Page of 221
Download Table of ContentsContents Print This PagePrint Bookmark
HP 5920 & 5900 Switch Series
Layer 3 - IP Services
Part number: 5998-2894
Software version: Release2207
Document version: 6W100-20121130

Advertising

   Summary of Contents for HP 5920 Series

  • Page 1: Configuration Guide

    HP 5920 & 5900 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-2894 Software version: Release2207 Document version: 6W100-20121130...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring ARP ··························································································································································· 1   Overview ············································································································································································ 1   ARP message format ················································································································································ 1   ARP operating mechanism ······································································································································ 1   ARP table ··································································································································································· 2   Configuring a static ARP entry ········································································································································· 3   Configuring a multiport ARP entry ··································································································································· 4  ...

  • Page 4: Table Of Contents

    Configuration procedure ······································································································································ 19   Verifying the configuration ··································································································································· 19   DHCP overview ·························································································································································· 21   DHCP address allocation ·············································································································································· 21   Allocation mechanisms ········································································································································· 21   Dynamic IP address allocation process··············································································································· 22   IP address lease extension···································································································································· 22   DHCP message format ···················································································································································...

  • Page 5: Table Of Contents

    DHCP relay agent configuration task list ····················································································································· 49   Enabling DHCP ······························································································································································ 50   Enabling the DHCP relay agent on an interface ········································································································ 50   Specifying DHCP servers on a relay agent ················································································································· 50   Configuring the DHCP relay agent security functions ································································································ 51  ...

  • Page 6: Table Of Contents

    Configuring DNS ······················································································································································· 73   Overview ········································································································································································· 73   Static domain name resolution ····························································································································· 73   Dynamic domain name resolution ······················································································································· 73   DNS proxy ····························································································································································· 74   DNS spoofing ························································································································································ 75   DNS configuration task list ············································································································································ 76   Configuring the IPv4 DNS client ··································································································································...

  • Page 7: Table Of Contents

    Configuring TCP MSS for an interface ······················································································································ 103   Configuring TCP path MTU discovery ······················································································································· 104   Enabling TCP SYN Cookie ·········································································································································· 105   Configuring the TCP buffer size ·································································································································· 105   Configuring TCP timers ················································································································································ 105   Enabling sending ICMP error packets ······················································································································· 106  ...

  • Page 8: Table Of Contents

    IPv6 basics configuration example ···························································································································· 130   Network requirements ········································································································································· 130   Configuration procedure ···································································································································· 131   Verifying the configuration ································································································································· 131   Troubleshooting IPv6 basics configuration ················································································································ 135   Symptom ······························································································································································· 135   Solution ································································································································································· 135   DHCPv6 overview ··················································································································································· 136  ...

  • Page 9: Table Of Contents

      GRE over IPv6 configuration example ·············································································································· 187   Troubleshooting GRE ··················································································································································· 190   Support and other resources ·································································································································· 191   Contacting HP ······························································································································································ 191   Subscription service ············································································································································ 191   Related information ······················································································································································ 191   Documents ···························································································································································· 191  ...

  • Page 10: Configuring Arp, Arp Message Format

    Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages.

  • Page 11: Arp Table

    If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request comprises the following information: Sender IP address and sender MAC address—Host A's IP address and MAC address Target IP address—Host B's IP address Target MAC address—An all-zero MAC address All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)

  • Page 12: Configuring A Static Arp Entry

    Static ARP entry A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. Static ARP entries include long, short, and multiport ARP entries.

  • Page 13: Configuring A Multiport Arp Entry

    Step Command Remarks • Configure a long static ARP entry: arp static ip-address mac-address vlan-id interface-type interface-number Use either command. Configure a static ARP [ vpn-instance vpn-instance-name ] By default, no static ARP entry is entry. • Configure a short static ARP entry: configured.

  • Page 14: Setting The Aging Timer For Dynamic Arp Entries

    The Layer-2 interface can learn an ARP entry only when both its maximum number and the VLAN interface's maximum number are not reached. To set the maximum number of dynamic ARP entries that an interface can learn: Step Command Remarks Enter system view.

  • Page 15: Displaying And Maintaining Arp

    Displaying and maintaining ARP IMPORTANT: Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be cleared do not affect current communications. Execute display commands in any view and reset commands in user view. Task Command display arp [ [ all | dynamic | multiport | static ] [ slot...

  • Page 16: Configuration Procedure

    Figure 3 Network diagram Configuration procedure # Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface Ten-GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface Ten-GigabitEthernet 1/0/1 [Switch-Ten-GigabitEthernet1/0/1] port access vlan 10 [Switch-Ten-GigabitEthernet1/0/1] quit # Create VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 8 [Switch-vlan-interface10] quit...

  • Page 17

    Configure a multiport ARP entry to send IP packets with destination IP address 192.168.1.1 to the three servers. Figure 4 Network diagram   Swtich XGE1/0/1 XGE1/0/3 XGE1/0/2 Server Server Server Server group 192.168.1.1/24 00e0-fc01-0000 Configuration procedure # Create VLAN 10. <Switch>...

  • Page 18

    # Display ARP information. [Switch] display arp Type: S-Static D-Dynamic M-Multiport I-Invalid IP Address MAC Address VLAN Interface Aging Type 192.168.1.1 00e0-fc01-0000...

  • Page 19: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device.

  • Page 20

    If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router in the VRRP group.

  • Page 21: Configuring Proxy Arp

    Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP.

  • Page 22: Common Proxy Arp Configuration Example

    Common proxy ARP configuration example Network requirements As shown in Figure 5, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch (Host A belongs to VLAN 1, and Host D belongs to VLAN 2). No default gateway is configured on Host A and Host D.

  • Page 23: Configuring Arp Snooping

    Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. If you enable ARP snooping on a VLAN, ARP packets received by any interface in the VLAN are redirected to the CPU.

  • Page 24: Configuring Ip Addressing, Ip Address Classes

    Configuring IP addressing The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) and PPP address negotiation are beyond the scope of this chapter.

  • Page 25: Subnetting And Masking

    Class Address range Remarks 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 Multicast addresses. Reserved for future use, except for the broadcast 240.0.0.0 to 255.255.255.255 address 255.255.255.255. Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses: IP address with an all-zero net ID—Identifies a host on the local network.

  • Page 26: Assigning An Ip Address To An Interface, Configuring Ip Unnumbered

    Assigning an IP address to an interface An interface must have an IP address to communicate with other hosts. You can either manually assign an IP address to an interface, or configure the interface to obtain an IP address through BOOTP, or DHCP. If you change the way an interface obtains an IP address, the new IP address will overwrite the previous address.

  • Page 27: Configuration Prerequisites

    Configuration prerequisites Assign an IP address to the interface from which you want to borrow the IP address. Alternatively, you can configure the interface to obtain one through BOOTP, or DHCP. Configuration procedure To configure IP unnumbered on an interface: Step Command Remarks...

  • Page 28

    Figure 8 Network diagram 172.16.1.0/24 Switch Host B Vlan-int1 172.16.1.1/24 172.16.1.2/24 172.16.2.1/24 sub 172.16.2.2/24 Host A 172.16.2.0/24 Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1. <Switch> system-view [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0 [Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub # Set the gateway address to 172.16.1.1 on the PCs attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to subnet 172.16.2.0/24.

  • Page 29

    56 bytes from 172.16.2.2: icmp_seq=1 ttl=255 time=7.000 ms 56 bytes from 172.16.2.2: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 172.16.2.2: icmp_seq=3 ttl=255 time=2.000 ms 56 bytes from 172.16.2.2: icmp_seq=4 ttl=255 time=1.000 ms --- 172.16.2.2 ping statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 1.000/2.600/7.000/2.245 ms The output shows that the switch can communicate with the hosts on subnet 172.16.2.0/24.

  • Page 30: Dhcp Overview, Dhcp Address Allocation, Allocation Mechanisms

    DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 9 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent.

  • Page 31: Dynamic Ip Address Allocation Process, Ip Address Lease Extension

    Dynamic IP address allocation process Figure 10 Dynamic IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.

  • Page 32: Dhcp Message Format

    DHCP message format Figure 1 1 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 11 DHCP message format op—Message type defined in options field. 1 = REQUEST, 2 = REPLY •...

