6 packets from DHCPv6 server on the interface. clients. • Configure global address assignment: ipv6 dhcp server { allow-hint | preference preference-value | Use one of the commands. rapid-commit } * Configure an By default, desired...

  • Page 161: Dhcpv6 Server Configuration Examples

    DHCPv6 server configuration examples Dynamic IPv6 prefix assignment configuration example Network requirements As shown in Figure 65, Switch serves as a DHCPv6 server to assign the IPv6 prefix, DNS server address, domain name, SIP server address, and SIP server name to each DHCPv6 client. switch assigns prefix...
  • Page 162 # Configure the DNS server address 2:2::3. [Switch-dhcp6-pool-1] dns-server 2:2::3 # Configure the domain name as aaa.com. [Switch-dhcp6-pool-1] domain-name aaa.com # Configure the SIP server address as 2:2::4, and the SIP server name as bbb.com. [Switch-dhcp6-pool-1] sip-server address 2:2::4 [Switch-dhcp6-pool-1] sip-server domain-name bbb.com [Switch-dhcp6-pool-1] quit # Enable the DHCPv6 server on VLAN-interface 2, enable desired prefix assignment and rapid prefix assignment, and set the preference to the highest.

  • Page 163: Dynamic Ipv6 Address Assignment Configuration Example

    In-use: 0 Static: 1 # After the client with the DUID 00030001CA0006A40000 obtains an IPv6 prefix, display the binding information on the DHCPv6 server. [Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use Pool: 1 IPv6 prefix Type Lease expiration 2001:410:201::/48 Static(C) Jul 10 19:45:01 2009 # After the other client obtains an IPv6 prefix, display binding information on the DHCPv6 server.
  • Page 164 [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface20 [SwitchA-Vlan-interface20] ipv6 dhcp select server [SwitchA-Vlan-interface20] quit # Exclude the DNS server address from dynamic assignment. [SwitchA] ipv6 dhcp server forbidden-address 1::1:0:0:2 [SwitchA] ipv6 dhcp server forbidden-address 1::2:0:0:2 # Configure the DHCPv6 address pool 1 to assign IPv6 addresses and other configuration parameters to clients in subnet 1::1:0:0:0/96.

  • Page 165: Configuring Tunneling

    Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end.
  • Page 166 If the destination address of the IPv6 packet is itself, Device B forwards it to the upper-layer protocol. If not, Device B forwards it according to the routing table. Tunnel modes IPv6 over IPv4 tunnels include manually configured tunnels and automatic tunnels, depending on how the IPv4 address of the tunnel destination is acquired.

  • Page 167: Ipv4 Over Ipv4 Tunneling

    border router of a 6to4 network must have the IPv4 address abcd:efgh configured on the interface connected to the IPv4 network. The subnet number identifies a subnet in the 6to4 network. The subnet number::interface ID uniquely identifies a host in the 6to4 network. 6to4 tunneling uses an IPv4 address to identify a 6to4 network.

  • Page 168: Ipv4 Over Ipv6 Tunneling

    Encapsulation: • Device A receives an IP packet from an IPv4 host and submits it to the IP protocol stack. The IPv4 protocol stack determines how to forward the packet according to the destination address in the IP header. If the packet is destined for the IPv4 host connected to Device B, Device A delivers the packet to the tunnel interface.

  • Page 169: Ipv6 Over Ipv6 Tunneling

    De-encapsulation: • Upon receiving the IPv6 packet from the attached IPv6 network, Device B delivers the packet to the IPv6 protocol stack to examine the protocol type encapsulated in the data portion of the packet. If the protocol type is IPv4, the IPv6 protocol stack delivers the packet to the tunneling module. The tunneling module removes the IPv6 header and delivers the remaining IPv4 packet to the IPv4 protocol stack.

  • Page 170: Protocols And Standards

    Protocols and standards RFC 1853, IP in IP Tunneling • • RFC 2473, Generic Packet Tunneling in IPv6 Specification RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers • RFC 3056, Connection of IPv6 Domains via IPv4 Clouds • RFC 4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) •...

