Page 1: Configuration Guide
HPE FlexNetwork 5130 EI Switch Series Layer 3—IP Services Configuration Guide Part number: 5200-3942 Software version: Release 32xx Document version: 6W100-20170525...
Page 2 © Copyright 2015, 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Page 3: Table Of Contents
Contents Configuring ARP ·············································································· 1 About ARP ······························································································································· 1 ARP message format ··········································································································· 1 ARP operating mechanism ···································································································· 1 ARP entry types ·················································································································· 2 ARP tasks at a glance ················································································································· 3 Configuring a static ARP entry ······································································································ 3 ...
Page 4 IP address representation and classes ··················································································· 21 Special IP addresses ········································································································· 22 Subnetting and masking ····································································································· 22 IP address assignment ······································································································· 22 Assigning an IP address to an interface ························································································ 23 Display and maintenance commands for IP addressing ···································································· 23 ...
Page 5 Enabling client offline detection on the DHCP server ······································································· 52 Configuring address pool usage alarming ······················································································ 52 Enabling DHCP logging on the DHCP server ················································································· 53 Display and maintenance commands for DHCP server ···································································· 53 DHCP server configuration examples ···························································································...
Page 6 Restrictions and guidelines: DHCP snooping configuration ······························································· 86 DHCP snooping tasks at a glance ······························································································· 86 Configuring basic DHCP snooping features ··················································································· 86 Configuring basic DHCP snooping features in a common network ··············································· 86 Configuring DHCP snooping support for Option 82 ·········································································· 88 ...
Page 7 Display and maintenance commands for FIB table ········································································ 118 Configuring IRDP ········································································· 119 About IRDP ·························································································································· 119 IRDP operation ··············································································································· 119 Protocols and standards ··································································································· 119 IRDP tasks at a glance ············································································································ 119 Restrictions and guidelines: IRDP configuration ············································································...
Page 8 Configuring prefix-specific address autoconfiguration ······························································ 146 Configuring an IPv6 link-local address ························································································ 147 About IPv6 link-local address ····························································································· 147 Restrictions and guidelines ································································································ 147 Configuring automatic generation of an IPv6 link-local address for an interface ····························· 147 ...
Page 9 Option 18 ······················································································································· 175 Option 37 ······················································································································· 176 Protocols and standards ·········································································································· 177 Configuring the DHCPv6 server ······················································ 178 About DHCPv6 server ············································································································· 178 IPv6 address assignment ·································································································· 178 IPv6 prefix assignment ····································································································· 178 ...
Page 10 Example: Configuring IPv6 address acquisition ······································································ 208 Example: Configuring IPv6 prefix acquisition ········································································· 210 Example: Configuring IPv6 address and prefix acquisition ························································ 211 Example: Configuring stateless DHCPv6 ·············································································· 213 Configuring DHCPv6 snooping ························································ 216 About DHCPv6 snooping ·········································································································...
Page 11: Configuring Arp
Configuring ARP About ARP ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages. Numbers in the figure refer to field lengths. Figure 1 ARP message format •...
Page 12: Arp Entry Types
All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request. Host B compares its own IP address with the target IP address in the ARP request. If they are the same, Host B operates as follows: a.
Page 13: Arp Tasks At A Glance
• Long static ARP entry—It is directly used for forwarding packets. A long static ARP entry contains the IP address, MAC address, VLAN, and output interface. • Short static ARP entry—It contains only the IP address and MAC address. If the output interface is a VLAN interface, the device sends an ARP request whose target IP address is the IP address in the short entry.
Page 14: Configuring A Short Static Arp Entry
Configuring a short static ARP entry Restrictions and guidelines A resolved short static ARP entry becomes unresolved upon certain events, for example, when the resolved output interface goes down, or the corresponding VLAN or VLAN interface is deleted. Procedure Enter system view. system-view Configure a short static ARP entry.
Page 15: Configuring Features For Dynamic Arp Entries
Configure a multiport unicast MAC address entry or a multicast MAC address entry. Configure a multiport unicast MAC address entry. mac-address multiport mac-address interface interface-list vlan vlan-id For more information about multiport unicast MAC address entries, see the mac-address command in Layer 2—LAN Switching Command Reference. Configure a multicast MAC address entry.
Page 16: Setting The Aging Timer For Dynamic Arp Entries
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Set the dynamic ARP learning limit for the interface. arp max-learning-num max-number By default, an interface can learn a maximum of 1024 dynamic ARP entries. To disable the interface from dynamic ARP learning, set the value to 0. Setting the aging timer for dynamic ARP entries About the aging timer for dynamic ARP entries Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer.
Page 17: Enabling Arp Logging
Enabling ARP logging About ARP logging This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The log information helps administrators locate and solve problems. The device can log the following ARP events: • On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not the IP address of the receiving interface.
Page 18: Arp Configuration Examples
ARP configuration examples Example: Configuring a long static ARP entry Network configuration As shown in Figure 3, hosts are connected to Device B. Device B is connected to Device A through interface GigabitEthernet 1/0/1 in VLAN 10. To ensure secure communications between Device A and Device B, configure a long static ARP entry for Device A on Device B.
Page 19: Example: Configuring A Short Static Arp Entry
192.168.1.1 00e0-fc01-0000 GE1/0/1 Example: Configuring a short static ARP entry Network configuration As shown in Figure 4, hosts are connected to Device B. Device B is connected to Device A through interface GigabitEthernet 1/0/2. To ensure secure communications between Device A and Device B, configure a short static ARP entry for Device A on Device B.
Page 20 Configure a multiport ARP entry so that the device sends IP packets with the destination IP address 192.168.1.1 to the three servers. Figure 5 Network diagram Procedure # Create VLAN 10. <Device> system-view [Device] vlan 10 [Device-vlan10] quit # Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 10. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port access vlan 10 [Device-GigabitEthernet1/0/1] quit...
Page 21 IP address MAC address Interface/Link ID Aging Type 192.168.1.1 00e0-fc01-0000...
Page 22: Configuring Gratuitous Arp
Configuring gratuitous ARP About gratuitous ARP In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: •...
Page 23: Gratuitous Arp Tasks At A Glance
secondary IP addresses of the gateway, so the receiving hosts can update ARP entries in a timely manner. Gratuitous ARP tasks at a glance All gratuitous ARP tasks are optional. If all of the following features are disabled, gratuitous ARP still provides the IP conflict detection function.
Page 24: Enabling Sending Gratuitous Arp Packets For Arp Requests With Sender Ip Address On A Different Subnet
• If you change the sending interval for gratuitous ARP packets, the configuration takes effect at the next sending interval. • The sending interval for gratuitous ARP packets might be much longer than the specified sending interval in any of the following circumstances: This feature is enabled on multiple interfaces.
Page 25: Configuring Proxy Arp
Configuring proxy ARP About proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP.
Page 26: Common Proxy Arp Configuration Example
Task Command display local-proxy-arp [ interface Display local proxy ARP status. interface-type interface-number ] Common proxy ARP configuration example Example: Configuring common proxy ARP Network configuration As shown in Figure 6, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch.
Page 27 # Enable common proxy ARP on VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable. Verifying the configuration # Verify that Host A and Host D can ping each other.
Page 28: Configuring Arp Snooping
Configuring ARP snooping About ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. MFF can use the ARP snooping entries. For more information about MFF, see Security Configuration Guide. Creation of ARP snooping entries If you enable ARP snooping for a VLAN, ARP packets received in the VLAN are redirected to the CPU.
Page 29 Task Command display arp snooping [ vlan vlan-id ] [ slot slot-number ] [ count ] Display ARP snooping entries. display arp snooping ip ip-address [ slot slot-number ] reset arp snooping [ ip ip-address | vlan Delete ARP snooping entries. vlan-id ]...
Page 30: Configuring Arp Direct Route Advertisement
Configuring ARP direct route advertisement About ARP direct route advertisement Mechanism of ARP direct route advertisement The ARP direct route advertisement feature advertises host routes instead of advertising the network route. Enabling ARP direct route advertisement Enter system view. system-view Enter interface view.