  • Page 33: Dhcp Options

    DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information to clients. Figure 12 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.

  • Page 34

    ACS parameters, including the ACS URL, username, and password. • • PXE server address, which is used to obtain the boot file or other control information from the PXE server. Format of Option 43: Figure 13 Option 43 format Network configuration parameters are carried in different sub-options of Option 43 as shown Figure Sub-option type—The field value can be 0x01 (ACS parameter sub-option), 0x02 (service provider identifier sub-option), or 0x80 (PXE server address sub-option).

  • Page 35: Protocols And Standards

    The administrator can use Option 82 to locate the DHCP client and further implement security control and accounting. The DHCP server can use Option 82 to provide individual configuration policies for the clients. Option 82 can contain up to 255 sub-options and must have one sub-option at least. Option 82 supports two sub-options: sub-option 1 (Circuit ID) and sub-option 2 (Remote ID).

  • Page 36: Configuring The Dhcp Server, Dhcp Address Pool

    Configuring the DHCP server Overview The DHCP server is well suited to networks where: Manual configuration and centralized management are difficult to implement. • IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users •...

  • Page 37: Ip Address Allocation Sequence

    If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or it is not configured, the address allocation fails. NOTE: All address ranges must belong to the primary subnet.

  • Page 38: Dhcp Server Configuration Task List

    IP address that was ever assigned to the client. IP address designated by the Option 50 field in the DHCP-DISCOVER message sent by the client. Option 50 is the Requested IP Address option. The client uses this option to specify the wanted IP address in a DHCP-DISCOVER message.

  • Page 39: Creating A Dhcp Address Pool

    Creating a DHCP address pool Step Command Remarks Enter system view. system-view Create a DHCP address pool By default, no DHCP address dhcp server ip-pool pool-name and enter its view. pool is created. Specifying IP address ranges for a DHCP address pool You can configure both static and dynamic address allocation mechanisms in a DHCP address pool.

  • Page 40

    Step Command Remarks Enter address pool view. dhcp server ip-pool pool-name Specify the primary subnet for network network-address By default, no primary subnet is the address pool. [ mask-length | mask mask ] specified. (Optional.) Specify the common address range start-address By default, no IP address range address range.

  • Page 41

    You can specify a maximum of 32 secondary subnets in each address pool. • • IP addresses specified by the forbidden-ip command are not assignable in the current address pool, but are assignable in other address pools. IP addresses specified by the dhcp server forbidden-ip command are not assignable in any address pool.

  • Page 42: Configuring Gateways For The Client

    The IP address of a static binding cannot be the address of the DHCP server interface. Otherwise, • an IP address conflict occurs and the bound client cannot obtain an IP address correctly. To configure a static binding for a DHCP client whose interfaces use the same MAC address, you •...

  • Page 43: Configuring A Domain Name Suffix For The Client, Configuring Dns Servers For The Client

    Configuring a domain name suffix for the client You can specify a domain name suffix in a DHCP address pool on the DHCP server. With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution.

  • Page 44: Configuring Bims Server Information For The Client

    Step Command Remarks Enter system view. system-view Enter DHCP address pool dhcp server ip-pool pool-name view. This step is optional for b-node. Specify WINS servers. nbns-list ip-address&<1-8> By default, no WINS server is specified. Specify the NetBIOS node netbios-type { b-node | h-node | By default, no NetBIOS node type is type.

  • Page 45: Specifying A Server For The Dhcp Client

    Step Command Remarks • Specify the IP address of the TFTP server: Use either command. tftp-server ip-address ip-address Specify the IP address or the By default, no TFTP server is name of a TFTP server. • Specify the name of the TFTP server: specified.

  • Page 46: Configuring Self-defined Dhcp Options

    Step Command Remarks (Optional.) Configure the voice voice-config voice-vlan vlan-id By default, no voice VLAN is VLAN. { disable | enable } configured. By default, no failover IP (Optional.) Specify the failover IP voice-config fail-over ip-address address or dialer string is address and dialer string.

  • Page 47: Enabling Dhcp

    Corresponding Recommended option Option Option name command command parameters TFTP server name tftp-server ascii Boot file name bootfile-name ascii Vendor Specific Information Enabling DHCP You must enable DHCP to validate other DHCP configurations. To enable DHCP: Step Command Remarks Enter system view. system-view Enable DHCP.

  • Page 48: Configuring Ip Address Conflict Detection

    Step Command Remarks By default, no address pool is applied on an interface. Apply an address pool on the dhcp server apply ip-pool If the applied address pool does not interface. pool-name exist, the DHCP server fails to perform address allocation. Configuring IP address conflict detection Before assigning an IP address, the DHCP server pings that IP address.

  • Page 49: Configuring Dhcp Server Compatibility

    Configuring DHCP server compatibility Perform this task to enable the DHCP server to support DHCP clients that are incompliant with RFC. Configuring the DHCP server to broadcast all responses Typically, the DHCP server broadcasts a response only when the broadcast flag in the DHCP request is set to 1.

  • Page 50: Displaying And Maintaining The Dhcp Server, Dhcp Server Configuration Examples

    Step Command Remarks By default, sending BOOTP responses in RFC 1048 format by the DHCP server is disabled. Enable the DHCP server to dhcp server bootp send BOOTP responses in This configuration takes effect only on the reply-rfc-1048 RFC 1048 format. BOOTP clients that request for a statically bound address.

  • Page 51: Static Ip Address Assignment Configuration Example

    Static IP address assignment configuration example Network requirements As shown in Figure 16, Switch B (DHCP client) and Switch C (BOOTP client) obtain the static IP address, DNS server address, and gateway address from Switch A (DHCP server). The client ID of VLAN-interface 2 on Switch B is: 0030-3030-662e-6532-3439-2e38-3035-302d-566c-616e-2d69-6e74-6572-6661-6365-32.

  • Page 52: Dynamic Ip Address Assignment Configuration Example

    [SwitchA-dhcp-pool-0] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-0] quit Verifying the configuration After the preceding configuration is complete, Switch B can obtain IP address 10.1.1.5 and other network parameters, and Switch C can obtain IP address 10.1.1.6 and other network parameters from Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients.

  • Page 53: Network Requirement

    [SwitchA-Vlan-interface20] quit # Exclude IP addresses (addresses of the DNS server, WINS server and gateways). [SwitchA] dhcp server forbidden-ip 10.1.1.2 [SwitchA] dhcp server forbidden-ip 10.1.1.4 [SwitchA] dhcp server forbidden-ip 10.1.1.126 [SwitchA] dhcp server forbidden-ip 10.1.1.254 # Configure DHCP address pool 1 to assign IP addresses and other configuration parameters to clients in subnet 10.1.1.0/25.

  • Page 54

    Figure 18 Network diagram Configuration procedure Specify IP addresses for interfaces on DHCP server and DHCP relay agent. (Details not shown.) Configure DHCP services: # Enable DHCP and configure the DHCP server to handle Option 82. <SwitchB> system-view [SwitchB] dhcp enable [SwitchB] dhcp server relay information enable # Enable DHCP server on VLAN-interface10.

  • Page 55: Troubleshooting Dhcp Server Configuration

    Self-defined option configuration example Network requirements As shown in Figure 19, the DHCP client (Switch B) obtains an IP address and PXE server addresses from the DHCP server (Switch A). The IP address belongs to subnet 10.1.1.0/24. The PXE server addresses are 1.2.3.4 and 2.2.2.2.

  • Page 56: Analysis

    Analysis Another host on the subnet might have the same IP address. Solution Disable the client's network adapter or disconnect the client's network cable. Ping the IP address of the client from another host to check whether there is a host using the same IP address. If a ping response is received, the IP address has been manually configured on a host.

  • Page 57: Configuring The Dhcp Relay Agent

    Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 20 shows a typical application of the DHCP relay agent.

  • Page 58: Dhcp Relay Agent Support For Option 82, Dhcp Relay Agent Configuration Task List

    Figure 21 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to locate the DHCP client for security and accounting purposes, and to assign IP addresses in a specific range to clients.

  • Page 59: Enabling The Dhcp Relay Agent On An Interface

    Tasks at a glance (Optional.) Configuring the DHCP relay agent to release an IP address (Optional.) Configuring Option 82 Enabling DHCP You must enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command Remarks Enter system view. system-view Enable DHCP.

  • Page 60: Configuring The Dhcp Relay Agent Security Functions

    Step Command Remarks interface interface-type Enter interface view. interface-number By default, no DHCP server Specify a DHCP server dhcp relay server-address address is specified on the relay address on the relay agent. ip-address agent. Configuring the DHCP relay agent security functions Enabling the DHCP relay agent to record relay entries Perform this task to enable the DHCP relay agent to automatically record clients' IP-to-MAC bindings...

  • Page 61: Enabling Dhcp Starvation Attack Protection

    Step Command Remarks By default, the refresh interval is Configure the refresh dhcp relay client-information refresh auto, which is calculated based interval. [ auto | interval interval ] on the number of total relay entries. Enabling DHCP starvation attack protection A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests using different MAC addresses in the chaddr field to a DHCP server.

  • Page 62: Configuring Option 82

    Step Command Remarks Enter system view. system-view Configure the DHCP relay This command can release only the dhcp relay release ip client-ip agent to release an IP IP addresses in the recorded relay [ vpn-instance vpn-instance-name ] address. entries. Configuring Option 82 Follow these guidelines when you configure Option 82: To support Option 82, you must perform related configuration on both the DHCP server and relay •...

  • Page 63: Dhcp Relay Agent Configuration Example

    Task Command display dhcp relay client-information [ interface Display relay entries on the DHCP relay agent. interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ] display dhcp relay statistics [ interface interface-type Display packet statistics on the DHCP relay agent. interface-number ] reset dhcp relay client-information [ interface Clear relay entries on the DHCP relay agent.

  • Page 64: Troubleshooting Dhcp Relay Agent Configuration

    [SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server on the relay agent. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 After the preceding configuration is complete, DHCP clients can obtain IP addresses and other network parameters from the DHCP server through the DHCP relay agent. You can use the display dhcp relay statistics command to view the statistics of DHCP packets forwarded by the DHCP relay agent.

  • Page 65: Solution

    Solution To locate the problem, enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information. Check that: • DHCP is enabled on the DHCP server and relay agent. The DHCP server has an address pool on the same subnet as the DHCP clients. •...

  • Page 66: Enabling The Dhcp Client On An Interface

    Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be a Windows Server 2000 or Windows Server 2003.

  • Page 67: Displaying And Maintaining The Dhcp Client, Dhcp Client Configuration Example

    DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, making the client unable to use the IP address assigned by the server. HP recommends you to disable duplicate address detection when ARP attacks exist on the network.

  • Page 68

    is 20.1.1.0. The value of the next hop address field is 0A 01 01 02. It is a hexadecimal number indicating that the next hop is 10.1.1.2. Figure 23 Option 121 format Figure 24 Network diagram Configuration procedure Configure Switch A: # Specify the IP address of VLAN-interface 2.

  • Page 69: Verifying The Configuration

    Verifying the configuration # Use the display dhcp client command to display the IP address and other network parameters assigned to Switch B. [SwitchB] display dhcp client verbose Vlan-interface2 DHCP client information: Current state: BOUND Allocated IP: 10.1.1.3 255.255.255.0 Allocated lease: 864000 seconds, T1: 331858 seconds, T2: 756000 seconds Lease from May 21 19:00:29 2012 May 31 19:00:29 2012 DHCP server: 10.1.1.1...

  • Page 70: Configuring Dhcp Snooping

    Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.

  • Page 71: Dhcp Snooping Support For Option

    Figure 25 Trusted and untrusted ports In a cascaded network as shown in Figure 26, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries. Figure 26 Trusted and untrusted ports in a cascaded network DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the...

  • Page 72: Dhcp Snooping Configuration Task List

    Table 4 Handling strategies If a DHCP request Handling DHCP snooping… has… strategy Drop Drops the message. Keep Forwards the message without changing Option 82. Option 82 Forwards the message after replacing the original Option 82 with Replace the Option 82 padded according to the configured padding format, padding content, and code type.

  • Page 73

    To configure basic DHCP snooping: Step Command Remarks Enter system view. system-view By default, DHCP snooping is Enable DHCP snooping. dhcp snooping enable disabled. interface interface-type This interface is connected to the Enter interface view. interface-number DHCP server. By default, all ports are untrusted Specify the port as a trusted dhcp snooping trust ports after DHCP snooping is...

  • Page 74: Saving Dhcp Snooping Entries

    Step Command Remarks (Optional.) Configure a handling strategy for DHCP dhcp snooping information strategy { drop By default, the handling requests containing Option | keep | replace } strategy is replace. dhcp snooping information circuit-id (Optional.) Configure the By default, the padding { [ vlan vlan-id ] string circuit-id | { normal | padding content and code format is normal and the...

  • Page 75

    Enabling DHCP starvation attack protection A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests that contain identical or different sender MAC addresses in the chaddr field to a DHCP server. This attack exhausts the IP address resources of the DHCP server so legitimate DHCP clients cannot obtain IP addresses. The DHCP server might also fail to work because of exhaustion of system resources.

  • Page 76: Configuring Dhcp Packet Rate Limit, Displaying And Maintaining Dhcp Snooping

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, DHCP-REQUEST check is disabled. dhcp snooping check You can enable DHCP-REQUEST Enable DHCP-REQUEST check. request-message check only on Ethernet interfaces, S-channel interfaces, VSIs, and aggregate interfaces. Configuring DHCP packet rate limit Perform this task to configure the maximum rate at which an interface can receive DHCP packets.

  • Page 77: Dhcp Snooping Configuration Examples

    Task Command Remarks Display information about trusted display dhcp snooping trust Available in any view. ports. Display information about the file that display dhcp snooping binding database Available in any view. stores DHCP snooping entries. reset dhcp snooping binding { all | ip Available in user Clear DHCP snooping entries.

  • Page 78

    [SwitchB-Ten-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchB-Ten-GigabitEthernet1/0/2] quit Verifying the configuration After the preceding configuration is complete, the DHCP client can obtain an IP address and other configuration parameters only from the authorized DHCP server. You can view the DHCP snooping entry recorded for the client with the display dhcp snooping binding command.

  • Page 79

    [SwitchB-Ten-GigabitEthernet1/0/2] quit # Configure Option 82 on Ten-GigabitEthernet 1/0/3. [SwitchB] interface Ten-GigabitEthernet 1/0/3 [SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping information enable [SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping information strategy replace [SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping information circuit-id verbose node-identifier sysname format ascii [SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping information remote-id string device001 Verifying the configuration Use the display dhcp snooping information command to display Option 82 configuration information on Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 on the DHCP snooping device.

  • Page 80: Bootp Application, Obtaining An Ip Address Dynamically

    Configuring the BOOTP client BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server.

  • Page 81: Bootp Client Configuration Example

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, an interface does not Configure an interface to use use BOOTP for IP address ip address bootp-alloc BOOTP for IP address acquisition. acquisition. Displaying and maintaining BOOTP client Execute display command in any view.

  • Page 82: Configuring Dns, Static Domain Name Resolution, Dynamic Domain Name Resolution

    Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. DNS services can be static or dynamic.

  • Page 83: Dns Proxy

    The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store latest mappings between domain names and IP addresses in the dynamic domain name cache.

  • Page 84: Dns Spoofing

    A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution cache after receiving the request.

  • Page 85: Configuring Static Domain Name Resolution

    The IP address configured with DNS spoofing is not the actual IP address of the requested domain name, so the TTL of the DNS reply is set to 0 to prevent the DNS client from generating incorrect domain name-to-IP address mappings. Upon receiving the reply, the host sends an HTTP request to the replied IP address.

  • Page 86: Configuring Dynamic Domain Name Resolution

    Configuring dynamic domain name resolution To use dynamic domain name resolution, configure DNS servers so that DNS queries can be sent to a correct server for resolution. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority.

  • Page 87

    Follow these guidelines when you configure static domain name resolution: • For the public network or a VPN, each host name maps to only one IPv6 address. The last configuration for a host name takes effect. You can configure host name-to-IPv6 address mappings for the public network and up to 1024 •...

