Page of 177
Download Table of ContentsContents Print This PagePrint Bookmark

HP 830 Series Configuration Manual

Poe+ unified wired-wlan switch switching engine.
Hide thumbs
HP 830 Series PoE+ Unified Wired-WLAN
Switch Switching Engine
Layer 3 Configuration Guide
Part number: 5998-3931
Software version: 3308P26
Document version: 6W101-20130628

Advertising

   Related Manuals for HP 830 Series

   Summary of Contents for HP 830 Series

  • Page 1

    HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine Layer 3 Configuration Guide Part number: 5998-3931 Software version: 3308P26 Document version: 6W101-20130628...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...

  • Page 3: Table Of Contents

    Contents Configuring ARP ··························································································································································· 1   Overview ············································································································································································ 1   ARP message format ················································································································································ 1   ARP operation ··························································································································································· 1   ARP table ··································································································································································· 2   Configuring a static ARP entry ········································································································································· 3   Configuring the maximum number of dynamic ARP entries for an interface ······························································ 4  ...

  • Page 4: Table Of Contents

    Configuring DNS servers for the client ··············································································································· 25   Configuring WINS servers and NetBIOS node type for the client ·································································· 26   Configuring BIMS server information for the client ···························································································· 26   Configuring gateways for the client ···················································································································· 27   Configuring Option 184 parameters for the client with voice service ····························································...

  • Page 5: Table Of Contents

    Solution ··································································································································································· 49   Configuring DHCP client ··········································································································································· 50   Introduction to DHCP client ··········································································································································· 50   Enabling the DHCP client on an interface ··················································································································· 50   Displaying and maintaining the DHCP client ·············································································································· 50   DHCP client configuration example ····························································································································· 51  ...

  • Page 6: Table Of Contents

    Configuring IPv6 DNS ··············································································································································· 76   Configuring the IPv6 DNS client ·································································································································· 76   Configuring static domain name resolution ········································································································ 76   Configuring dynamic domain name resolution ·································································································· 76   Displaying and maintaining IPv6 DNS ························································································································ 77   IPv6 DNS configuration examples ······························································································································· 77  ...

  • Page 7: Table Of Contents

    Configuring ND snooping ·································································································································· 109   Configuring path MTU discovery ······························································································································· 110   Configuring a static path MTU for a specific IPv6 address ············································································ 110   Configuring the aging time for dynamic path MTUs ······················································································· 110   Configuring IPv6 TCP properties ································································································································ 111  ...

  • Page 8: Table Of Contents

      Configure RIPng basic functions ························································································································ 158   Configuring RIPng route redistribution ·············································································································· 160   Support and other resources ·································································································································· 164   Contacting HP ······························································································································································ 164   Subscription service ············································································································································ 164   Related information ······················································································································································ 164   Documents ···························································································································································· 164...

  • Page 9

    Websites ······························································································································································· 164   Conventions ·································································································································································· 165   Index ········································································································································································ 167  ...

  • Page 10: Configuring Arp, Arp Message Format

    Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into physical addresses such as MAC addresses. On an Ethernet LAN, a device uses ARP to get the MAC address of the target device for a packet. ARP message format ARP uses two types of messages, ARP request and ARP reply.

  • Page 11: Arp Table

    If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request comprises the following information: Sender IP address and sender MAC address—Host A's IP address and MAC address Target IP address—Host B's IP address Target MAC address—An all-zero MAC address All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)

  • Page 12: Configuring A Static Arp Entry

    Static ARP entry A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten by a dynamic ARP entry. Static ARP entries protect communication between devices, because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. Static ARP entries can be classified into long and short ARP entries.

  • Page 13: Configuring The Maximum Number Of Dynamic Arp Entries For An Interface

    Configuring the maximum number of dynamic ARP entries for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. By default, a Layer 2 interface does not limit the number of dynamic ARP Set the maximum number of dynamic entries.

  • Page 14: Displaying And Maintaining Arp

    Step Command Remarks Optional. Enable dynamic ARP entry check. arp check enable Enabled by default. Displaying and maintaining ARP CAUTION: Clearing ARP entries from the ARP table might cause communication failures. Task Command Remarks display arp [ [ all | dynamic | static ] [ slot slot-number ] | vlan vlan-id | interface Display ARP entries in the ARP interface-type interface-number ] [ count ] [ |...

  • Page 15: Configuration Procedure

    Figure 3 Network diagram Configuration procedure # Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk permit vlan 10 [Switch-GigabitEthernet1/0/1] quit # Create interface VLAN-interface 10 and configure its IP address.

  • Page 16: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device.

  • Page 17

    You can enable periodic sending of gratuitous ARP packets on a maximum of 1024 interfaces. • • Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface goes up and an IP address has been assigned to the interface. If you change the interval for sending gratuitous ARP packets, the configuration is effective at the •...

  • Page 18: Configuring Ip Addressing, Ip Address Classes

    Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) is beyond the scope of this chapter. Overview This section describes the IP addressing basics. IP addressing uses a 32-bit address to identify each host on a network. To make addresses easier to read, they are written in dotted decimal notation, each address being four octets in length.

  • Page 19: Subnetting And Masking

    Class Address range Remarks 224.0.0.0 to Multicast addresses. 239.255.255.255 240.0.0.0 to Reserved for future use except for the broadcast address 255.255.255.255 255.255.255.255. Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses. IP address with an all-zero net ID—Identifies a host on the local network.

  • Page 20: Assigning An Ip Address To An Interface, Displaying And Maintaining Ip Addressing

    Assigning an IP address to an interface You can assign an interface one primary address and multiple secondary addresses. Generally, you only need to assign the primary address to an interface. In some cases, you must assign secondary IP addresses to the interface. For example, if the interface connects to two subnets, to enable the device to communicate with all hosts on the LAN, assign a primary IP address and a secondary IP address to the interface.