  • Page 171: Configuring An Ipv6 Over Ipv4 Manual Tunnel

    Step Command Remarks By default, no tunnel interface is created. When you create a new tunnel interface, you must specify the interface tunnel number mode Create a tunnel interface, specify tunnel mode. When you enter the { gre [ ipv6 ] | ipv4-ipv4 | the tunnel mode, and enter tunnel view of an existing tunnel interface, ipv6 | ipv6-ipv4 [ 6to4 |...

  • Page 172: Configuration Example

    The tunnel destination address specified on the local device must be identical with the tunnel source • address specified on the tunnel peer device. The tunnels in the same mode on a device must not use the same tunnel source and destination •...
  • Page 173 cannot be automatically obtained from the destination IPv6 addresses of packets, configure an IPv6 over IPv4 manual tunnel. Figure 73 Network diagram Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4.

  • Page 174: Configuring A 6To4 Tunnel

    [SwitchB-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 3003::1 64 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Add Ten-GigabitEthernet 1/1/5 to service loopback group 1.

  • Page 175: 6To4 Tunnel Configuration Example

    as the IPv6 address of the tunnel interface. You can specify the local tunnel interface as the egress interface of the route or specify the IPv6 address of the peer tunnel interface as the next hop of the route. For the detailed configuration, see Layer 3—IP Routing Configuration Guide. •...

  • Page 176: Configuration Considerations

    Figure 74 Network diagram Configuration considerations To enable communication between 6to4 networks, configure 6to4 addresses for 6to4 switches and hosts in the 6to4 networks. The IPv4 address of VLAN-interface 100 on Switch A is 2.1.1.1/24, and the prefix is • 2002:0201:0101::/48 after it is translated to a 6to4 address.
  • Page 177 [SwitchA-Tunnel0] source vlan-interface 100 [SwitchA-Tunnel0] quit # Configure a static route destined for 2002::/16 through the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 0 Configure Switch B: • # Specify an IPv4 address for VLAN-interface 100. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 5.1.1.1 24 [SwitchB-Vlan-interface100] quit # Specify a 6to4 address for VLAN-interface 101.

  • Page 178: Configuring An Isatap Tunnel

    Configuring an ISATAP tunnel Follow these guidelines when you configure an ISATAP tunnel: • You do not need to configure a destination address for an ISATAP tunnel, because the destination IPv4 address is embedded in the ISATAP address. Because automatic tunnels do not support dynamic routing, configure a static route destined for the •...
  • Page 179 Figure 75 Network diagram Configuration procedure Make sure the corresponding VLAN interfaces have been created on the switch. Make sure VLAN-interface 101 on the ISATAP switch and the ISATAP host can reach each other through IPv4. Configure the switch: • # Specify an IPv6 address for VLAN-interface 100.
  • Page 180 # Install IPv6. C:\>ipv6 install # On a host running Windows XP, the ISATAP interface is usually interface 2. Configure the IPv4 address of the ISATAP router on the interface to complete the configuration on the host. Before doing that, view the ISATAP interface information: C:\>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}...

  • Page 181: Configuring An Ipv4 Over Ipv4 Tunnel

    C:\>ping 2001::5efe:1.1.1.1 Pinging 2001::5efe:1.1.1.1 with 32 bytes of data: Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Ping statistics for 2001::5efe:1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms Configuring an IPv4 over IPv4 tunnel...

  • Page 182: Configuration Example

    Step Command Remarks By default, no destination address is configured for the tunnel interface. Configure a destination The tunnel destination address must be address for the tunnel destination ip-address the IP address of the receiving interface interface. on the tunnel peer. It is used as the destination IP address of tunneled packets.
  • Page 183 # Create an IPv4 over IPv4 tunnel interface tunnel 1. [SwitchA] interface tunnel 1 mode ipv4-ipv4 # Specify an IPv4 address for the tunnel interface. [SwitchA-Tunnel1] ip address 10.1.2.1 255.255.255.0 # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchA-Tunnel1] source 2.1.1.1 # Specify the IP address of VLAN-interface 101 on Switch B as the destination address for the tunnel interface.

  • Page 184: Configuring An Ipv4 Over Ipv6 Tunnel

    # Ping the IPv4 address of the peer interface VLAN-interface 100 from each switch. The following shows the output on Switch A. [SwitchA] ping -a 10.1.1.1 10.1.3.1 Ping 10.1.3.1 (10.1.3.1) from 10.1.1.1: 56 data bytes, press CTRL_C to break 56 bytes from 10.1.3.1: icmp_seq=0 ttl=255 time=2.000 ms 56 bytes from 10.1.3.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.3.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.3.1: icmp_seq=3 ttl=255 time=1.000 ms...

  • Page 185: Configuration Example

    Step Command Remarks By default, no destination address is configured for the tunnel. Configure the The tunnel destination address must be destination address for destination ipv6-address the IPv6 address of the receiving interface the tunnel interface. on the tunnel peer. It is used as the destination IPv6 address of tunneled packets.
  • Page 186 # Specify an IPv4 address for the tunnel interface. [SwitchA-Tunnel1] ip address 30.1.2.1 255.255.255.0 # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchA-Tunnel1] source 2001::1:1 # Specify the IP address of VLAN-interface 101 on Switch B as the destination address for the tunnel interface.

  • Page 187: Configuring An Ipv6 Over Ipv6 Tunnel

    Ping 30.1.3.1 (30.1.3.1) from 30.1.1.1: 56 data bytes, press CTRL_C to break 56 bytes from 30.1.3.1: icmp_seq=0 ttl=255 time=3.000 ms 56 bytes from 30.1.3.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 30.1.3.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 30.1.3.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 30.1.3.1: icmp_seq=4 ttl=255 time=1.000 ms --- Ping statistics for 30.1.3.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss...

  • Page 188: Configuration Example

    Step Command Remarks By default, no destination address is configured for the tunnel. Configure the destination The tunnel destination address address for the tunnel destination ipv6-address must be the IPv6 address of the interface. receiving interface on the tunnel peer. It is used as the destination IPv6 address of tunneled packets.
  • Page 189 # Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1. [SwitchA] interface Ten-GigabitEthernet 1/1/5 [SwitchA-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/1/5] quit # Create an IPv6 tunnel interface tunnel 1. [SwitchA] interface tunnel 1 mode ipv6 # Specify an IPv6 address for the tunnel interface. [SwitchA-Tunnel1] ipv6 address 3001::1:1 64 # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface.

  • Page 190: Displaying And Maintaining Tunneling Configuration

    Verifying the configuration # Use the display ipv6 interface command to display the status of the tunnel interfaces on Switch A and Switch B. The output shows that the tunnel interfaces are up. (Details not shown.) # Ping the IPv4 address of the peer interface from each switch. The following shows the output on Switch [SwitchA] ping ipv6 -a 2002:1::1 2002:3::1 Ping6(56 data bytes) 2002:1::1 -->...
  • Page 191 Use the display ipv6 routing-table or display ip routing-table command to check whether the tunnel destination is reachable. If the route is not available, configure a route to reach the tunnel destination.

  • Page 192: Configuring Gre

    Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate multiple network layer protocols into virtual point-to-point tunnels over an IP network. Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. GRE encapsulation format Figure 79 GRE encapsulation format As shown in...

  • Page 193: Gre Encapsulation And De-Encapsulation

    GRE encapsulation and de-encapsulation Figure 81 X protocol networks interconnected through a GRE tunnel The following takes the network shown in Figure 81 as an example to describe how an X protocol packet traverses an IP network through a GRE tunnel: Encapsulation process After receiving an X protocol packet from the interface connected to Group 1, Device A submits it to the X protocol for processing.

  • Page 194: Configuration Prerequisites

    You must configure the tunnel source address and destination address at both ends of a tunnel, and • the tunnel source or destination address at one end must be the tunnel destination or source address at the other end. • Local tunnel interfaces using the same encapsulation protocol must not have the same tunnel source and destination addresses.
  • Page 195 Step Command Remarks By default, no source address or interface is configured for a tunnel interface. If you configure a source address for a tunnel interface, the tunnel Configure a source interface uses the source address address or source source { ip-address | interface-type as the source address of the interface for the tunnel interface-number }...

  • Page 196: Configuring A Gre Over Ipv6 Tunnel

    Configuring a GRE over IPv6 tunnel Follow these guidelines when you configure a GRE over IPv6 tunnel: • You must configure the tunnel source address and destination address at both ends of a tunnel, and the tunnel source or destination address at one end must be the tunnel destination or source address at the other end.

  • Page 197: Displaying And Maintaining Gre

    Step Command Remarks By default, no source IPv6 address or interface is configured for a tunnel interface. If you configure a source IPv6 address for a tunnel interface, the tunnel interface uses the source Configure a source IPv6 IPv6 address as the source IPv6 source { ipv6-address | address or source interface for address of the encapsulated...

  • Page 198: Gre Configuration Examples

    Task Command Remarks For more information about this Display information about display interface [ tunnel [ number ] ] command, see Layer 3—IP Services tunnel interfaces. [ brief ] Command Reference. For more information about this Display IPv6 information about display ipv6 interface [ tunnel command, see Layer 3—IP Services tunnel interface.
  • Page 199 # Create service loopback group 1, and configure the service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Add port Ten-GigabitEthernet 1/1/5 to service loopback group 1. [SwitchA] interface Ten-GigabitEthernet 1/1/5 [SwitchA-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/1/5] quit # Create a tunnel interface Tunnel1, and specify the tunnel mode as GRE over IPv4.
  • Page 200 # Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel1] source vlan-interface 101 # Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch A. [SwitchB-Tunnel1] destination 1.1.1.1 [SwitchB-Tunnel1] quit # Configure a static route from Switch B through the tunnel interface to Group 1.

  • Page 201: Gre Over Ipv6 Configuration Example

    # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping -a 10.1.3.1 10.1.1.1 PING 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=11.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms...
  • Page 202 [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2002::1:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1, and configure the service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Add port Ten-GigabitEthernet 1/1/5 to service loopback group 1. [SwitchA] interface Ten-GigabitEthernet 1/1/5 [SwitchA-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/1/5] quit...
  • Page 203 # Configure an IP address for the tunnel interface. [SwitchB-Tunnel0] ip address 10.1.2.2 255.255.255.0 # Configure the source address of tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel0] source 2001::2:1 # Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch A.

  • Page 204: Troubleshooting Gre

    # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping -a 10.1.3.1 10.1.1.1 Ping 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=11.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms...

  • Page 205: Support And Other Resources

    Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • • Technical support registration number (if applicable) Product serial numbers •...

  • Page 206: Conventions

    HP Education http://www.hp.com/learn • Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.
  • Page 207 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 208: Index

    Index Numerics DHCPv6 server dynamic IPv6 address assignment, 6to4 DHCPv6 server IPv6 address assignment, tunnel configuration, IP address classes, 6to4 tunnel IP addressing configuration, 16, IPv6/IPv4 tunneling, IP addressing interface IP address, IPv6 addresses, 1 18 address special IP addresses, BOOTP client address acquisition (on stateless DHCPv6, interface),...
  • Page 209 maintaining, DHCP server BOOTP response format, maintaining snooping, displaying client, max number dynamic entry configuration, maintaining client, message format, broadcast multiport entry configuration, DHCP server response broadcast, operation, UDP helper configuration, 1 15 proxy ARP configuration, buffer snooping configuration, TCP buffer size, 1 10 static configuration, static entry configuration,...
  • Page 210 common proxy ARP, directed broadcast forward, DDNS, DNS, 76, DDNS (DDNS server), DNS proxy, DDNS (DNS server), DNS spoofing, DDNS client, gratuitous ARP, 10, DDNS policy, GRE, 184, 190, DHCP address pool static binding, GRE over IPv4, DHCP client, 59, GRE over IPv4 tunnel (dynamic routing protocol), DHCP client ID for interface,...
  • Page 211 IPv6 path MTU discovery, device IPv6 RA message parameter, 129, BOOTP client configuration, IPv6 static path MTU, common proxy ARP configuration, IPv6/IPv4 manual tunnel, DDNS client policy application, IPv6/IPv6 tunnel, DDNS configuration (DDNS server), ISATAP tunnel, DDNS configuration (DNS server), max number ARP dynamic entries, DHCP client configuration, proxy ARP,...
  • Page 212 TCP SYN cookie, 1 10 message format, TCP timer, 1 1 1 Option #, 25, See also Option # DHCP Option 121, address assignment, Option 150, address pool, Option 184 (reserved), 25, address pool application on interface, Option 3;Option 003, address pool selection, Option 33;Option 033, address pool static binding,...
  • Page 213 server IP address dynamic assignment, server configuration on interface, server IP address static assignment, server dynamic IPv6 address assignment, server response broadcast, server dynamic IPv6 prefix assignment, server self-defined option configuration, server IPv6 address assignment, server specification on relay agent, server IPv6 prefix assignment, server user class configuration, server network parameters assignment,...
  • Page 214 IPv6 client static domain name IPv6 DNS client dynamic domain name resolution, 81, resolution, 82, IPv6 configuration, IPv6 dynamic path MTU aging timer, IPv6 proxy configuration, Dynamic Domain Name System. Use DDNS maintaining IPv4 DNS, Dynamic Host Configuration Protocol. See DHCP packet source interface, proxy,...
  • Page 215 common proxy ARP configuration, encapsulation format, DHCP client configuration, 59, IPv6 tunneling, DHCP server configuration, 29, 31, protocols, DHCP server IP address dynamic standards, assignment, troubleshooting, DHCP server IP address static assignment, tunnel configuration, DHCP server self-defined option configuration, header DHCP server user class configuration, GRE encapsulation, DHCP snooping basic configuration,...
  • Page 216 ARP dynamic table entry, DHCPv6 server configuration, 147, ARP message format, DHCPv6 server configuration on interface, ARP multiport entry configuration, DHCPv6 server dynamic IPv6 address assignment, ARP operation, DHCPv6 server dynamic IPv6 prefix ARP snooping configuration, assignment, ARP static configuration, DHCPv6 server IPv6 address assignment, ARP static entry configuration, DHCPv6 server IPv6 prefix assignment,...
  • Page 217 IPv6 ND link-local entry minimization, TCP timer, 1 1 1 IPv6 ND max number dynamic neighbor IP services entries, DHCP address allocation, IPv6 ND neighbor reachability detection, DHCP address pool, IPv6 ND protocol, DHCP address pool application on interface, IPv6 ND protocol address resolution, DHCP client BIMS server information, 37, IPv6 ND redirection, DHCP client DNS server,...
  • Page 218 DHCP-REQUEST message attack protection, automatic IPv4-compatible tunneling, DHCPv6 configuration, basic settings configuration, 17, 124, DHCPv6 overview, DHCPv6. See DHCPv6 DHCPv6 server configuration, 147, displaying basics, DHCPv6 server dynamic IPv6 address DNS client configuration, assignment, DNS configuration, DHCPv6 server dynamic IPv6 prefix DNS proxy configuration, 82, assignment, DNS spoofing configuration,...
  • Page 219 ND neighbor reachability detection, UDP helper configuration, 1 15 ND protocol, learning ND protocol address resolution, IPv6 ND max number dynamic neighbor entries, ND redirection, lease ND stale state entry aging timer configuration, DHCP IP address lease extension, ND static neighbor entry configuration, DHCPv6 address/prefix lease renewal, path MTU discovery, DHCPv6 PD,...
  • Page 220 ARP snooping configuration, IPv4 DNS configuration, ARP static configuration, IPv4 DNS proxy configuration, common proxy ARP configuration, IPv6 DNS client configuration, DHCP format, IPv6 DNS client dynamic domain name resolution, 82, DHCP-REQUEST message attack protection, IPv6 DNS client static domain name DHCPv6 assignment (4 messages), resolution, 81, DHCPv6 rapid assignment (2 messages),...
  • Page 221 DHCP client DNS server, IP addressing IP unnumbered, DHCP client gateway, IP addressing masking, DHCP client ID configuration for interface, IP addressing subnetting, DHCP client server specification, IP services ARP fast update configuration, DHCP relay agent enable on interface, IPv4 DNS client configuration, DHCP relay agent security functions, IPv4 DNS proxy configuration, DHCP server address pool configuration,...
  • Page 222 IPv6/IPv4 tunneling, DNS spoofing, IPv6/IPv6 tunnel configuration, gratuitous ARP configuration, IPv6/IPv6 tunneling, IP addressing configuration, 16, ISATAP tunnel configuration, IP forwarding, max number ARP dynamic entry IP performance optimization, configuration, IPv4 DNS configuration, special IP addresses, IPv6 basic settings configuration, 17, 124, TCP buffer size, 1 10...
  • Page 223 reserved option, 25, IPv6 link-local address configuration, voice client parameters, IPv6 max number NS message sent attempts, Option 3 (DHCP);Option 003 (DHCP), IPv6 multicast echo request reply, Option 33 (DHCP);Option 033 (DHCP), IPv6 ND configuration, Option 43 (DHCP);Option 043 (DHCP), 25, IPv6 ND duplicate address detection, Option 51 (DHCP);Option 051 (DHCP), IPv6 ND hop limit,...
  • Page 224 DHCPv6 address/prefix assignment, configuring DHCP relay agent security functions, DHCPv6 address/prefix lease renewal, configuring DHCP self-defined options, DHCPv6 dynamic prefix allocation, configuring DHCP server, 31, DHCPv6 IPv6 address assignment, configuring DHCP server address pool, DHCPv6 IPv6 address/prefix allocation configuring DHCP server BOOTP response sequence, format, DHCPv6 IPv6 prefix assignment,...

  • Page 225: Configuring Udp Helper

    configuring IP performance optimization configuring IPv6 RA message parameters, 129, interface MTU, configuring IPv6 static path MTU, configuring IP performance optimization configuring IPv6/IPv4 manual tunnel, interface TCP MSS, configuring IPv6/IPv6 tunnel, configuring IP performance optimization TCP configuring ISATAP tunnel, buffer size, 1 10 configuring max number ARP dynamic entries, configuring IP performance optimization TCP...
  • Page 226 enabling DHCP server on interface, specifying DHCP server address pool IP address range (primary subnet/multiple secondary enabling DHCP snooping starvation attack subnets), protection, specifying DHCP server on relay agent, enabling DHCP-REQUEST message attack protection, specifying DNS interface, enabling directed broadcast specifying DNS packet source interface, receive/forward, specifying IPv6 interface link-local address...
  • Page 227 DHCP enable on interface, DDNS configuration, DHCP operation, DDNS configuration (DDNS server), DHCP Option 82, 25, DDNS configuration (DNS server), DHCP Option 82 configuration, 55, DDNS policy configuration, DHCP Option 82 support, DHCP snooping trusted port, DHCP overview, DHCP snooping untrusted port, DHCP security functions, directed broadcast forward configuration, DHCP server specification on relay agent,...
  • Page 228 DHCP relay agent relay entry recording, DHCPv6 configuration on interface, DHCP relay agent security functions, DHCPv6 DUID, DHCP relay agent starvation attack DHCPv6 dynamic IPv6 address assignment, protection, DHCPv6 dynamic IPv6 prefix assignment, DHCP snooping basic configuration, DHCPv6 IPv6 address assignment, DHCP snooping configuration, 64, DHCPv6 IPv6 prefix assignment, DHCP snooping entry save,...
  • Page 229 DHCP server IP address assignment, temporary DHCPv6 static address allocation, DHCPv6 temporary address assignment, DHCPv6 static prefix allocation, DHCPv6 temporary IPv6 address, DNS domain name resolution, time IPv4 DNS client static domain name ICMPv6 time exceeded message, resolution, 80, timer IPv6 DNS client static domain name ARP dynamic entry aging timer configuration, resolution, 81,...
  • Page 230 IPv6 tunneling technology, DHCP snooping basic configuration, IPv6/IPv4 manual tunnel configuration, DHCP snooping configuration, IPv6/IPv4 tunneling, UDP helper configuration, 1 15 IPv6/IPv6 tunnel configuration, IPv6/IPv6 tunneling, tunneling configuration, 157, ISATAP tunnel configuration, ISATAP tunneling, Windows Layer 3 virtual tunnel interface, BOOTP client configuration, 74, maintaining, DHCP client configuration, 59,...

Table of Contents