  • Page 88: Configuring The Dns Proxy

    Step Command Remarks • Specify a DNS server IPv4 address: dns server ip-address [ vpn-instance vpn-instance-name ] Use at least one command. Specify a DNS server IP • Specify a DNS server IPv6 address: By default, no DNS server IP address.

  • Page 89: Specifying The Source Interface For Dns Packets

    Step Command Remarks Enter system view. system-view Enable DNS proxy. dns proxy enable By default, DNS proxy is disabled. • Specify a translated IPv4 address: dns spoofing ip-address [ vpn-instance Use at least one command. Enable DNS spoofing and vpn-instance-name ] specify the translated IP By default, no translated IP •...

  • Page 90: Displaying And Maintaining Ipv4 Dns

    To configure the DNS trusted interface: Step Command Remarks Enter system view. system-view By default, no DNS trusted interface is specified. Specify the DNS trusted dns trust-interface interface-type interface. interface-number You can configure up to 128 DNS trusted interfaces. Displaying and maintaining IPv4 DNS Execute display commands in any view and reset commands in user view.

  • Page 91: Dynamic Domain Name Resolution Configuration Example

    # Use the ping host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com PING host.com (10.1.1.2): 56 data bytes 56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms...

  • Page 92

    Figure 34 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 35 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.

  • Page 93: Dns Proxy Configuration Example

    Figure 36 Adding a mapping between domain name and IP address Configure the DNS client: # Specify the DNS server 2.1.1.2. <Sysname> system-view [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1.

  • Page 94

    As shown in Figure • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Configure the IP address of the DNS proxy on Device B. DNS requests of Device B are forwarded •...

  • Page 95: Ipv6 Dns Configuration Examples

    56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms --- host.com ping statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 1.000/1.200/2.000/0.400 ms IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements...

  • Page 96

    Configure dynamic domain name resolution and the domain name suffix com on the device that serves as a DNS client so that the device can use domain name host to access the host with the domain name host.com and the IPv6 address 1::1/64. Figure 39 Network diagram Configuration procedure Before performing the following configuration, make sure that the device and the host can reach each...

  • Page 97

    Figure 41 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type.

  • Page 98

    Figure 42 Selecting the resource record type Type host name host and IPv6 address 1::1. Click OK. The mapping between the IPv6 address and host name is created.

  • Page 99

    Figure 43 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Specify the DNS server 2::2. <Device> system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 1::1.

  • Page 100

    DNS proxy configuration example Network requirements When the IPv6 address of the DNS server changes, you must configure the new IPv6 address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.

  • Page 101: Troubleshooting Ipv4 Dns Configuration

    Verifying the configuration # Use the ping host.com command on Device B to verify that the connection between the device and the host is normal and that the translated destination IP address is 3000::1. [DeviceB] ping host.com PING6(104=40+8+56 bytes) 2000::1 --> 3000::1 56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.000 ms 56 bytes from 3000::1, icmp_seq=1 hlim=128 time=0.000 ms 56 bytes from 3000::1, icmp_seq=2 hlim=128 time=1.000 ms...

  • Page 102: Configuring Ddns

    Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers to direct you to the latest IP address mapping to a domain name.

  • Page 103: Ddns Client Configuration Task List

    NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts. DDNS client configuration task list Tasks at a glance (Required.) Configuring a DDNS policy (Required.) Applying the DDNS policy to an interface Configuring a DDNS policy A DDNS policy contains the DDNS server address, port number, login ID, password, time interval, associated SSL client policy, and update time interval.

  • Page 104

    Replace the parameters username and password in the URL with your actual login ID and password registered at the DDNS service provider's website. HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.

  • Page 105: Applying The Ddns Policy To An Interface

    Step Command Remarks (Optional.) Specify the parameter By default, http-get is used. transmission method for sending method { http-get | Use the method http-post command to DDNS update requests to http-post } specify the POST method for DDNS update HTTP/HTTPS-based DDNS with a DHS server.

  • Page 106: Ddns Configuration Example

    Displaying DDNS Execute display commands in any view. Task Command Display information about the DDNS policy. display ddns policy [ policy-name ] DDNS configuration examples DDNS configuration example 1 Network requirements As shown in Figure 46, Switch is a Web server with the domain name whatever.3322.org. Switch acquires the IP address through DHCP.

  • Page 107: Ddns Configuration Example 2

    [Switch-ddns-policy-3322.org] interval 0 0 15 [Switch-ddns-policy-3322.org] quit # Specify the IP address of the DNS server as 1.1.1.1. [Switch] dns server 1.1.1.1 # Apply DDNS policy 3322.org to VLAN-interface 2 to enable DDNS update and dynamically update the mapping between domain name whatever.3322.org and the primary IP address of VLAN-interface [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy 3322.org fqdn whatever.3322.org After the preceding configuration is completed, Switch notifies the DNS server of its new domain...

  • Page 108

    # Set the DDNS update request interval to 12 minutes. [Switch-ddns-policy-oray.cn] interval 0 0 12 [Switch-ddns-policy-oray.cn] quit # Specify the IP address of the DNS server as 1.1.1.1. [Switch] dns server 1.1.1.1 # Apply the DDNS policy oray.cn to VLAN-interface 2 to enable DDNS update and to dynamically update the mapping between whatever.gicp.cn and the primary IP address of VLAN-interface 2.

  • Page 109: Basic Ip Forwarding On The Device

    Basic IP forwarding on the device Upon receiving a packet, the device uses the destination IP address of the packet to find a match from the forwarding information base (FIB) table, and then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table.

  • Page 110

    Task Command Display FIB entries. display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ]...

  • Page 111: Optimizing Ip Performance

    Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. Enabling an interface to receive and forward directed broadcasts destined for the directly connected network A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

  • Page 112: Configuring Mtu For An Interface

    Figure 48 Network diagram Configuration procedure # Configure IP addresses for VLAN-interface 3 and VLAN-interface 2. <Switch> system-view [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 1.1.1.2 24 [Switch-Vlan-interface3] ip forward-broadcast [Switch-Vlan-interface3] quit # Enable VLAN-interface 2 to forward directed broadcasts directed for the directly connected network. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 2.2.2.2 24 [Switch-Vlan-interface2] ip forward-broadcast...

  • Page 113: Configuring Tcp Path Mtu Discovery

    This configuration takes effect only for TCP connections established after the configuration rather than the TCP connections that already exist. This configuration is effective only for IP packets. If MPLS is enabled on the interface, do not configure the TCP MSS on the interface. To configure a TCP MSS of the interface: Step Command...

  • Page 114: Enabling Tcp Syn Cookie

    After the age timer expires, the source device uses a larger MSS in the MTU table as described in • RFC 1 191. If no ICMP error message is received within 2 minutes, the source device increases the MSS again •...

  • Page 115: Enabling Sending Icmp Error Packets

    SYN wait timer—TCP starts the SYN wait timer after sending a SYN packet. If no response packet • is received within the SYN wait timer interval, TCP fails to establish the connection. FIN wait timer—TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN •...

  • Page 116: Disadvantages Of Sending Icmp Error Packets

    If a packet does not match any route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source. If a packet is destined for the device but the transport layer protocol of the packet is not supported by the device, the device sends a Protocol Unreachable ICMP error packet to the source.

  • Page 117: Displaying And Maintaining Ip Performance

    Disabling forwarding ICMP fragments Disabling forwarding ICMP fragments can protect your device from ICMP fragments attacks. To disable forwarding ICMP fragments: Step Command Remarks Enter system view. system-view By default, forwarding ICMP Disable forwarding ICMP fragments. ip icmp fragment discarding fragments is enabled.

  • Page 118: Configuring Udp Helper

    Configuring UDP helper Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.

  • Page 119: Displaying And Maintaining Udp Helper, Udp Helper Configuration Example

    Step Command Remarks Specify a destination By default, no destination server udp-helper server ip-address server. is specified. Displaying and maintaining UDP helper Execute display command in any view and reset command in user view. Task Command Display information about packets forwarded display udp-helper interface interface-type interface-number by UDP helper.

  • Page 120

    [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1 # Enable the interface to receive directed broadcasts destined for the directly connected network. [SwitchA-Vlan-interface1] ip forward-broadcast Verifying the configuration # Display information about packets forwarded by UDP helper on VLAN-interface 1. [SwitchA-Vlan-interface1] display udp-helper interface vlan-interface 1 Interface Server address Packets sent...

  • Page 121: Ipv6 Features

    Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.

  • Page 122: Ipv6 Addresses

    Stateful address autoconfiguration enables a host to acquire an IPv6 address and other • configuration information from a server (for example, a DHCPv6 server). For more information about DHCPv6 server, see "Configuring the DHCPv6 server." Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and •...

  • Page 123

    An IPv6 address prefix is written in IPv6-address/prefix-length notation, where the prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address comprises the address prefix. IPv6 address types IPv6 addresses fall into the following types: Unicast address—An identifier for a single interface, similar to an IPv4 unicast address. A packet •...

  • Page 124: Ipv6 Nd Protocol

    Multicast addresses IPv6 multicast addresses listed in Table 7 are reserved for special purposes. Table 7 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all-nodes multicast address. FF02::1 Link-local scope all-nodes multicast address. FF01::2 Node-local scope all-routers multicast address. FF02::2 Link-local scope all-routers multicast address.

  • Page 125

    Table 8 ICMPv6 messages used by ND ICMPv6 message Type Function Acquires the link-layer address of a neighbor. Neighbor Solicitation (NS) Verifies whether a neighbor is reachable. Detects duplicate addresses. Responds to an NS message. Neighbor Advertisement (NA) Notifies the neighboring nodes of link layer changes. Requests an address prefix and other configuration information Router Solicitation (RS) for autoconfiguration after startup.

  • Page 126: Ipv6 Path Mtu Discovery

    If Host A receives an NA message from Host B, Host A decides that Host B is reachable. Otherwise, Host B is unreachable. Duplicate address detection After Host A acquires an IPv6 address, it performs Duplicate Address Detection (DAD) to check whether the address is being used by any other node (similar to gratuitous ARP in IPv4).

  • Page 127: Ipv6 Transition Technologies

    Figure 54 Path MTU discovery process The source host sends a packet no larger than its MTU to the destination host. If the MTU of a device's output interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host. After receiving the ICMPv6 error packet, the source host uses the returned MTU to limit the packet size, performs fragmentation, and sends the packets to the destination host.

  • Page 128: Ipv6 Basics Configuration Task List

    RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) • Specification RFC 2464, Transmission of IPv6 Packets over Ethernet Networks • RFC 2526, Reserved IPv6 Subnet Anycast Addresses • RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses •...

  • Page 129: Configuring An Ipv6 Global Unicast Address

    Configuring an IPv6 global unicast address Use one of the following methods to configure an IPv6 global unicast address for an interface: EUI-64 IPv6 address—The IPv6 address prefix of the interface is manually configured, and the • interface identifier is generated automatically by the interface. •...

  • Page 130: Configuring An Ipv6 Anycast Address

    Configuring automatic generation of an IPv6 link-local address for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no link-local address is configured on an interface. Configure the interface to automatically generate an ipv6 address auto link-local After an IPv6 global unicast address is IPv6 link-local address.

  • Page 131: Configuring A Static Neighbor Entry

    Configuring IPv6 ND This section describes how to configure IPv6 ND. Configuring a static neighbor entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry. The device uniquely identifies a static neighbor entry by the IPv6 address and the local Layer 3 interface number of the neighbor.

  • Page 132: Setting The Aging Timer For Nd Entries In Stale State

    Setting the aging timer for ND entries in stale state ND entries in stale state have an aging timer. If an ND entry in stale state is not refreshed before the timer expires, the ND entry changes to the delay state. If it is still not refreshed in 5 seconds, the ND entry changes to the probe state, and the device sends an NS message three times.

  • Page 133: Configuring Parameters For Ra Messages

    Configuring parameters for RA messages You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations. Table 9 describes the configurable parameters in an RA message.

  • Page 134

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable sending of RA undo ipv6 nd ra halt The default setting is disabled. messages. By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds.

  • Page 135: Configuring The Interface Mtu

    Step Command Remarks By default, an interface sends NS Set the NS retransmission messages every 1000 milliseconds, and ipv6 nd ns retrans-timer value timer. the value of the Retrans Timer field in RA messages is 0. Set the router preference in ipv6 nd router-preference { high By default, the router preference is RA messages.

  • Page 136: Configuring A Static Path Mtu For A Specific Ipv6 Address

    Step Command Remarks By default, no interface MTU is configured. This command does not take effect on Configure the interface MTU. ipv6 mtu mtu-size an IPv6 multicast packet for a switch does not check the packet size of an IPv6 multicast packet. Configuring a static path MTU for a specific IPv6 address You can configure a static path MTU for an IPv6 address.

  • Page 137: Enabling Sending Icmpv6 Destination Unreachable Messages

    Step Command Remarks Enter system view. system-view Enable replying to multicast ipv6 icmpv6 multicast-echo-reply By default, this function is not echo requests. enable enabled. Enabling sending ICMPv6 destination unreachable messages The device sends ICMPv6 destination unreachable messages as follows: • If a packet does not match any route, the device sends a No Route to Destination ICMPv6 error message to the source.

  • Page 138: Enabling Sending Icmpv6 Redirect Messages

    Step Command Remarks Enter system view. system-view Enable sending ICMPv6 time ipv6 hoplimit-expires enable The default setting is disabled. exceeded messages. Enabling sending ICMPv6 redirect messages Upon receiving a packet from a host, the device sends an ICMPv6 redirect message to inform a better next hop to the host when the following conditions are satisfied: •...

  • Page 139: Ipv6 Basics Configuration Example

    Task Command display ipv6 pathmtu [ vpn-instance vpn-instance-name ] Display the IPv6 path MTU information. { ipv6-address | all | dynamic | static } [ count ] } Display IPv6 and ICMPv6 statistics. display ipv6 statistics [ slot slot-number ] Display brief information for IPv6 RawIP display ipv6 rawip [ slot slot-number ] connections.

  • Page 140

    Figure 55 Network diagram Configuration procedure This example assumes that the VLAN interfaces have been created on the switches. Configure Switch A: # Specify a global unicast address for VLAN-interface 2. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 3001::1/64 [SwitchA-Vlan-interface2] quit # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default).

  • Page 141

    Vlan-interface2 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2 Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF00:2 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses...

  • Page 142

    Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF00:1C0 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 600 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses...

  • Page 143

    3001::2, subnet is 3001::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF00:1234 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: InTooShorts:...

  • Page 144: Troubleshooting Ipv6 Basics Configuration

    1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 4.404/4.404/4.404/0.000 ms [SwitchB] ping ipv6 -c 1 2001::15B:E0EA:3524:E791 PING6(104=40+8+56 bytes) 3001::2 --> 2001::15B:E0EA:3524:E791 56 bytes from 2001::15B:E0EA:3524:E791, icmp_seq=0 hlim=64 time=5.404 ms --- 2001::15B:E0EA:3524:E791 ping6 statistics --- 1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 5.404/5.404/5.404/0.000 ms The output shows that Switch B can ping Switch A and the host.

  • Page 145: Dhcpv6 Overview

    DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 56, rapid assignment operates in the following steps: The DHCPv6 client sends a Solicit message that contains a Rapid Commit option to prefer rapid assignment.

  • Page 146: Address/prefix Lease Renewal

    Figure 57 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.

  • Page 147: Stateless Dhcpv6

    Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device decides whether to perform stateless DHCP according to the managed address configuration flag (M flag) and the other stateful configuration flag (O flag) in the RA message received from the router during stateless address autoconfiguration.

  • Page 148: Configuring The Dhcpv6 Server

    Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses or IPv6 prefixes to DHCPv6 clients. IPv6 address assignment As shown in Figure 61, the DHCPv6 server assigns IPv6 addresses, domain name suffixes, DNS server addresses, and other configuration parameters to DHCPv6 clients. The IPv6 addresses assigned to the clients fall into the following types: Temporary IPv6 addresses—Internally used and frequently changed without lease renewal.

  • Page 149: Concepts

    Figure 62 IPv6 prefix assignment Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers, and uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).

  • Page 150: Dhcpv6 Address Pool

    The DHCPv6 server creates a prefix delegation (PD) for each assigned prefix to record the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and IPv6 address of the requesting client. DHCPv6 address pool The DHCP server selects IPv6 addresses, IPv6 prefixes, and other parameters from an address pool, and assigns them to the DHCP clients.

  • Page 151: Ipv6 Address/prefix Allocation Sequence

    client against the subnets of all address pools, and selects the address pool with the longest-matching subnet. To avoid wrong address allocation, keep the subnet used for dynamic assignment consistent with the subnet where the interface of the DHCPv6 server or DHCPv6 relay agent resides. IPv6 address/prefix allocation sequence The DHCPv6 server selects an IPv6 address/prefix for a client in the following sequence: IPv6 address/prefix statically bound to the client's DUID and IAID and expected by the client.

  • Page 152

    Only one prefix pool can be applied to an address pool. You cannot modify prefix pools that have • been applied. To change the prefix pool for an address pool, you must remove the prefix pool application first. • You can apply a prefix pool that has not been created to an address pool. The setting takes effect after the prefix pool is created.

  • Page 153: Configuration Guidelines

    If you only bind a DUID to an IPv6 address, the DUID in a request must match the DUID in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client. Specify a subnet and address ranges in an address pool: •...

  • Page 154: Configuring Network Parameters Assignment

    Step Command Remarks By default, no IPv6 address network prefix/prefix-length subnet is specified. Specify an IPv6 subnet for [ preferred-lifetime You cannot use this command to dynamic assignment. preferred-lifetime valid-lifetime configure the same subnet in valid-lifetime ] different address pools. address range start-ipv6-address By default, no non-temporary IPv6 (Optional.) Specify a...

  • Page 155: Configuring The Dhcpv6 Server On An Interface

    Configuring the DHCPv6 server on an interface Enable the DHCP server and configure one of the following address/prefix assignment methods on an interface: Apply an address pool on the interface—The DHCPv6 server selects an IPv6 address/prefix from • the applied address pool for a requesting client. If there is no assignable IPv6 address/prefix in the address pool, the DHCPv6 server cannot to assign an IPv6 address/prefix to a client.

  • Page 156: Dhcpv6 Server Configuration Examples

    Task Command Display the DUID of the local device. display ipv6 dhcp duid Display DHCPv6 address pool information. display ipv6 dhcp pool [ pool-name ] Display prefix pool information. display ipv6 dhcp prefix-pool [ prefix-pool-number ] Display DHCPv6 server information on an display ipv6 dhcp server [ interface interface-type interface.

  • Page 157

    To assign prefixes in the range of 2001:0410::/48 to 2001:0410:FFFF::/48, specify a prefix 2001:0410::/32 and specify the assigned prefix length as 48 in the pool. Create an address pool. • Specify a subnet where the IPv6 address of the server interface connecting the clients resides. Configure a static prefix binding, apply the prefix pool, and configure other configuration •...

  • Page 158

    [Switch-dhcp6-pool-1] sip-server address 2:2::4 [Switch-dhcp6-pool-1] sip-server domain-name bbb.com [Switch-dhcp6-pool-1] quit # Enable the DHCPv6 server on VLAN-interface 2, enable desired prefix assignment and rapid prefix assignment, and set the preference to the highest. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 dhcp select server [Switch-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit Verifying the configuration # Display DHCPv6 server configuration on VLAN-interface 2.

  • Page 159: Dynamic Ipv6 Address Assignment Configuration Example

    Pool: 1 IPv6 prefix Type Lease expiration 2001:410:201::/48 Static(C) Jul 10 19:45:01 2009 # After the other client obtains an IPv6 prefix, display binding information on the DHCPv6 server. [Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use Pool: 1 IPv6 prefix Type Lease expiration 2001:410:201::/48 Static(C) Jul 10 19:45:01 2009...

  • Page 160

    [SwitchA] ipv6 dhcp server forbidden-address 1::2:0:0:2 # Configure the DHCPv6 address pool 1 to assign IPv6 addresses and other configuration parameters to clients in subnet 1::1:0:0:0/96. [SwitchA] ipv6 dhcp pool 1 [SwitchA-dhcp6-pool-1] network 1::1:0:0:0/96 preferred-lifetime 172800 valid-lifetime 345600 [SwitchA-dhcp6-pool-1] domain-name aabbcc.com [SwitchA-dhcp6-pool-1] dns-server 1::1:0:0:2 [SwitchA-dhcp6-pool-1] quit # Configure the DHCPv6 address pool 2 to assign IPv6 addresses and other configuration...

  • Page 161: Configuring Tunneling

    Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end.

  • Page 162

    If the destination address of the IPv6 packet is itself, Device B forwards it to the upper-layer protocol. If not, Device B forwards it according to the routing table. Tunnel types IPv6 over IPv4 tunnels fall into manually configured tunnels and automatic tunnels, depending on how the IPv4 address of the tunnel destination is acquired.

  • Page 163: Ipv4 Over Ipv4 Tunneling

    address identifies a 6to4 network (an IPv6 network where all hosts use 6to4 addresses). The border router of a 6to4 network must have the IPv4 address abcd:efgh configured on the interface connected to the IPv4 network. The subnet number identifies a subnet in the 6to4 network. The subnet number::interface ID uniquely identifies a host in the 6to4 network.

  • Page 164: Ipv4 Over Ipv6 Tunneling

    Packets traveling through a tunnel undergo encapsulation and de-encapsulation, as shown in Figure • Encapsulation: Device A receives an IP packet from an IPv4 host and submits it to the IP protocol stack. The IPv4 protocol stack determines how to forward the packet according to the destination address in the IP header.

  • Page 165: Ipv6 Over Ipv6 Tunneling

    The IPv6 protocol stack uses the destination IPv6 address of the packet to look up the routing table, and then sends it out. De-encapsulation: • Upon receiving the IPv6 packet from the attached IPv6 network, Device B delivers the packet to the IPv6 protocol stack to examine the protocol type encapsulated in the data portion of the packet.

  • Page 166: Tunneling Configuration Task List

    Protocols and standards RFC 1853, IP in IP Tunneling • RFC 2473, Generic Packet Tunneling in IPv6 Specification • RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers • • RFC 3056, Connection of IPv6 Domains via IPv4 Clouds RFC 4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) •...

  • Page 167: Configuring An Ipv6 Over Ipv4 Manual Tunnel

    Step Command Remarks (Optional.) Configure a By default, the description of a tunnel description text description for the interface. interface is Tunnel number Interface. Set the MTU of the tunnel mtu mtu-size By default, the MTU is 64000 bytes. interface. The default setting is 64 kbps.

  • Page 168: Configuration Example

    Step Command Remarks By default, no source address or source interface is configured for the tunnel interface. Configure a source address or source { ip-address | The specified source address or the source interface for the tunnel interface-type interface-number } primary IP address of the specified interface.

  • Page 169

    [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 3002::1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Add Ten-GigabitEthernet 1/0/3 to service loopback group 1.

  • Page 170: Configuring A 6to4 Tunnel

    [SwitchB-Tunnel0] destination 192.168.100.1 [SwitchB-Tunnel0] quit # Configure a static route destined for IPv6 network 1 through tunnel 0 on Switch B. [SwitchB] ipv6 route-static 3002:: 64 tunnel 0 Verifying the configuration # Use the display ipv6 interface command to view tunnel interface status on Switch A and Switch B. The output shows that the interface tunnel 0 is up.

  • Page 171: To4 Tunnel Configuration Example

    Step Command Remarks By default, no source address or source interface is configured for the Configure a source tunnel interface. address or source source { ip-address | interface-type The specified source address or the interface for the tunnel interface-number } primary IP address of the specified interface.

  • Page 172

    Configure Switch A: • # Configure an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 2.1.1.1 24 [SwitchA-Vlan-interface100] quit # Configure a 6to4 address for VLAN-interface 101. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel.