Page 31: Configuring Ip Addressing
Configuring IP addressing About IP addressing The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. IP address representation and classes IP addressing uses a 32-bit address to identify each host on an IPv4 network. To make addresses easier to read, they are written in dotted decimal notation, each address being four octets in length.
Page 32: Special Ip Addresses
Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses: • IP address with an all-zero net ID—Identifies a host on the local network. For example, IP address 0.0.0.16 indicates the host with a host ID of 16 on the local network. •...
Page 33: Assigning An Ip Address To An Interface
Assigning an IP address to an interface About manual IP address assignment An interface can have one primary address and multiple secondary addresses. Typically, you need to configure a primary IP address for an interface. If the interface connects to multiple subnets, configure primary and secondary IP addresses on the interface so the subnets can communicate with each other through the interface.
Page 34: Ip Addressing Configuration Examples
IP addressing configuration examples Example: Manually specifying an IP address Network configuration As shown in Figure 9, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24. To enable the hosts on the two network segments to communicate with the external network through the switch, and to enable the hosts on the LAN to communicate with each other: •...
Page 35 56 bytes from 172.16.1.2: icmp_seq=3 ttl=128 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=4 ttl=128 time=2.000 ms --- Ping statistics for 172.16.1.2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.600/7.000/2.245 ms # Verify the connectivity between a host on subnet 172.16.2.0/24 and the switch. <Switch>...
Page 36: Dhcp Overview
DHCP overview DHCP network model The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 10 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent.
Page 37: Ip Address Allocation Process
IP address allocation process Figure 11 IP address allocation process As shown in Figure 11, a DHCP server assigns an IP address to a DHCP client in the following process: The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message.
Page 38: Dhcp Message Format
If the client receives no reply, it broadcasts another DHCP-REQUEST message for lease extension when about seven-eighths of the lease duration elapses. Again, depending on the availability of the IP address, the DHCP server returns either a DHCP-ACK unicast or a DHCP-NAK unicast. DHCP message format Figure 12 shows the DHCP message format.
Page 39: Dhcp Options
DHCP options DHCP extends the message format as an extension to BOOTP for compatibility. DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information for clients. Figure 13 DHCP option format Common DHCP options The following are common DHCP options: •...
Page 40: Vendor-Specific Option (Option 43)
Vendor-specific option (Option 43) Option 43 function DHCP servers and clients use Option 43 to exchange vendor-specific configuration information. The DHCP client can obtain the following information through Option 43: • ACS parameters, including the ACS URL, username, and password. •...
Page 41: Relay Agent Option (Option 82)
Figure 16 PXE server address sub-option value field Relay agent option (Option 82) Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request and sends it to the server.
Page 42: Protocols And Standards
• Sub-option 2—Specifies the IP address of the backup network calling processor. DHCP clients contact the backup processor when the primary one is unreachable. • Sub-option 3—Specifies the voice VLAN ID and the result whether the DHCP client takes this VLAN as the voice VLAN.
Page 43: Configuring The Dhcp Server
Configuring the DHCP server About DHCP server A DHCP server manages a pool of IP addresses and client configuration parameters. It selects an IP address and configuration parameters from the address pool and allocates them to a requesting DHCP client. DHCP address assignment mechanisms Configure the following address assignment mechanisms as needed: •...
Page 44: Principles For Selecting An Address Pool
Principles for selecting an address pool The DHCP server observes the following principles to select an address pool for a client: If there is an address pool where an IP address is statically bound to the MAC address or ID of the client, the DHCP server selects this address pool and assigns the statically bound IP address and other configuration parameters to the client.
Page 45: Ip Address Allocation Sequence
IP address allocation sequence The DHCP server selects an IP address for a client in the following sequence: IP address statically bound to the client's MAC address or ID. IP address that was ever assigned to the client. IP address designated by the Option 50 field in the DHCP-DISCOVER message sent by the client.
Page 46: Creating A Dhcp User Class
Creating a DHCP user class About DHCP user class The DHCP server classifies DHCP users into different user classes according to the hardware address, option information, or the giaddr field in the received DHCP requests. The server allocates IP addresses and configuration parameters to DHCP clients in different user classes. Procedure Enter system view.
Page 47: Specifying A Primary Subnet And Multiple Address Ranges In A Dhcp Address Pool
system-view Create a DHCP address pool and enter its view. dhcp server ip-pool pool-name Specifying a primary subnet and multiple address ranges in a DHCP address pool About a primary subnet and multiple address ranges in a DHCP address pool Some scenarios need to classify DHCP clients on the same subnet into different address groups.
Page 48: Specifying A Primary Subnet And Multiple Secondary Subnets In A Dhcp Address Pool
expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } The default setting is 1 day. (Optional.) Exclude the specified IP addresses in the address pool from dynamic allocation. forbidden-ip ip-address&<1-8> By default, all IP addresses in the DHCP address pool are assignable.
Page 49: Configuring A Static Binding In A Dhcp Address Pool
dhcp server ip-pool pool-name Set the address lease duration. expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } The default setting is 1 day. Excluding IP addresses from dynamic allocation Enter system view.
Page 50: Specifying Gateways For Dhcp Clients
static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] } By default, no static binding is configured. One IP address can be bound to only one client MAC or client ID. You cannot modify bindings that have been created.
Page 51: Specifying A Domain Name Suffix For Dhcp Clients
Specifying a domain name suffix for DHCP clients About domain name suffix for DHCP clients You can specify a domain name suffix in a DHCP address pool on the DHCP server. With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution.
Page 52: Specifying Bims Server For Dhcp Clients
Procedure Enter system view. system-view Enter DHCP address pool view. dhcp server ip-pool pool-name By default, no DHCP address pool exists. Specify WINS servers. nbns-list ip-address&<1-8> By default, no WINS server is specified. This step is optional for b-node. You can specify a maximum of eight WINS servers for such clients in one DHCP address pool.
Page 53: Specifying A Server For Dhcp Clients
By default, no DHCP address pool exists. Specify the IP address or the name of a TFTP server. Specify the IP address of the TFTP server. tftp-server ip-address ip-address By default, no TFTP server IP address is specified. Specify the name of the TFTP server. tftp-server domain-name domain-name By default, no TFTP server name is specified.
Page 54: Customizing Dhcp Options
dhcp server ip-pool pool-name Specify the IP address of the primary network calling processor. voice-config ncp-ip ip-address By default, no primary network calling processor is specified. After you configure this command, the other Option 184 parameters take effect. (Optional.) Specify the IP address of the backup server. voice-config as-ip ip-address By default, no backup network calling processor is specified.
Page 55 Corresponding Recommended parameter in Option Option name command the option command Vendor Specific Information Restrictions and guidelines Use caution when customizing DHCP options because the configuration might affect DHCP operation. You can customize a DHCP option in a DHCP address pool You can customize a DHCP option in a DHCP option group, and specify the option group for a user class in an address pool.
Page 56: Configuring The Dhcp User Class Whitelist
Configuring the DHCP user class whitelist About DHCP user class whitelist The DHCP user class whitelist allows the DHCP server to process requests only from clients on the DHCP user class whitelist. Restrictions and guidelines The whitelist does not take effect on clients who request static IP addresses, and the server always processes their requests.
Page 57: Configuring A Dhcp Policy For Dynamic Assignment
Configuring a DHCP policy for dynamic assignment About a DHCP policy for dynamic assignment In a DHCP policy, each DHCP user class has a bound DHCP address pool. Clients matching different user classes obtain IP addresses and other parameters from different address pools. The DHCP policy must be applied to the interface that acts as the DHCP server.
Page 58: Enabling The Dhcp Server On An Interface
Procedure Enter system view. system-view Enable DHCP. dhcp enable By default, DHCP is disabled. Enabling the DHCP server on an interface About enabling the DHCP server on an interface Perform this task to enable the DHCP server on an interface. Upon receiving a DHCP request on the interface, the DHCP server assigns the client an IP address and other configuration parameters from a DHCP address pool.
Page 59: Enabling Handling Of Option 82
Enabling handling of Option 82 About handling of Option 82 Perform this task to enable the DHCP server to handle Option 82. Upon receiving a DHCP request that contains Option 82, the DHCP server adds Option 82 into the DHCP response. If you disable the DHCP to handle Option 82, it does not add Option 82 into the response message.
Page 60: Configuring Dhcp Server Compatibility
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Enable MAC address check. dhcp server check mac-address By default, MAC address check is disabled. Configuring DHCP server compatibility Perform this task to enable the DHCP server to support DHCP clients that are incompliant with RFC. Configuring the DHCP server to always broadcast responses About configuring the DHCP server to always broadcast responses By default, the DHCP server broadcasts a response only when the broadcast flag in the DHCP...
Page 61: Configuring The Dhcp Server To Send Bootp Responses In Rfc 1048 Format
Configuring the DHCP server to send BOOTP responses in RFC 1048 format About configuring the DHCP server to send BOOTP responses in RFC 1048 format Not all BOOTP clients can send requests that are compatible with RFC 1048. By default, the DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.
Page 62: Enabling Client Offline Detection On The Dhcp Server
Procedure Enter system view. system-view Configure the DHCP server to back up the bindings to a file. dhcp server database filename { filename | url url [ username username [ password { cipher | simple } string ] ] } By default, the DHCP server does not back up the DHCP bindings.
Page 63: Enabling Dhcp Logging On The Dhcp Server
Procedure Enter system view. system-view Enter DHCP address pool view. dhcp server ip-pool pool-name (Optional.) Set the threshold for address pool usage alarming. ip-in-use threshold threshold-value The default threshold is 100%. Enabling DHCP logging on the DHCP server About DHCP logging on the DHCP server The DHCP logging feature enables the DHCP server to generate DHCP logs and send them to the information center.
Page 64: Dhcp Server Configuration Examples
Task Command display dhcp server free-ip [ pool Display information about assignable IP addresses. pool-name ] display dhcp server ip-in-use [ ip Display information about assigned IP addresses. ip-address | pool pool-name ] Display information about DHCP address display dhcp server pool [ pool-name ] pools.
Page 65: Example: Configuring Dynamic Ip Address Assignment
[SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server: # Create DHCP address pool 0. [SwitchA] dhcp server ip-pool 0 # Configure a static binding for Switch B. [SwitchA-dhcp-pool-0] static-bind ip-address 10.1.1.5 25 client-identifier 0030-3030-662e-6532-3030-2e30-3030-322d-4574-6865-726e-6574 # Configure a static binding for Switch C.
Page 66 Table 3 Assignment scheme DHCP clients IP address Lease Other configuration parameters • Gateway: 10.1.1.126/25 10 days • DNS server: 10.1.1.2/25 Clients connected to IP addresses on and 12 • VLAN-interface 10 subnet 10.1.1.0/25 Domain name: aabbcc.com hours • WINS server: 10.1.1.4/25 •...
Page 67: Example: Configuring Dhcp User Class
[SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] domain-name aabbcc.com [SwitchA-dhcp-pool-2] dns-list 10.1.1.2 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 [SwitchA-dhcp-pool-2] quit # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 10 and VLAN-interface 20. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select server [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface 20 [SwitchA-Vlan-interface20] dhcp select server...
Page 68 Assign IP addresses To clients 10.10.1.2 to 10.10.1.10 The DHCP request contains Option 82. The hardware address in the request is six bytes long and 10.10.1.11 to 10.10.1.26 begins with aabb-aabb-aab. For clients on subnet 10.10.1.0/24, the DNS server address is 10.10.1.20/24 and the gateway address is 10.10.1.254/24.
Page 69: Example: Configuring Dhcp User Class Whitelist
# Specify the gateway address and the DNS server address. [SwitchB-dhcp-pool-aa] gateway-list 10.10.1.254 [SwitchB-dhcp-pool-aa] dns-list 10.10.1.20 [SwitchB-dhcp-pool-aa] quit # Enable DHCP and configure the DHCP server to handle Option 82. [SwitchB] dhcp enable [SwitchB] dhcp server relay information enable # Enable DHCP server on VLAN-interface10. [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] dhcp select server [SwitchB-Vlan-interface10] quit...
Page 70: Example: Configuring Primary And Secondary Subnets
[SwitchB-dhcp-pool-aa] network 10.1.1.0 mask 255.255.255.0 # Enable the DHCP user class whitelist. [SwitchB-dhcp-pool-aa] verify class # Add DHCP user class ss to the DHCP user class whitelist. [SwitchB-dhcp-pool-aa] valid class ss [SwitchB-dhcp-pool-aa] quit # Enable DHCP. [SwitchB] dhcp enable # Enable DHCP server on VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] dhcp select server [SwitchB-Vlan-interface2] quit...
Page 71: Example: Customizing Dhcp Option
Procedure # Create DHCP address pool aa. <SwitchA> system-view [SwitchA] dhcp server ip-pool aa # Specify the primary subnet and the gateway address for dynamic allocation. [SwitchA-dhcp-pool-aa] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-aa] gateway-list 10.1.1.254 # Specify the secondary subnet and the gateway address for dynamic allocation. [SwitchA-dhcp-pool-aa] network 10.1.2.0 mask 255.255.255.0 secondary [SwitchA-dhcp-pool-aa-secondary] gateway-list 10.1.2.254 [SwitchA-dhcp-pool-aa-secondary] quit...
Page 72 Assign PXE addresses To clients 1.2.3.4 and 2.2.2.2. Other clients. The DHCP server assigns PXE server addresses to DHCP clients through Option 43, a customized option. The format of Option 43 and that of the PXE server address sub-option are shown in Figure Figure 16.
Page 73: Troubleshooting Dhcp Server Configuration
[SwitchA] dhcp enable Verifying the configuration # Verify that Switch B can obtain an IP address on subnet 10.1.1.0/24 and the corresponding PXE server addresses from the Switch A. (Details not shown.) # On the DHCP server, display the IP addresses assigned to the clients. [SwitchA] display dhcp server ip-in-use IP address Client identifier/...
Page 74: Configuring The Dhcp Relay Agent
Configuring the DHCP relay agent About DHCP relay agent The DHCP relay agent enables clients to get IP addresses and configuration parameters from a DHCP server on another subnet. Figure 23 shows a typical application of the DHCP relay agent. Figure 23 DHCP relay agent application DHCP relay agent operation The DHCP server and client interact with each other in the same way regardless of whether the relay...
Page 75: Dhcp Relay Agent Support For Option 82
Figure 24 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to perform the following tasks: • Locate the DHCP client for security and accounting purposes. •...
Page 76: Enabling Dhcp
(Optional.) Configuring DHCP relay agent support for Option 82 (Optional.) Setting the DSCP value for DHCP packets sent by the DHCP relay agent (Optional.) Specifying the DHCP relay agent address for the giaddr field (Optional.) Specifying the source IP address for relayed DHCP requests Enabling DHCP Restrictions and guidelines You must enable DHCP to make other DHCP relay agent settings take effect.
Page 77: Configuring A Dhcp Address Pool On A Dhcp Relay Agent
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Specify a DHCP server address on the relay agent. dhcp relay server-address By default, no DHCP server address is specified on the relay agent. To specify multiple DHCP server addresses, repeat this step. You can specify a maximum of eight DHCP servers.
Page 78 By default, the DHCP relay agent uses the polling algorithm. It forwards DHCP requests to all DHCP servers. The DHCP clients select the DHCP server from which the first received DHCP reply comes. If the DHCP relay agent uses the master-backup algorithm, it forwards DHCP requests to the master DHCP server first.
Page 79: Configuring The Dhcp Relay Agent Security Features
(Optional.) Set the DHCP server response timeout time for DHCP server switchover. dhcp-server timeout time By default, the DHCP server response timeout time is 30 seconds. (Optional.) Enable the switchback to the master DHCP server and set the delay time. master-server switch-delay delay-time By default, the DHCP relay agent does not switch back to the master DHCP server.
Page 80: Enabling Dhcp Starvation Attack Protection
Procedure Enter system view. system-view Enable periodic refresh of dynamic relay entries. dhcp relay client-information refresh enable By default, periodic refresh of dynamic relay entries is enabled. (Optional.) Set the refresh interval. dhcp relay client-information refresh [ auto | interval interval ] By default, the refresh interval is auto , which is calculated based on the number of total relay entries.
Page 81: Enabling Dhcp Server Proxy On The Dhcp Relay Agent
dhcp relay check mac-address By default, MAC address check is disabled. Enabling DHCP server proxy on the DHCP relay agent About enabling DHCP server proxy on the DHCP relay agent The DHCP server proxy feature isolates DHCP servers from DHCP clients and protects DHCP servers against attacks.
Page 82: Configuring The Dhcp Relay Agent To Release An Ip Address
Configuring the DHCP relay agent to release an IP address About configuring the DHCP relay agent to release an IP address Configure the relay agent to release the IP address for a relay entry. The relay agent sends a DHCP-RELEASE message to the server and meanwhile deletes the relay entry. Upon receiving the DHCP-RELEASE message, the DHCP server releases the IP address.
Page 83: Setting The Dscp Value For Dhcp Packets Sent By The Dhcp Relay Agent
dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname } By default, the padding mode for the Remote ID sub-option is normal , and the padding format is hex . Setting the DSCP value for DHCP packets sent by the DHCP relay agent About the DSCP value for DHCP packets sent by the DHCP relay agent...
Page 84: Configuring Smart Relay To Specify The Dhcp Relay Agent Address For The Giaddr Field
Configuring smart relay to specify the DHCP relay agent address for the giaddr field About smart relay By default, the relay agent only encapsulates the primary IP address to the giaddr field of all requests before relaying them to the DHCP server. The DHCP server then selects an IP address on the same subnet as the address in the giaddr filed.
Page 85: Display And Maintenance Commands For Dhcp Relay Agent
By default, the DHCP relay agent uses the primary IP address of the interface that connects to the DHCP server as the source IP address for relayed DHCP requests. If this interface does not have an IP address, the DHCP relay agent uses an IP address that shares the same subnet with the DHCP server.
Page 86: Example: Configuring Option 82
Figure 25 Network diagram DHCP client DHCP client Vlan-int10 Vlan-int20 10.10.1.1/24 10.1.1.2/24 Vlan-int20 10.1.1.1/24 Switch A Switch B DHCP relay agent DHCP server DHCP client DHCP client Procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <SwitchA>...
Page 87: Example: Configuring Dhcp Server Selection
# Enable the DHCP relay agent on VLAN-interface 10. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 # Configure the handling strategies and padding content of Option 82. [SwitchA-Vlan-interface10] dhcp relay information enable [SwitchA-Vlan-interface10] dhcp relay information strategy replace [SwitchA-Vlan-interface10] dhcp relay information circuit-id string company001...
Page 88: Troubleshooting Dhcp Relay Agent Configuration
# Specify the IP addresses of the DHCP servers. [SwitchA-Vlan-interface2] dhcp relay server-address 1.1.1.1 [SwitchA-Vlan-interface2] dhcp relay server-address 2.2.2.2 # Specify the DHCP server selecting algorithm as master-backup . master-backup [SwitchA-Vlan-interface2] dhcp relay server-address algorithm # Configure the DHCP relay agent to switch back to the master DHCP server 3 minutes after it switches to the backup DHCP server.
Page 89: Configuring The Dhcp Client
Configuring the DHCP client About DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. Restrictions and guidelines: DHCP client configuration The DHCP client configuration is supported only on VLAN interfaces. DHCP client tasks at a glance To configure a DHCP client, perform the following tasks: Enabling the DHCP client on an interface...
Page 90: Configuring A Dhcp Client Id For An Interface
Configuring a DHCP client ID for an interface About DHCP client ID A DHCP client ID is added to the DHCP option 61 to uniquely identify a DHCP client. A DHCP server can assign IP addresses to clients based on their DHCP client IDs. DHCP client ID includes an ID type and a type value.
Page 91: Setting The Dscp Value For Dhcp Packets Sent By The Dhcp Client
Setting the DSCP value for DHCP packets sent by the DHCP client About setting the DSCP value for DHCP packets sent by the DHCP client The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Page 92 Figure 28 Network diagram Procedure Configure Switch A: # Specify an IP address for VLAN-interface 2. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 24 [SwitchA-Vlan-interface2] quit # Exclude an IP address from dynamic allocation. [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0.
Page 93 Classless static routes: Destination: 20.1.1.0, Mask: 255.255.255.0, NextHop: 10.1.1.2 DNS servers: 20.1.1.1 Client ID type: acsii(type value=00) Client ID value: 000c.29d3.8659-Vlan2 Client ID (with type) hex: 0030-3030-632e-3239- 6433-2e38-3635-392d- 4574-6830-2f30-2f32 T1 will timeout in 3 days 19 hours 48 minutes 43 seconds # Display the route information on Switch B.
Page 94: Configuring Dhcp Snooping
Configuring DHCP snooping About DHCP snooping DHCP snooping is a security feature for DHCP. DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes.
Page 95: Dhcp Snooping Support For Option 82
Figure 29 Trusted and untrusted ports In a cascaded network as shown in Figure 30, configure the DHCP snooping devices' ports facing the DHCP server as trusted ports. To save system resources, you can enable only the untrusted ports directly connected to the DHCP clients to record DHCP snooping entries. Figure 30 Trusted and untrusted ports in a cascaded network DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the...
Page 96: Restrictions And Guidelines: Dhcp Snooping Configuration
Table 5 Handling strategies If a DHCP request Handling DHCP snooping… has… strategy Drop Drops the message. Keep Forwards the message without changing Option 82. Option 82 Forwards the message after replacing the original Option 82 with Replace the Option 82 padded according to the configured padding format, padding content, and code type.
Page 97 • Enabling DHCP snooping. • Configuring DHCP snooping trusted ports. • Enabling recording client information in DHCP snooping entries. If you enable DHCP snooping globally, DHCP snooping is enabled on all interfaces on the device. You can also enable DHCP snooping for specific VLANs. After enabling DHCP snooping for a VLAN, you can configure the other basic DHCP snooping features in the VLAN.
Page 98: Configuring Dhcp Snooping Support For Option 82
Configure an interface in the VLAN as a trusted port. dhcp snooping trust interface interface-type interface-number By default, all interfaces in the VLAN are untrusted ports. (Optional.) Enable recording of client information in DHCP snooping entries. dhcp snooping binding record By default, recording of client information in DHCP snooping entries is disabled.
Page 99: Configuring Dhcp Snooping Entry Auto Backup
If the device name ( sysname ) is configured as the padding content for sub-option 1, make sure the device name does not include spaces. Otherwise, the DHCP snooping device will fail to add or replace Option 82. (Optional.) Configure the padding mode and padding format for the Remote ID sub-option. dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] string remote-id | sysname } By default, the padding mode is normal and the padding format is hex for the Remote ID...
Page 100: Configuring Dhcp Packet Rate Limit
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Set the maximum number of DHCP snooping entries for the interface to learn. dhcp snooping max-learning-num max-number By default, the number of DHCP snooping entries for an interface to learn is unlimited. Configuring DHCP packet rate limit About DHCP packet rate limit Perform this task to set the maximum rate at which an interface can receive DHCP packets.
Page 101: Enabling Dhcp-Request Attack Protection
same, the request is considered valid and forwarded to the DHCP server. If not, the request is discarded. Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Enable MAC address check. dhcp snooping check mac-address By default, MAC address check is disabled. Enabling DHCP-REQUEST attack protection About DHCP-REQUEST attack protection DHCP-REQUEST messages include DHCP lease renewal packets, DHCP-DECLINE packets, and...
Page 102: Enabling Dhcp Snooping Logging
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Configure the port to block DHCP requests. dhcp snooping deny By default, the port does not block DHCP requests. Enabling DHCP snooping logging About DHCP snooping logging The DHCP snooping logging feature enables the DHCP snooping device to generate DHCP snooping logs and send them to the information center.
Page 103: Display And Maintenance Commands For Dhcp Snooping
Display and maintenance commands for DHCP snooping Execute display commands in any view, and reset commands in user view. Task Command display dhcp snooping binding [ ip ip-address Display DHCP snooping entries. [ vlan vlan-id ] ] [ verbose ] Display information about the file that display dhcp snooping binding database stores DHCP snooping entries.
Page 104: Example: Configuring Basic Dhcp Snooping Features For A Vlan
Figure 31 Network diagram Procedure # Enable DHCP snooping globally. <SwitchB> system-view [SwitchB] dhcp snooping enable # Configure GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Enable recording clients' IP-to-MAC bindings on GigabitEthernet 1/0/2. [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchB-GigabitEthernet1/0/2] quit...
Page 105: Example: Configuring Dhcp Snooping Support For Option 82
Figure 32 Network diagram Procedure # Assign GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/3 [SwitchB-vlan100] quit # Enable DHCP snooping for VLAN 100. [SwitchB] dhcp snooping enable vlan 100 # Configure GigabitEthernet 1/0/1 as DHCP snooping trusted port.
Page 106 Figure 33 Network diagram Procedure # Enable DHCP snooping. <SwitchB> system-view [SwitchB] dhcp snooping enable # Configure GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure Option 82 on GigabitEthernet 1/0/2. [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp snooping information enable [SwitchB-GigabitEthernet1/0/2] dhcp snooping information strategy replace...
Page 107: Configuring The Bootp Client
Configuring the BOOTP client About BOOTP client BOOTP client application An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server. To use BOOTP, an administrator must configure a BOOTP parameter file for each BOOTP client on the BOOTP server.
Page 108: Display And Maintenance Commands For Bootp Client
By default, an interface does not use BOOTP for IP address acquisition. Display and maintenance commands for BOOTP client Execute display command in any view. Task Command display bootp client [ interface Display BOOTP client information. interface-type interface-number ] BOOTP client configuration examples Example: Configuring BOOTP client Network configuration As shown in...
Page 109: Configuring Dns
Configuring DNS About DNS Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. The domain name-to-IP address mapping is called a DNS entry. Types of DNS services DNS services can be static or dynamic. After a user specifies a name, the device checks the static name resolution table for an IP address.
Page 110: Dns Proxy
The DNS resolver looks up the local domain name cache for a match. If the resolver finds a match, it sends the corresponding IP address back. If not, it sends a query to the DNS server. The DNS server looks up the corresponding IP address of the domain name in its DNS database.
Page 111: Dns Spoofing
Figure 35 DNS proxy application A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution cache after receiving the request.
Page 112: Dns Tasks At A Glance
The DNS proxy does not have the DNS server address or cannot reach the DNS server after startup. A host accesses the HTTP server in the following steps: The host sends a DNS request to the device to resolve the domain name of the HTTP server into an IP address.
Page 113: Configuring Dynamic Domain Name Resolution
Procedure Enter system view. system-view Configure a host name-to-address mapping. Choose the options to configure as needed: IPv4: ip host host-name ip-address IPv6: ipv6 host host-name ipv6-address Configuring dynamic domain name resolution Restrictions and guidelines • The limit on the number of DNS servers on the device is as follows: In system view, you can specify a maximum of six DNS server IPv4 addresses.
Page 114: Configuring The Dns Proxy
ipv6 dns server ipv6-address [ interface-type interface-number ] By default, no DNS server address is specified. Configuring the DNS proxy Restrictions and guidelines You can specify multiple DNS servers. The DNS proxy forwards a request to the DNS server that has the highest priority.
Page 115: Specifying The Source Interface For Dns Packets
Enable DNS spoofing and specify the IP address used to spoof DNS requests. Choose one option as needed: IPv4: dns spoofing ip-address IPv6: ipv6 dns spoofing ipv6-address By default, DNS spoofing is disabled. Specifying the source interface for DNS packets About the source interface for DNS packets This task enables the device to always use the primary IP address of the specified source interface as the source IP address of outgoing DNS packets.
Page 116: Setting The Dscp Value For Outgoing Dns Packets
Setting the DSCP value for outgoing DNS packets About the DSCP value for outgoing DNS packets The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Procedure Enter system view.
Page 117: Example: Configuring Dynamic Domain Name Resolution
Procedure # Configure a mapping between host name host.com and IP address 10.1.1.2. <Sysname> system-view [Sysname] ip host host.com 10.1.1.2 # Verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com Ping host.com (10.1.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms...
Page 118 Figure 39 Creating a zone a. On the DNS server configuration page, right-click zone com and select New Host. Figure 40 Adding a host a. On the page that appears, enter host name host and IP address 3.1.1.1. b. Click Add Host. The mapping between the IP address and host name is created.
Page 119: Example: Configuring Dns Proxy
Figure 41 Adding a mapping between domain name and IP address Configure the DNS client: # Specify the DNS server 2.1.1.2. <Sysname> system-view [Sysname] dns server 2.1.1.2 # Specify com as the name suffix. [Sysname] dns domain com Verifying the configuration # Verify that the device can use the dynamic domain name resolution to resolve domain name host.com into IP address 3.1.1.1.
Page 120 Figure 42 Network diagram Procedure Before performing the following configuration, make sure that: • Device A, the DNS server, and the host can reach each other. • The IP addresses of the interfaces are configured as shown in Figure Configure the DNS server: The configuration might vary by DNS server.
Page 121: Ipv6 Dns Configuration Examples
IPv6 DNS configuration examples Example: Configuring static domain name resolution Network configuration As shown in Figure 43, the host at 1::2 is named host.com. Configure static IPv6 DNS on the device so that the device can use the easy-to-remember domain name rather than the IPv6 address to access the host.
Page 122 Figure 44 Network diagram Procedure Before performing the following configuration, make sure that: • The device and the host can reach each other. • The IPv6 addresses of the interfaces are configured as shown in Figure Configure the DNS server: The configuration might vary by DNS server.
Page 123 Figure 46 Adding a host a. On the page that appears, enter host name host and IPv6 address 1::1. b. Click Add Host. The mapping between the IPv6 address and host name is created. Figure 47 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Specify the DNS server 2::2.
Page 124: Example: Configuring Dns Proxy
<Device> system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Verify that the device can use the dynamic domain name resolution to resolve the domain name host.com into the IP address 1::1. [Device] ping ipv6 host Ping6(56 data bytes) 3::1 -->...
Page 125: Troubleshooting Dns Configuration
This configuration might vary by DNS server. When a PC running Windows Server 2008 R2 acts as the DNS server, see "Example: Configuring dynamic domain name resolution" for configuration information. Configure the DNS proxy: # Specify the DNS server 4000::1. <DeviceA>...
Page 126: Failure To Resolve Ipv6 Addresses
Failure to resolve IPv6 addresses Symptom After enabling dynamic domain name resolution, the user cannot get the correct IPv6 address. Solution To resolve the problem: Use the display dns host ipv6 command to verify that the specified domain name is in the cache.
Page 127: Configuring Ip Forwarding Basic Settings
Configuring IP forwarding basic settings About FIB table A device uses the FIB table to make packet forwarding decisions. A device selects optimal routes from the routing table, and puts them into the FIB table. Each FIB entry specifies the next hop IP address and output interface for packets destined for a specific subnet or host.
Page 128: Display And Maintenance Commands For Fib Table
To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide. Procedure To save the IP forwarding entries to a file, execute the following command in any view: ip forwarding-table save filename filename Display and maintenance commands for FIB table Execute display commands in any view.
Page 129: Configuring Irdp
Configuring IRDP About IRDP ICMP Router Discovery Protocol (IRDP), an extension of the ICMP, is independent of any routing protocol. It allows hosts to discover the IP addresses of neighboring routers that can act as default gateways to reach devices on other IP networks. IRDP enables hosts to track dynamic changes in router availability.
Page 130: Enabling Irdp
• After IRDP is enabled on an interface, the IRDP configurations take effect, and the device sends RA messages out of the interface. Enabling IRDP Enter system view. system-view Enter interface view. interface interface-type interface-number Enable IRDP on the interface. ip irdp By default, IRDP is disabled on an interface.
Page 131: Setting The Advertising Intervals
Enter interface view. interface interface-type interface-number Set the lifetime of advertised IP addresses. ip irdp lifetime lifetime-value The default lifetime is 1800 seconds. The lifetime cannot be shorter than the maximum advertising interval. Setting the advertising intervals About setting the advertising intervals A router interface with IRDP enabled sends out RAs randomly between the minimum and maximum advertising intervals.
Page 132: Specifying A Proxy-Advertised Ip Address
Specifying a proxy-advertised IP address About specifying a proxy-advertised IP address By default, an interface advertises its primary and secondary IP addresses. You can specify IP addresses of other gateways for an interface to proxy-advertise. Procedure Enter system view. system-view Enter interface view.
Page 133 [SwitchA-Vlan-interface2] ip address 10.154.5.1 24 # Enable IRDP on VLAN-interface 2. [SwitchA-Vlan-interface2] ip irdp # Specify preference 1000 for advertised IP addresses on VLAN-interface 2. [SwitchA-Vlan-interface2] ip irdp preference 1000 # Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent by VLAN-interface 2.
Page 135: Optimizing Ip Performance
Optimizing IP performance IP performance optimization tasks at a glance All IP performance optimization tasks are optional. Configuring features for IP packets Enabling an interface to forward directed broadcasts destined for the directly connected network Setting the MTU of IPv4 packets sent over an interface Configuring features for ICMP messages Enabling sending ICMP error messages Configuring rate limit for ICMP error messages...
Page 136: Procedure
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Enable the interface to forward directed broadcasts destined for the directly connected network. ip forward-broadcast [ acl acl-number ] By default, an interface cannot forward directed broadcasts destined for the directly connected network.
Page 137: Setting The Mtu Of Ipv4 Packets Sent Over An Interface
Verifying the configuration After the configurations are completed, if you ping the subnet-directed broadcast address 2.2.2.255 on the host, VLAN-interface 2 of Switch B can receive the ping packets. If you delete the ip forward-broadcast configuration on any switch, the interface cannot receive the ping packets. Setting the MTU of IPv4 packets sent over an interface About setting the MTU of IPv4 packets sent over an interface...
Page 138: Enabling Sending Icmp Time Exceeded Messages
• The selected route is not destined for 0.0.0.0. • There is no source route option in the received packet. ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing table. Procedure Enter system view. system-view Enable sending ICMP redirect messages.
Page 139: Configuring Rate Limit For Icmp Error Messages
• The device sends the source an ICMP port unreachable message when the following conditions are met: The UDP packet is destined for the device. The packet's port number does not match the corresponding process. • The device sends the source an ICMP source route failed message when the following conditions are met: The source uses Strict Source Routing to send packets.
Page 140: Disabling Forwarding Icmp Fragments
Disabling forwarding ICMP fragments Restrictions and guidelines Disabling forwarding ICMP fragments can protect your device from ICMP fragment attacks. Procedure Enter system view. system-view Disable forwarding ICMP fragments. ip icmp fragment discarding By default, forwarding ICMP fragments is enabled. Specifying the source address for ICMP packets About specifying source address for ICMP packets Specifying the source IP address for outgoing ping echo requests and ICMP error messages helps users to locate the sending device easily.
Page 141: Configuring Tcp Path Mtu Discovery
system-view Enter interface view. interface interface-type interface-number Set the TCP MSS for the interface. tcp mss value By default, the TCP MSS is not set. Configuring TCP path MTU discovery About TCP path MTU discovery TCP path MTU discovery (in RFC 1191) discovers the path MTU between the source and destination ends of a TCP connection.
Page 142: Enabling Syn Cookie
Enabling SYN Cookie About SYN Cookie A TCP connection is established through a three-way handshake. An attacker can exploit this mechanism to mount SYN Flood attacks. The attacker sends a large number of SYN packets, but does not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and can no longer handle normal services.
Page 143: Display And Maintenance Commands For Ip Performance Optimization
tcp timer fin-timeout time-value By default, the TCP FIN wait timer is 675 seconds. Display and maintenance commands for IP performance optimization Execute display commands in any view and reset commands in user view. Task Command display icmp statistics [ slot Display ICMP statistics.
Page 144: Configuring Udp Helper
Configuring UDP helper About UDP helper UDP helper can provide the following packet conversion for packets with specific UDP destination port numbers: • Convert broadcast to unicast, and forward the unicast packets to specific destinations. • Convert broadcast to multicast, and forward the multicast packets. Configuring UDP helper to convert broadcast to unicast About broadcast to unicast conversion...
Page 145: Configuring Udp Helper To Convert Broadcast To Multicast
Configuring UDP helper to convert broadcast to multicast About broadcast to multicast conversion You can configure UDP helper to convert broadcast packets with specific UDP port numbers to multicast packets. Upon receiving a UDP broadcast packet, UDP helper uses the configured UDP ports to match the UDP destination port number of the packet.
Page 146: Udp Helper Configuration Examples
Task Command reset udp-helper statistics Clear packet statistics for UDP helper. UDP helper configuration examples Example: Configuring UDP helper to convert broadcast to unicast Network configuration As shown in Figure 51, configure UDP helper to convert broadcast to unicast on VLAN-interface 1 of Switch A.
Page 147: Example: Configuring Udp Helper To Convert Broadcast To Multicast
Example: Configuring UDP helper to convert broadcast to multicast Network configuration As shown in Figure 52, VLAN-interface 1 of Switch B can receive multicast packets destined to 225.1.1.1. Configure UDP helper to convert broadcast to multicast on VLAN-interface 1 of Switch A. This feature enables Switch A to forward broadcast packets with UDP destination port number 55 to the multicast group 225.1.1.1.
Page 148 [SwitchA-Vlan-interface2] igmp enable # Configure VLAN-interface 2 as a static member of the multicast group 225.1.1.1. [SwitchA-Vlan-interface2] igmp static-group 225.1.1.1 Verifying the configuration Verify that you can capture multicast packets from Switch A on Switch B.
Page 149: Configuring Basic Ipv6 Settings
Configuring basic IPv6 settings About IPv6 IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.
Page 150: Ipv6 Addresses
• Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and other configuration information by using its link-layer address and the prefix information advertised by a router. To communicate with other hosts on the same link, a host automatically generates a link-local address based on its link-layer address and the link-local address prefix (FE80::/10).
Page 151 • Multicast address—An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address. Broadcast addresses are replaced by multicast addresses in IPv6. •...
Page 152: Ipv6 Path Mtu Discovery
duplicate addresses. Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format of a solicited-node multicast address is FF02:0:0:0:0:1:FFXX:XXXX. FF02:0:0:0:0:1:FF is fixed and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast address or anycast address.
Page 153: Ipv6 Transition Technologies
Figure 55 Path MTU discovery process IPv6 transition technologies IPv6 transition technologies enable communication between IPv4 and IPv6 networks. Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is a dual-stack node. A dual-stack node configured with an IPv4 address and an IPv6 address can forward both IPv4 and IPv6 packets.
Page 154: Configuring An Ipv6 Global Unicast Address
(Optional.) Configuring path MTU discovery Setting the interface MTU Setting a static path MTU for an IPv6 address Setting the aging time for dynamic path MTUs (Optional.) Controlling sending ICMPv6 messages Configuring the rate limit for ICMPv6 error messages Enabling replying to multicast echo requests Enabling sending ICMPv6 destination unreachable messages Enabling sending ICMPv6 time exceeded messages Enabling sending ICMPv6 redirect messages...
Page 155: Manually Assigning An Ipv6 Global Unicast Address
Manually assigning an IPv6 global unicast address Enter system view. system-view Enter interface view. interface interface-type interface-number Assign an IPv6 global unicast address to the interface. ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length } By default, no IPv6 global unicast address is configured on an interface. Stateless address autoconfiguration About stateless address autoconfiguration and temporary address Stateless address autoconfiguration enables an interface to automatically generate an IPv6 global...
Page 156: Configuring Prefix-Specific Address Autoconfiguration
Enabling stateless address autoconfiguration Enter system view. system-view Enter interface view. interface interface-type interface-number Enable stateless address autoconfiguration on an interface, so that the interface can automatically generate a global unicast address. ipv6 address auto By default, the stateless address autoconfiguration feature is disabled on an interface. Configuring the temporary address feature and preferentially using the temporary IPv6 address as the source address of outgoing packets Enter system view.
Page 157: Configuring An Ipv6 Link-Local Address
Configuring an IPv6 link-local address About IPv6 link-local address Configure IPv6 link-local addresses using one of the following methods: • Automatic generation—The device automatically generates a link-local address for an interface according to the link-local address prefix (FE80::/10) and the link-layer address of the interface.
Page 158: Configuring An Ipv6 Anycast Address
system-view Enter interface view. interface interface-type interface-number Manually assign an IPv6 link-local address to the interface. ipv6 address ipv6-address link-local By default, no link-local address is configured on an interface. Configuring an IPv6 anycast address Enter system view. system-view Enter interface view. interface interface-type interface-number Configure an IPv6 anycast address.
Page 159: Setting The Aging Time For Dynamic Path Mtus
Procedure Enter system view. system-view Set a static path MTU for an IPv6 address. ipv6 pathmtu ipv6-address value By default, no path MTU is set for any IPv6 address. Setting the aging time for dynamic path MTUs About the aging time for dynamic path MTUs After the device dynamically discovers the path MTU to a destination host (see "IPv6 path MTU discovery"), it performs the following operations:...
Page 160: Enabling Replying To Multicast Echo Requests
By default, the bucket allows a maximum of 10 tokens. A token is placed in the bucket at an interval of 100 milliseconds. To disable the ICMPv6 rate limit, set the interval to 0 milliseconds. Enabling replying to multicast echo requests Enter system view.
Page 161: Enabling Sending Icmpv6 Redirect Messages
• If a received packet is not destined for the device and its hop limit is 1, the device sends an ICMPv6 hop limit exceeded in transit message to the source. • Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts a timer.
Page 162: Enabling Ipv6 Local Fragment Reassembly
Procedure Enter system view. system-view Specify an IPv6 address as the source address for outgoing ICMPv6 packets. ipv6 icmpv6 source ipv6-address By default, the device uses the IPv6 address of the sending interface as the source IPv6 address for outgoing ICMPv6 packets. Enabling IPv6 local fragment reassembly About IPv6 local fragment reassembly Use this feature on a multichassis IRF fabric to improve fragment reassembly efficiency.
Page 163: Basic Ipv6 Settings Configuration Examples
Task Command display ipv6 prefix [ prefix-number ] Display the IPv6 prefix information. Display brief information about IPv6 display ipv6 rawip [ slot slot-number ] RawIP connections. display ipv6 rawip verbose [ slot Display detailed information about IPv6 RawIP connections. slot-number [ pcb pcb-index ] ] Display IPv6 and ICMPv6 packet display ipv6 statistics [ slot slot-number ]...
Page 164 [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 3001::1/64 [SwitchA-Vlan-interface2] quit # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default). [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ipv6 address 2001::1/64 [SwitchA-Vlan-interface1] undo ipv6 nd ra halt [SwitchA-Vlan-interface1] quit Configure Switch B:...
Page 165 InReceives: 25829 InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1 Vlan-interface1 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64...
Page 166 InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All IPv6 global unicast addresses configured on the interface are displayed.
Page 167 ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected.
Page 168: Configuring Ipv6 Neighbor Discovery
Configuring IPv6 neighbor discovery About IPv6 neighbor discovery ICMPv6 messages used by IPv6 neighbor discovery The IPv6 neighbor discovery (ND) process uses ICMP messages for address resolution, neighbor reachability verification, and neighboring device tracking. Table 8 describes the ICMPv6 messages used by the IPv6 ND protocol. Table 8 ICMPv6 messages used by ND ICMPv6 message Type...
Page 169: Neighbor Reachability Detection
Figure 57 Address resolution Neighbor reachability detection After Host A acquires the link-layer address of its neighbor Host B, Host A can use NS and NA messages to test the reachability of Host B as follows: Host A sends an NS message whose destination address is the IPv6 address of Host B. If Host A receives an NA message from Host B, Host A decides that Host B is reachable.
Page 170: Router/Prefix Discovery And Stateless Address Autoconfiguration
Router/prefix discovery and stateless address autoconfiguration Router/prefix discovery allows an IPv6 node to find the neighboring routers and learn the prefix and network configuration parameters of the network from receiving RA messages. Stateless address autoconfiguration allows an IPv6 node to automatically generate an IPv6 address based on the information learned through router/prefix discovery.
Page 171: Configuring A Static Neighbor Entry
• Configuring ND snooping • Enabling ND proxy Configuring a static neighbor entry About static neighbor entries A neighbor entry stores information about a link-local node. The entry can be created dynamically through NS and NA messages, or configured statically. The device uniquely identifies a static neighbor entry by using the neighbor's IPv6 address and the number of the Layer 3 interface that connects to the neighbor.
Page 172: Setting The Aging Timer For Nd Entries In Stale State
ipv6 neighbors max-learning-num max-number By default, an interface can learn a maximum of 512 dynamic neighbor entries. Setting the aging timer for ND entries in stale state About the aging timer for ND entries in stale state ND entries in stale state have an aging timer. If an ND entry in stale state is not refreshed before the timer expires, the ND entry changes to the delay state.
Page 173: Configuring Ra Message Sending And Parameters
Configuring RA message sending and parameters About RA message parameters You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations.
Page 174: Enabling The Sending Of Ra Messages
Enabling the sending of RA messages Enter system view. system-view Enter interface view. interface interface-type interface-number Enable the sending of RA messages. undo ipv6 nd ra halt The default setting is disabled. Set the maximum and minimum intervals for sending RA messages. ipv6 nd ra interval max-interval min-interval By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds.
Page 175: Setting The Maximum Number Of Attempts To Send An Ns Message For Dad
Set the O flag bit to 1. ipv6 nd autoconfig other-flag By default, the O flag bit is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other configuration information through stateless autoconfiguration. Set the router lifetime in RA messages. ipv6 nd ra router-lifetime time By default, the router lifetime is 1800 seconds.
Page 176 ND detection processes the ND messages received on ND trusted and untrusted interfaces as follows: • ND detection forwards all ND messages received on an ND trusted interface. • ND detection compares all ND messages received on an ND untrusted interface with the ND snooping entries except for RA and redirect messages.
Page 177: Procedure
Procedure Enter system view. system-view Enter VLAN view. vlan vlan-id Enable ND snooping for IPv6 addresses. Choose the options to configure as needed: Enable ND snooping for global unicast addresses. ipv6 nd snooping enable global Enable ND snooping for link-local addresses. ipv6 nd snooping enable link-local By default, ND snooping is disabled for IPv6 global unicast addresses and link-local addresses.
Page 178: Enabling Nd Proxy
Enabling ND proxy About ND proxy ND proxy enables a device to answer an NS message requesting the hardware address of a host on another network. With ND proxy, hosts in different broadcast domains can communicate with each other as they would on the same network. ND proxy includes common ND proxy and local ND proxy.
Page 179: Enabling Common Nd Proxy
Local ND proxy implements Layer 3 communication for two hosts in the following cases: • The two hosts connect to ports of the same device and the ports must be in different VLANs. • The two hosts connect to isolated Layer 2 ports in the same isolation group of a VLAN. •...
Page 180: Nd Snooping Configuration Examples
Task Command Display the maximum number of ND display ipv6 neighbors entry-limit entries that a device supports. reset ipv6 nd snooping [ [ vlan vlan-id ] [ global | link-local ] | vlan vlan-id Clear IPv6 ND snooping entries. ipv6-address ] reset ipv6 neighbors { all | dynamic | interface interface-type interface-number Clear IPv6 neighbor information.
Page 181 [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-type trunk [DeviceA-GigabitEthernet1/0/3] port trunk permit vlan 10 [DeviceA-GigabitEthernet1/0/3] quit # Assign IPv6 address 10::1/64 to VLAN-interface 10. [DeviceA] interface vlan-interface 10 [DeviceA-Vlan-interface10] ipv6 address 10::1/64 [DeviceA-Vlan-interface10] quit Configure Device B: # Create VLAN 10. [DeviceB] vlan 10 [DeviceB-vlan10] quit # Configure GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to trunk...
Page 182 [DeviceB] display ipv6 nd snooping vlan 10 IPv6 address MAC address Interface Status 10::5 0001-0203-0405 GE1/0/1 VALID 10::6 0001-0203-0607 GE1/0/2 VALID...
Page 183: Dhcpv6 Overview
DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 62, rapid assignment operates in the following steps: The DHCPv6 client sends to the DHCPv6 server a Solicit message that contains a Rapid Commit option to prefer rapid assignment.
Page 184: Address/Prefix Lease Renewal
Figure 63 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.
Page 185: Stateless Dhcpv6
Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device performs stateless DHCPv6 if an RA message with the following flags is received from the router during stateless address autoconfiguration: •...
Page 186: Option 37
Figure 67 Option 18 format Figure 67 shows the Option 18 format, which includes the following fields: • Option code—Option code. The value is 18. • Option length—Size of the option data. • Port index—Port that receives the DHCPv6 request from the client. •...
Page 187: Protocols And Standards
Protocols and standards • RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6 • RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) • RFC 2462, IPv6 Stateless Address Autoconfiguration • RFC 3633, IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6...
Page 188: Configuring The Dhcpv6 Server
Configuring the DHCPv6 server About DHCPv6 server A DHCPv6 server can assign IPv6 addresses, IPv6 prefixes, and other configuration parameters to DHCPv6 clients. IPv6 address assignment As shown in Figure 69, the DHCPv6 server assigns IPv6 addresses, domain name suffixes, DNS server addresses, and other configuration parameters to DHCPv6 clients.
Page 189: Concepts
Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers. It uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).
Page 190: Ipv6 Address/Prefix Allocation Sequence
Address allocation mechanisms DHCPv6 supports the following address allocation mechanisms: • Static address allocation—To implement static address allocation for a client, create a DHCPv6 address pool, and manually bind the DUID and IAID of the client to an IPv6 address in the DHCPv6 address pool.
Page 191: Dhcpv6 Server Tasks At A Glance
IPv6 address/prefix statically bound to the client's DUID and IAID. IPv6 address/prefix statically bound to the client's DUID and expected by the client. IPv6 address/prefix statically bound to the client's DUID. IPv6 address/prefix that was ever assigned to the client. Assignable IPv6 address/prefix in the address pool/prefix pool expected by the client.
Page 192 • An IPv6 prefix can be bound to only one DHCPv6 client. You cannot modify bindings that have been created. To change the binding for a DHCPv6 client, you must delete the existing binding first. • One address pool can have only one prefix pool applied. You cannot modify prefix pools that have been applied.
Page 193: Configuring Ipv6 Address Assignment
Configuring IPv6 address assignment About IPv6 address assignment Use one of the following methods to configure IPv6 address assignment: • Configure a static IPv6 address binding in an address pool. If you bind a DUID and an IAID to an IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client.
Page 194: Configuring Network Parameters Assignment
network { prefix/prefix-length | prefix prefix-number [ sub-prefix/sub-prefix-length ] } [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] By default, no IPv6 address subnet is specified. The IPv6 subnets cannot be the same in different address pools. If you specify an IPv6 prefix by its ID, make sure the IPv6 prefix is in effect. Otherwise, the configuration does not take effect.
Page 195: Configuring Network Parameters In A Dhcpv6 Option Group
Enter DHCPv6 address pool view. ipv6 dhcp pool pool-name Specify an IPv6 subnet for dynamic assignment. network { prefix/prefix-length | prefix prefix-number [ sub-prefix/sub-prefix-length ] } [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] By default, no IPv6 subnet is specified. The IPv6 subnets cannot be the same in different address pools. If you specify an IPv6 prefix by its ID, make sure the IPv6 prefix is in effect.
Page 196: Configuring The Dhcpv6 Server On An Interface
By default, no SIP server address or domain name is specified. Configure a self-defined DHCPv6 option. option code hex hex-string By default, no self-defined DHCPv6 option is configured. Return to system view. quit Enter DHCPv6 address pool view. ipv6 dhcp pool pool-name Specify a DHCPv6 option group.
Page 197: Configuring A Dhcpv6 Policy For Ipv6 Address And Prefix Assignment
By default, desired address/prefix assignment and rapid assignment are disabled, and the default preference is 0. Apply a DHCPv6 address pool to the interface. ipv6 dhcp server apply pool pool-name [ allow-hint | preference preference-value | rapid-commit ] * Configuring a DHCPv6 policy for IPv6 address and prefix assignment About DHCPv6 policy for IPv6 address and prefix assignment In a DHCPv6 policy, each DHCPv6 user class has a bound DHCPv6 address pool.
Page 198: Setting The Dscp Value For Dhcpv6 Packets Sent By The Dhcpv6 Server
Return to system view. quit Enter interface view. interface interface-type interface-number 10. Apply the DHCPv6 policy to the interface. ipv6 dhcp apply-policy policy-name By default, no DHCPv6 policy is applied to an interface. Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 server About setting the DSCP value for DHCPv6 packets sent by the DHCPv6 server The DSCP value of a packet specifies the priority level of the packet and affects the transmission...
Page 199: Enabling The Dhcpv6 Server To Advertise Ipv6 Prefixes
ipv6 dhcp server database update interval interval By default, the DHCP server waits 300 seconds to update the backup file after a DHCP binding change. If no DHCP binding changes, the backup file is not updated. (Optional.) Terminate the download of DHCPv6 bindings from the backup file. ipv6 dhcp server database update stop This command only triggers one termination.
Page 200: Display And Maintenance Commands For Dhcpv6 Server
Display and maintenance commands for DHCPv6 server Execute display commands in any view and reset commands in user view. Task Command display ipv6 dhcp duid Display the DUID of the local device. display ipv6 dhcp option-group Display information about a DHCPv6 option group.
Page 201: Dhcpv6 Server Configuration Examples
DHCPv6 server configuration examples Example: Configuring dynamic IPv6 prefix assignment Network configuration As shown in Figure 72, the switch acts as a DHCPv6 server to assign an IPv6 prefix, a DNS server address, a domain name, a SIP server address, and a SIP server name to each DHCPv6 client. switch assigns prefix...
Page 202 # Apply prefix pool 1 to address pool 1, and set the preferred lifetime to one day, and the valid lifetime to three days. [Switch-dhcp6-pool-1] prefix-pool 1 preferred-lifetime 86400 valid-lifetime 259200 # In address pool 1, bind prefix 2001:0410:0201::/48 to the client DUID 00030001CA0006A40000, and set the preferred lifetime to one day, and the valid lifetime to three days.
Page 203: Example: Configuring Dynamic Ipv6 Address Assignment
# Display information about prefix pool 1. [Switch-Vlan-interface2] display ipv6 dhcp prefix-pool 1 Prefix: 2001:410::/32 Assigned length: 48 Total prefix number: 65536 Available: 65535 In-use: 0 Static: 1 # After the client with the DUID 00030001CA0006A40000 obtains an IPv6 prefix, display the binding information on the DHCPv6 server.
Page 204 # Specify an IPv6 address for VLAN-interface 10. <SwitchA> system-view [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] ipv6 address 1::1:0:0:1/96 # Disable RA message suppression on VLAN-interface 10. [SwitchA-Vlan-interface10] undo ipv6 nd ra halt # Set the M flag to 1 in RA advertisements to be sent on VLAN-interface 10. Hosts that receive the RA advertisements will obtain IPv6 addresses through DHCPv6.
Page 205 [SwitchA-dhcp6-pool-2] domain-name aabbcc.com [SwitchA-dhcp6-pool-2] dns-server 1::2:0:0:2 [SwitchA-dhcp6-pool-2] quit Verifying the configuration # Verify that the clients on subnets 1::1:0:0:0/96 and 1::2:0:0:0/96 can obtain IPv6 addresses and all other configuration parameters from the DHCPv6 server (Switch A). (Details not shown.) # On the DHCPv6 server, display IPv6 addresses assigned to the DHCPv6 clients. [SwitchA] display ipv6 dhcp server ip-in-use...
Page 206: Configuring The Dhcpv6 Relay Agent
Configuring the DHCPv6 relay agent About DHCPv6 relay agent Typical application A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 74, if the DHCPv6 server resides on another subnet, the DHCPv6 clients need a DHCPv6 relay agent to contact the...
Page 207: Dhcpv6 Relay Agent Tasks At A Glance
Figure 75 Operating process of a DHCPv6 relay agent DHCPv6 client DHCPv6 relay agent DHCPv6 server Solicit (contains a Rapid Commit option) (2) Relay-forward (3) Relay-reply (4) Reply DHCPv6 relay agent tasks at a glance To configure a DHCPv6 relay agent, perform the following tasks: Enabling the DHCPv6 relay agent on an interface Specifying DHCPv6 servers on the relay agent (Optional.)
Page 208: Specifying Dhcpv6 Servers On The Relay Agent
Specifying DHCPv6 servers on the relay agent Specifying DHCPv6 server IP addresses Restrictions and guidelines • You can use the ipv6 dhcp relay server-address command to specify a maximum of eight DHCPv6 servers on the DHCPv6 relay agent interface. The DHCPv6 relay agent forwards DHCP requests to all the specified DHCPv6 servers.
Page 209: Specifying A Gateway Address For Dhcpv6 Clients
• If this feature is used in the PPPoE scenario, you do not need to execute the ipv6 dhcp select relay command. This is because the remote-server command is a must in this configuration task and it implies that this device is a relay device. Procedure Enter system view.
Page 210: Specifying A Padding Mode For The Interface-Id Option
The default DSCP value is 56. Specifying a padding mode for the Interface-ID option About specifying a padding mode for the Interface-ID option This feature enables the relay agent to fill the Interface-ID option in the specified mode. When receiving a DHCPv6 packet from a client, the relay agent fills the Interface-ID option in the mode and then forwards the packet to the DHCPv6 server.
Page 211: Enabling Ipv6 Release Notification
Some security features, such as IP source guard, use DHCPv6 relay entries to check incoming packets and block packets that do not match any entry. Hosts using manually configured IPv6 addresses are denied to access external networks through the relay agent. For more information about IP source guard, see Security Configuration Guide.
Page 212: Display And Maintenance Commands For Dhcpv6 Relay Agent
Display and maintenance commands for DHCPv6 relay agent Execute display commands in any view and reset commands in user view. Task Command display ipv6 dhcp duid Display the DUID of the local device. display ipv6 dhcp relay client-information address [ interface Display DHCPv6 relay entries that record clients' IPv6 address information.
Page 213 Figure 76 Network diagram Procedure # Specify IPv6 addresses for VLAN-interface 2 and VLAN-interface 3. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ipv6 address 1::1 64 # Disable RA message suppression on VLAN-interface 3. [SwitchA-Vlan-interface3] undo ipv6 nd ra halt # Set the M flag to 1 in RA advertisements to be sent on VLAN-interface 3.
Page 214 Renew Rebind Release Decline Information-request Relay-forward Relay-reply Packets sent Advertise Reconfigure Reply Relay-forward Relay-reply...
Page 215: Configuring The Dhcpv6 Client
Configuring the DHCPv6 client About the DHCPv6 client With DHCPv6 client configured, an interface can obtain configuration parameters from the DHCPv6 server. A DHCPv6 client can use DHCPv6 to complete the following functions: • Obtain an IPv6 address, an IPv6 prefix, or both, and obtain other configuration parameters. If DHCPv6 server is enabled on the device, the client can automatically save the obtained parameters to a DHCPv6 option group.
Page 216: Configuring Ipv6 Address Acquisition
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Configure the DHCPv6 client DUID. ipv6 dhcp client duid { ascii string | hex string | mac interface-type interface-number } By default, the interface uses the device bridge MAC address to generate its DHCPv6 client DUID.
Page 217: Configuring Acquisition Of Configuration Parameters Except Ip Addresses And Prefixes
Configuring acquisition of configuration parameters except IP addresses and prefixes About acquisition of configuration parameters except IP addresses and prefixes When a DHCPv6 client has obtained an IPv6 address and prefix, you can configure the following methods for the client to obtain other network configuration parameters: •...
Page 218: Display And Maintenance Commands For Dhcpv6 Client
Display and maintenance commands for DHCPv6 client Execute the display commands in any view, and execute the reset command in user view. Task Command display ipv6 dhcp client [ interface Display the DHCPv6 client information. interface-type interface-number ] display ipv6 dhcp client statistics [ interface interface-type Display the DHCPv6 client statistics.
Page 219 [Switch-Vlan-interface2] quit Verifying the configuration # Verify that the client has obtained an IPv6 address and other configuration parameters from the server. [Switch] display ipv6 dhcp client Vlan-interface2: Type: Stateful client requesting address State: OPEN Client DUID: 0003000100e002000000 Preferred server: Reachable via address: FE80::2E0:1FF:FE00:18 Server DUID: 0003000100e001000000 IA_NA: IAID 0x00000642, T1 50 sec, T2 80 sec...
Page 220: Example: Configuring Ipv6 Prefix Acquisition
Interface Physical Protocol IPv6 Address Vlan-interface2 1:1::2 Example: Configuring IPv6 prefix acquisition Network configuration As shown in Figure 78, configure the switch to use DHCPv6 to obtain configuration parameters from the DHCPv6 server. The parameters include IPv6 prefix, DNS server address, domain name suffix, SIP server address, and SIP server domain name.
Page 221: Example: Configuring Ipv6 Address And Prefix Acquisition
Preferred lifetime 100 sec, valid lifetime 200 sec Will expire on Feb 4 2014 at 15:37:20(80 seconds left) DNS server addresses: 2000::FF Domain name: example.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com # Verify that the client has obtained an IPv6 prefix. [Switch] display ipv6 prefix 1 Number: 1 Type...
Page 222 Figure 79 Network diagram Procedure You must configure the DHCPv6 server before configuring the DHCPv6 client. For information about configuring the DHCPv6 server, see "Configuring the DHCPv6 server." # Configure an IPv6 address for VLAN-interface 2 that is connected to the DHCPv6 server. <Switch>...
Page 223: Example: Configuring Stateless Dhcpv6
SIP server addresses: 2:2::4 SIP server domain names: bbb.com # Verify that the DHCPv6 client has obtained an IPv6 address. [Switch] display ipv6 interface brief *down: administratively down (s): spoofing Interface Physical Protocol IPv6 Address Vlan-interface2 1:1::2 # Verify that the client has obtained an IPv6 prefix. [Switch] display ipv6 prefix 1 Number: 1 Type...
Page 224 Figure 80 Network diagram Procedure You must configure the DHCPv6 server first before configuring the DHCPv6 client. For information about configuring DHCPv6 server, see "Configuring the DHCPv6 server." Configure the gateway Switch B. # Configure an IPv6 address for VLAN-interface 2. <SwitchB>...
Page 225 # Display the DHCPv6 client statistics. [SwitchA-Vlan-interface2] display ipv6 dhcp client statistics Interface Vlan-interface2 Packets received Reply Advertise Reconfigure Invalid Packets sent Solicit Request Renew Rebind Information-request Release Decline...
Page 226: Configuring Dhcpv6 Snooping
Configuring DHCPv6 snooping About DHCPv6 snooping It guarantees that DHCPv6 clients obtain IP addresses from authorized DHCPv6 servers. Also, it records IP-to-MAC bindings of DHCPv6 clients (called DHCPv6 snooping entries) for security purposes. DHCPv6 snooping defines trusted and untrusted ports to make sure that clients obtain IPv6 addresses only from authorized DHCPv6 servers.
Page 227: Restrictions And Guidelines: Dhcpv6 Snooping Configuration
Restrictions and guidelines: DHCPv6 snooping configuration DHCPv6 snooping works between the DHCPv6 client and server, or between the DHCPv6 client and DHCPv6 relay agent. DHCPv6 snooping does not work between the DHCPv6 server and DHCPv6 relay agent. DHCPv6 snooping tasks at a glance To configure DHCPv6 snooping, perform the following tasks: Configuring basic DHCPv6 snooping (Optional.)
Page 228: Configuring Dhcp Snooping Support For Option 18
quit b. Enter interface view. interface interface-type interface-number This interface must connect to the DHCPv6 client. c. Enable recording of client information in DHCPv6 snooping entries. ipv6 dhcp snooping binding record By default, DHCPv6 snooping does not record client information. Configuring DHCP snooping support for Option 18 Enter system view.
Page 229: Setting The Maximum Number Of Dhcpv6 Snooping Entries
Restrictions and guidelines • If you disable DHCPv6 snooping with the undo ipv6 dhcp snooping enable command, the device deletes all DHCPv6 snooping entries, including those stored in the backup file. • If you execute the ipv6 dhcp snooping binding database filename command, the DHCPv6 snooping device backs up DHCPv6 snooping entries immediately and runs auto backup.
Page 230: Enabling Dhcpv6-Request Check
Restrictions and guidelines The rate set on the Layer 2 aggregate interface applies to all members of the aggregate interface. If a member interface leaves the aggregation group, it uses the rate set in its Ethernet interface view. Procedure Enter system view. system-view Enter interface view.
Page 231: Enabling Dhcpv6 Snooping Logging
Procedure Enter system view. system-view Enter interface view. interface interface-type interface-number Configure the port to block DHCPv6 requests. ipv6 dhcp snooping deny By default, the port does not block DHCPv6 requests. Enabling DHCPv6 snooping logging About DHCPv6 snooping logging The DHCPv6 snooping logging feature enables the DHCPv6 snooping device to generate DHCPv6 snooping logs and send them to the information center.
Page 232: Dhcpv6 Snooping Configuration Examples
Task Command reset ipv6 dhcp snooping packet Clear DHCPv6 packet statistics for DHCPv6 snooping. statistics [ slot slot-number ] DHCPv6 snooping configuration examples Example: Configuring DHCPv6 snooping Network configuration As shown in Figure 82, Switch B is connected to the authorized DHCPv6 server through GigabitEthernet 1/0/1, to the unauthorized DHCPv6 server through GigabitEthernet 1/0/3, and to the DHCPv6 client through GigabitEthernet 1/0/2.
Page 233: Document Conventions And Icons
Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.
Page 234: Network Topology Icons
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 235: Support And Other Resources
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
Page 236: Customer Self Repair
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 237: Index
Index DHCPv6 server IPv6 address assignment, DHCPv6 server IPv6 address+prefix policy acquiring assignment, BOOTP client dynamic IP address, IP address assignment, DHCPv6 client IPv6 address, IP address representation and classes, DHCPv6 client IPv6 address+prefix, IP addressing configuration, 21, 24, 24 DHCPv6 client IPv6 prefix, IP addressing interface address, DHCPv6 IPv6 address acquisition...
Page 238 DHCPv6 snooping trusted/untrusted port, DHCPv6 server IPv6 address+prefix policy assignment, DHCPv6 server IPv6 prefix assignment, common proxy ARP configuration, 16, 16 DHCPv6 server network parameters (address configuration, 1, 8 pool), direct route advertisement configuration, DHCPv6 server network parameters (option display, group), dynamic entry aging timer configuration, DHCPv6 server network parameters...
Page 239 class ARP static entry, DHCP user class creation, ARP static entry (long), 4, 8 DHCP user class whitelist, ARP static entry (short), IP address class, BOOTP client, 97, 98, 98 client client stateless DHCPv6, BOOTP configuration, 97, 98, 98 common proxy ARP, 16, 16 DHCP client auto-configuration file, DHCP address pool static binding,...
Page 240 DHCPv6 client, 205, 205, 208 IPv4 DNS client domain name resolution (dynamic), DHCPv6 client DUID, IPv4 DNS client domain name resolution DHCPv6 client IPv6 address (static), acquisition, 206, 208 IPv4 DNS proxy, DHCPv6 client IPv6 address+prefix acquisition, 206, 211 IPv6 address (global unicast)(prefix-specific autoconfiguration), DHCPv6 client IPv6 prefix acquisition,...
Page 241 DHCP IP address conflict detection, DNS client configuration, DHCP relay agent client offline detection, DNS outgoing packet DSCP value, gratuitous ARP IP conflict detection, DNS packet source interface, IPv6 ND duplicate address detection, DNS proxy, IPv6 ND neighbor reachability detection, DNS proxy configuration, IPv6 ND redirection, DNS spoofing,...
Page 242 client duplicated address detection, relay agent Option 82 configuration, 72, 76 client enable (on interface), relay agent Option 82 support, client gateway specification, relay agent packet DSCP value, client ID configuration (on interface), relay agent relay entry recording, client NetBIOS node type, relay agent security features, client packet DSCP value, relay agent server,...
Page 243 DHCP-REQUEST message attack prefix allocation, protection, protocols and standards, display, rapid assignment (2 messages), entry auto backup, relay agent client offline detection, entry max, relay agent configuration, 196, 202 logging, relay agent display, maintain, relay agent enable on interface, Option 82 configuration, relay agent entry recording, Option 82 support, relay agent Interface-ID option padding...
Page 244 direct route advertisement (ARP), spoofing, disabling spoofing configuration, DHCP snooping (interface), static domain name resolution, IPPO ICMP fragment forwarding, suffixes, displaying troubleshoot IPv4 DNS address resolution failure, ARP, troubleshoot IPv4 DNS configuration, ARP snooping, troubleshoot IPv6 DNS address resolution BOOTP client, failure, DHCP client, trusted interface configuration,...
Page 245 ARP dynamic entry check, IPPO ICMP error message sending, ARP logging, Ethernet DHCP, ARP configuration, 1, 8 DHCP client (on interface), ARP direct route advertisement configuration, DHCP client duplicated address detection, ARP multiport entry configuration, DHCP Option 82 handling, ARP short static entry configuration, DHCP relay agent (on interface), ARP snooping configuration, DHCP relay agent client offline detection,...
Page 246 DHCP message, DHCPv6 relay agent Interface-ID option padding mode, DHCP server BOOTP response format, IP address class Host ID, IPv6 addresses, IP address class Net ID, forwarding identity IPPO directed broadcast forward, association. See IA fragment association ID. See IAID IPPO ICMP fragment forwarding, ignoring IPv6 local fragment reassembly,...
Page 247 DHCP relay agent source IP address, DNS spoofing, DHCP server configuration, DNS spoofing configuration, DHCP server dynamic IP address DNS static domain name resolution, assignment, DNS trusted interface, DHCP server option customization, forwarding basic configuration, DHCP server static IP address assignment, gratuitous ARP configuration, DHCP server subnet configuration, gratuitous ARP IP conflict detection,...
Page 248 proxy ARP configuration, DHCP enable, special IP addresses, DHCP IP address conflict detection, subnetting, DHCP IP address lease extension, IP forwarding DHCP message format, basic configuration, DHCP Option 82 handling enable, entry save to file, DHCP option customization, FIB table display, DHCP options (common), IP prefixing DHCP options (custom),...
Page 249 DHCP snooping entry auto backup, DHCPv6 relay agent maintain, DHCP snooping entry max, DHCPv6 relay agent security features, DHCP snooping logging, DHCPv6 relay agent server, DHCP snooping maintain, DHCPv6 server configuration, 175, 178, 191 DHCP snooping Option 82 configuration, DHCPv6 server display, DHCP snooping Option 82 support, DHCPv6 server dynamic IPv6 address assignment,...
Page 250 IP addressingconfiguration, proxy ARP display, IP forwarding entries save, special IP addresses, IPv4 DNS configuration, stateless DHCPv6, IPv6 addresses, troubleshooting DHCP IP address conflict, IPv6 basic settings configuration, 139, 153 troubleshooting DHCP relay agent configuration, IPv6 basics configuration, troubleshooting DHCP relay agent configuration IPv6 basics display, parameters, IPv6 basics maintain,...
Page 251 IPPO IPv4 packet MTU, protocols and standards, 143, 160 special IP addresses, RA message parameter configuration, IPv6, 139, See also IPng stateless address autoconfiguration, address format, static path MTU configuration, address type, transition technologies, addresses, IPv6 addressing basic settings configuration, 139, 153 DHCPv6 server logging, basics configuration,...
Page 252 UDP helper broadcast > unicast DHCPv6 client, conversion, 134, 136 DHCPv6 relay agent, UDP helper configuration, 134, 136 DHCPv6 server, learning DHCPv6 snooping, IPv6 ND dynamic neighbor entries max DNS, number, IPPO, leasing IPv6 basics, DHCP IP address lease extension, UDP helper, DHCPv6 address/prefix lease renewal, masking...
Page 253 IPv6 interface MTU configuration, IPv6 ND snooping configuration, 170, 170 IPv6 path MTU discovery, IPv6 ND stale state entry aging timer, IPv6 path MTU discovery configuration, IPv6 ND static neighbor entry, IPv6 static path MTU configuration, IPv6 neighbor reachability detection, multicast IPv6 redirection, DHCPv6 address,...
Page 254 DHCP server compatibility configuration, DHCPv6 relay agent client offline detection, DHCP server configuration, DHCPv6 relay agent enable on interface, DHCP server dynamic IP address DHCPv6 relay agent entry recording, assignment, DHCPv6 relay agent Interface-ID option padding DHCP server option customization, mode, DHCP server packet DSCP value, DHCPv6 relay agent IPv6 release...
Page 255 IP addressing masking, IPv6 ND snooping configuration, 165, 170, 170 IP addressing subnetting, IPv6 ND stale state entry aging timer, IP forwarding entries save, IPv6 ND stateless address autoconfiguration, IPPO directed broadcast forward, IPv6 ND static neighbor entry, IPPO directed broadcast forward IPv6 path MTU discovery, 142, 148 configuration,...
Page 256 DHCP client NetBIOS node p (peer-to-peer) relay agent, 29, 31 type, relay agent configuration, 72, 76 non-temporary relay agent support, DHCPv6 non-temporary IPv6 address, snooping configuration, 88, 95 DHCPv6 server non-temporary address snooping support, assignment, notifying packet gratuitous ARP IP conflict notification, DHCP client packet DSCP value, DHCP server packet DSCP value, offline...
Page 257 IPv6 ND router/prefix discovery, delegation. See PD IPv6 ND snooping DHCPv6 address/prefix assignment, configuration, 165, 170, 170 DHCPv6 address/prefix lease renewal, IPv6 ND stale state entry aging timer, DHCPv6 client IPv6 address+prefix IPv6 ND stateless address acquisition, autoconfiguration, DHCPv6 client IPv6 prefix acquisition, IPv6 ND static neighbor entry, DHCPv6 dynamic prefix allocation, IPv6 path MTU discovery,...
Page 258 configuring DHCP server address pool, configuring DHCPv6 relay agent security features, configuring DHCP server BOOTP request ignore, configuring DHCPv6 server, configuring DHCP server BOOTP response configuring DHCPv6 server dynamic IPv6 format, address assignment, configuring DHCP server broadcast configuring DHCPv6 server dynamic IPv6 prefix response, assignment, configuring DHCP server compatibility,...
Page 259 configuring IPv6 address (global displaying IPPO, unicast)(prefix-specific displaying IPv6 basics, autoconfiguration), displaying proxy ARP, configuring IPv6 basics, displaying UDP helper, configuring IPv6 DNS client domain name enabling ARP dynamic entry check, resolution (dynamic), enabling ARP logging, configuring IPv6 DNS client domain name enabling DHCP, resolution (static), enabling DHCP client (on interface),...
Page 260 enabling IPv6 ICMPv6 redirect message specifying DHCP address pool primary send, subnet+multiple address range, enabling IPv6 ICMPv6 time exceeded specifying DHCP address pool primary message send, subnet+multiple secondary subnets, enabling IPv6 local fragment reassembly, specifying DHCP client auto-configuration file, enabling IPv6 multicast echo request specifying DHCP client BIMS server reply, information,...
Page 261 proxying DHCP starvation attack protection, DHCP relay agent server proxy, DHCPv6 client gateway address, DNS proxy, DHCPv6 client offline detection, DNS proxy configuration, DHCPv6 configuration, 196, 202 DNS spoofing, DHCPv6 DUID, DNS spoofing configuration, DHCPv6 enable on interface, IPv4 DNS proxy configuration, DHCPv6 entry recording, IPv6 DNS proxy configuration, DHCPv6 Interface-ID option padding mode,...
Page 262 DNS client configuration, DHCP relay agent starvation attack protection, DNS configuration, 99, 102 DHCP server security (starvation attack protection), DNS outgoing packet DSCP value, DHCP server security features, DNS packet source interface, DHCP smart relay, DNS proxy, DHCP snooping basic configuration, DNS proxy configuration, DHCP snooping basic configuration (common DNS spoofing configuration,...
Page 263 DHCP security (starvation attack IPPO TCP buffer size, protection), IPPO TCP timers, DHCP security features, IPv6 dynamic path MTU aging timer, DHCP server BOOTP request ignore, IPv6 interface MTU, DHCP server BOOTP response format, IPv6 ND dynamic neighbor entries max DHCP server broadcast response, number, DHCP server configuration,...
Page 264 specifying DHCP server subnet configuration, DHCP address pool primary subnet+multiple DHCPv6 relay agent configuration, 196, 202 address range, IP addressing, DHCP address pool primary subnet+multiple suffix secondary subnets, DHCP client domain name suffix, DHCP client auto-configuration file, DNS client, DHCP client BIMS server information, DNS trusted interface, DHCP client DNS server, DHCP client domain name suffix,...
Page 265 trusted DHCPv6 client IPv6 prefix acquisition configuration, DHCP snooping trusted port, DHCPv6 snooping configuration, 216, 222, 222 DHCPv6 snooping port, UDP helper broadcast > multicast conversion, 135, 137 UDP helper UDP helper broadcast > unicast broadcast > multicast conversion, 135, 137 conversion, 134, 136 broadcast >...

HPE FlexNetwork 5130 EI Series Layer 3-Ip Services Configuration Manual

Configuring ARP

Configuring Gratuitous ARP

Configuring Proxy ARP

Configuring ARP Snooping

Configuring ARP Direct Route Advertisement

Configuring IP Addressing

DHCP Overview

Configuring the DHCP Server

Configuring the DHCP Relay Agent

Configuring the DHCP Client

Configuring DHCP Snooping

Configuring the BOOTP Client

Configuring DNS

Configuring IP Forwarding Basic Settings

Configuring IRDP

Optimizing IP Performance

Configuring UDP Helper

Configuring Basic Ipv6 Settings

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for HPE FlexNetwork 5130 EI Series

Summary of Contents for HPE FlexNetwork 5130 EI Series