  • Page 21: Dhcp Overview, Dhcp Address Allocation, Allocation Mechanisms, Dynamic Ip Address Allocation Process

    DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. As shown in Figure 1, DHCP client can obtain an IP address and other configuration parameters from a DHCP server on another subnet through a DHCP relay agent. For more information about the DHCP relay agent, see "Configuring the DHCP relay agent."...

  • Page 22: Ip Address Lease Extension

    Figure 7 Dynamic IP address allocation process The dynamic IP address allocation process uses the following steps: The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message.

  • Page 23: Dhcp Message Format

    DHCP message format Figure 8 shows the DHCP message format, which is based on the BOOTP message format although DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 8 DHCP message format op—Message type defined in option field.

  • Page 24: Dhcp Options

    DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for dynamic address allocation and to provide additional configuration information to clients. Figure 9 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.

  • Page 25

    Auto-Configuration Server (ACS) parameters, including the ACS URL, username, and password. • • Service provider identifier, which is acquired by the Customer Premises Equipment (CPE) from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters. Preboot Execution Environment (PXE) server address, which is used to obtain the bootfile or other •...

  • Page 26

    Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.

  • Page 27

    Figure 15 Sub-option 1 in verbose padding format Sub-option 2—Contains the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client's request. It has the same format as that in normal padding format. See Figure •...

  • Page 28: Protocols And Standards

    Figure 19 Sub-option 1 in standard padding format Sub-option 2—Contains the MAC address of the DHCP snooping device that received the client's request. The value of the sub-option type is 2, and that of the remote ID type is 0. It has the same format as sub-option 2 in normal padding format.

  • Page 29: Configuring The Dhcp Server, Dhcp Address Pool

    Configuring the DHCP server The DHCP server configuration is supported only on VLAN interfaces and loopback interfaces. The subaddress pool configuration is not supported on loopback interfaces. Overview The DHCP server is well suited to networks where: Manual configuration and centralized management are difficult to implement. •...

  • Page 30: Ip Address Allocation Sequence, Dhcp Server Configuration Task List

    If the receiving interface has an extended address pool referenced, the DHCP server assigns an IP address from this address pool. If no IP address is available in the address pool, the DHCP server fails to assign an address to the client. For the configuration of such an address pool, see "Configuring dynamic address allocation for an extended address pool."...

  • Page 31: Configuration Task List, Creating A Dhcp Address Pool

    Task Remarks Configuring the DHCP server security functions Optional. Enabling handling of Option 82 Optional. Specifying the threshold for sending trap messages Optional. Configuring an address pool on the DHCP server Configuration task list Task Remarks Creating a DHCP address pool Required.

  • Page 32: Configuring Address Allocation Mode For A Common Address Pool

    Configuring address allocation mode for a common address pool CAUTION: You can configure either a static binding or dynamic address allocation for a common address pool, but not both. You need to specify a subnet for dynamic address allocation. A static binding is a special address pool containing only one IP address.

  • Page 33: Configuring Dynamic Address Allocation For An Extended Address Pool

    Step Command Remarks Optional. Specify the lease duration for the expired { day day [ hour hour By default, the lease duration IP address. [ minute minute ] ] | unlimited } of the IP address is unlimited. Configuring dynamic address allocation For dynamic address allocation, you must configure a DHCP address pool, specify one and only one address range for the pool, and specify the lease duration.

  • Page 34: Configuring A Domain Name Suffix For The Client, Configuring Dns Servers For The Client

    After the assignable IP address range and the mask are specified, the address pool becomes valid. To configure dynamic address allocation for an extended address pool: Step Command Remarks Enter system view. system-view Enter extended address pool dhcp server ip-pool pool-name view.

  • Page 35: Configuring Wins Servers And Netbios Node Type For The Client

    Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] No DNS server is specified by Specify DNS servers. dns-list ip-address&<1-8> default. Configuring WINS servers and NetBIOS node type for the client A Microsoft DHCP client using NetBIOS protocol must contact a Windows Internet Naming Service (WINS) server for name resolution.

  • Page 36: Configuring Gateways For The Client

    Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] Specify the BIMS server IP bims-server ip ip-address [ port No BIMS server information is address, port number, and port-number ] sharekey key specified by default. shared key.

  • Page 37: Configuring The Tftp Server And Bootfile Name For The Client

    Configuring the TFTP server and bootfile name for the client For the DHCP server to support client auto-configuration, specify the IP address or name of a TFTP server and the bootfile name in the DHCP address pool. You do not need to perform any configuration on the DHCP client.

  • Page 38: Enabling Dhcp

    Step Command Remarks Enter system view. system-view Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] option code { ascii ascii-string | Configure a self-defined No self-defined DHCP option is hex hex-string&<1-16> | DHCP option. configured by default. ip-address ip-address&<1-8>...

  • Page 39

    If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of • whether the subaddress keyword is used, selects an IP address from the address pool containing the primary IP address of the DHCP relay agent's interface (connected to the client) for a requesting client.

  • Page 40: Configuring The Dhcp Server Security Functions, Configuring Ip Address Conflict Detection

    Step Command Remarks Optional. By default, the DHCP server has no Apply an extended address dhcp server apply ip-pool extended address pool applied on its pool on the interface. pool-name interface, and assigns an IP address from a common address pool to a requesting client.

  • Page 41: Enabling Handling Of Option 82

    Step Command Remarks Optional. Specify the maximum number of dhcp server ping packets The default setting is one. ping packets to be sent for number The value 0 disables IP address conflict conflict detection. detection. Optional. dhcp server ping timeout The default setting is 500 ms.

  • Page 42: Displaying And Maintaining The Dhcp Server

    Configuration procedure A DHCP server sends trap messages to the network management server when one of the following items reaches the specified threshold: The ratio of successfully allocated IP addresses to received DHCP requests • • The average IP address use of the address pool The maximum IP address use of the address pool •...

  • Page 43: Dhcp Server Configuration Examples

    Task Command Remarks Clear information about IP address Available in user reset dhcp server conflict { all | ip ip-address } conflicts. view. Clear information about dynamic reset dhcp server ip-in-use { all | ip Available in user bindings. ip-address | pool [ pool-name ] } view.