  • Page 173: Configuring An Isatap Tunnel

    # Specify the source interface as VLAN-interface 100 for the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 [SwitchB-Tunnel0] quit # Configure a static route destined for 2002::/16 through the tunnel interface. [SwitchB] ipv6 route-static 2002:: 16 tunnel 0 Verifying the configuration # Ping Host B from Host A or ping Host A from Host B.

  • Page 174

    Step Command Remarks By default, no source address or source interface is configured for the tunnel interface. Configure a source address or source { ip-address | source interface for the tunnel The specified source address or interface-type interface-number } interface. the primary IP address of the specified source interface is used as the source IP address of...

  • Page 175

    [Switch-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [Switch] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1. [Switch] interface Ten-GigabitEthernet 1/0/3 [Switch-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [Switch-Ten-GigabitEthernet1/0/3] quit # Configure an ISATAP tunnel interface tunnel 0.

  • Page 176: Configuring An Ipv4 Over Ipv4 Tunnel

    # Display information about the ISATAP interface. C:\>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery uses Router Discovery routing preference 1 EUI-64 embedded IPv4 address: 2.1.1.2 router link-layer address: 1.1.1.1 preferred global 2001::5efe:2.1.1.2, life 29d23h59m46s/6d23h59m46s (public) preferred link-local fe80::5efe:2.1.1.2, life infinite link MTU 1500 (true link MTU 65515) current hop limit 255...

  • Page 177

    If the destination IPv4 network is not on the same subnet as the IPv4 address of the local tunnel • interface, you must configure a route destined for the destination IPv4 network through the tunnel interface. You can configure a static route, and specify the local tunnel interface as the egress interface or specify the IPv4 address of the peer tunnel interface as the next hop.

  • Page 178

    Figure 75 Network diagram   Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. • Configure Switch A: # Configure an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit...

  • Page 179: Configuring An Ipv4 Over Ipv6 Tunnel

    [SwitchB-Vlan-interface100] ip address 10.1.3.1 255.255.255.0 [SwitchB-Vlan-interface100] quit # Configure an IPv4 address for VLAN-interface 101 (the physical interface of the tunnel). [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 3.1.1.1 255.255.255.0 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1.

  • Page 180

    The destination address specified for the local tunnel interface must be the source address specified • for the peer tunnel interface, and vice versa. Two or more local tunnel interfaces using the same encapsulation protocol must have different • source and destination addresses. If the destination IPv4 network is not on the same subnet as the IPv4 address of the local tunnel •...

  • Page 181

    Figure 76 Network diagram Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv6. Configure Switch A: • # Configure an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 30.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit...

  • Page 182: Configuring An Ipv6 Over Ipv6 Tunnel

    [SwitchB-Vlan-interface100] ip address 30.1.3.1 255.255.255.0 [SwitchB-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101 (the physical interface of the tunnel). [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002::2:1 64 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1.

  • Page 183

    The destination address specified for the local tunnel interface must be the source address specified • for the peer tunnel interface, and vice versa. Two or more local tunnel interfaces using the same encapsulation protocol must have different • source and destination addresses. The IPv6 address of the tunnel interface must not be on the same subnet as the destination address •...

  • Page 184

    Configuration example Network requirements As shown in Figure 77, configure an IPv6 over IPv6 tunnel between Switch A and Switch B so the two IP networks can reach each other without disclosing their IPv6 addresses. Figure 77 Network diagram Switch A Switch B Vlan-int101 Vlan-int101...

  • Page 185

    [SwitchA] ipv6 route-static 2002:3:: 64 tunnel 1 • Configure Switch B: # Configure an IPv6 address for VLAN-interface 100. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 2002:3::1 64 [SwitchB-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101 (the physical interface of the tunnel). [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002::22:1 64 [SwitchB-Vlan-interface101] quit...

  • Page 186: Displaying And Maintaining Tunneling Configuration, Troubleshooting Tunneling Configuration

    Displaying and maintaining tunneling configuration Execute display commands in any view and reset commands in user view. Task Command Display information about tunnel interfaces. display interface [ tunnel [ number ] ] [ brief [ description ] ] Display IPv6 information on tunnel interfaces. display ipv6 interface [ tunnel [ number ] ] [ brief ] Clear statistics on tunnel interfaces.

  • Page 187: Configuring Gre

    Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate multiple network layer protocols into virtual point-to-point tunnels over an IP network. Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. GRE encapsulation format Figure 78 GRE encapsulation format As shown in...

  • Page 188: Configuring A Gre Over Ipv4 Tunnel

    GRE encapsulation and de-encapsulation Figure 80 X protocol networks interconnected through a GRE tunnel The following takes the network shown in Figure 80 as an example to describe how an X protocol packet traverses an IP network through a GRE tunnel: Encapsulation process After receiving an X protocol packet from the interface connected to Group 1, Device A submits it to the X protocol for processing.

  • Page 189

    Local tunnel interfaces using the same encapsulation protocol must not have the same tunnel source • and destination addresses. You can use the following methods to configure a route to a destination over the GRE tunnel: • Configure a static route, using the destination address of the original packet as the destination address of the route and the address of the peer tunnel interface as the next hop.

  • Page 190

    Step Command Remarks By default, no source address or interface is configured for a tunnel interface. If you configure a source address for a tunnel interface, the tunnel Configure a source interface uses the source address address or source source { ip-address | interface-type as the source address of the interface for the tunnel interface-number }...

  • Page 191: Configuring A Gre Over Ipv6 Tunnel

    Configuring a GRE over IPv6 tunnel Follow these guidelines when you configure a GRE over IPv6 tunnel: • You must configure the tunnel source address and destination address at both ends of a tunnel, and the tunnel source or destination address at one end must be the tunnel destination or source address at the other end.

  • Page 192: Displaying And Maintaining Gre

    Step Command Remarks By default, no source IPv6 address or interface is configured for a tunnel interface. If you configure a source IPv6 address for a tunnel interface, the tunnel interface uses the source Configure a source IPv6 IPv6 address as the source IPv6 source { ipv6-address | address or source interface for address of the encapsulated...

  • Page 193: Gre Configuration Examples

    Task Command Remarks For more information about this Display information about display interface [ tunnel [ number ] ] command, see Layer 3—IP Services tunnel interfaces. [ brief ] Command Reference. For more information about this Display IPv6 information about display ipv6 interface [ tunnel command, see Layer 3—IP Services tunnel interface.

  • Page 194

    # Create service loopback group 1, and configure the service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Add port Ten-GigabitEthernet 1/0/3 to service loopback group 1. [SwitchA] interface Ten-GigabitEthernet 1/0/3 [SwitchA-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/0/3] quit # Create a tunnel interface Tunnel1, and specify the tunnel mode as GRE over IPv4.

  • Page 195

    # Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel1] source vlan-interface 101 # Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch A. [SwitchB-Tunnel1] destination 1.1.1.1 [SwitchB-Tunnel1] quit # Configure a static route from Switch B through the tunnel interface to Group 1.

  • Page 196: Gre Over Ipv6 Configuration Example

    # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping -a 10.1.3.1 10.1.1.1 PING 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=11.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms...

  • Page 197

    [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2002::1:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1, and configure the service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Add port Ten-GigabitEthernet 1/0/3 to service loopback group 1. [SwitchA] interface Ten-GigabitEthernet 1/0/3 [SwitchA-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/0/3] quit...

  • Page 198

    # Configure an IP address for the tunnel interface. [SwitchB-Tunnel0] ip address 10.1.2.2 255.255.255.0 # Configure the source address of tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel0] source 2001::2:1 # Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch A.

  • Page 199: Troubleshooting Gre

    0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping -a 10.1.3.1 10.1.1.1 PING 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=2.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms...

  • Page 200: Support And Other Resources, Subscription Service, Related Information

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 201: Command Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 202

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 203: Index

    Index 6to4 tunnel DHCPv6 static prefix allocation, 141 configuration, 161, 162 IP addresses (DHCP), 21 IPv6/IPv4 tunneling, 153 anycast address IPv6 address, 1 14 applying DHCP address pool on interface, 38 IPv6 address configuration, 121 configuring DHCP relay agent IP address release, IPv6 ND configuration, 122 application environment creating DHCP pool, 30...

  • Page 204

    automatic address allocation (DHCP), 21 DDNS, 93, 94, 97, 98 BIMS server information (DHCP client), 35 DDNS policy, 94 BOOTP DHCP address pool static binding, 32 DHCP message format, 23 DHCP basic snooping, 63, 68 DHCP server ignore BOOTP requests configuration, DHCP client BIMS server information, 35 DHCP client DNS server, 34 DHCP server send BOOTP responses configuration,...

  • Page 205

    IPv6 basic settings, 1 12, 1 19, 130 application, 93 IPv6 DNS, 86 applying policy to interface, 96 IPv6 DNS client, 77 client, 93 IPv6 DNS dynamic domain name resolution, 78, displaying, 97 policy configuration, 94 IPv6 DNS proxy, 91 server, 93 IPv6 DNS static domain name resolution, 77, 86 delivery header...

  • Page 206

    client domain name suffix configuration, 34 Option 67, 24 client gateway configuration, 33 Option 82 snooping support, 62 configuring address pool static binding, 32 options, 24 configuring client BIMS server information, 35 overview, 21 configuring client NetBIOS node type, 34 protocols and standards, 26 configuring client WINS server, 34 relay agent configuration, 48, 49, 54...

  • Page 207

    dynamic IPv6 address assignment configuration, configuring IPv6 DNS dynamic domain name resolution, 78 dynamic IPv6 prefix assignment configuration, 147 configuring IPv6 DNS static domain name dynamic prefix allocation, 141 resolution, 77 IA, 140 DDNS application, 93 IAID, 140 DDNS configuration, 93, 94, 97, 98 IPv6 address assignment, 139 DDNS policy configuration, 94 IPv6 address/prefix allocation sequence, 142...

  • Page 208

    address allocation process (DHCP), 22 common proxy ARP enable, 12 ARP entry, 4, 5 DHCP basic snooping configuration, 68 ARP table entry, 2 DHCP server address pool configuration, 29 configuring IPv4 dynamic domain name resolution, DHCP server configuration, 27, 29, 41 DHCP snooping configuration, 68 configuring IPv6 dynamic domain name resolution, gratuitous ARP configuration, 10...

  • Page 209

    fragment forwarding, 108 implementing gateway configuration (DHCP client), 33 IPv4/IPv4 tunnels, 154 gratuitous ARP IPv4/IPv6 tunnels, 155 configuration, 10 IPv6/IPv4 tunnels, 152 packet learning, 10 IPv6/IPv6 tunnels, 156 periodic packet send, 10 interface MTU, 126 GRE. See also tunneling IP addressing Configuring tunnel, 178 address classes, 15 IPv6 tunneling, 153...

  • Page 210

    IPv6 ICMPv6 destination unreachable message, FIB table entries, 100 IP performance optimization IPv6 ICMPv6 packet send, 127 configuration, 102 IPv6 ICMPv6 redirect message, 129 directed broadcast receive/forward configuration, IPv6 ICMPv6 time exceeded message, 128 IPv6 interface address assignment, 1 19 directed broadcast receive/forward enable, 102 IPv6 interface MTU configuration, 126 displaying, 108...

  • Page 211

    DHCP server dynamic address assignment automatic IPv4-compatible tunneling, 153 configuration, 43 basic settings configuration, 1 12, 1 19, 130 DHCP server on interface enable, 38 DHCPv6 address assignment, 139, 143 DHCP server static address assignment DHCPv6 address pool, 141 configuration, 42 DHCPv6 address pool selection, 141 DHCP server user class configuration, 44 DHCPv6 address/prefix allocation sequence, 142...

  • Page 212

    multicast echo request reply, 127 lease extension (DHCP IP address), 22 ND configuration, 122 link-local ND duplicate address detection, 1 17 IPv6 interface link-local address automatic ND hop limit, 123 generation configuration, 121 ND link-local entry minimization, 123 IPv6 link-local address configuration, 120 ND max number dynamically learned neighbors IPv6 manual...

  • Page 213

    ARP snooping configuration, 14 ARP table, 2 common proxy ARP configuration, 13 common proxy ARP enable, 12 common proxy ARP enable, 12 configuring DHCP address pool static binding, 32 DHCPv6 assignment (4 messages), 136 configuring DHCPv6 server on interface, 146 DHCPv6 rapid assignment (2 messages), 136 DHCP address assignment, 27 gratuitous ARP configuration, 10...

  • Page 214

    DHCP voice client Option 184 parameter IPv6 multicast echo request reply, 127 configuration, 36 IPv6 ND configuration, 122 DHCP-REQUEST message attack protection, 66 IPv6 ND duplicate address detection, 1 17 DHCPv6 address pool, 141 IPv6 ND hop limit, 123 DHCPv6 address pool selection, 141 IPv6 ND link-local entry minimization, 123 DHCPv6 address/prefix assignment, 136 IPv6 ND max number dynamically learned...

  • Page 215

    DHCP server configuration, 27, 29, 41 Option 43 (DHCP), 24 DHCP server dynamic IP address assignment Option 51 (DHCP), 24 configuration, 43 Option 53 (DHCP), 24 DHCP server static IP address assignment Option 55 (DHCP), 24 configuration, 42 Option 6 (DHCP), 24 DHCP server user class configuration, 44 Option 60 (DHCP), 24 DHCP snooping configuration, 63, 68...

  • Page 216

    IPv6 ND protocol, 1 15 configuring common proxy ARP, 13 IPv6 ND protocol address resolution, 1 16 configuring DDNS, 94 IPv6 ND redirection, 1 17 configuring DDNS policy, 94 IPv6 ND stale state entry aging timer configuration, configuring DHCP address pool static binding, 32 configuring DHCP basic snooping, 63, 68 IPv6 ND static neighbor entry configuration, 122 configuring DHCP client BIMS server information,...

  • Page 217

    configuring gratuitous ARP, 10 configuring IPv6 RA message parameters, 124 configuring IP addressing, 18 configuring IPv6 static path MTU, 127 configuring IP performance optimization directed configuring IPv6/IPv4 manual tunnel, 158, 159 broadcast receive/forward, 102 configuring IPv6/IPv6 tunnel, 173, 175 configuring IP performance optimization interface configuring ISATAP tunnel, 164, 165 MTU, 103 configuring max number ARP dynamic entries, 4...

  • Page 218

    enabling IPv6 ICMPv6 destination unreachable redirection message send, 128 IPv6 ND, 1 17 enabling IPv6 ICMPv6 redirect message send, 129 redirect message, 129 enabling IPv6 ICMPv6 time exceeded message relay agent send, 128 configuration, 48, 49, 54 enabling IPv6 multicast echo request reply, 127 configuring DHCP Option 82, 53 enabling local proxy ARP, 12 configuring IP address release, 52...

  • Page 219

    DHCP relay agent dynamic relay entry periodic configuring DHCP snooping Option 82, 64 refresh, 51 DHCP basic configuration, 63, 68 DHCP relay agent relay entry recording enable, DHCP configuration, 63, 68 DHCP Option 82 support, 62 DHCP relay agent security function configuration, DHCP snooping Option 82 configuration, 69 displaying DHCP snooping, 67 DHCP snooping starvation attack protection, 66...

  • Page 220

    subnetting GRE tunneling, 153 IP addressing, 16 interface configuration, 157 suffix (DNS), 74 IPv4/IPv4 tunnel configuration, 167, 168 switch IPv4/IPv4 tunnels, 154 common proxy ARP configuration, 13 IPv4/IPv6 tunnel configuration, 170, 171 IPv4/IPv6 tunnels, 155 TCP SYN cookie enable, 105 IPv6 manual tunneling, 153 wait timer configuration, 105 IPv6/IPv4 manual tunnel configuration, 158, 159...

  • Page 221

    IPv6 DNS dynamic domain name resolution ISATAP tunnel configuration, 164, 165 configuration, 86 UDP helper configuration, 109, 1 10 IPv6 static domain name resolution VPN tunneling configuration, 152, 157 configuration, 86 Windows IPv6/IPv4 manual tunnel configuration, 158, 159 Internet Naming Service. Use WINS IPv6/IPv6 tunnel configuration, 173, 175 WINS server (DHCP client), 34...

This manual also for:

5900 series

Comments to this Manuals

Symbols: 0
Latest comments: