HP 6125XLG Layer 3-Ip Services Configuration Manual

Blade switch
Table of Contents

Advertisement

HP 6125XLG Blade Switch
Layer 3 - IP Services

Configuration Guide

Part number: 5998-5371a
Software version: Release 240x
Document version: 6W101-20150515

Advertisement

Table of Contents
loading

Summary of Contents for HP 6125XLG

  • Page 1: Configuration Guide

    HP 6125XLG Blade Switch Layer 3 - IP Services Configuration Guide Part number: 5998-5371a Software version: Release 240x Document version: 6W101-20150515...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
  • Page 3: Table Of Contents

    Contents Configuring ARP ··························································································································································· 1   Overview ············································································································································································ 1   ARP message format ················································································································································ 1   ARP operating mechanism ······································································································································ 1   ARP table ··································································································································································· 2   Configuring a static ARP entry ········································································································································· 3   Configuring a multiport ARP entry ··································································································································· 4  ...
  • Page 4 Network requirements ··········································································································································· 23   Configuration procedure ······································································································································ 23   Verifying the configuration ··································································································································· 24   DHCP overview ·························································································································································· 25   DHCP address allocation ·············································································································································· 25   Allocation mechanisms ········································································································································· 25   IP address allocation process ······························································································································· 26   IP address lease extension···································································································································· 26  ...
  • Page 5 Configuring the DHCP relay agent ··························································································································· 55   Overview ········································································································································································· 55   Operation ······························································································································································· 55   DHCP relay agent support for Option 82 ·········································································································· 56   DHCP relay agent configuration task list ····················································································································· 56   Enabling DHCP ······························································································································································ 57   Enabling the DHCP relay agent on an interface ········································································································...
  • Page 6 Configuring an interface to use BOOTP for IP address acquisition·········································································· 80   Displaying and maintaining BOOTP client ················································································································· 80   BOOTP client configuration example ·························································································································· 80   Network requirements ··········································································································································· 80   Configuration procedure ······································································································································ 80   Configuring DNS ······················································································································································· 81  ...
  • Page 7 Displaying FIB table entries ········································································································································· 110   Configuring load sharing ······································································································································· 112   Overview ······································································································································································· 112   Configuring load sharing ············································································································································ 112   Enabling local-first load sharing ································································································································· 112   Load sharing configuration example ························································································································· 113   Network requirements ········································································································································· 113  ...
  • Page 8 IPv6 path MTU discovery ···································································································································· 138   IPv6 transition technologies ········································································································································· 138   Dual stack ····························································································································································· 139   Tunneling ······························································································································································ 139   Protocols and standards ·············································································································································· 139   IPv6 basics configuration task list ······························································································································· 139   Assigning IPv6 addresses to interfaces ······················································································································ 140  ...
  • Page 9 Overview ······································································································································································· 191   Application of trusted and untrusted ports ········································································································ 191   HP implementation of Option 18 and Option 37 ···································································································· 192   Option 18 for DHCPv6 snooping ······················································································································ 192   DHCPv6 snooping support for Option 37 ········································································································ 193  ...
  • Page 10 Symptom ······························································································································································· 237   Analysis ································································································································································ 237   Solution ································································································································································· 238   Support and other resources ·································································································································· 239   Contacting HP ······························································································································································ 239   Subscription service ············································································································································ 239   Related information ······················································································································································ 239   Documents ···························································································································································· 239   Websites ······························································································································································· 239  ...
  • Page 11 Index ········································································································································································ 242  ...
  • Page 12: Configuring Arp

    Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages.
  • Page 13: Arp Table

    If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request contains the following information: Sender IP address and sender MAC address—Host A's IP address and MAC address. Target IP address—Host B's IP address.
  • Page 14: Configuring A Static Arp Entry

    Static ARP entry A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. The device supports the following types of static ARP entries: Long static ARP entry—It contains the IP address, MAC address, VLAN, and output interface.
  • Page 15: Configuring A Multiport Arp Entry

    The IP address of the VLAN interface of the VLAN specified by the vlan-id argument must belong to • the same subnet as the IP address specified by the ip-address argument. To configure a static ARP entry: Step Command Remarks Enter system view.
  • Page 16: Setting The Maximum Number Of Dynamic Arp Entries For A Device

    Step Command Remarks arp multiport ip-address mac-address Configure a multiport ARP By default, no multiport ARP vlan-id [ vpn-instance entry. entries are configured. vpn-instance-name ] Setting the maximum number of dynamic ARP entries for a device A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn.
  • Page 17: Setting The Aging Timer For Dynamic Arp Entries

    Step Command Remarks By default, an interface can learn a maximum of 16384 dynamic ARP Set the maximum number of entries. dynamic ARP entries for the arp max-learning-num number To disable the interface from learning interface. dynamic ARP entries, set the number to Setting the aging timer for dynamic ARP entries Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer.
  • Page 18: Configuring Arp Fast Update

    On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the • following IP addresses: The IP address of the receiving interface. The virtual IP address of the VRRP group. The NATed external address. •...
  • Page 19: Displaying And Maintaining Arp

    Step Command Remarks Enable ARP fast mac-address mac-move By default, ARP fast update is disabled for update. fast-update MAC move. Displaying and maintaining ARP IMPORTANT: Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be cleared do not affect current communications.
  • Page 20: Multiport Arp Entry Configuration Example

    Figure 4 Network diagram Configuration procedure # Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface Ten-GigabitEthernet 1/1/5 to VLAN 10. [Switch] interface Ten-GigabitEthernet 1/1/5 [Switch-Ten-GigabitEthernet1/1/5] port access vlan 10 [Switch-Ten-GigabitEthernet1/1/5] quit # Create VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 8 [Switch-vlan-interface10] quit...
  • Page 21 Figure 5 Network diagram Swtich XGE1/1/5 XGE1/1/7 XGE1/1/6 Server Server Server Server group 192.168.1.1/24 00e0-fc01-0000 Configuration procedure # Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Add Ten-GigabitEthernet 1/1/5, Ten-GigabitEthernet 1/1/6, and Ten-GigabitEthernet 1/1/7 to VLAN 10. [Switch] interface Ten-GigabitEthernet 1/1/5 [Switch-Ten-GigabitEthernet1/1/5] port access vlan 10 [Switch-Ten-GigabitEthernet1/1/5] quit...
  • Page 22 [Switch] mac-address multiport 00e0-fc01-0000 interface Ten-GigabitEthernet 1/1/5 to Ten-GigabitEthernet 1/1/7 vlan 10 # Configure a multiport ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000. [Switch] arp multiport 192.168.1.1 00e0-fc01-0000 10 # Display ARP information. [Switch] display arp Type: S-Static D-Dynamic O-Openflow M-Multiport...
  • Page 23: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: Determine whether its IP address is already used by another device. If the IP address is already used, •...
  • Page 24: Configuration Procedure

    address of the virtual router. For more information about VRRP, see High Availability Configuration Guide. Configuration procedure The following conditions apply to the gratuitous ARP configuration: You can enable periodic sending of gratuitous ARP packets on up to 1024 interfaces. •...
  • Page 25 Step Command Remarks Enter system view. system-view Enable IP conflict By default, IP conflict notification is arp ip-conflict log prompt notification. disabled.
  • Page 26: Configuring Proxy Arp

    Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP.
  • Page 27: Displaying Proxy Arp

    Displaying proxy ARP Execute display commands in any view. Task Command Display common proxy ARP status. display proxy-arp [ interface interface-type interface-number ] Display local proxy ARP status. display local-proxy-arp [ interface interface-type interface-number ] Common proxy ARP configuration example Network requirements As shown in Figure...
  • Page 28 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 1. [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit # Configure the IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable After the configuration, Host A and Host D can ping each other.
  • Page 29: Configuring Arp Snooping

    Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. Manual-mode MFF can use the ARP snooping entries. For more information about MFF, see Security Configuration Guide. ARP snooping is used in Layer 2 switching networks.
  • Page 30: Configuring Ip Addressing

    Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) is beyond the scope of this chapter. The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. NOTE: The term "interface"...
  • Page 31: Special Ip Addresses

    Table 1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at startup for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test.
  • Page 32: Assigning An Ip Address To An Interface

    For example, a Class B network without subnetting can accommodate 1022 more hosts than the same network subnetted into 512 subnets. Without subnetting—65534 hosts (2 – 2). (The two deducted addresses are the broadcast • address, which has an all-one host ID, and the network address, which has an all-zero host ID.) With subnetting—Using the first nine bits of the host-id for subnetting provides 512 (2 ) subnets.
  • Page 33: Configuration Guidelines

    IP address from other interfaces. This is called IP unnumbered, and the interface borrowing the IP address is called IP unnumbered interface. You can use IP unnumbered to save IP addresses either when available IP addresses are inadequate or when an interface is brought up only for occasional use. Configuration guidelines Follow these guidelines when you configure IP unnumbered: An interface cannot borrow an IP address from an unnumbered interface.
  • Page 34: Ip Address Configuration Example

    Task Command Display brief IP configuration information for the display ip interface [ interface-type specified or all Layer 3 interfaces. [ interface-number ] ] brief IP address configuration example Network requirements As shown in Figure 9, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
  • Page 35: Verifying The Configuration

    Verifying the configuration # Ping a host on subnet 172.16.1.0/24 from the switch to check the connectivity. <Switch> ping 172.16.1.2 Ping 172.16.1.2 (172.16.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 172.16.1.2: icmp_seq=0 ttl=128 time=7.000 ms 56 bytes from 172.16.1.2: icmp_seq=1 ttl=128 time=2.000 ms 56 bytes from 172.16.1.2: icmp_seq=2 ttl=128 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=3 ttl=128 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=4 ttl=128 time=2.000 ms...
  • Page 36: Dhcp Overview

    DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 10 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent.
  • Page 37: Ip Address Allocation Process

    IP address allocation process Figure 11 IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.
  • Page 38: Dhcp Message Format

    DHCP message format Figure 12 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 12 DHCP message format • op—Message type defined in options field. 1 = REQUEST, 2 = REPLY htype, hlen—Hardware address type and length of the DHCP client.
  • Page 39: Dhcp Options

    DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information to clients. Figure 13 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.
  • Page 40 The DHCP client can obtain the following information through Option 43: • ACS parameters, including the ACS URL, username, and password. Service provider identifier, which is acquired by the CPE from the DHCP server and sent to the ACS • for selecting vender-specific configurations and parameters.
  • Page 41: Protocols And Standards

    Relay agent option (Option 82) Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.
  • Page 42 RFC 3046, DHCP Relay Agent Information Option • • RFC 3442, The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4...
  • Page 43: Configuring The Dhcp Server

    Configuring the DHCP server Overview The DHCP server is well suited to networks where: • Manual configuration and centralized management are difficult to implement. IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users •...
  • Page 44 DHCP matches the client against DHCP user classes in the order they are configured. If the client matches a user class, the DHCP server selects an IP address from the address range of the user class. If the matching user class has no assignable addresses, the DHCP server matches the client against the next user class.
  • Page 45: Ip Address Allocation Sequence

    only a secondary subnet is matched, the DHCP server does not select any IP address from other secondary subnets when the matching secondary subnet has no assignable addresses. NOTE: To make sure correct address allocation, keep the IP addresses used for dynamic allocation in the subnet where the interface of the DHCP server or DHCP relay agent resides as possible as you can.
  • Page 46: Configuring An Address Pool On The Dhcp Server

    Configuring an address pool on the DHCP server Configuration task list Tasks at a glance (Required.) Creating a DHCP address pool Perform at least one of the following tasks: • Specifying IP address ranges for a DHCP address pool • Specifying gateways for the client •...
  • Page 47 If you use the network or address range command multiple times for the same address pool, the • most recent configuration takes effect. IP addresses specified by the forbidden-ip command are not assignable in the current address pool, • but are assignable in other address pools. IP addresses specified by the dhcp server forbidden-ip command are not assignable in any address pool.
  • Page 48 Specifying a primary subnet and multiple secondary subnets for a DHCP address pool An address pool with a primary subnet and multiple secondary subnets allows the DHCP server to assign an IP address in a secondary subnet to a requesting client when no assignable IP address on the primary subnet is available.
  • Page 49: Specifying Gateways For The Client

    Configuring a static binding in a DHCP address pool Some DHCP clients, such as a WWW server, need fixed IP addresses. To provide a fixed IP address for such a client, you can statically bind the MAC address or ID of the client to an IP address in a DHCP address pool.
  • Page 50: Specifying A Domain Name Suffix For The Client

    Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. By default, no gateway is Specify gateways. gateway-list ip-address&<1-8> specified. (Optional.) Enter secondary network network-address [ mask-length | subnet view mask mask ] secondary By default, no gateway is (Optional.) Specify gateways.
  • Page 51: Specifying Bims Server Information For The Client

    b (broadcast)-node—A b-node client sends the destination name in a broadcast message. The • destination returns its IP address to the client after receiving the message. p (peer-to-peer)-node—A p-node client sends the destination name in a unicast message to the •...
  • Page 52: Specifying A Server For The Dhcp Client

    After getting the parameters, the DHCP client sends a TFTP request to obtain the configuration file from the specified TFTP server for system initialization. If the client cannot get such parameters, it performs system initialization without loading any configuration file. To configure the IP address of the TFTP server and the boot file name in a DHCP address pool: Step Command...
  • Page 53: Customizing Dhcp Options

    Step Command Remarks By default, no primary network calling processor is specified. Specify the IP address of the voice-config ncp-ip ip-address primary network calling processor. After you configure this command, the other Option 184 parameters take effect. By default, no backup (Optional.) Specify the IP address voice-config as-ip ip-address network calling processor is...
  • Page 54: Enabling Dhcp

    Table 2 Common DHCP options Corresponding Recommended option Option Option name command command parameters Router Option gateway-list ip-address Domain Name Server Option dns-list ip-address Domain Name domain-name ascii NetBIOS over TCP/IP Name nbns-list ip-address Server Option NetBIOS over TCP/IP Node netbios-type Type Option TFTP server name...
  • Page 55: Applying An Address Pool On An Interface

    Applying an address pool on an interface Perform this task to apply a DHCP address pool on an interface. Upon receiving a DHCP request from the interface, the DHCP server assigns the statically bound IP address and configuration parameters from the address pool that contains the static binding.
  • Page 56: Configuring Dhcp Server Compatibility

    You must enable handling of Option 82 on both the DHCP server and the DHCP relay agent to ensure correct processing for Option 82. For information about enabling handling of Option 82 on the DHCP relay agent, see "Configuring Option 82."...
  • Page 57: Configuring The Dhcp Server To Send Bootp Responses In Rfc 1048 Format

    Step Command Remarks Configure the DHCP server to By default, the DHCP server dhcp server bootp ignore ignore BOOTP requests. processes BOOTP requests. Configuring the DHCP server to send BOOTP responses in RFC 1048 format Not all BOOTP clients can send requests that are compatible with RFC 1048. By default, the DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.
  • Page 58: Dhcp Server Configuration Examples

    Execute display commands in any view and reset commands in user view. Task Command Display information about IP address conflicts. display dhcp server conflict [ ip ip-address ] Display information about lease-expired IP display dhcp server expired [ ip ip-address | pool pool-name ] addresses.
  • Page 59 Figure 17 Network diagram Configuration procedure Specify an IP address for VLAN-interface 2 on Switch A: <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server: # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit...
  • Page 60: Dynamic Ip Address Assignment Configuration Example

    Dynamic IP address assignment configuration example Network requirements As shown in Figure 18, the DHCP server (Switch A) assigns IP addresses to clients on subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25. Configure address range 10.1.1.0/25 and configuration parameters in DHCP address pool 1 so the DHCP server assigns IP addresses in subnet 10.1.1.0/25 with the lease duration of 10 days and 12 hours and configuration parameters to clients that connect to VLAN-interface 10 of the server.
  • Page 61: Dhcp User Class Configuration Example

    [SwitchA] dhcp server ip-pool 1 [SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] domain-name aabbcc.com [SwitchA-dhcp-pool-1] dns-list 10.1.1.2 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.4 [SwitchA-dhcp-pool-1] quit # Configure DHCP address pool 2 to assign IP addresses and other configuration parameters to clients in subnet 10.1.1.128/25.
  • Page 62: Primary And Secondary Subnets Configuration Example

    Configuration procedure Specify IP addresses for interfaces on DHCP server and DHCP relay agent. (Details not shown.) Configure DHCP services: # Enable DHCP and configure the DHCP server to handle Option 82. <SwitchB> system-view [SwitchB] dhcp enable [SwitchB] dhcp server relay information enable # Enable DHCP server on VLAN-interface10.
  • Page 63: Dhcp Option Customization Configuration Example

    Figure 20 Network diagram Switch A DHCP server Vlan-int10 10.1.1.1/24 10.1.2.1/24 sub DHCP client DHCP client DHCP client Gateway Configuration procedure # Enable DHCP <SwitchA> system-view [SwitchA] dhcp enable # Configure the primary and secondary IP addresses of VLAN interface 10, enable the DHCP server on the interface.
  • Page 64: Troubleshooting Dhcp Server Configuration

    The DHCP server assigns PXE server addresses to DHCP clients through Option 43, a customized option. The format of Option 43 and that of the PXE server address sub-option are shown in Figure 14 Figure 16. The value of Option 43 configured on the DHCP server in this example is 80 0B 00 00 02 01 02 03 04 02 02 02 02.
  • Page 65: Solution

    Solution Disable the client's network adapter or disconnect the client's network cable. Ping the IP address of the client from another host to check whether there is a host using the same IP address. If a ping response is received, the IP address has been manually configured on a host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation.
  • Page 66: Configuring The Dhcp Relay Agent

    Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 22 shows a typical application of the DHCP relay agent.
  • Page 67: Dhcp Relay Agent Support For Option 82

    Figure 23 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to locate the DHCP client for security and accounting purposes, and to assign IP addresses in a specific range to clients.
  • Page 68: Enabling Dhcp

    Tasks at a glance (Optional.) Configuring the DHCP relay agent to release an IP address (Optional.) Configuring Option 82 (Optional.) Setting the DSCP value for DHCP packets sent by the DHCP relay agent Enabling DHCP You must enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command...
  • Page 69: Configuring The Dhcp Relay Agent Security Functions

    To specify a DHCP server address on a relay agent: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no DHCP server Specify a DHCP server dhcp relay server-address address is specified on the relay address on the relay agent.
  • Page 70: Enabling Dhcp Starvation Attack Protection

    Step Command Remarks By default, periodic refresh of Enable periodic refresh of dhcp relay client-information refresh dynamic relay entries is dynamic relay entries. enable enabled. By default, the refresh interval Configure the refresh dhcp relay client-information refresh is auto, which is calculated interval.
  • Page 71: Configuring The Dhcp Relay Agent To Release An Ip Address

    Configuring the DHCP relay agent to release an IP address Configure the relay agent to release the IP address for a relay entry. The relay agent sends a DHCP-RELEASE message to the server and meanwhile deletes the relay entry. Upon receiving the DHCP-RELEASE message, the DHCP server releases the IP address.
  • Page 72: Setting The Dscp Value For Dhcp Packets Sent By The Dhcp Relay Agent

    Setting the DSCP value for DHCP packets sent by the DHCP relay agent The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. To set the DSCP value for DHCP packets sent by the DHCP relay agent: Step Command Remarks...
  • Page 73: Option 82 Configuration Example

    The DHCP relay agent and server are on different subnets, so configure static or dynamic routing to make them reachable to each other. Perform the configuration on the DHCP server to guarantee the client-server communication. For DHCP server configuration information, see "DHCP server configuration examples."...
  • Page 74: Troubleshooting Dhcp Relay Agent Configuration

    Configuration procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP relay agent on VLAN-interface 10. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 # Configure the handling strategies and padding content of Option 82.
  • Page 75: Configuring The Dhcp Client

    Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, Layer 3 aggregate interfaces, and management Ethernet interfaces.
  • Page 76: Enabling Duplicated Address Detection

    DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, making the client unable to use the IP address assigned by the server. HP recommends you to disable duplicate address detection when ARP attacks exist on the network.
  • Page 77: Displaying And Maintaining The Dhcp Client

    Displaying and maintaining the DHCP client Execute display command in any view. Task Command display dhcp client [ verbose ] [ interface interface-type Display DHCP client information. interface-number ] DHCP client configuration example Network requirements As shown in Figure 26, on a LAN, Switch B contacts the DHCP server through VLAN-interface 2 to obtain an IP address, DNS server address, and static route information.
  • Page 78: Verifying The Configuration

    [SwitchA-Vlan-interface2] ip address 10.1.1.1 24 [SwitchA-Vlan-interface2] quit # Enable the DHCP service. [SwitchA] dhcp enable # Exclude an IP address from dynamic allocation. [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24.
  • Page 79 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.3 Vlan2 10.1.1.3/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 Static 70 10.1.1.2 Vlan2 10.1.1.255/32 Direct 0 10.1.1.3 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1...
  • Page 80: Configuring Dhcp Snooping

    Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.
  • Page 81: Dhcp Snooping Support For Option 82

    Figure 27 Trusted and untrusted ports In a cascaded network as shown in Figure 28, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries. Figure 28 Trusted and untrusted ports in a cascaded network DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the...
  • Page 82: Dhcp Snooping Configuration Task List

    Table 4 Handling strategies If a DHCP request Handling DHCP snooping… has… strategy Drop Drops the message. Keep Forwards the message without changing Option 82. Option 82 Forwards the message after replacing the original Option 82 with Replace the Option 82 padded according to the configured padding format, padding content, and code type.
  • Page 83: Configuring Option 82

    Step Command Remarks Enter system view. system-view By default, DHCP snooping is Enable DHCP snooping. dhcp snooping enable disabled. interface interface-type This interface must connect to the Enter interface view. interface-number DHCP server. By default, all ports are untrusted Specify the port as a trusted dhcp snooping trust ports after DHCP snooping is port.
  • Page 84: Saving Dhcp Snooping Entries

    Step Command Remarks (Optional.) Configure a handling strategy for DHCP dhcp snooping information strategy { drop By default, the handling requests that contain Option | keep | replace } strategy is replace. dhcp snooping information circuit-id (Optional.) Configure the By default, the padding { [ vlan vlan-id ] string circuit-id | { normal | padding content and code format is normal and the...
  • Page 85: Enabling Dhcp Starvation Attack Protection

    Step Command Remarks (Optional.) Manually save DHCP snooping entries are saved to dhcp snooping binding database DHCP snooping entries to the the database file each time this update now file. command is executed. The default setting is 300 seconds. (Optional.) Set the amount of When a DHCP snooping entry is time to wait after a DHCP learned or removed, the device does...
  • Page 86: Setting The Maximum Number Of Dhcp Snooping Entries

    Attackers can forge DHCP lease renewal packets to renew leases for legitimate DHCP clients that no longer need the IP addresses. These forged messages disable the victim DHCP server from releasing the IP addresses. Attackers can also forge DHCP-DECLINE or DHCP-RELEASE packets to terminate leases for legitimate DHCP clients that still need the IP addresses.
  • Page 87: Displaying And Maintaining Dhcp Snooping

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, incoming DHCP packets are not rate limited. You can configure this command only on Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces. If you configure the rate on a Configure the maximum rate at Layer 2 Ethernet interface that is a which the interface can receive...
  • Page 88: Dhcp Snooping Configuration Examples

    DHCP snooping configuration examples Basic DHCP snooping configuration example Network requirements As shown in Figure 29, configure the port FortyGigE1/1/1 connected to the DHCP server as a trusted port and configure other ports as untrusted ports. Enable DHCP snooping to record clients' IP-MAC bindings by reading DHCP-ACK messages received from the trusted port and DHCP-REQUEST messages.
  • Page 89 Configure the handling strategy for DHCP requests that contain Option 82 as replace. • • On FortyGigE 1/1/2, configure the padding content for the Circuit ID sub-option as company001 and for the Remote ID sub-option as device001. On FortyGigE 1/1/3, for the Circuit ID sub-option, configure the padding format as verbose, •...
  • Page 90: Configuring The Bootp Client

    Configuring the BOOTP client BOOTP client configuration only applies to Layer 3 Ethernet interfaces (including subinterfaces), Layer 3 aggregate interfaces and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server.
  • Page 91: Configuring An Interface To Use Bootp For Ip Address Acquisition

    Configuring an interface to use BOOTP for IP address acquisition Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, an interface does not Configure an interface to use ip address bootp-alloc use BOOTP for IP address BOOTP for IP address acquisition.
  • Page 92: Configuring Dns

    Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. The domain name-to-IP address mapping is called a DNS entry. DNS services can be static or dynamic. After a user specifies a name, the device checks the static name resolution table for an IP address.
  • Page 93: Dns Proxy

    Figure 31 Dynamic domain name resolution Request Request User Resolver program Response Response DNS server Read Save Cache DNS client Dynamic domain name resolution allows the DNS client to store latest DNS entries in the dynamic domain name cache. The DNS client does not need to send a request to the DNS server for a repeated query within the aging time.
  • Page 94: Dns Spoofing

    The DNS proxy simplifies network management. When the DNS server address is changed, you can change the configuration on only the DNS proxy instead of on each DNS client. Figure 32 DNS proxy application A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy.
  • Page 95: Dns Configuration Task List

    Figure 33 DNS spoofing application DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server. Without DNS spoofing, the proxy does not answer or forward a DNS request if it cannot find a matching DNS entry and it cannot reach the DNS server.
  • Page 96: Configuring The Ipv4 Dns Client

    Tasks at a glance (Optional.) Configuring the DNS trusted interface (Optional.) Setting the DSCP value for outgoing DNS packets Configuring the IPv4 DNS client Configuring static domain name resolution Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses.
  • Page 97: Configuring The Ipv6 Dns Client

    You can specify DNS server IPv6 addresses for the public network and up to 1024 VPNs, and • specify a maximum of six DNS server IPv6 addresses for the public network or each VPN. An IPv4 name query is first sent to the DNS server IPv4 addresses. If no reply is received, it is sent •...
  • Page 98: Configuring Dynamic Domain Name Resolution

    Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, you must enable dynamic domain name resolution and configure DNS servers. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority.
  • Page 99: Configuring Dns Spoofing

    A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS servers, and if no reply is received, it forwards the request to IPv4 DNS servers. To configure the DNS proxy: Step Command...
  • Page 100: Configuring The Dns Trusted Interface

    DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specific IP address. In such cases, you must specify the source interface for the DNS packets so that the device can always uses the primary IP address of the specified source interface as the source IP address of DNS packets.
  • Page 101: Displaying And Maintaining Ipv4 Dns

    Step Command Remarks Enter system view. system-view By default, the DSCP value for • DSCP value for IPv4 DNS packets: outgoing DNS packets is 0. Specify the DSCP value dns dscp dscp-value for outgoing DNS The configuration is available on •...
  • Page 102: Dynamic Domain Name Resolution Configuration Example

    # Use the ping host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com Ping host.com (10.1.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms...
  • Page 103 Figure 36 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 37 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.
  • Page 104: Dns Proxy Configuration Example

    Figure 38 Adding a mapping between domain name and IP address Configure the DNS client: # Specify the DNS server 2.1.1.2. <Sysname> system-view [Sysname] dns server 2.1.1.2 # Specify com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1.
  • Page 105 As shown in Figure • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IPv6 address of the real DNS server is 4.1.1.1. Configure the IP address of the DNS proxy on Device B. DNS requests of Device B are forwarded •...
  • Page 106: Ipv6 Dns Configuration Examples

    56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms --- Ping statistics for host.com --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements...
  • Page 107: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 41, the device wants to access the host by using an easy-to-remember domain name rather than an IPv6 address. The IPv6 address of the DNS server is 2::2/64, and the server has a com domain, which stores the mapping between domain name host and IPv6 address 1::1/64.
  • Page 108 Figure 42 Creating a zone On the DNS server configuration page, right-click zone com, and select Other New Records. Figure 43 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type.
  • Page 109 Figure 44 Selecting the resource record type Type host name host and IPv6 address 1::1. Click OK. The mapping between the IPv6 address and host name is created.
  • Page 110 Figure 45 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Specify the DNS server 2::2. <Device> system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 1::1.
  • Page 111: Dns Proxy Configuration Example

    DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.
  • Page 112: Troubleshooting Ipv4 Dns Configuration

    Verifying the configuration # Use the ping host.com command on Device B to verify that the connection between the device and the host is normal and that the translated destination IP address is 3000::1. [DeviceB] ping host.com Ping6(56 data bytes) 2000::1 --> 3000::1, press CTRL_C to break 56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.000 ms 56 bytes from 3000::1, icmp_seq=1 hlim=128 time=0.000 ms 56 bytes from 3000::1, icmp_seq=2 hlim=128 time=1.000 ms...
  • Page 113: Configuring Ddns

    Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers.
  • Page 114: Ddns Client Configuration Task List

    Figure 47 DDNS application DNS server IP network HTTP server HTTP client DDNS client DDNS server With the DDNS client configured, a device can dynamically update the latest mapping between its domain name and IP address on the DNS server through DDNS servers. NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts.
  • Page 115 By default, the URL address does not include a username or password. To configure the username and password, use the username command and the password command. HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.
  • Page 116: Configuration Prerequisites

    Configuration prerequisites Visit the website of a DDNS service provider, register an account, and apply for a domain name for the DDNS client. When the DDNS client updates the mapping between the domain name and the IP address through the DDNS server, the DDNS server checks whether the account information is correct and whether the domain name to be updated belongs to the account.
  • Page 117: Setting The Dscp Value For Outgoing Ddns Packets

    To apply the DDNS policy to an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no DDNS policy is applied to the interface, no Apply the DDNS policy to the FQDN is specified for update, interface to update the mapping and DDNS update is disabled.
  • Page 118: Ddns Configuration Examples

    DDNS configuration examples DDNS configuration example with www.3322.org Network requirements As shown in Figure 48, Switch uses the domain name whatever.3322.org. Switch acquires the IP address through DHCP. Through DDNS service provided by www.3322.org, Switch informs the DNS server of the latest mapping between its domain name and IP address. Switch uses the DNS server to translate www.3322.org into the corresponding IP address.
  • Page 119: Ddns Configuration Example With Peanuthull Server

    # Apply DDNS policy 3322.org to VLAN-interface 2 to enable DDNS update and dynamically update the mapping between domain name whatever.3322.org and the primary IP address of VLAN-interface [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy 3322.org fqdn whatever.3322.org After the preceding configuration is completed, Switch notifies the DNS server of its new domain name-to-IP address mapping through the DDNS server provided by www.3322.org, whenever the IP address of Switch changes.
  • Page 120 [Switch-ddns-policy-oray.cn] quit # Specify the IP address of the DNS server as 1.1.1.1. [Switch] dns server 1.1.1.1 # Apply the DDNS policy oray.cn to VLAN-interface 2 to enable DDNS update and to dynamically update the mapping between whatever.gicp.cn and the primary IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy oray.cn fqdn whatever.gicp.cn After the preceding configuration is completed, Switch notifies the DNS server of its new domain...
  • Page 121: Basic Ip Forwarding On The Device

    Basic IP forwarding on the device The device uses the destination IP address of a received packet to find a match from the forwarding information base (FIB) table. It then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table.
  • Page 122 Task Command display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | Display FIB entries. mask-length ] ]...
  • Page 123: Configuring Load Sharing

    Configuring load sharing Overview If a routing protocol finds multiple equal-cost best routes to the same destination, the device forwards packets over the equal-cost routes to implement load sharing. Configuring load sharing Per-flow load sharing allows the device to forward flows over equal-cost routes. Packets of one flow travel along the same routes.
  • Page 124: Load Sharing Configuration Example

    Load sharing configuration example Network requirements As shown in Figure 50, Switch A has two equal-cost routes to Switch B. Configure load sharing to forward packets through Switch B to the destination IP address 1.2.3.4/24. Figure 50 Network diagram Configuration procedure # On Switch A, assign Ten-GigabitEthernet 1/1/9 to VLAN 10, and Ten-GigabitEthernet 1/1/10 to VLAN 20.
  • Page 125: Verifying The Configuration

    [SwitchB-Vlan-interface20] ip address 20.1.1.2 24 [SwitchB-Vlan-interface20] quit # On Switch A, configure two static routes to the destination IP address. <SwitchA> system-view [SwitchA] ip route-static 1.2.3.4 24 10.1.1.2 [SwitchA] ip route-static 1.2.3.4 24 20.1.1.2 [SwitchA] quit # On Switch A, display FIB entries matching the destination IP address 1.2.3.4. <SwitchA>dis fib 1.2.3.4 Destination count: 1 FIB entry count: 2 Flag:...
  • Page 126: Configuring Irdp

    Configuring IRDP The term router in this chapter refers to a routing-capable device. The term host in this chapter refers to the host that supports IRDP. For example, a host that runs the Linux operating system. NOTE: The term "interface" in this chapter collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. Layer You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see 2—LAN Switching Configuration Guide...
  • Page 127: Basic Concepts

    This mechanism prevents the local link from being overloaded by a large number of RAs sent simultaneously from routers. HP recommends that you shorten the advertising interval on a link that suffers high packet loss rates. Destination address of RAs An RA uses either of the following destination IP addresses: Broadcast address 255.255.255.255.
  • Page 128: Irdp Configuration Example

    Step Command Remarks By default, IRDP is disabled. After IRDP is enabled on an interface, Enable IRDP on the interface. ip irdp the IRDP configuration takes effect, and the device sends RA messages out of the interface. (Optional.) Specify the preference of advertised ip irdp preference The default preference is 0.
  • Page 129: Configuration Procedure

    Figure 51 Network diagram Configuration procedure Configure Switch A: # Specify an IP address for FortyGigE 1/1/1. <SwitchA> system-view [SwitchA] interface FortyGigE 1/1/1 [SwitchA-FortyGigE1/1/1] ip address 10.154.5.1 24 # Enable IRDP on FortyGigE 1/1/1. [SwitchA-FortyGigE1/1/1] ip irdp # Specify preference 1000 for advertised IP addresses on FortyGigE 1/1/1. [SwitchA-FortyGigE1/1/1] ip irdp preference 1000 # Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent by FortyGigE 1/1/1.
  • Page 130: Verifying The Configuration

    Verifying the configuration # Display the routing table for Host A. [HostA@localhost ~]$ netstat -rne Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.154.5.0 0.0.0.0 255.255.255.0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 0 eth1 0.0.0.0 10.154.5.1...
  • Page 131: Optimizing Ip Performance

    Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. NOTE: The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces.
  • Page 132: Configuration Example

    Configuration example Network requirements As shown in Figure 52, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of the switch. Enable VLAN-interface 2 to forward directed broadcasts destined for the directly connected network so the server can receive directed broadcasts from the host to IP address 2.2.2.255.
  • Page 133: Configuring Tcp Mss For An Interface

    Step Command Remarks By default, no MTU is configured. The MTU configured for an interface takes effect on only Configure an MTU for the ip mtu mtu-size packets that are sent to the CPU interface. for software forwarding, including packets sent from or destined for this interface.
  • Page 134: Enabling Tcp Syn Cookie

    Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection. The TCP source device sends subsequent TCP segments that each are smaller than the MSS (MSS = path MTU – IP header length – TCP header length). If the TCP source device still receives ICMP error messages when the MSS is smaller than 32 bytes, the TCP source device will fragment packets.
  • Page 135: Configuring The Tcp Buffer Size

    To enable TCP SYN Cookie: Step Command Remarks Enter system view. system-view Enable SYN Cookie. tcp syn-cookie enable The default setting is disabled. Configuring the TCP buffer size Step Command Remarks Enter system view. system-view Configure the size of TCP receive/send tcp window window-size The default buffer size is 64 KB.
  • Page 136 The selected route is not created or modified by any ICMP redirect message. The selected route is not destined for 0.0.0.0. There is no source route option in the received packet. ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing table.
  • Page 137: Disabling Forwarding Icmp Fragments

    Perform this task to specify the source IP address for outgoing ping echo request and ICMP error messages. HP recommends that you specify the IP address of the loopback interface as the source IP address. This feature helps users to locate the sending device easily.
  • Page 138: Configuring Ip Virtual Fragment Reassembly

    To specify the source IP address for ICMP packets: Step Command Remarks Enter system view. system-view Specify the source address By default, the device uses the IP address ip icmp source [ vpn-instance for outgoing ICMP of the sending interface as the source IP vpn-instance-name ] ip-address packets.
  • Page 139: Displaying And Maintaining Ip Performance Optimization

    Displaying and maintaining IP performance optimization Execute display commands in any view and reset commands in user view. Task Command Display brief information about RawIP connections. display rawip [ slot slot-number ] Display detailed information about RawIP display rawip verbose [ slot slot-number [ pcb connections.
  • Page 140: Configuring Udp Helper

    Configuring UDP helper Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.
  • Page 141: Displaying And Maintaining Udp Helper

    Step Command Remarks udp-helper port { port-number | dns | By default, no UDP port is Specify a UDP port. netbios-ds | netbios-ns | tacacs | tftp | specified. time } Enter interface view. interface interface-type interface-number Specify a destination By default, no destination server udp-helper server ip-address server.
  • Page 142: Verifying The Configuration

    # Enable UDP helper to forward broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1 # Enable the interface to receive directed broadcasts destined for the directly connected network.
  • Page 143: Configuring Basic Ipv6 Settings

    Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.
  • Page 144: Ipv6 Addresses

    Hierarchical address structure IPv6 uses a hierarchical address structure to speed up route lookup and reduce the IPv6 routing table size through route aggregation. Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration. Stateful address autoconfiguration enables a host to acquire an IPv6 address and other •...
  • Page 145 IMPORTANT: A double colon can appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents and correctly convert it to zeros to restore a 128-bit IPv6 address. An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network ID and the host ID of an IPv4 address.
  • Page 146 A loopback address—0:0:0:0:0:0:0:1 (or ::1). It has the same function as the loopback address in • IPv4. It cannot be assigned to any physical interface. A node uses this address to send an IPv6 packet to itself. • An unspecified address—0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets.
  • Page 147: Ipv6 Nd Protocol

    On a tunnel interface—The lower 32 bits of the EUI-64 address-based interface identifier are the • source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros.
  • Page 148 Host B. The NS message body contains the link-layer address of Host A and the target IPv6 address. After receiving the NS message, Host B determines whether the target address of the packet is its IPv6 address. If yes, Host B learns the link-layer address of Host A, and then unicasts an NA message containing its link-layer address.
  • Page 149: Ipv6 Path Mtu Discovery

    The generated IPv6 address is valid within the valid lifetime and becomes invalid when the valid lifetime expires. After the preferred lifetime expires, the node cannot use the generated IPv6 address to establish new connections, but can receive packets destined for the IPv6 address. The preferred lifetime cannot be greater than the valid lifetime.
  • Page 150: Dual Stack

    Dual stack Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is a dual-stack node. A dual-stack node configured with an IPv4 address and an IPv6 address can forward both IPv4 and IPv6 packets. An application that supports both IPv4 and IPv6 prefers IPv6 at the network layer.
  • Page 151: Assigning Ipv6 Addresses To Interfaces

    Tasks at a glance • Setting the aging timer for ND entries in stale state • Minimizing link-local ND entries • Setting the hop limit • Configuring parameters for RA messages • Configuring the maximum number of attempts to send an NS message for DAD •...
  • Page 152: Manual Configuration

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number ipv6 address { ipv6-address Configure the interface to prefix-length | By default, no IPv6 global unicast generate an EUI-64 IPv6 ipv6-address/prefix-length } address is configured on an interface. address.
  • Page 153: Configuring An Ipv6 Link-Local Address

    You can also configure the interface to preferentially use the temporary IPv6 address as the source address of sent packets. When the valid lifetime of the temporary IPv6 address expires, the interface removes the address and generates a new one. This function enables the system to send packets with different source addresses through the same interface.
  • Page 154: Configuring An Ipv6 Anycast Address

    An interface can have only one link-local address. To avoid link-local address conflicts, HP recommends that you use the automatic generation method. If both methods are used, manual assignment takes precedence over automatic generation. If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated one.
  • Page 155: Configuring Ipv6 Nd

    Step Command Remarks interface interface-type Enter interface view. interface-number ipv6 address { ipv6-address By default, no IPv6 anycast Configure an IPv6 anycast prefix-length | address is configured on an address. ipv6-address/prefix-length } anycast interface. Configuring IPv6 ND This section describes how to configure IPv6 ND. Configuring a static neighbor entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.
  • Page 156: Setting The Aging Timer For Nd Entries In Stale State

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Set the maximum number of By default, an interface can learn a ipv6 neighbors dynamic neighbor entries that maximum of 8192 dynamic max-learning-num number the interface can learn. neighbor entries.
  • Page 157: Configuring Parameters For Ra Messages

    If you use the undo ipv6 nd ra hop-limit unspecified command, the device sets the hop limit value • configured by this task in a sent RA message. A host receiving the RA message fills the value into the Hop Limit field of sent IPv6 packets. To set the hop limit: Step Command...
  • Page 158 The maximum interval for sending RA messages should be less than (or equal to) the router lifetime in RA messages so the router can be updated by an RA message before expiration. The values of the NS retransmission timer and the reachable time configured for an interface are sent in RA messages to hosts.
  • Page 159: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    Step Command Remarks By default, the M flag bit is set to 0 and ipv6 nd autoconfig Set the M flag bit to 1. hosts acquire IPv6 addresses through managed-address-flag stateless autoconfiguration. By default, the O flag bit is set to 0 and hosts acquire other configuration Set the O flag bit to 1.
  • Page 160 ND proxy includes common ND proxy and local ND proxy. • Common ND proxy As shown inFigure 59, VLAN-interface 1 with IPv6 address 4:1::99/64 and VLAN-interface 2 with IPv6 address 4:2::99/64 belong to different subnets. Host A and Host B reside on the same network but in different broadcast domains.
  • Page 161: Configuring A Customer-Side Port

    Configuration procedure You can enable common ND proxy and local ND proxy in VLAN interface view, Layer 3 Ethernet interface view, or Layer 3 Ethernet subinterface view. To enable common ND proxy: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.
  • Page 162: Configuring A Static Path Mtu For A Specific Ipv6 Address

    source host fragments the packet according to the MTU. To avoid this situation, configure a proper interface MTU. To configure the interface MTU: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no interface MTU is Configure the interface MTU.
  • Page 163: Configuring The Rate Limit For Icmpv6 Error Messages

    Configuring the rate limit for ICMPv6 error messages To avoid sending excessive ICMPv6 error messages within a short period that might cause network congestion, you can limit the rate at which ICMPv6 error messages are sent. A token bucket algorithm is used with one token representing one ICMPv6 error message.
  • Page 164: Enabling Sending Icmpv6 Time Exceeded Messages

    If a UDP packet received is destined for the device but its UDP destination port number does not • match any process, the device sends the source a Port Unreachable ICMPv6 error message. If a device is generating ICMPv6 destination unreachable messages incorrectly, disable the sending of ICMPv6 destination unreachable messages to prevent attack risks.
  • Page 165: Specifying The Source Address For Icmpv6 Packets

    Step Command Remarks Enter system view. system-view Enable sending ICMPv6 redirect By default, sending ICMPv6 ipv6 redirects enable messages. redirect messages is disabled. Specifying the source address for ICMPv6 packets Perform this task to specify the source IPv6 address for outgoing ping echo request and ICMPv6 error messages.
  • Page 166 Task Command display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address Display IPv6 FIB entries. [ prefix-length ] ] Display IPv6 information about the display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] interface. Display IPv6 prefix information about the display ipv6 interface interface-type interface-number prefix interface.
  • Page 167: Basic Ipv6 Configuration Example

    NOTE: The display ipv6 prefix command is available in Release 2406P03 and later versions. Basic IPv6 configuration example Network requirements As shown in Figure 61, a host, Switch A, and Switch B are connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify that they are connected.
  • Page 168: Verifying The Configuration

    # Display neighbor information for Ten-GigabitEthernet 1/1/6 on Switch A. [SwitchA] display ipv6 neighbors interface Ten-GigabitEthernet 1/1/6 Type: S-Static D-Dynamic O-Openflow I-Invalid IPv6 Address Link Layer Interface State T Age FE80::215:E9FF:FEA6:7D14 0015-e9a6-7d14 XGE1/1/6 STALE D 1238 2001::15B:E0EA:3524:E791 0015-e9a6-7d14 XGE1/1/6 STALE D 1248 The output shows that the IPv6 global unicast address that Host obtained is 2001::15B:E0EA:3524:E791.
  • Page 169 OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1 Vlan-interface1 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1...
  • Page 170 InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...
  • Page 171: Troubleshooting Ipv6 Basics Configuration

    InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected. NOTE: When you ping a link-local address, use the -i parameter to specify an interface for the link-local address.
  • Page 172: Dhcpv6 Overview

    DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 62, rapid assignment operates in the following steps: The DHCPv6 client sends to the DHCPv6 server a Solicit message that contains a Rapid Commit option to prefer rapid assignment.
  • Page 173: Address/Prefix Lease Renewal

    Figure 63 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.
  • Page 174: Stateless Dhcpv6

    Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device decides whether to perform stateless DHCP according to the managed address configuration flag (M flag) and the other stateful configuration flag (O flag) in the RA message received from the router during stateless address autoconfiguration.
  • Page 175: Configuring The Dhcpv6 Server

    Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses, IPv6 prefixes, and other configuration parameters to DHCPv6 clients. NOTE: The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. Layer You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see 2—LAN Switching Configuration Guide IPv6 address assignment As shown in...
  • Page 176: Concepts

    Figure 68 IPv6 prefix assignment Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers, and uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).
  • Page 177: Dhcpv6 Address Pool

    The DHCPv6 server creates a prefix delegation (PD) for each assigned prefix to record the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and IPv6 address of the requesting client. DHCPv6 address pool The DHCP server selects IPv6 addresses, IPv6 prefixes, and other parameters from an address pool, and assigns them to the DHCP clients.
  • Page 178: Ipv6 Address/Prefix Allocation Sequence

    client against the subnets of all address pools, and selects the address pool with the longest-matching subnet. To make sure address allocation functions correctly, keep the subnet used for dynamic assignment consistent with the subnet where the interface of the DHCPv6 server or DHCPv6 relay agent resides.
  • Page 179: Configuration Guidelines

    Configuration guidelines An IPv6 prefix can be bound to only one DHCPv6 client. You cannot modify bindings that have • been created. To change the binding for a DHCPv6 client, you must delete the existing binding first. • Only one prefix pool can be applied to an address pool. You cannot modify prefix pools that have been applied.
  • Page 180: Configuring Ipv6 Address Assignment

    Configuring IPv6 address assignment Use one of the following methods to configure IPv6 address assignment: • Configure a static IPv6 address binding in an address pool: If you bind a DUID and an IAID to an IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client.
  • Page 181: Configuring Network Parameters Assignment

    Step Command Remarks By default, all IPv6 addresses except for the DHCPv6 server's IP address in a DHCPv6 address pool are assignable. (Optional.) Specify the IPv6 ipv6 dhcp server forbidden-address addresses excluded from start-ipv6-address If the excluded IPv6 address is in dynamic assignment.
  • Page 182: Configuring The Dhcpv6 Server On An Interface

    Step Command Remarks network prefix/prefix-length Specify an IPv6 subnet for By default, no IPv6 subnet is [ preferred-lifetime preferred-lifetime dynamic assignment. specified. valid-lifetime valid-lifetime ] (Optional.) Specify a DNS By default, no DNS server dns-server ipv6-address server address. address is specified. (Optional.) Specify a domain By default, no domain name domain-name domain-name...
  • Page 183: Setting The Dscp Value For Dhcpv6 Packets Sent By The Dhcpv6 Server

    Step Command Remarks By default, the interface discards Enable the DHCPv6 ipv6 dhcp select server DHCPv6 packets from DHCPv6 server on the interface. clients. • Configure global address assignment: ipv6 dhcp server { allow-hint | preference preference-value | Use one of the commands. rapid-commit } * Configure an By default, desired...
  • Page 184: Dhcpv6 Server Configuration Examples

    Task Command Display information about IPv6 prefix display ipv6 dhcp server pd-in-use [ pool pool-name | prefix bindings. prefix/prefix-len ] Display packet statistics on the DHCPv6 display ipv6 dhcp server statistics [ pool pool-name ] server. Clear information about IPv6 address reset ipv6 dhcp server conflict [ address ipv6-address ] conflicts.
  • Page 185 [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 [Switch-Vlan-interface2] quit # Create prefix pool 1, and specify the prefix 2001:0410::/32 with the assigned prefix length 48. [Switch] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 48 # Create address pool 1. [Switch] ipv6 dhcp pool 1 # In address pool 1, configure subnet 1::/64 where VLAN interface-2 resides.
  • Page 186: Dynamic Ipv6 Address Assignment Configuration Example

    DUID: 00030001ca0006a40000 IAID: Not configured Prefix: 2001:410:201::/48 Preferred lifetime 86400, valid lifetime 259200 DNS server addresses: 2:2::3 Domain name: aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com # Display information about prefix pool 1. [Switch-Vlan-interface2] display ipv6 dhcp prefix-pool 1 Prefix: 2001:410::/32 Assigned length: 48 Total prefix number: 65536...
  • Page 187 Figure 71 Network diagram Configuration procedure Specify the IPv6 addresses for the interfaces on the DHCPv6 server. (Details not shown.) Enable DHCPv6: # Enable DHCPv6 server on VLAN-interface 10 and VLAN-interface 20. <SwitchA> system-view [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] ipv6 dhcp select server [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface20 [SwitchA-Vlan-interface20] ipv6 dhcp select server...
  • Page 188 can use the display ipv6 dhcp server ip-in-use command to display IPv6 addresses assigned to the DHCPv6 clients.
  • Page 189: Configuring The Dhcpv6 Relay Agent

    Configuring the DHCPv6 relay agent The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
  • Page 190: Configuration Guidelines

    Figure 73 Operating process of a DHCPv6 relay agent DHCPv6 client DHCPv6 relay agent DHCPv6 server Solicit (contains a Rapid Commit option) (2) Relay-forward (3) Relay-reply (4) Reply Configuration guidelines You can use the ipv6 dhcp relay server-address command to specify a maximum of eight DHCPv6 •...
  • Page 191: Displaying And Maintaining The Dhcpv6 Relay Agent

    Displaying and maintaining the DHCPv6 relay agent Execute display commands in any view and reset commands in user view. Task Command Display the DUID of the local device. display ipv6 dhcp duid Display DHCPv6 server addresses display ipv6 dhcp relay server-address [ interface interface-type specified on the DHCPv6 relay agent.
  • Page 192: Verifying The Configuration

    [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ipv6 address 1::1 64 # Enable the DHCPv6 relay agent on VLAN-interface 3 and specify the DHCPv6 server on the relay agent. [SwitchA-Vlan-interface3] ipv6 dhcp select relay [SwitchA-Vlan-interface3] ipv6 dhcp relay server-address 2::2 Enable Switch A to send RA messages, and turn on the M and O flags.
  • Page 193: Configuring The Dhcpv6 Client

    Configuring the DHCPv6 client This feature is available in Release 2406P03 and later versions. Overview With DHCPv6 client configured, an interface can obtain configuration parameters from the DHCPv6 server. A DHCPv6 client can use DHCPv6 to complete the following functions: Obtain an IPv6 address, an IPv6 prefix, and other configuration parameters.
  • Page 194: Configuring Ipv6 Prefix Acquisition

    Step Command Remarks • Layer 3 Ethernet interface: interface interface-type interface-number • Layer 3 aggregate interface: interface route-aggregation interface-number Enter interface view. • Management Ethernet interface: interface m-ethernet interface-number • VLAN interface: interface vlan-interface interface-number Configure the interface to use By default, the interface does not DHCPv6 to obtain an IPv6 ipv6 address dhcp-alloc...
  • Page 195: Setting The Dscp Value For Dhcpv6 Packets Sent By The Dhcpv6 Client

    Step Command Remarks • Layer 3 Ethernet interface: interface interface-type interface-number • Layer 3 aggregate interface: interface route-aggregation interface-number Enter interface view. • Management Ethernet interface: interface m-ethernet interface-number • VLAN interface: interface vlan-interface interface-number By default, the interface does not support stateless DHCPv6.
  • Page 196: Displaying And Maintaining Dhcpv6 Client

    Step Command Remarks Enter system view. system-view • Layer 3 Ethernet interface: interface interface-type interface-number • Layer 3 aggregate interface: interface route-aggregation interface-number Enter interface view. • Management Ethernet interface: interface m-ethernet interface-number • VLAN interface: interface vlan-interface interface-number By default, the device uses DUID-LL as the DHCPv6 client DUID.
  • Page 197 Figure 75 Network diagram Configuration procedure You must configure the DHCPv6 server first before configuring the DHCPv6 client. For information about configuring DHCPv6 server, see "Configuring the DHCPv6 server." # Configure VLAN-interface 2 to use DHCPv6 to obtain an IPv6 address and other configuration parameters.
  • Page 198: Ipv6 Prefix Acquisition Configuration Example

    # Display brief IPv6 information for all interfaces on the device. The output shows that the DHCPv6 client has obtained an IPv6 address.. [Switch] display ipv6 interface brief *down: administratively down (s): spoofing Interface Physical Protocol IPv6 Address Vlan-interface2 1:2::2 IPv6 prefix acquisition configuration example Network requirements As shown in...
  • Page 199: Stateless Dhcpv6 Configuration Example

    State: OPEN IAID: 0xf0019 Client DUID: 00030001000fe2ff0000 Preferred server: Reachable via address: FE80::200:5EFF:FE0A:2303 Server DUID: 00030001000fe20a0a00 Prefix: 12:34::/32 Preferred lifetime 90 sec, valid lifetime 90 sec T1 45 sec, T2 72 sec Will expire on Feb 4 2013 at 15:37:20 (80 seconds left) DNS server addresses: 2000::FF Domain name:...
  • Page 200 <SwitchB> system-view [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 1::1 64 # Set the O flag in RA messages to 1. [SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag # Allow the interface to advertise RA messages. [SwitchB-Vlan-interface2] undo ipv6 nd ra halt Configure the DHCPv6 client Switch A.
  • Page 201 Rebind Information-request Release Decline...
  • Page 202: Configuring Dhcpv6 Snooping

    Configuring DHCPv6 snooping DHCPv6 snooping works between the DHCPv6 client and server, or between the DHCPv6 client and DHCPv6 relay agent. It guarantees that DHCPv6 clients obtain IP addresses from authorized DHCPv6 servers. Also, it records IP-to-MAC bindings of DHCPv6 clients (called DHCPv6 snooping entries) for security purposes.
  • Page 203: Hp Implementation Of Option 18 And Option 37

    Option 18, also called the interface-ID option, is used by the DHCPv6 relay agent to determine the interface to use to forward RELAY-REPLY message. In HP implementation, the DHCPv6 snooping device adds Option 18 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. The server then assigns IP address to the client based on the client information in Option 18.
  • Page 204: Dhcpv6 Snooping Support For Option 37

    Option 37, also called the remote-ID option, is used to identify the client. In HP implementation, the DHCPv6 snooping device adds Option 37 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. This option provides client information about address allocation.
  • Page 205: Configuring Basic Dhcpv6 Snooping

    Tasks at a glance (Optional. ) Configuring DHCPv6 packet rate limit (Optional.) Enabling DHCPv6-REQUEST check Configuring basic DHCPv6 snooping Follow these guidelines when you configure basic DHCPv6 snooping: • To make sure DHCPv6 clients can obtain valid IPv6 addresses, specify the ports connected to authorized DHCPv6 servers as trusted ports.
  • Page 206: Saving Dhcpv6 Snooping Entries

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number ipv6 dhcp snooping option By default, Option 18 is not Enable support for Option 18. interface-id enable supported.
  • Page 207: Setting The Maximum Number Of Dhcpv6 Snooping Entries

    Step Command Remarks (Optional.) Manually save ipv6 dhcp snooping DHCPv6 snooping entries are saved to the DHCPv6 snooping entries binding database update database file each time this command is to the database file. executed. The default setting is 300 seconds. (Optional.) Set the amount When a DHCPv6 snooping entry is learned or of time to wait to update...
  • Page 208: Configuring Dhcpv6 Packet Rate Limit

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, DHCPv6-REQUEST check is disabled. Enable DHCPv6-REQUEST ipv6 dhcp snooping check You can enable the function only on Layer check. request-message 2 Ethernet interfaces and Layer 2 aggregate interfaces.
  • Page 209: Dhcpv6 Snooping Configuration Example

    Task Command Display information about the file that stores DHCPv6 display ipv6 dhcp snooping binding database snooping entries. Display DHCPv6 packet statistics for DHCPv6 display ipv6 dhcp snooping packet statistics [ slot snooping . slot-number ] reset ipv6 dhcp snooping binding { all | address Clear DHCPv6 snooping entries.
  • Page 210: Verifying The Configuration

    Verifying the configuration The DHCPv6 client obtains an IPv6 address and other configuration parameters from the authorized DHCPv6 server. You can use the display ipv6 dhcp snooping binding command to display DHCPv6 snooping entries on the authorized DHCPv6 server.
  • Page 211: Configuring Tunneling

    Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end.
  • Page 212 physical interface of the tunnel. In the IPv4 header, the source IPv4 address is the IPv4 address of the tunnel source, and the destination IPv4 address is the IPv4 address of the tunnel destination. Upon receiving the packet, Device B de-encapsulates the packet. If the destination address of the IPv6 packet is itself, Device B forwards it to the upper-layer protocol.
  • Page 213: Ipv4 Over Ipv4 Tunneling

    6to4 tunneling—A point-to-multipoint automatic tunnel. It is used to connect multiple isolated IPv6 • networks over an IPv4 network. The destination IPv4 address of a 6to4 tunnel is embedded in the destination 6to4 address of packets. This mechanism enables the device to automatically get the tunnel destination address, simplifying tunnel establishment.
  • Page 214: Ipv4 Over Ipv6 Tunneling

    The IPv4 protocol stack determines how to forward the packet according to the destination address in the IP header. If the packet is destined for the IPv4 host connected to Device B, Device A delivers the packet to the tunnel interface. The tunnel interface adds a new IPv4 header to the IPv4 packet and submits it to the IP protocol stack.
  • Page 215: Ipv6 Over Ipv6 Tunneling

    The tunneling module removes the IPv6 header and delivers the remaining IPv4 packet to the IPv4 protocol stack. The IPv4 protocol stack forwards the IPv4 packet. IPv6 over IPv6 tunneling IPv6 over IPv6 tunneling (RFC 2473) enables isolated IPv6 networks to communicate with each other over another IPv6 network.
  • Page 216: Tunneling Configuration Task List

    RFC 6333, Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion • Tunneling configuration task list Tasks at a glance (Required.) Configuring a tunnel interface Perform one of the following tasks: • Configuring an IPv6 over IPv4 tunnel: Configuring an IPv6 over IPv4 manual tunnel Configuring a 6to4 tunnel Configuring an ISATAP tunnel •...
  • Page 217: Configuring An Ipv6 Over Ipv4 Manual Tunnel

    Step Command Remarks The default MTU is 64000 bytes. Set an appropriate MTU to avoid fragmentation. The MTU for the Set the MTU of the tunnel tunnel interface applies only to mtu mtu-size interface. unicast packets. An MTU set on any tunnel interface is effective on all existing tunnel interfaces.
  • Page 218: Configuration Example

    Step Command Remarks Specify an IPv6 address for For configuration details, see No IPv6 address is configured for the tunnel interface. "Configuring basic IPv6 settings." the tunnel interface by default. By default, no source address or source interface is configured for the tunnel interface.
  • Page 219 # Specify an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 3002::1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel.
  • Page 220: Configuring A 6To4 Tunnel

    # Specify an IPv6 address for the tunnel interface. [SwitchB-Tunnel0] ipv6 address 3001::2/64 # Specify VLAN-interface 100 as the source interface of the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 # Specify the destination address for the tunnel interface as the IP address of VLAN-interface 100 of Switch A.
  • Page 221: Configuration Example

    Step Command Remarks Specify an IPv6 address For configuration details, see No IPv6 address is configured for the for the tunnel interface. "Configuring basic IPv6 settings." tunnel interface by default. By default, no source address or source interface is configured for the Configure a source tunnel interface.
  • Page 222 Configuration procedure Before configuring a 6to4 tunnel, make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 2.1.1.1 24 [SwitchA-Vlan-interface100] quit...
  • Page 223: Configuring An Isatap Tunnel

    [SwitchB] interface tunnel 0 mode ipv6-ipv4 6to4 # Specify an IPv6 address for the tunnel interface. [SwitchA-Tunnel0] ipv6 address 3002::1/64 # Specify the source interface as VLAN-interface 100 for the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 [SwitchB-Tunnel0] quit # Configure a static route destined for 2002::/16 through the tunnel interface. [SwitchB] ipv6 route-static 2002:: 16 tunnel 0 Verifying the configuration # Ping Host B from Host A or ping Host A from Host B.
  • Page 224: Configuration Example

    Step Command Remarks By default, no source address or source interface is configured for the tunnel interface. Configure a source address or source { ip-address | source interface for the tunnel The specified source address or interface-type interface-number } interface. the primary IP address of the specified source interface is used as the source IP address of...
  • Page 225 # Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1. [Switch] interface Ten-GigabitEthernet 1/1/5 [Switch-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [Switch-Ten-GigabitEthernet1/1/5] quit # Configure an ISATAP tunnel interface tunnel 0. [Switch] interface tunnel 0 mode ipv6-ipv4 isatap # Specify an EUI-64 IPv6 address for the tunnel interface tunnel 0. [Switch-Tunnel0] ipv6 address 2001:: 64 eui-64 # Specify VLAN-interface 101 as the source interface of the tunnel interface.
  • Page 226: Configuring An Ipv4 Over Ipv4 Tunnel

    router link-layer address: 1.1.1.1 preferred global 2001::5efe:1.1.1.2, life 29d23h59m46s/6d23h59m46s (public) preferred link-local fe80::5efe:1.1.1.2, life infinite link MTU 1500 (true link MTU 65515) current hop limit 255 reachable time 42500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 default site prefix length 48 The host has acquired the address prefix 2001::/64 and has automatically generated the global unicast address 2001::5efe:1.1.1.2.
  • Page 227: Configuration Example

    interface or specify the IPv4 address of the peer tunnel interface as the next hop. Alternatively, you can enable a dynamic routing protocol on both tunnel interfaces to achieve the same purpose. For the detailed configuration, see Layer 3—IP Routing Configuration Guide. •...
  • Page 228 Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv4 address for VLAN-interface 101, which is the physical interface of the tunnel.
  • Page 229: Configuring An Ipv4 Over Ipv6 Tunnel

    [SwitchB-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [SwitchB-Ten-GigabitEthernet1/1/5] quit # Create an IPv4 over IPv4 tunnel interface tunnel 2. [SwitchB] interface tunnel 2 mode ipv4-ipv4 # Specify an IPv4 address for the tunnel interface. [SwitchB-Tunnel2] ip address 10.1.2.2 255.255.255.0 # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchB-Tunnel2] source 3.1.1.1 # Specify the IP address of VLAN-interface 101 on Switch A as the destination address for the tunnel interface.
  • Page 230: Configuration Example

    Step Command Remarks Enter system view. system-view Enter tunnel interface interface tunnel number [ mode view. ipv6 ] Configure an IPv4 ip address ip-address { mask | By default, no IPv4 address is configured address for the tunnel mask-length } [ sub ] for the tunnel interface.
  • Page 231 # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2001::1:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1.
  • Page 232: Configuring An Ipv6 Over Ipv6 Tunnel

    # Specify the IP address of VLAN-interface 101 on Switch A as the destination address for the tunnel interface. [SwitchB-Tunnel2] destination 2001::1:1 [SwitchB-Tunnel2] quit # Configure a static route destined for IPv4 network 1 through the tunnel interface. [SwitchB] ip route-static 30.1.1.0 255.255.255.0 tunnel 2 Verifying the configuration # Use the display interface tunnel command to display the status of the tunnel interfaces on Switch A and Switch B.
  • Page 233: Configuration Example

    Step Command Remarks Configure an IPv6 address for For configuration details, see No IPv6 address is configured for the tunnel interface. "Configuring basic IPv6 settings." the tunnel interface by default. By default, no source address or interface is configured for the tunnel.
  • Page 234 [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 2002:1::1 64 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2001::11:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1.
  • Page 235: Displaying And Maintaining Tunneling

    # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchB-Tunnel2] source 2002::22:1 # Specify the IP address of VLAN-interface 101 on Switch A as the destination address for the tunnel interface. [SwitchB-Tunnel2] destination 2001::11:1 [SwitchB-Tunnel2] quit # Configure a static route destined for the IPv6 network group 1 through the tunnel interface.
  • Page 236: Analysis

    Analysis The physical interface of the tunnel does not go up, or the tunnel destination is unreachable. Solution Use the display interface or display ipv6 interface commands to check whether the physical interface of the tunnel is up. If the physical interface is down, check the network connection. Use the display ipv6 routing-table or display ip routing-table command to check whether the tunnel destination is reachable.
  • Page 237: Configuring Gre

    Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate any network layer protocol (such as IPv6) into a virtual point-to-point tunnel over an IP network (such as an IPv4 network). Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. The network layer protocol of the packets before encapsulation and after encapsulation can be the same or different.
  • Page 238: Gre Tunnel Operating Principle

    GRE tunnel operating principle Figure 94 IPv6 networks interconnected through a GRE tunnel As shown in Figure 94, an IPv6 protocol packet traverses an IPv4 network through a GRE tunnel as follows: After receiving an IPv6 packet from the interface connected to IPv6 network 1, Device A looks up the routing table to determine that the outgoing interface is a GRE tunnel interface (Tunnel 0 in this example), and then submits the IPv6 packet to the tunnel interface Tunnel 0.
  • Page 239 • HP recommends not configuring the same tunnel source and destination addresses for local tunnel interfaces that use the same GRE encapsulation protocol. If the destination address of a packet before encapsulation is not in the same subnet as the IP •...
  • Page 240: Configuring A Gre Over Ipv6 Tunnel

    Step Command Remarks By default, no source address or interface is configured for a tunnel interface. If you configure a source address for a tunnel interface, the tunnel Configure a source interface uses the source address address or source source { ip-address | interface-type as the source address of the interface for the tunnel interface-number }...
  • Page 241 • HP recommends not configuring the same tunnel source and destination addresses for local tunnel interfaces that use the same GRE encapsulation protocol. If the destination address of a packet before encapsulation is not in the same subnet as the IP •...
  • Page 242: Displaying And Maintaining Gre

    Step Command Remarks By default, no source IPv6 address or interface is configured for a tunnel interface. If you configure a source IPv6 address for a tunnel interface, the tunnel interface uses the source Configure a source IPv6 IPv6 address as the source IPv6 source { ipv6-address | address or source interface for address of the encapsulated...
  • Page 243: Gre Configuration Examples

    Task Command Remarks For more information about Display IPv6 information about tunnel display ipv6 interface [ tunnel this command, see Layer interface. [ number ] ] [ brief ] 3—IP Services Command Reference. For more information about reset counters interface [ tunnel this command, see Layer Clear tunnel interface statistics.
  • Page 244 # Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch A. [SwitchA-Tunnel1] source vlan-interface 101 # Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch B. [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Configure a static route from Switch A through the tunnel interface to Group 2.
  • Page 245: Gre Over Ipv6 Tunnel Configuration Example

    Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Display tunnel interface information on Switch B.
  • Page 246 Figure 96 Network diagram Switch A XGE1/1/6 XGE1/1/6 Switch B Vlan-int101 Vlan-int101 2002::1:1/64 2001::2:1/64 IPv6 network XGE1/1/5 XGE1/1/5 GRE tunnel XGE1/1/7 XGE1/1/7 Vlan-int100 Vlan-int100 Tunnel0 10.1.1.1/24 Tunnel0 10.1.3.1/24 10.1.2.2/24 10.1.2.1/24 IPv4 IPv4 Service loopback port Group 1 Group 2 Configuration procedure Before the following configurations, configure an IP address for each interface, and make sure Switch A and Switch B can reach each other.
  • Page 247 # Configure an IP address for the tunnel interface. [SwitchB-Tunnel0] ip address 10.1.2.2 255.255.255.0 # Configure the source address of tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel0] source 2001::2:1 # Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch A.
  • Page 248: Troubleshooting Gre

    Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping -a 10.1.3.1 10.1.1.1 Ping 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=2.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms...
  • Page 249: Solution

    Solution Execute the display ip routing-table command on Device A and Device C to view whether Device A has a route over tunnel 0 to 10.2.0.0/16 and whether Device C has a route over tunnel 0 to 10.1.0.0/16. If such a route does not exist, execute the ip route-static command in system view to add the route. Take Device A as an example: [DeviceA] ip route-static 10.2.0.0 255.255.0.0 tunnel 0...
  • Page 250: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
  • Page 251: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 252 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
  • Page 253 Index Numerics IP services DHCPv6 address pool, IP services DHCPv6 address pool selection, 6to4 IP services DHCPv6 address/prefix assignment, relay, IP services DHCPv6 address/prefix lease tunnel, renewal, tunnel configuration, 209, IP services DHCPv6 IA, IP services DHCPv6 IAID, address IP services DHCPv6 IPv6 address assignment, DHCPv6 client IPv6 address acquisition, IP services DHCPv6 IPv6 address/prefix allocation sequence,...
  • Page 254 IPv6 address type, IP services DHCPv6 assignment (4 messages), applying IP services DHCPv6 IPv6 address, IP services DDNS client policy to interface, IP services DHCPv6 IPv6 prefix, IP services DHCP address pool on interface, IP services DHCPv6 rapid assignment (2 messages), IP services DHCPv6 snooping trusted port, IP services DHCPv6 server dynamic IPv6 address...
  • Page 255 maintaining client, IP services DHCP voice client Option 184 parameters, protocols and standards, IP services DHCPv6 address pool, Bootstrap Protocol. Use BOOTP IP services DHCPv6 IA, broadcast IP services DHCPv6 IAID, IP services DHCP server response broadcast, IP services DHCPv6 IPv6 prefix assignment, IP services UDP helper configuration, 129, 129, IP services DHCPv6 relay agent configuration,...
  • Page 256 IP services DHCP relay agent, 55, 56, IP services DHCPv6 snooping Option 37, IP services DHCP relay agent IP address IP services DHCPv6 snooping packet rate limit, release, IP services DNS, 81, IP services DHCP relay agent Option 82, 60, IP services DNS proxy, IP services DHCP relay agent security IP services DNS spoofing,...
  • Page 257 IPv6 ND, IP services DHCP client duplicated address detection, IPv6 ND customer-side port, IP services DHCP IP address conflict detection, IPv6 ND static neighbor entry, IPv6 ND duplicate address detection, IPv6 path MTU discovery, IPv6 ND neighbor reachability detection, IPv6 RA message parameter, 146, IPv6 ND redirection, IPv6 stateless address with autoconfiguration,...
  • Page 258 IP services ISATAP tunnel configuration, displaying BOOTP client, IP services stateless DHCPv6, displaying client, IP services UDP helper configuration), displaying relay agent, IPv4 DNS client configuration, displaying server, IPv4 DNS proxy configuration, enabling, IPv4/IPv4 tunnel configuration, enabling Option 82 handling, IPv4/IPv6 manual tunnel configuration, IP address allocation, 25, IPv6 basic settings configuration,...
  • Page 259 relay agent relay entry recording, DHCPv6 relay agent security functions, address allocation, relay agent starvation attack protection, address pool, server address pool configuration, address pool selection, server address pool creation, address/prefix assignment, server address pool IP address range, address/prefix lease renewal, server address pool IP address range (primary assignment (4 messages), subnet/multiple ranges),...
  • Page 260 DHCPv6 snooping DDNS configuration (PeanutHull server), basic configuration, DDNS configuration (www.3322.org), configuration, 191, 193, DDNS outgoing packet DSCP value, displaying, displaying IPv4 DNS, IP services DHCPv6-REQUEST check, dynamic domain name resolution, maintaining, IP services DHCP client configuration, Option 18 configuration;Option 018 IPv4 client configuration, configuration, IPv4 client dynamic domain name...
  • Page 261 DUID IP services DHCP client duplicated address detection, DHCPv6 client DUID, IP services DHCP client on interface, DUID (DHCPv6), IP services DHCP Option 82 handling, duplicated address detection (DHCP), IP services DHCP relay agent on interface, dynamic IP services DHCP relay agent relay entry periodic IP services ARP dynamic entry, refresh, IP services ARP entry max number (for device),...
  • Page 262 IP services ARP configuration (multiport entry), IP services DHCP server BOOTP response format, IP services ARP snooping configuration, IP services GRE encapsulation format, IP services ARP static configuration, IPv6 addresses, IP services BOOTP client configuration, 79, fragment IP services common proxy ARP configuration, IP performance optimization ICMP fragment IP services DHCP client configuration, 64, forwarding,...
  • Page 263 error message rate limit, DHCP server address pool IP address range (primary subnet/multiple secondary subnets), IPv6 message send control, DHCP server configuration, IPv6 ND duplicate address detection, DHCP server IP address dynamic assignment, IPv6 ND neighbor reachability detection, DHCP server IP address static assignment, IPv6 ND protocol, DHCP server option customization, IPv6 ND protocol address resolution,...
  • Page 264 IP services ARP OpenFlow table entry, IPv6 ICMPv6 destination unreachable message, IP services ARP operation, IPv6 ICMPv6 error message rate limit, IP services ARP snooping configuration, IPv6 ICMPv6 message send, IP services ARP static configuration, IPv6 ICMPv6 redirect message, IP services ARP static entry configuration, IPv6 ICMPv6 time exceeded message, IP services ARP static table entry, IPv6 interface address assignment,...
  • Page 265 device, 1 10 DHCP relay agent Option 82 support, displaying FIB table entries, 1 10 DHCP relay agent relay entry periodic refresh, FIB table, 1 10 DHCP relay agent relay entry recording, load sharing, 1 12 DHCP relay agent security functions, optimal route selection, 1 10 DHCP relay agent starvation attack protection,...
  • Page 266 DHCPv6 server dynamic IPv6 address IPv6 ICMPv6 message send, assignment, IPv6 ICMPv6 packet source address DHCPv6 server dynamic IPv6 prefix specification, assignment, IPv6 ICMPv6 redirect message, DHCPv6 server IPv6 address assignment, IPv6 ICMPv6 time exceeded message, DHCPv6 server IPv6 prefix assignment, IPv6 interface address assignment, DHCPv6 snooping basics, IPv6 interface MTU configuration,...
  • Page 267 troubleshooting tunneling configuration, anycast address configuration, tunneling configuration, basic settings configuration, 132, 139, tunneling Layer 3 virtual tunnel interface, displaying basics, tunneling protocols and standards IP DNS client configuration, services, DNS configuration, UDP helper configuration, 129, 129, DNS proxy configuration, 87, IPng, 132, See also IPv6 DNS spoofing configuration,...
  • Page 268 ND configuration, ND duplicate address detection, ND hop limit, IP performance optimization, ND link-local entry minimization, Layer 3 ND max number dynamic neighbor entries, DHCPv6 client configuration, 182, 182, ND neighbor reachability detection, DHCPv6 client IPv6 address acquisition ND protocol, configuration, ND protocol address resolution, DHCPv6 client IPv6 prefix acquisition...
  • Page 269 IP services ARP message format, IP services ARP snooping configuration, MAC address IP services ARP static configuration, IP services DHCP client configuration, 64, IP services common proxy ARP configuration, MAC addressing IP services DHCP format, IP services ARP configuration, 1, IP services DHCP-REQUEST message attack IP services ARP configuration (multiport entry), protection,...
  • Page 270 IP services DNS proxy configuration, DHCPv6 client IPv6 prefix acquisition configuration, IP services DNS spoofing configuration, DHCPv6 client packet DSCP value, IP services DNS static domain name resolution, DHCPv6 client stateless DHCPv6, IPv4 DNS client configuration, DHCPv6 client stateless DHCPv6 configuration, IPv4 DNS client dynamic domain name directed broadcast forward configuration, resolution, 85,...
  • Page 271 IP services DHCP client gateway, IP services DHCPv6 snooping entry max number, IP services DHCP client ID configuration for interface, IP services DHCPv6 snooping entry save, IP services DHCP client packet DSCP value, IP services DHCPv6 snooping Option 18 configuration, IP services DHCP client server specification, IP services DHCPv6 snooping Option 37 IP services DHCP relay agent enable on...
  • Page 272 IPv6 interface MTU configuration, IP services ARP configuration, 1, IPv6 link-local address configuration, IP services ARP configuration (multiport entry), IPv6 max number NS message sent IP services ARP snooping configuration, attempts, IP services ARP static configuration, IPv6 multicast echo request reply, IP services BOOTP client configuration, 79, IPv6 ND configuration, IP services common proxy ARP configuration,...
  • Page 273 IP services GRE/IPv4 configuration, IP performance optimization TCP path MTU discovery, IP services GRE/IPv6 configuration, IP performance optimization TCP SYN cookie, IP services IRDP configuration, 1 17 IP performance optimization TCP timers, IP services proxy ARP configuration, option IP services tunneling configuration, 200, IP services DHCP field, IP services UDP helper configuration, 129, 129,...
  • Page 274 IP services DDNS outgoing packet DSCP IPv6 ND stateless address autoconfiguration, value, IPv6 ND static neighbor entry configuration, IP services DHCP client packet DSCP value, IPv6 path MTU discovery, IP services DHCP server packet DSCP value, IPv6 path MTU discovery configuration, IP services DHCP snooping packet rate limit, IPv6 RA message parameter configuration, IP services DHCPv6 packet DSCP value,...
  • Page 275 IP services DHCPv6 IPv6 address/prefix configuring IP services ARP multiport entry, allocation sequence, configuring IP services ARP snooping, IP services DHCPv6 IPv6 prefix assignment, configuring IP services ARP static entry, IP services DHCPv6 server dynamic IPv6 prefix configuring IP services BOOTP client, assignment, configuring IP services BOOTP client address IP services DHCPv6 server IPv6 prefix...
  • Page 276 configuring IP services DHCP server subnets, configuring IP services GRE/IPv6 tunnel, configuring IP services DHCP server to ignore configuring IP services IRDP, 1 17 BOOTP requests, configuring IP services ISATAP tunnel, 212, configuring IP services DHCP server user configuring IP services tunneling, class, configuring IP services tunneling Layer 3 virtual configuring IP services DHCP snooping, 71,...
  • Page 277 configuring IPv6 RA message enabling IP services DHCP, parameters, 146, enabling IP services DHCP client duplicated configuring IPv6 stateless address with address detection, autoconfiguration, enabling IP services DHCP client on interface, configuring IPv6 static path MTU, enabling IP services DHCP Option 82 handling, configuring IPv6 static prefix, enabling IP services DHCP relay agent on configuring IPv6/IPv4 manual tunnel, 206,...
  • Page 278 maintaining IP services tunneling specifying IP services DHCP server address pool IP configuration, address range (primary subnet/multiple ranges), maintaining IP services UDP helper, specifying IP services DHCP server address pool IP maintaining IPv4 DNS, address range (primary subnet/multiple secondary maintaining IPv6 basics, subnets), minimizing IPv6 ND link-local entry, specifying IP services DHCP server on relay...
  • Page 279 configuration, relay entry recording, displaying, starvation attack protection, local proxy ARP enable, troubleshooting configuration, proxying releasing IP services DNS proxy, IP services DHCP relay agent IP address release, IP services DNS proxy configuration, reserved DHCP Option 184, 28, IP services IRDP proxy-advertised IP address, 1 15 resolving IPv4 DNS proxy configuration,...
  • Page 280 IP performance optimization, IP services DDNS client configuration, saving IP services DDNS client policy application, IP services DHCP snooping entries, IP services DDNS client policy IP services DHCPv6 snooping entries, configuration, security IP services DDNS configuration, 102, IP services DHCP relay agent IP address release, IP services DDNS configuration (PeanutHull IP services DHCP relay agent relay entry periodic server),...
  • Page 281 IP services DHCP address pool IP address range IP services DHCPv6 IPv6 prefix assignment, (primary subnet/multiple ranges), IP services DHCPv6 network parameters IP services DHCP address pool IP address range assignment, (primary subnet/multiple secondary IP services DHCPv6 packet DSCP value, subnets), IP services DHCPv6 PD, IP services DHCP client BIMS server...
  • Page 282 IP services DHCP server address pool IP address IP services DHCP server subnets, range, IP services DHCPv6 relay agent configuration, IP services DHCP server address pool IP address suffix range (primary subnet/multiple ranges), IP services DHCP client domain name suffix, IP services DHCP server address pool IP address IP services DNS client, range (primary subnet/multiple secondary...
  • Page 283 ICMPv6 time exceeded message, IPv4/IPv6 manual tunnel configuration, 218, timer IPv4/IPv6 manual tunneling, IP services ARP dynamic entry aging timer IPv6 tunneling technology, configuration, IPv6/IPv4 manual tunnel configuration, 206, IPv6 dynamic path MTU aging timer, IPv6/IPv4 tunneling, IPv6 ND stale state entry aging timer, IPv6/IPv6 tunnel configuration, 221, TCP FIN wait timer, IPv6/IPv6 tunneling,...
  • Page 284 DHCPv6 client stateless DHCPv6 configuration, IP services BOOTP client configuration, 79, IP services DHCP client configuration, 64, IP services DHCP relay agent configuration, 55, 56, IP services DHCP relay agent Option 82, IP services DHCP server configuration, 32, 34, IP services DHCP server IP address dynamic assignment, IP services DHCP server IP address static assignment,...

Table of Contents