  • Page 44: Dynamic Ip Address Assignment Configuration Example

    10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, HP recommends that the number of DHCP clients that apply for IP addresses through VLAN-interface 1 should be no more than 122, and that through VLAN-interface 2 should be no more...

  • Page 45

    Figure 21 Network diagram Configuration procedure Specify IP addresses for VLAN interfaces. (Details not shown.) Configure the DHCP server: # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 1 and VLAN-interface 2. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select server global-pool [SwitchA-Vlan-interface1] quit [SwitchA] interface vlan-interface 2...

  • Page 46: Self-defined Option Configuration Example

    [SwitchA] dhcp server ip-pool 2 [SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Verifying the configuration After the preceding configuration is complete, clients on networks 10.1.1.0/25 and 10.1.1.128/25 can obtain correct IP addresses and other network parameters from Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients.

  • Page 47: Troubleshooting Dhcp Server Configuration

    Verifying the configuration After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and the PXE server addresses from the Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients. Troubleshooting DHCP server configuration Symptom A client's IP address obtained from the DHCP server conflicts with another IP address.

  • Page 48: Configuring The Dhcp Relay Agent

    Configuring the DHCP relay agent The DHCP relay agent configuration is supported only on VLAN interfaces. Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet, centralizes management, and reduces investment.

  • Page 49: Dhcp Relay Agent Support For Option 82, Dhcp Relay Agent Configuration Task List

    After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode. Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters in a response to the relay agent, and the relay agent conveys it to the client.

  • Page 50: Enabling The Dhcp Relay Agent On An Interface

    Task Remarks Configuring the DHCP relay agent security functions Optional. Enabling client offline detection Optional. Configuring the DHCP relay agent to release an IP address Optional. Configuring the DHCP relay agent to handle Option 82 Optional. Enabling DHCP Enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command...

  • Page 51: Configuring The Dhcp Relay Agent Security Functions

    You can specify up to 20 DHCP server groups on the relay agent. • • You can specify up to eight DHCP server addresses for each DHCP server group. The IP addresses of DHCP servers and those of relay agent's interfaces that connect DHCP clients •...

  • Page 52: Configuring Periodic Refresh Of Dynamic Client Entries

    The dhcp relay address-check enable command only checks IP and MAC addresses but not • interfaces. When using the dhcp relay security static command to bind an interface to a static binding entry, • make sure the interface is configured as a DHCP relay agent. Otherwise, address entry conflicts may occur.

  • Page 53: Enabling Dhcp Starvation Attack Protection

    With unauthorized DHCP servers detection enabled, the DHCP relay agent checks whether a request contains Option 54 (Server Identifier Option). If yes, the DHCP relay agent records in the option the IP address of the DHCP server that assigned an IP address to a requesting DHCP client, and records the receiving interface.

  • Page 54: Enabling Client Offline Detection

    Enabling client offline detection With this feature enabled, the DHCP relay agent considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and sends a DHCP-RELEASE message to the DHCP server to release the IP address of the client.

  • Page 55

    To support Option 82, you must perform related configurations on both the DHCP server and relay agent. For more information about DHCP server configuration, see "Configuring the DHCP server." If the handling strategy of the DHCP relay agent is configured as replace, you must configure a padding format for Option 82.

  • Page 56: Dhcp Relay Agent Configuration Example

    Displaying and maintaining the DHCP relay agent Task Command Remarks Display information about DHCP server display dhcp relay { all | interface Available in any groups correlated to a specific or all interface-type interface-number } [ | { begin view. interfaces.

  • Page 57: Dhcp Relay Agent Option 82 Support Configuration Example

    Figure 25 Network diagram DHCP client DHCP client Vlan-int1 Vlan-int2 10.10.1.1/24 10.1.1.2/24 Vlan-int2 10.1.1.1/24 Switch A Switch B DHCP relay agent DHCP server DHCP client DHCP client Configuration procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <SwitchA>...

  • Page 58: Troubleshooting Dhcp Relay Agent Configuration

    # Add DHCP server 10.1.1.1 into DHCP server group 1. [SwitchA] dhcp relay server-group 1 ip 10.1.1.1 # Enable the DHCP relay agent on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1. [SwitchA-Vlan-interface1] dhcp relay server-select 1 # Enable the DHCP relay agent to support Option 82, and perform Option 82-related configurations.

  • Page 59: Configuring Dhcp Client, Introduction To Dhcp Client, Enabling The Dhcp Client On An Interface

    Configuring DHCP client The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be a Windows Server 2000 or Windows Server 2003. Introduction to DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters such as an IP address from the DHCP server.

  • Page 60: Dhcp Client Configuration Example

    DHCP client configuration example Network requirements As shown in Figure 27, on a LAN, Switch B contacts the DHCP server via VLAN-interface 2 to obtain an IP address, DNS server address, and static route information. The DHCP client IP address resides on network 10.1.1.0/24.

  • Page 61: Verifying The Configuration

    [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] expired day 10 [SwitchA-dhcp-pool-0] dns-list 20.1.1.1 [SwitchA-dhcp-pool-0] option 121 hex 18 14 01 01 0A 01 01 02 Configure Switch B: # Enable the DHCP client on VLAN-interface 2. <SwitchB>...

  • Page 62: Configuring Dhcp Snooping

    Configuring DHCP snooping A DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. Overview DHCP snooping defines trusted and untrusted ports to make sure that clients obtain IP addresses only from authorized DHCP servers.

  • Page 63: Dhcp Snooping Support For Option

    DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the DHCP client for security control and accounting purposes. For more information, see "Configuring the DHCP relay agent." If DHCP snooping supports Option 82, it handles clients' requests according to Option 82, if any. Table describes the handling strategies.

  • Page 64: Dhcp Snooping Configuration Task List, Configuring Dhcp Snooping Basic Functions

    If a DHCP request Handling Padding format The DHCP snooping device… has… strategy Forwards the message after adding the Option normal 82 padded in normal format. Forwards the message after adding Option 82 private padded in private format. Forwards the message after adding Option 82 no Option 82 standard padded in standard format.

  • Page 65: Configuring Dhcp Snooping To Support Option

    Step Command Remarks interface interface-type The interface connects to the DHCP Enter Ethernet interface view. interface-number server. Optional. Specify the port as a trusted dhcp-snooping trust port that does not record the After DHCP snooping is enabled, a no-user-binding IP-to-MAC bindings of clients. port is an untrusted port by default.

  • Page 66: Configuring Dhcp Snooping Entries Backup

    Step Command Remarks • Configure the padding format Optional. for Option 82: By default: dhcp-snooping information • The padding format for Option format { normal | private 82 is normal. private | standard |verbose • The code type for the circuit ID [ node-identifier { mac | sub-option depends on the sysname | user-defined...

  • Page 67

    Step Command Remarks Optional. Back up DHCP snooping entries to dhcp-snooping binding DHCP snooping entries are stored to the file. database update now the file each time this command is used. Optional. dhcp-snooping binding Set the interval at which the DHCP database update interval By default, the file is not refreshed snooping entry file is refreshed.

  • Page 68: Displaying And Maintaining Dhcp Snooping

    To prevent such attacks, you can enable DHCP-REQUEST message check on DHCP snooping devices. This feature uses DHCP snooping entries to check incoming DHCP-REQUEST messages. If a matching entry is found for a message, the DHCP snooping device compares the entry with the •...

  • Page 69: Dhcp Snooping Configuration Example

    DHCP snooping configuration example Network requirements As shown in Figure 29, perform configurations on Switch B to achieve the following purposes: The port connected to the DHCP server can forward responses from the server, but the other ports • cannot forward responses from any DHCP server. •...

  • Page 70

    Configuration procedure # Enable DHCP snooping. <SwitchB> system-view [SwitchB] dhcp-snooping # Specify GigabitEthernet 1/0/1 as trusted. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 to support Option 82. [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information strategy replace [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information circuit-id string company001 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information remote-id string device001...

  • Page 71: Bootp Application, Obtaining An Ip Address Dynamically

    Configuring BOOTP client BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server.

  • Page 72: Bootp Client Configuration Example

    Configuring an interface to dynamically obtain an IP address through BOOTP Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Configure an interface to By default, an interface does not dynamically obtain an IP address ip address bootp-alloc use BOOTP to obtain an IP through BOOTP.

  • Page 73: Static Domain Name Resolution, Dynamic Domain Name Resolution

    Configuring IPv4 DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. DNS services can be static or dynamic.

  • Page 74: Dns Proxy

    The DNS client comprises the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store the latest mappings between domain names and IP addresses in the dynamic domain name cache.

  • Page 75: Dns Spoofing

    Figure 31 DNS proxy networking application A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution table after receiving the request.

  • Page 76: Configuring The Ipv4 Dns Client

    The device serves as a DNS proxy and is specified as a DNS server on the hosts. After the dial-up • connection is established through the dial-up interface, the device dynamically obtains the DNS server address through DHCP or other autoconfiguration mechanisms. Without DNS spoofing enabled, the device forwards the DNS requests received from the hosts to the DNS server, if it cannot find a match in the local domain name resolution table.

  • Page 77: Configuring Dynamic Domain Name Resolution

    Step Command Remarks Not configured by default. The IPv4 address you last assign to the host Configure a mapping name overwrites the previous one if there is between a host name ip host hostname ip-address any. and an IPv4 address. You may create up to 50 static mappings between domain names and IPv4 addresses.

  • Page 78: Configuring The Dns Proxy

    Configuring the DNS proxy You can specify multiple DNS servers by using the dns server command repeatedly. Upon receiving a name query request from a client, the DNS proxy forwards the request to the DNS server that has the highest priority. If the DNS proxy does not receive a reply, it forwards the request to a DNS server that has the second highest priority.

  • Page 79: Static Domain Name Resolution Configuration Example

    Task Command Remarks Clear information about the reset dns host ip Available in user view. dynamic IPv4 domain name cache. IPv4 DNS configuration examples Static domain name resolution configuration example Network requirements As shown in Figure 33, the device wants to access the host by using an easy-to-remember domain name rather than an IP address.

  • Page 80: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 34, the device wants to access the host by using an easy-to-remember domain name rather than an IP address, and to request the DNS server on the network for an IP address by using dynamic domain name resolution.

  • Page 81

    Figure 35 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 36 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.

  • Page 82

    Figure 37 Adding a mapping between domain name and IP address Configure the DNS client: # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the...

  • Page 83: Dns Proxy Configuration Example

    DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.

  • Page 84: Troubleshooting Ipv4 Dns Configuration

    # Specify the DNS server 2.1.1.2. [DeviceB] dns server 2.1.1.2 Verifying the configuration # Execute the ping host.com command on Device B to verify that the communication between the device and the host is normal and that the corresponding destination IP address is 3.1.1.1. [DeviceB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)

  • Page 85: Configuring Ipv6 Dns

    Configuring IPv6 DNS IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like IPv4 DNS, IPv6 DNS includes static domain name resolution and dynamic domain name resolution. The functions and implementations of the two types of domain name resolution are the same as those of IPv4 DNS.

  • Page 86: Displaying And Maintaining Ipv6 Dns

    Step Command Remarks Enable dynamic domain dns resolve Disabled by default. name resolution. Not specified by default. dns server ipv6 ipv6-address If the IPv6 address of a DNS server is a Specify a DNS server. [ interface-type link-local address, you need to specify the interface-number ] interface-type and interface-number arguments.

  • Page 87

    Configuration procedure # Configure a mapping between host name host.com and IPv6 address 1::2. <Device> system-view [Device] ipv6 host host.com 1::2 # Enable IPv6 packet forwarding. [Device] ipv6 # Use the ping ipv6 host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IPv6 address 1::2.

  • Page 88

    Figure 40 Network diagram Configuration procedure Before performing the following configuration, make sure the device and the host are accessible to each other through available routes, and the IPv6 addresses of the interfaces are configured as shown Figure This configuration may vary with DNS servers. The following configuration is performed on a PC running Windows Server 2003.

  • Page 89

    Figure 42 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type. Click Create Record.

  • Page 90

    Figure 43 Selecting the resource record type On the page that appears, enter host name host and IPv6 address 1::1, and then click OK. The system creates mapping between the host name and the IPv6 address.

  • Page 91

    Figure 44 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Enable dynamic domain name resolution. <Device> system-view [Device] dns resolve # Specify the DNS server 2::2. [Device] dns server ipv6 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device...

  • Page 92

    bytes=56 Sequence=2 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=3 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=4 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=5 hop limit=126 time = 1 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...

  • Page 93: Optimizing Ip Performance

    Optimizing IP performance This chapter describes multiple features for IP performance optimization. Enabling receiving and forwarding of directed broadcasts to a directly connected network A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all If a device is allowed to forward directed broadcasts to a directly-connected network, hackers can exploit this vulnerability to attack the target network.

  • Page 94

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable the interface to forward ip forward-broadcast [ acl Disabled by default. directed broadcasts. acl-number ] Receiving and forwarding directed broadcasts configuration example) Network requirements As shown in Figure 45, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of Switch A.

  • Page 95: Configuring Tcp Attributes

    After the configurations, if you ping the subnet broadcast address (2.2.2.255) of VLAN-interface 2 of Switch A on the host, the ping packets can be received by VLAN-interface 2 of Switch B. However, if you disable the ip forward-broadcast command, the ping packets cannot be received by the VLAN-interface 2 of Switch B.

  • Page 96: Configuring Icmp To Send Error Packet

    Configuring ICMP to send error packet Sending error packets is a major function of ICMP. Error packets are usually sent by the network or transport layer protocols to notify the source device of network failures or errors. Advantages of sending ICMP error packets ICMP error packets include redirect, timeout, and destination unreachable packets.

  • Page 97: Displaying And Maintaining Ip Performance

    Disadvantages of sending ICMP error packets Sending ICMP error packets facilitates network control and management, but it has the following disadvantages: Sending a lot of ICMP packets increases network traffic. • • A device's performance degrades if it receives a lot of malicious packets that cause it to respond with ICMP error packets.

  • Page 98

    Task Command Remarks display ip socket [ socktype sock-type ] [ task-id socket-id ] [ slot slot-number ] [ | Display socket information. Available in any view. { begin | exclude | include } regular-expression ] display fib ip-address [ mask | mask-length ] Display FIN information matching [ | { begin | exclude | include } Available in any view.

  • Page 99: Configuring Udp Helper

    Configuring UDP helper UDP helper can be configured only on VLAN interfaces. Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.

  • Page 100: Displaying And Maintaining Udp Helper, Udp Helper Configuration Example

    Step Command Remarks interface interface-type Enter interface view. interface-number No destination server is Specify a destination server. udp-helper server ip-address specified by default. Displaying and maintaining UDP helper Task Command Remarks display udp-helper server [ interface Display information about packets interface-type interface-number ] [ | { begin Available in any view.

  • Page 101

    [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1...

  • Page 102: Ipv6 Features

    Configuring IPv6 basics Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.

  • Page 103: Ipv6 Addresses

    Stateful address autoconfiguration enables a host to acquire an IPv6 address and other • configuration information from a server (for example, a DHCP server). Stateless address autoconfiguration enables a host to generate an IPv6 address and other • configuration information automatically by using its link-layer address and the prefix information advertised by a router.

  • Page 104

    An IPv6 address prefix is written in IPv6-address/prefix-length notation, where the IPv6-address is represented in any of the formats previously mentioned and the prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address comprises the address prefix. IPv6 address types IPv6 addresses fall into the following types: Unicast address—Identifier for a single interface, similar to an IPv4 unicast address.

  • Page 105

    An unspecified address is 0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before • acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address. Multicast addresses IPv6 multicast addresses listed in Table 6...

  • Page 106: Ipv6 Neighbor Discovery Protocol

    The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For more information about tunnels, see "Configuring tunneling."...

  • Page 107

    Figure 49 Address resolution The address resolution operates as follows: Host A multicasts an NS message. The source address of the NS message is the IPv6 address of the sending interface of Host A. The destination address is the solicited-node multicast address of Host B.

  • Page 108: Ipv6 Path Mtu Discovery

    Host A learns that the IPv6 address is being used by Host B after receiving the NA message from Host B. If Host A does not get any NA message, Host A decides that the IPv6 address is not in use, and uses this address.

  • Page 109: Ipv6 Transition Technologies

    Figure 51 Path MTU discovery process The source host compares its MTU with the packet to be sent, performs necessary fragmentation, and sends the resulting packet to the destination host. If the MTU supported by a forwarding interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host.

  • Page 110: Ipv6 Basics Configuration Task List

    The switching engine on the HP 830 Series PoE+ Unified Wired-WLAN switch does not support tunneling and NAT-PT. Protocols and standards Protocols and standards related to IPv6 include: RFC 1881, IPv6 Address Allocation Management • • RFC 1887, An Architecture for IPv6 Unicast Address Allocation RFC 1981, Path MTU Discovery for IP version 6 •...

  • Page 111: Configuring Basic Ipv6 Functions

    Task Remarks Configuring the maximum ICMPv6 error packets sent Optional. in an interval Enabling replying to multicast echo requests Optional. Configuring ICMPv6 packet sending Enabling sending ICMPv6 time exceeded messages Optional. Enabling sending ICMPv6 destination unreachable Optional. messages Configuring basic IPv6 functions Enabling IPv6 Enable IPv6 before you perform any IPv6-related configuration.

  • Page 112: Manual Configuration

    Step Command Remarks Configure the interface to ipv6 address By default, no IPv6 global unicast generate an EUI-64 IPv6 ipv6-address/prefix-length eui-64 address is configured on an interface. address. Manual configuration To specify an IPv6 address manually for an interface: Step Command Remarks Enter system view.

  • Page 113: Configure An Ipv6 Anycast Address

    If you delete the manually assigned address, the automatically generated link-local address is validated. To configure automatic generation of an IPv6 link-local address for an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Configure the interface By default, no link-local address is to generate an IPv6...

  • Page 114: Configuring A Static Neighbor Entry

    Step Command Remarks Optional. Configure an IPv6 anycast ipv6 address By default, no IPv6 anycast address. ipv6-address/prefix-length anycast address is configured on an interface. Configuring IPv6 ND Configuring a static neighbor entry You can resolve the IPv6 address of a neighboring node into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.

  • Page 115: Configuring Parameters Related To Ra Messages

    Step Command Remarks Optional. Configure the maximum By default, a Layer 2 interface does number of neighbors that can ipv6 neighbors max-learning-num not limit the number of neighbors be learned dynamically by an number dynamically learned. A Layer 3 interface. interface can dynamically learn a maximum of 256 neighbors.

  • Page 116

    Enabling sending of RA messages Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Disable RA message undo ipv6 nd ra halt By default, RA messages are suppressed. suppression. Optional. By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds.

  • Page 117: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    Step Command Remarks Optional. By default, the O flag bit is set to 0 and Set the O flag bit to 1. ipv6 nd autoconfig other-flag hosts acquire other configuration information through stateless autoconfiguration. Optional. Configure the router ipv6 nd ra router-lifetime value lifetime in RA messages.

  • Page 118: Configuring Nd Snooping

    Configuring ND snooping The ND snooping feature is used in Layer 2 switching networks. You must enable ND snooping on a VLAN of a device, ND packets received by the interfaces of the VLAN are redirected to the CPU. When ND snooping is enabled globally, the CPU uses the ND packets to create or update ND snooping entries.

  • Page 119: Configuring Path Mtu Discovery

    Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Enable ND snooping. ipv6 nd snooping enable Disabled by default. Return to system view. quit Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional.

  • Page 120: Configuring Ipv6 Tcp Properties

    Configuring IPv6 TCP properties You can configure the following IPv6 TCP properties: synwait timer—When a SYN packet is sent, the synwait timer is triggered. If no response packet is • received before the synwait timer expires, the IPv6 TCP connection establishment fails. finwait timer—When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered.

  • Page 121: Configuring Icmpv6 Packet Sending

    Step Command Remarks • Configure load sharing based on the hash algorithm: Optional. ipv6 fib-loadbalance-type By default, load sharing based on hash-based Configure the IPv6 FIB polling is adopted and ECMP load sharing mode. • Configure load sharing based on routes are used in turn to forward polling: packets.

  • Page 122: Enabling Sending Icmpv6 Time Exceeded Messages

    To enable replying to multicast echo requests: Step Command Remarks Enter system view. system-view Enable replying to multicast ipv6 icmpv6 multicast-echo-reply The device is disabled from echo requests. enable replying to multicast echo requests. Enabling sending ICMPv6 time exceeded messages A device sends out an ICMPv6 Time Exceeded message in the following cases: •...

  • Page 123: Displaying And Maintaining Ipv6 Basics Configuration

    If an attacker sends abnormal traffic that causes the device to generate ICMPv6 destination unreachable messages, end users may be affected. To prevent such attacks, you can disable the device from sending ICMPv6 destination unreachable messages. To enable sending ICMPv6 destination unreachable messages: Step Command Remarks...

  • Page 124: Ipv6 Basics Configuration Example

    Task Command Remarks display ipv6 nd snooping [ ipv6-address | vlan Display ND snooping vlan-id ] [ | { begin | exclude | include } Available in any view. entries. regular-expression ] Clear FIB cache entries. reset ipv6 fibcache { slot-number | all } Available in user view.

  • Page 125

    # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default). [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ipv6 address 2001::1/64 [SwitchA-Vlan-interface1] undo ipv6 nd ra halt [SwitchA-Vlan-interface1] quit Configure Switch B: # Enable IPv6.

  • Page 126

    Verifying the configuration # Display the IPv6 interface settings on Switch A. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchA] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2 Global unicast address(es): 3001::1, subnet is 3001::/64...

  • Page 127

    [SwitchA] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF00:1 FF02::1:FF00:1C0 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds...

  • Page 128

    # Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es):...

  • Page 129: Troubleshooting Ipv6 Basics Configuration

    CAUTION: When you ping a link-local address, you should use the -i parameter to specify an interface for the link-local address. [SwitchB] ping ipv6 -c 1 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=1 hop limit=64 time = 2 ms --- 3001::1 ping statistics ---...

  • Page 130: Routing Table

    IP routing basics IP routing directs IP packet forwarding on routers based on a routing table. This book focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A router maintains at least two routing tables: a global routing table and a FIB. The FIB table contains only the optimal routes, and the global routing table contains all routes.

  • Page 131: Route Preference, Route Backup, Displaying And Maintaining A Routing Table

    NextHop—Next hop. • • Interface—Output interface. Route preference Routing protocols (including static and direct routing) each by default have a preference. If they find multiple routes to the same destination, the router selects the route with the highest preference as the optimal route.

  • Page 132

    Task Command Remarks display ip routing-table ip-address [ mask Display information about routes to | mask-length ] [ longer-match ] Available in any view. a specific destination address. [ verbose ] [ | { begin | exclude | include } regular-expression ] display ip routing-table ip-address1 Display information about routes to { mask | mask-length } ip-address2 { mask...

  • Page 133: Configuring Static Routing, Configuring A Static Route

    Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.

  • Page 134: Displaying And Maintaining Static Routes

    Displaying and maintaining static routes Task Command Remarks display ip routing-table protocol static [ inactive | Available in any Display static route information. verbose ] [ | { begin | exclude | include } view. regular-expression ] Basic static route configuration example Network requirements Configure static routes in Figure 53...

  • Page 135

    Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0...

  • Page 136

    Tracing route to 1.1.2.2 over a maximum of 30 hops <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.

  • Page 137: Configuring Ipv6 Static Routing

    Configuring IPv6 static routing Overview Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator has to modify the static routes manually.

  • Page 138: Ipv6 Static Routing Configuration Example

    IPv6 static routing configuration example Network requirements As shown in Figure 54, configure IPv6 static routes so that hosts can reach one another. Figure 54 Network diagram Configuration procedure Configure the IPv6 addresses for all VLAN interfaces. (Details not shown.) Configure IPv6 static routes: # Enable IPv6 and configure an IPv6 static route on Switch A.

  • Page 139

    Interface : Vlan-interface200 Cost Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : Direct NextHop : 1::1 Preference: 0 Interface : Vlan-interface100 Cost Destination: 1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0...

  • Page 140: Configuring Rip

    Configuring RIP Routing Information Protocol (RIP) is a distance-vector simple interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0.

  • Page 141: Rip Versions

    Split horizon—Disables RIP from sending routing information on the interface from which the • information was learned to prevent routing loops and save bandwidth. Poison reverse—Enables RIP to set the metric of routes received from a neighbor to 16 and sends •...

  • Page 142: Rip Configuration Task List, Enabling Rip

    RIP configuration task list Task Remarks Configuring basic RIP Required Configuring an additional routing metric Optional Configuring RIPv2 route summarization Optional Disabling host route reception Optional Configuring RIP route Advertising a default route Optional control Configuring inbound/outbound route filtering Optional Configuring a preference for RIP Optional Configuring RIP route redistribution...

  • Page 143: Configuring A Rip Version

    Step Command Remarks Enable RIP on the interface By default, RIP is disabled on attached to the specified network network-address interfaces. network. Configuring the interface behavior Step Command Remarks Enter system view. system-view Enter RIP view. rip [ process-id ] Disable the specified interface Optional.

  • Page 144: Configuring Rip Route Control

    Step Command Remarks Optional. By default, if an interface has an interface-specific RIP version, the version takes precedence over the global one. If no interface-specific Specify a global RIP version. version { 1 | 2 } RIP version is specified, the interface can send RIPv1 broadcasts, and receive RIPv1 broadcasts and unicasts, and...

  • Page 145: Configuring Ripv2 Route Summarization

    Step Command Remarks Optional. Specify an inbound rip metricin value additional routing metric. The default setting is 0. Optional. Specify an outbound rip metricout value additional routing metric. The default setting is 1. Configuring RIPv2 route summarization Perform this task to summarize contiguous subnets into a summary network and send the network to neighbors.

  • Page 146: Disabling Host Route Reception

    Step Command Remarks rip summary-address ip-address Configure a summary route. { mask | mask-length } Disabling host route reception Perform this task to disable RIPv2 from receiving host routes from the same network and save network resources. This feature does not apply to RIPv1. To disable RIP from receiving host routes: Step Command...

  • Page 147: Configuring Inbound/outbound Route Filtering

    Configuring inbound/outbound route filtering Perform this task to filter inbound and outbound routes by using an ACL or IP prefix list. You can also configure RIP to receive routes only from a specified neighbor. To configure route filtering: Step Command Remarks Enter system view.

  • Page 148: Configuring Rip Timers

    • The garbage-collect timer is 120s. update-value } * HP recommends that you not change the default values of these timers. Configuring split horizon and poison reverse The split horizon and poison reverse functions can prevent routing loops. If both split horizon and poison reverse are configured, only the poison reverse function takes effect.

  • Page 149: Configuring The Maximum Number Of Ecmp Routes

    To enable split horizon: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Enable split horizon. rip split-horizon By default, split horizon is enabled. Enabling poison reverse Poison reverse allows RIP to send routes through the interface where the routes were learned. The metric of these routes is always set to 16 (unreachable) to prevent routing loops between neighbors.

  • Page 150: Enabling Source Ip Address Check On Incoming Rip Updates, Configuring Ripv2 Message Authentication

    Step Command Remarks Enter system view. system-view Enter RIP view. rip [ process-id ] Optional. Enable zero field check on checkzero incoming RIPv1 messages. By default, this function is enabled. Enabling source IP address check on incoming RIP updates WARNING! Disable the source IP address check feature if the RIP neighbor is not directly connected.

  • Page 151: Specifying A Rip Neighbor

    Specifying a RIP neighbor Usually, RIP sends messages to broadcast or multicast addresses. On non-broadcast or multicast links, you must manually specify RIP neighbors. Follow these guidelines when you specify a RIP neighbor: • Do not use the peer ip-address command when the neighbor is directly connected. Otherwise, the neighbor might receive both the unicast and multicast (or broadcast) of the same routing information.

  • Page 152: Displaying And Maintaining Rip, Rip Configuration Examples, Configuring Rip Version

    Step Command Remarks Specify the interval for Optional. sending RIP packets and the By default, an interface sends up to maximum number of RIP output-delay time count count three RIP packets every 20 packets that can be sent at milliseconds. each interval.

  • Page 153

    Configure basic RIP: # Configure Switch A. [SwitchA] rip [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] network 172.16.0.0 [SwitchA-rip-1] network 172.17.0.0 [SwitchA-rip-1] quit # Configure Switch B. [SwitchB] rip [SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 [SwitchB-rip-1] quit # Display the RIP routing table on Switch A. [SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect...

  • Page 154: Configuring Rip Route Redistribution

    Configuring RIP route redistribution Network requirements As shown in Figure 56, Switch B communicates with Switch A through RIP 100 and with Switch C through RIP 200. Configure RIP 200 to redistribute direct routes and routes from RIP 100 on Switch B so Switch C can learn routes destined for 10.2.1.0/24 and 1 1.1.1.0/24.

  • Page 155

    [SwitchC-rip-200] version 2 [SwitchC-rip-200] undo summary [SwitchC-rip-200] quit # Display the IP routing table on Switch C. [SwitchC] display ip routing-table Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Cost NextHop Interface 12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1...

  • Page 156: Configuring An Additional Metric For A Rip Interface

    11.1.1.0/24 12.3.1.1 Vlan200 12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configuring an additional metric for a RIP interface Network requirements As shown in Figure...

  • Page 157: Troubleshooting Rip, No Rip Updates Received

    [SwitchC-rip-1] network 1.0.0.0 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary # Configure Switch D. <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 1.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary # Configure Switch E. <SwitchE> system-view [SwitchE] rip 1 [SwitchE-rip-1] network 1.0.0.0 [SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Display the IP routing table on Switch A.

  • Page 158: Route Oscillation Occurred

    Analysis After enabling RIP, use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end. Solution Use the display current-configuration command to verify RIP configuration.

  • Page 159: Configuring Ripng, Ripng Working Mechanism, Ripng Packet Format

    Configuring RIPng Overview RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: • UDP port number—RIPng uses UDP port 521 for sending and receiving routing information. Multicast address—RIPng uses FF02::9 as the link-local-router multicast address.

  • Page 160: Ripng Packet Processing Procedure

    Figure 58 RIPng basic packet format Packet header description: Command—Type of message. 0x01 indicates Request, 0x02 indicates Response. • Version—Version of RIPng. It can only be 0x01. • • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: •...

  • Page 161: Ripng Configuration Task List, Configuring Ripng Basic Functions

    When a RIPng neighbor receives the request packet, it sends back a response packet that contains the local routing table. RIPng can also periodically advertise route updates in response packets or advertise a triggered update caused by a route change. The RIPng router processes RTEs in the request.

  • Page 162: Configuring Ripng Route Control

    Configuration procedure To configure the basic RIPng functions: Step Command Remarks Enter system view. system-view Create a RIPng process and ripng [ process-id ] Not created by default. enter RIPng view. Return to system view. quit interface interface-type Enter interface view. interface-number Enable RIPng on the interface.

  • Page 163: Configuring Ripng Route Summarization, Configuring A Ripng Route Filtering Policy, Configuring A Priority For Ripng

    Configuring RIPng route summarization Step Command Enter system view. system-view Enter interface view. interface interface-type interface-number Advertise a summary IPv6 prefix. ripng summary-address ipv6-address prefix-length Advertising a default route When this feature is enabled, a default route is advertised through the specified interface regardless of whether the default route is available in the local IPv6 routing table.

  • Page 164: Configuring Ripng Route Redistribution

    Step Command Remarks Enter system view. system-view Enter RIPng view. ripng [ process-id ] Optional. Configure a RIPng priority. preference preference By default, the RIPng priority is 100. Configuring RIPng route redistribution Step Command Remarks Enter system view. system-view Enter RIPng view. ripng [ process-id ] Optional.

  • Page 165: Configuring Zero Field Check On Ripng Packets

    Configuring split horizon Split horizon disables RIPng from sending routes through the interface where the routes were learned to prevent routing loops between adjacent routers. HP recommends enabling split horizon to prevent routing loops. To configure split horizon: Step Command Remarks Enter system view.

  • Page 166: Displaying And Maintaining Ripng

    If you are sure that all packets are trustworthy, disable the zero field check to reduce the CPU processing time. To configure RIPng zero field check: Step Command Remarks Enter system view. system-view Enter RIPng view. ripng [ process-id ] Optional.

  • Page 167: Ripng Configuration Examples

    RIPng configuration examples Configure RIPng basic functions Network requirements As shown in Figure 61, all switches run RIPng. Configure Switch B to filter the route (3::/64) learned from Switch C, which means the route is not added to the routing table of Switch B, and Switch B does not forward it to Switch A.

  • Page 168

    [SwitchC] interface vlan-interface 500 [SwitchC-Vlan-interface500] ripng 1 enable [SwitchC-Vlan-interface500] quit [SwitchC] interface vlan-interface 600 [SwitchC-Vlan-interface600] ripng 1 enable [SwitchC-Vlan-interface600] quit # Display the routing table of Switch B. [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100...

  • Page 169

    Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost...

  • Page 170

    [SwitchA] ripng 100 [SwitchA-ripng-100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 100 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ripng 100 enable [SwitchA-Vlan-interface200] quit # Enable RIP 100 and RIP 200 on Switch B. <SwitchB> system-view [SwitchB] ripng 100 [SwitchB-ripng-100] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 100 enable...

  • Page 171

    Interface : Vlan200 Cost Destination: 2::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Configure RIPng route redistribution: # Configure route redistribution between the two RIPng processes on Switch B. [SwitchB] ripng 100 [SwitchB-ripng-100] default cost 3 [SwitchB-ripng-100] import-route ripng 200...

  • Page 172

    NextHop : :: Preference: 0 Interface : NULL0 Cost : 0d...

  • Page 173: Support And Other Resources, Subscription Service, Related Information

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 174: Command Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 175

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 176

    Configuring the maximum number of dynamic ARP BOOTP client configuration example,63 entries for an interface,4 Configuring UDP helper,90 Configuration guidelines,7 Contacting HP,164 Configuration procedure,90 Conventions,165 Configuration procedure,8 Correlating a DHCP server group with a relay agent Configuring a static ARP entry,3 interface,41...

  • Page 177

    Displaying and maintaining IPv6 DNS,77 Overview,1 Displaying and maintaining IPv6 static routes,128 Overview,93 Displaying and maintaining RIP,143 Overview,90 Displaying and maintaining RIPng,157 Overview,150 Displaying and maintaining static routes,125 Overview,64 Displaying and maintaining the DHCP client,50 Overview,7 Displaying and maintaining the DHCP relay agent,47 Overview,53 Displaying and maintaining the DHCP...

Comments to this Manuals

Symbols: 0
Latest comments: