HP 6125XLG Blade Switch Layer 3 - IP Services Configuration Guide Part number: 5998-5371a Software version: Release 240x Document version: 6W101-20150515...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 4
Network requirements ··········································································································································· 23 Configuration procedure ······································································································································ 23 Verifying the configuration ··································································································································· 24 DHCP overview ·························································································································································· 25 DHCP address allocation ·············································································································································· 25 Allocation mechanisms ········································································································································· 25 IP address allocation process ······························································································································· 26 IP address lease extension···································································································································· 26 ...
Page 5
Configuring the DHCP relay agent ··························································································································· 55 Overview ········································································································································································· 55 Operation ······························································································································································· 55 DHCP relay agent support for Option 82 ·········································································································· 56 DHCP relay agent configuration task list ····················································································································· 56 Enabling DHCP ······························································································································································ 57 Enabling the DHCP relay agent on an interface ········································································································...
Page 6
Configuring an interface to use BOOTP for IP address acquisition·········································································· 80 Displaying and maintaining BOOTP client ················································································································· 80 BOOTP client configuration example ·························································································································· 80 Network requirements ··········································································································································· 80 Configuration procedure ······································································································································ 80 Configuring DNS ······················································································································································· 81 ...
Page 8
IPv6 path MTU discovery ···································································································································· 138 IPv6 transition technologies ········································································································································· 138 Dual stack ····························································································································································· 139 Tunneling ······························································································································································ 139 Protocols and standards ·············································································································································· 139 IPv6 basics configuration task list ······························································································································· 139 Assigning IPv6 addresses to interfaces ······················································································································ 140 ...
Page 9
Overview ······································································································································································· 191 Application of trusted and untrusted ports ········································································································ 191 HP implementation of Option 18 and Option 37 ···································································································· 192 Option 18 for DHCPv6 snooping ······················································································································ 192 DHCPv6 snooping support for Option 37 ········································································································ 193 ...
Page 10
Symptom ······························································································································································· 237 Analysis ································································································································································ 237 Solution ································································································································································· 238 Support and other resources ·································································································································· 239 Contacting HP ······························································································································································ 239 Subscription service ············································································································································ 239 Related information ······················································································································································ 239 Documents ···························································································································································· 239 Websites ······························································································································································· 239 ...
Page 11
Index ········································································································································································ 242 ...
Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages.
If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request contains the following information: Sender IP address and sender MAC address—Host A's IP address and MAC address. Target IP address—Host B's IP address.
Static ARP entry A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. The device supports the following types of static ARP entries: Long static ARP entry—It contains the IP address, MAC address, VLAN, and output interface.
The IP address of the VLAN interface of the VLAN specified by the vlan-id argument must belong to • the same subnet as the IP address specified by the ip-address argument. To configure a static ARP entry: Step Command Remarks Enter system view.
Step Command Remarks arp multiport ip-address mac-address Configure a multiport ARP By default, no multiport ARP vlan-id [ vpn-instance entry. entries are configured. vpn-instance-name ] Setting the maximum number of dynamic ARP entries for a device A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn.
Step Command Remarks By default, an interface can learn a maximum of 16384 dynamic ARP Set the maximum number of entries. dynamic ARP entries for the arp max-learning-num number To disable the interface from learning interface. dynamic ARP entries, set the number to Setting the aging timer for dynamic ARP entries Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer.
On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the • following IP addresses: The IP address of the receiving interface. The virtual IP address of the VRRP group. The NATed external address. •...
Step Command Remarks Enable ARP fast mac-address mac-move By default, ARP fast update is disabled for update. fast-update MAC move. Displaying and maintaining ARP IMPORTANT: Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be cleared do not affect current communications.
Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: Determine whether its IP address is already used by another device. If the IP address is already used, •...
address of the virtual router. For more information about VRRP, see High Availability Configuration Guide. Configuration procedure The following conditions apply to the gratuitous ARP configuration: You can enable periodic sending of gratuitous ARP packets on up to 1024 interfaces. •...
Page 25
Step Command Remarks Enter system view. system-view Enable IP conflict By default, IP conflict notification is arp ip-conflict log prompt notification. disabled.
Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP.
Displaying proxy ARP Execute display commands in any view. Task Command Display common proxy ARP status. display proxy-arp [ interface interface-type interface-number ] Display local proxy ARP status. display local-proxy-arp [ interface interface-type interface-number ] Common proxy ARP configuration example Network requirements As shown in Figure...
Page 28
[Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 1. [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit # Configure the IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable After the configuration, Host A and Host D can ping each other.
Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. Manual-mode MFF can use the ARP snooping entries. For more information about MFF, see Security Configuration Guide. ARP snooping is used in Layer 2 switching networks.
Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) is beyond the scope of this chapter. The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. NOTE: The term "interface"...
Table 1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at startup for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test.
For example, a Class B network without subnetting can accommodate 1022 more hosts than the same network subnetted into 512 subnets. Without subnetting—65534 hosts (2 – 2). (The two deducted addresses are the broadcast • address, which has an all-one host ID, and the network address, which has an all-zero host ID.) With subnetting—Using the first nine bits of the host-id for subnetting provides 512 (2 ) subnets.
IP address from other interfaces. This is called IP unnumbered, and the interface borrowing the IP address is called IP unnumbered interface. You can use IP unnumbered to save IP addresses either when available IP addresses are inadequate or when an interface is brought up only for occasional use. Configuration guidelines Follow these guidelines when you configure IP unnumbered: An interface cannot borrow an IP address from an unnumbered interface.
Task Command Display brief IP configuration information for the display ip interface [ interface-type specified or all Layer 3 interfaces. [ interface-number ] ] brief IP address configuration example Network requirements As shown in Figure 9, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
Verifying the configuration # Ping a host on subnet 172.16.1.0/24 from the switch to check the connectivity. <Switch> ping 172.16.1.2 Ping 172.16.1.2 (172.16.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 172.16.1.2: icmp_seq=0 ttl=128 time=7.000 ms 56 bytes from 172.16.1.2: icmp_seq=1 ttl=128 time=2.000 ms 56 bytes from 172.16.1.2: icmp_seq=2 ttl=128 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=3 ttl=128 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=4 ttl=128 time=2.000 ms...
DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 10 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent.
IP address allocation process Figure 11 IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.
DHCP message format Figure 12 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 12 DHCP message format • op—Message type defined in options field. 1 = REQUEST, 2 = REPLY htype, hlen—Hardware address type and length of the DHCP client.
DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information to clients. Figure 13 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.
Page 40
The DHCP client can obtain the following information through Option 43: • ACS parameters, including the ACS URL, username, and password. Service provider identifier, which is acquired by the CPE from the DHCP server and sent to the ACS • for selecting vender-specific configurations and parameters.
Relay agent option (Option 82) Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.
Page 42
RFC 3046, DHCP Relay Agent Information Option • • RFC 3442, The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4...
Configuring the DHCP server Overview The DHCP server is well suited to networks where: • Manual configuration and centralized management are difficult to implement. IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users •...
Page 44
DHCP matches the client against DHCP user classes in the order they are configured. If the client matches a user class, the DHCP server selects an IP address from the address range of the user class. If the matching user class has no assignable addresses, the DHCP server matches the client against the next user class.
only a secondary subnet is matched, the DHCP server does not select any IP address from other secondary subnets when the matching secondary subnet has no assignable addresses. NOTE: To make sure correct address allocation, keep the IP addresses used for dynamic allocation in the subnet where the interface of the DHCP server or DHCP relay agent resides as possible as you can.
Configuring an address pool on the DHCP server Configuration task list Tasks at a glance (Required.) Creating a DHCP address pool Perform at least one of the following tasks: • Specifying IP address ranges for a DHCP address pool • Specifying gateways for the client •...
Page 47
If you use the network or address range command multiple times for the same address pool, the • most recent configuration takes effect. IP addresses specified by the forbidden-ip command are not assignable in the current address pool, • but are assignable in other address pools. IP addresses specified by the dhcp server forbidden-ip command are not assignable in any address pool.
Page 48
Specifying a primary subnet and multiple secondary subnets for a DHCP address pool An address pool with a primary subnet and multiple secondary subnets allows the DHCP server to assign an IP address in a secondary subnet to a requesting client when no assignable IP address on the primary subnet is available.
Configuring a static binding in a DHCP address pool Some DHCP clients, such as a WWW server, need fixed IP addresses. To provide a fixed IP address for such a client, you can statically bind the MAC address or ID of the client to an IP address in a DHCP address pool.
Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. By default, no gateway is Specify gateways. gateway-list ip-address&<1-8> specified. (Optional.) Enter secondary network network-address [ mask-length | subnet view mask mask ] secondary By default, no gateway is (Optional.) Specify gateways.
b (broadcast)-node—A b-node client sends the destination name in a broadcast message. The • destination returns its IP address to the client after receiving the message. p (peer-to-peer)-node—A p-node client sends the destination name in a unicast message to the •...
After getting the parameters, the DHCP client sends a TFTP request to obtain the configuration file from the specified TFTP server for system initialization. If the client cannot get such parameters, it performs system initialization without loading any configuration file. To configure the IP address of the TFTP server and the boot file name in a DHCP address pool: Step Command...
Step Command Remarks By default, no primary network calling processor is specified. Specify the IP address of the voice-config ncp-ip ip-address primary network calling processor. After you configure this command, the other Option 184 parameters take effect. By default, no backup (Optional.) Specify the IP address voice-config as-ip ip-address network calling processor is...
Table 2 Common DHCP options Corresponding Recommended option Option Option name command command parameters Router Option gateway-list ip-address Domain Name Server Option dns-list ip-address Domain Name domain-name ascii NetBIOS over TCP/IP Name nbns-list ip-address Server Option NetBIOS over TCP/IP Node netbios-type Type Option TFTP server name...
Applying an address pool on an interface Perform this task to apply a DHCP address pool on an interface. Upon receiving a DHCP request from the interface, the DHCP server assigns the statically bound IP address and configuration parameters from the address pool that contains the static binding.
You must enable handling of Option 82 on both the DHCP server and the DHCP relay agent to ensure correct processing for Option 82. For information about enabling handling of Option 82 on the DHCP relay agent, see "Configuring Option 82."...
Step Command Remarks Configure the DHCP server to By default, the DHCP server dhcp server bootp ignore ignore BOOTP requests. processes BOOTP requests. Configuring the DHCP server to send BOOTP responses in RFC 1048 format Not all BOOTP clients can send requests that are compatible with RFC 1048. By default, the DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.
Execute display commands in any view and reset commands in user view. Task Command Display information about IP address conflicts. display dhcp server conflict [ ip ip-address ] Display information about lease-expired IP display dhcp server expired [ ip ip-address | pool pool-name ] addresses.
Page 59
Figure 17 Network diagram Configuration procedure Specify an IP address for VLAN-interface 2 on Switch A: <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server: # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit...
Dynamic IP address assignment configuration example Network requirements As shown in Figure 18, the DHCP server (Switch A) assigns IP addresses to clients on subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25. Configure address range 10.1.1.0/25 and configuration parameters in DHCP address pool 1 so the DHCP server assigns IP addresses in subnet 10.1.1.0/25 with the lease duration of 10 days and 12 hours and configuration parameters to clients that connect to VLAN-interface 10 of the server.
Configuration procedure Specify IP addresses for interfaces on DHCP server and DHCP relay agent. (Details not shown.) Configure DHCP services: # Enable DHCP and configure the DHCP server to handle Option 82. <SwitchB> system-view [SwitchB] dhcp enable [SwitchB] dhcp server relay information enable # Enable DHCP server on VLAN-interface10.
Figure 20 Network diagram Switch A DHCP server Vlan-int10 10.1.1.1/24 10.1.2.1/24 sub DHCP client DHCP client DHCP client Gateway Configuration procedure # Enable DHCP <SwitchA> system-view [SwitchA] dhcp enable # Configure the primary and secondary IP addresses of VLAN interface 10, enable the DHCP server on the interface.
The DHCP server assigns PXE server addresses to DHCP clients through Option 43, a customized option. The format of Option 43 and that of the PXE server address sub-option are shown in Figure 14 Figure 16. The value of Option 43 configured on the DHCP server in this example is 80 0B 00 00 02 01 02 03 04 02 02 02 02.
Solution Disable the client's network adapter or disconnect the client's network cable. Ping the IP address of the client from another host to check whether there is a host using the same IP address. If a ping response is received, the IP address has been manually configured on a host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation.
Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 22 shows a typical application of the DHCP relay agent.
Figure 23 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to locate the DHCP client for security and accounting purposes, and to assign IP addresses in a specific range to clients.
Tasks at a glance (Optional.) Configuring the DHCP relay agent to release an IP address (Optional.) Configuring Option 82 (Optional.) Setting the DSCP value for DHCP packets sent by the DHCP relay agent Enabling DHCP You must enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command...
To specify a DHCP server address on a relay agent: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no DHCP server Specify a DHCP server dhcp relay server-address address is specified on the relay address on the relay agent.
Step Command Remarks By default, periodic refresh of Enable periodic refresh of dhcp relay client-information refresh dynamic relay entries is dynamic relay entries. enable enabled. By default, the refresh interval Configure the refresh dhcp relay client-information refresh is auto, which is calculated interval.
Configuring the DHCP relay agent to release an IP address Configure the relay agent to release the IP address for a relay entry. The relay agent sends a DHCP-RELEASE message to the server and meanwhile deletes the relay entry. Upon receiving the DHCP-RELEASE message, the DHCP server releases the IP address.
Setting the DSCP value for DHCP packets sent by the DHCP relay agent The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. To set the DSCP value for DHCP packets sent by the DHCP relay agent: Step Command Remarks...
The DHCP relay agent and server are on different subnets, so configure static or dynamic routing to make them reachable to each other. Perform the configuration on the DHCP server to guarantee the client-server communication. For DHCP server configuration information, see "DHCP server configuration examples."...
Configuration procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP relay agent on VLAN-interface 10. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 # Configure the handling strategies and padding content of Option 82.
Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, Layer 3 aggregate interfaces, and management Ethernet interfaces.
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, making the client unable to use the IP address assigned by the server. HP recommends you to disable duplicate address detection when ARP attacks exist on the network.
Displaying and maintaining the DHCP client Execute display command in any view. Task Command display dhcp client [ verbose ] [ interface interface-type Display DHCP client information. interface-number ] DHCP client configuration example Network requirements As shown in Figure 26, on a LAN, Switch B contacts the DHCP server through VLAN-interface 2 to obtain an IP address, DNS server address, and static route information.
[SwitchA-Vlan-interface2] ip address 10.1.1.1 24 [SwitchA-Vlan-interface2] quit # Enable the DHCP service. [SwitchA] dhcp enable # Exclude an IP address from dynamic allocation. [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24.
Page 79
Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.3 Vlan2 10.1.1.3/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 Static 70 10.1.1.2 Vlan2 10.1.1.255/32 Direct 0 10.1.1.3 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1...
Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.
Figure 27 Trusted and untrusted ports In a cascaded network as shown in Figure 28, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries. Figure 28 Trusted and untrusted ports in a cascaded network DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the...
Table 4 Handling strategies If a DHCP request Handling DHCP snooping… has… strategy Drop Drops the message. Keep Forwards the message without changing Option 82. Option 82 Forwards the message after replacing the original Option 82 with Replace the Option 82 padded according to the configured padding format, padding content, and code type.
Step Command Remarks Enter system view. system-view By default, DHCP snooping is Enable DHCP snooping. dhcp snooping enable disabled. interface interface-type This interface must connect to the Enter interface view. interface-number DHCP server. By default, all ports are untrusted Specify the port as a trusted dhcp snooping trust ports after DHCP snooping is port.
Step Command Remarks (Optional.) Configure a handling strategy for DHCP dhcp snooping information strategy { drop By default, the handling requests that contain Option | keep | replace } strategy is replace. dhcp snooping information circuit-id (Optional.) Configure the By default, the padding { [ vlan vlan-id ] string circuit-id | { normal | padding content and code format is normal and the...
Step Command Remarks (Optional.) Manually save DHCP snooping entries are saved to dhcp snooping binding database DHCP snooping entries to the the database file each time this update now file. command is executed. The default setting is 300 seconds. (Optional.) Set the amount of When a DHCP snooping entry is time to wait after a DHCP learned or removed, the device does...
Attackers can forge DHCP lease renewal packets to renew leases for legitimate DHCP clients that no longer need the IP addresses. These forged messages disable the victim DHCP server from releasing the IP addresses. Attackers can also forge DHCP-DECLINE or DHCP-RELEASE packets to terminate leases for legitimate DHCP clients that still need the IP addresses.
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, incoming DHCP packets are not rate limited. You can configure this command only on Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces. If you configure the rate on a Configure the maximum rate at Layer 2 Ethernet interface that is a which the interface can receive...
DHCP snooping configuration examples Basic DHCP snooping configuration example Network requirements As shown in Figure 29, configure the port FortyGigE1/1/1 connected to the DHCP server as a trusted port and configure other ports as untrusted ports. Enable DHCP snooping to record clients' IP-MAC bindings by reading DHCP-ACK messages received from the trusted port and DHCP-REQUEST messages.
Page 89
Configure the handling strategy for DHCP requests that contain Option 82 as replace. • • On FortyGigE 1/1/2, configure the padding content for the Circuit ID sub-option as company001 and for the Remote ID sub-option as device001. On FortyGigE 1/1/3, for the Circuit ID sub-option, configure the padding format as verbose, •...
Configuring the BOOTP client BOOTP client configuration only applies to Layer 3 Ethernet interfaces (including subinterfaces), Layer 3 aggregate interfaces and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server.
Configuring an interface to use BOOTP for IP address acquisition Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, an interface does not Configure an interface to use ip address bootp-alloc use BOOTP for IP address BOOTP for IP address acquisition.
Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. The domain name-to-IP address mapping is called a DNS entry. DNS services can be static or dynamic. After a user specifies a name, the device checks the static name resolution table for an IP address.
Figure 31 Dynamic domain name resolution Request Request User Resolver program Response Response DNS server Read Save Cache DNS client Dynamic domain name resolution allows the DNS client to store latest DNS entries in the dynamic domain name cache. The DNS client does not need to send a request to the DNS server for a repeated query within the aging time.
The DNS proxy simplifies network management. When the DNS server address is changed, you can change the configuration on only the DNS proxy instead of on each DNS client. Figure 32 DNS proxy application A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy.
Figure 33 DNS spoofing application DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server. Without DNS spoofing, the proxy does not answer or forward a DNS request if it cannot find a matching DNS entry and it cannot reach the DNS server.
Tasks at a glance (Optional.) Configuring the DNS trusted interface (Optional.) Setting the DSCP value for outgoing DNS packets Configuring the IPv4 DNS client Configuring static domain name resolution Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses.
You can specify DNS server IPv6 addresses for the public network and up to 1024 VPNs, and • specify a maximum of six DNS server IPv6 addresses for the public network or each VPN. An IPv4 name query is first sent to the DNS server IPv4 addresses. If no reply is received, it is sent •...
Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, you must enable dynamic domain name resolution and configure DNS servers. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS servers, and if no reply is received, it forwards the request to IPv4 DNS servers. To configure the DNS proxy: Step Command...
DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specific IP address. In such cases, you must specify the source interface for the DNS packets so that the device can always uses the primary IP address of the specified source interface as the source IP address of DNS packets.
Step Command Remarks Enter system view. system-view By default, the DSCP value for • DSCP value for IPv4 DNS packets: outgoing DNS packets is 0. Specify the DSCP value dns dscp dscp-value for outgoing DNS The configuration is available on •...
# Use the ping host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com Ping host.com (10.1.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms...
Page 103
Figure 36 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 37 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.
Figure 38 Adding a mapping between domain name and IP address Configure the DNS client: # Specify the DNS server 2.1.1.2. <Sysname> system-view [Sysname] dns server 2.1.1.2 # Specify com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1.
Page 105
As shown in Figure • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IPv6 address of the real DNS server is 4.1.1.1. Configure the IP address of the DNS proxy on Device B. DNS requests of Device B are forwarded •...
56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms --- Ping statistics for host.com --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements...
Dynamic domain name resolution configuration example Network requirements As shown in Figure 41, the device wants to access the host by using an easy-to-remember domain name rather than an IPv6 address. The IPv6 address of the DNS server is 2::2/64, and the server has a com domain, which stores the mapping between domain name host and IPv6 address 1::1/64.
Page 108
Figure 42 Creating a zone On the DNS server configuration page, right-click zone com, and select Other New Records. Figure 43 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type.
Page 109
Figure 44 Selecting the resource record type Type host name host and IPv6 address 1::1. Click OK. The mapping between the IPv6 address and host name is created.
Page 110
Figure 45 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Specify the DNS server 2::2. <Device> system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 1::1.
DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.
Verifying the configuration # Use the ping host.com command on Device B to verify that the connection between the device and the host is normal and that the translated destination IP address is 3000::1. [DeviceB] ping host.com Ping6(56 data bytes) 2000::1 --> 3000::1, press CTRL_C to break 56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.000 ms 56 bytes from 3000::1, icmp_seq=1 hlim=128 time=0.000 ms 56 bytes from 3000::1, icmp_seq=2 hlim=128 time=1.000 ms...
Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers.
Figure 47 DDNS application DNS server IP network HTTP server HTTP client DDNS client DDNS server With the DDNS client configured, a device can dynamically update the latest mapping between its domain name and IP address on the DNS server through DDNS servers. NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts.
Page 115
By default, the URL address does not include a username or password. To configure the username and password, use the username command and the password command. HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.
Configuration prerequisites Visit the website of a DDNS service provider, register an account, and apply for a domain name for the DDNS client. When the DDNS client updates the mapping between the domain name and the IP address through the DDNS server, the DDNS server checks whether the account information is correct and whether the domain name to be updated belongs to the account.
To apply the DDNS policy to an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no DDNS policy is applied to the interface, no Apply the DDNS policy to the FQDN is specified for update, interface to update the mapping and DDNS update is disabled.
DDNS configuration examples DDNS configuration example with www.3322.org Network requirements As shown in Figure 48, Switch uses the domain name whatever.3322.org. Switch acquires the IP address through DHCP. Through DDNS service provided by www.3322.org, Switch informs the DNS server of the latest mapping between its domain name and IP address. Switch uses the DNS server to translate www.3322.org into the corresponding IP address.
# Apply DDNS policy 3322.org to VLAN-interface 2 to enable DDNS update and dynamically update the mapping between domain name whatever.3322.org and the primary IP address of VLAN-interface [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy 3322.org fqdn whatever.3322.org After the preceding configuration is completed, Switch notifies the DNS server of its new domain name-to-IP address mapping through the DDNS server provided by www.3322.org, whenever the IP address of Switch changes.
Page 120
[Switch-ddns-policy-oray.cn] quit # Specify the IP address of the DNS server as 1.1.1.1. [Switch] dns server 1.1.1.1 # Apply the DDNS policy oray.cn to VLAN-interface 2 to enable DDNS update and to dynamically update the mapping between whatever.gicp.cn and the primary IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy oray.cn fqdn whatever.gicp.cn After the preceding configuration is completed, Switch notifies the DNS server of its new domain...
Basic IP forwarding on the device The device uses the destination IP address of a received packet to find a match from the forwarding information base (FIB) table. It then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table.
Configuring load sharing Overview If a routing protocol finds multiple equal-cost best routes to the same destination, the device forwards packets over the equal-cost routes to implement load sharing. Configuring load sharing Per-flow load sharing allows the device to forward flows over equal-cost routes. Packets of one flow travel along the same routes.
Load sharing configuration example Network requirements As shown in Figure 50, Switch A has two equal-cost routes to Switch B. Configure load sharing to forward packets through Switch B to the destination IP address 1.2.3.4/24. Figure 50 Network diagram Configuration procedure # On Switch A, assign Ten-GigabitEthernet 1/1/9 to VLAN 10, and Ten-GigabitEthernet 1/1/10 to VLAN 20.
[SwitchB-Vlan-interface20] ip address 20.1.1.2 24 [SwitchB-Vlan-interface20] quit # On Switch A, configure two static routes to the destination IP address. <SwitchA> system-view [SwitchA] ip route-static 1.2.3.4 24 10.1.1.2 [SwitchA] ip route-static 1.2.3.4 24 20.1.1.2 [SwitchA] quit # On Switch A, display FIB entries matching the destination IP address 1.2.3.4. <SwitchA>dis fib 1.2.3.4 Destination count: 1 FIB entry count: 2 Flag:...
Configuring IRDP The term router in this chapter refers to a routing-capable device. The term host in this chapter refers to the host that supports IRDP. For example, a host that runs the Linux operating system. NOTE: The term "interface" in this chapter collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. Layer You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see 2—LAN Switching Configuration Guide...
This mechanism prevents the local link from being overloaded by a large number of RAs sent simultaneously from routers. HP recommends that you shorten the advertising interval on a link that suffers high packet loss rates. Destination address of RAs An RA uses either of the following destination IP addresses: Broadcast address 255.255.255.255.
Step Command Remarks By default, IRDP is disabled. After IRDP is enabled on an interface, Enable IRDP on the interface. ip irdp the IRDP configuration takes effect, and the device sends RA messages out of the interface. (Optional.) Specify the preference of advertised ip irdp preference The default preference is 0.
Figure 51 Network diagram Configuration procedure Configure Switch A: # Specify an IP address for FortyGigE 1/1/1. <SwitchA> system-view [SwitchA] interface FortyGigE 1/1/1 [SwitchA-FortyGigE1/1/1] ip address 10.154.5.1 24 # Enable IRDP on FortyGigE 1/1/1. [SwitchA-FortyGigE1/1/1] ip irdp # Specify preference 1000 for advertised IP addresses on FortyGigE 1/1/1. [SwitchA-FortyGigE1/1/1] ip irdp preference 1000 # Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent by FortyGigE 1/1/1.
Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. NOTE: The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces.
Configuration example Network requirements As shown in Figure 52, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of the switch. Enable VLAN-interface 2 to forward directed broadcasts destined for the directly connected network so the server can receive directed broadcasts from the host to IP address 2.2.2.255.
Step Command Remarks By default, no MTU is configured. The MTU configured for an interface takes effect on only Configure an MTU for the ip mtu mtu-size packets that are sent to the CPU interface. for software forwarding, including packets sent from or destined for this interface.
Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection. The TCP source device sends subsequent TCP segments that each are smaller than the MSS (MSS = path MTU – IP header length – TCP header length). If the TCP source device still receives ICMP error messages when the MSS is smaller than 32 bytes, the TCP source device will fragment packets.
To enable TCP SYN Cookie: Step Command Remarks Enter system view. system-view Enable SYN Cookie. tcp syn-cookie enable The default setting is disabled. Configuring the TCP buffer size Step Command Remarks Enter system view. system-view Configure the size of TCP receive/send tcp window window-size The default buffer size is 64 KB.
Page 136
The selected route is not created or modified by any ICMP redirect message. The selected route is not destined for 0.0.0.0. There is no source route option in the received packet. ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing table.
Perform this task to specify the source IP address for outgoing ping echo request and ICMP error messages. HP recommends that you specify the IP address of the loopback interface as the source IP address. This feature helps users to locate the sending device easily.
To specify the source IP address for ICMP packets: Step Command Remarks Enter system view. system-view Specify the source address By default, the device uses the IP address ip icmp source [ vpn-instance for outgoing ICMP of the sending interface as the source IP vpn-instance-name ] ip-address packets.
Displaying and maintaining IP performance optimization Execute display commands in any view and reset commands in user view. Task Command Display brief information about RawIP connections. display rawip [ slot slot-number ] Display detailed information about RawIP display rawip verbose [ slot slot-number [ pcb connections.
Configuring UDP helper Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.
Step Command Remarks udp-helper port { port-number | dns | By default, no UDP port is Specify a UDP port. netbios-ds | netbios-ns | tacacs | tftp | specified. time } Enter interface view. interface interface-type interface-number Specify a destination By default, no destination server udp-helper server ip-address server.
# Enable UDP helper to forward broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1 # Enable the interface to receive directed broadcasts destined for the directly connected network.
Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.
Hierarchical address structure IPv6 uses a hierarchical address structure to speed up route lookup and reduce the IPv6 routing table size through route aggregation. Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration. Stateful address autoconfiguration enables a host to acquire an IPv6 address and other •...
Page 145
IMPORTANT: A double colon can appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents and correctly convert it to zeros to restore a 128-bit IPv6 address. An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network ID and the host ID of an IPv4 address.
Page 146
A loopback address—0:0:0:0:0:0:0:1 (or ::1). It has the same function as the loopback address in • IPv4. It cannot be assigned to any physical interface. A node uses this address to send an IPv6 packet to itself. • An unspecified address—0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets.
On a tunnel interface—The lower 32 bits of the EUI-64 address-based interface identifier are the • source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros.
Page 148
Host B. The NS message body contains the link-layer address of Host A and the target IPv6 address. After receiving the NS message, Host B determines whether the target address of the packet is its IPv6 address. If yes, Host B learns the link-layer address of Host A, and then unicasts an NA message containing its link-layer address.
The generated IPv6 address is valid within the valid lifetime and becomes invalid when the valid lifetime expires. After the preferred lifetime expires, the node cannot use the generated IPv6 address to establish new connections, but can receive packets destined for the IPv6 address. The preferred lifetime cannot be greater than the valid lifetime.
Dual stack Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is a dual-stack node. A dual-stack node configured with an IPv4 address and an IPv6 address can forward both IPv4 and IPv6 packets. An application that supports both IPv4 and IPv6 prefers IPv6 at the network layer.
Tasks at a glance • Setting the aging timer for ND entries in stale state • Minimizing link-local ND entries • Setting the hop limit • Configuring parameters for RA messages • Configuring the maximum number of attempts to send an NS message for DAD •...
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number ipv6 address { ipv6-address Configure the interface to prefix-length | By default, no IPv6 global unicast generate an EUI-64 IPv6 ipv6-address/prefix-length } address is configured on an interface. address.
You can also configure the interface to preferentially use the temporary IPv6 address as the source address of sent packets. When the valid lifetime of the temporary IPv6 address expires, the interface removes the address and generates a new one. This function enables the system to send packets with different source addresses through the same interface.
An interface can have only one link-local address. To avoid link-local address conflicts, HP recommends that you use the automatic generation method. If both methods are used, manual assignment takes precedence over automatic generation. If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated one.
Step Command Remarks interface interface-type Enter interface view. interface-number ipv6 address { ipv6-address By default, no IPv6 anycast Configure an IPv6 anycast prefix-length | address is configured on an address. ipv6-address/prefix-length } anycast interface. Configuring IPv6 ND This section describes how to configure IPv6 ND. Configuring a static neighbor entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Set the maximum number of By default, an interface can learn a ipv6 neighbors dynamic neighbor entries that maximum of 8192 dynamic max-learning-num number the interface can learn. neighbor entries.
If you use the undo ipv6 nd ra hop-limit unspecified command, the device sets the hop limit value • configured by this task in a sent RA message. A host receiving the RA message fills the value into the Hop Limit field of sent IPv6 packets. To set the hop limit: Step Command...
Page 158
The maximum interval for sending RA messages should be less than (or equal to) the router lifetime in RA messages so the router can be updated by an RA message before expiration. The values of the NS retransmission timer and the reachable time configured for an interface are sent in RA messages to hosts.
Step Command Remarks By default, the M flag bit is set to 0 and ipv6 nd autoconfig Set the M flag bit to 1. hosts acquire IPv6 addresses through managed-address-flag stateless autoconfiguration. By default, the O flag bit is set to 0 and hosts acquire other configuration Set the O flag bit to 1.
Page 160
ND proxy includes common ND proxy and local ND proxy. • Common ND proxy As shown inFigure 59, VLAN-interface 1 with IPv6 address 4:1::99/64 and VLAN-interface 2 with IPv6 address 4:2::99/64 belong to different subnets. Host A and Host B reside on the same network but in different broadcast domains.
Configuration procedure You can enable common ND proxy and local ND proxy in VLAN interface view, Layer 3 Ethernet interface view, or Layer 3 Ethernet subinterface view. To enable common ND proxy: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.
source host fragments the packet according to the MTU. To avoid this situation, configure a proper interface MTU. To configure the interface MTU: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no interface MTU is Configure the interface MTU.
Configuring the rate limit for ICMPv6 error messages To avoid sending excessive ICMPv6 error messages within a short period that might cause network congestion, you can limit the rate at which ICMPv6 error messages are sent. A token bucket algorithm is used with one token representing one ICMPv6 error message.
If a UDP packet received is destined for the device but its UDP destination port number does not • match any process, the device sends the source a Port Unreachable ICMPv6 error message. If a device is generating ICMPv6 destination unreachable messages incorrectly, disable the sending of ICMPv6 destination unreachable messages to prevent attack risks.
Step Command Remarks Enter system view. system-view Enable sending ICMPv6 redirect By default, sending ICMPv6 ipv6 redirects enable messages. redirect messages is disabled. Specifying the source address for ICMPv6 packets Perform this task to specify the source IPv6 address for outgoing ping echo request and ICMPv6 error messages.
Page 166
Task Command display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address Display IPv6 FIB entries. [ prefix-length ] ] Display IPv6 information about the display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] interface. Display IPv6 prefix information about the display ipv6 interface interface-type interface-number prefix interface.
NOTE: The display ipv6 prefix command is available in Release 2406P03 and later versions. Basic IPv6 configuration example Network requirements As shown in Figure 61, a host, Switch A, and Switch B are connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify that they are connected.
# Display neighbor information for Ten-GigabitEthernet 1/1/6 on Switch A. [SwitchA] display ipv6 neighbors interface Ten-GigabitEthernet 1/1/6 Type: S-Static D-Dynamic O-Openflow I-Invalid IPv6 Address Link Layer Interface State T Age FE80::215:E9FF:FEA6:7D14 0015-e9a6-7d14 XGE1/1/6 STALE D 1238 2001::15B:E0EA:3524:E791 0015-e9a6-7d14 XGE1/1/6 STALE D 1248 The output shows that the IPv6 global unicast address that Host obtained is 2001::15B:E0EA:3524:E791.
Page 169
OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1 Vlan-interface1 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1...
Page 170
InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...
InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected. NOTE: When you ping a link-local address, use the -i parameter to specify an interface for the link-local address.
DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 62, rapid assignment operates in the following steps: The DHCPv6 client sends to the DHCPv6 server a Solicit message that contains a Rapid Commit option to prefer rapid assignment.
Figure 63 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.
Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device decides whether to perform stateless DHCP according to the managed address configuration flag (M flag) and the other stateful configuration flag (O flag) in the RA message received from the router during stateless address autoconfiguration.
Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses, IPv6 prefixes, and other configuration parameters to DHCPv6 clients. NOTE: The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. Layer You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see 2—LAN Switching Configuration Guide IPv6 address assignment As shown in...
Figure 68 IPv6 prefix assignment Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers, and uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).
The DHCPv6 server creates a prefix delegation (PD) for each assigned prefix to record the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and IPv6 address of the requesting client. DHCPv6 address pool The DHCP server selects IPv6 addresses, IPv6 prefixes, and other parameters from an address pool, and assigns them to the DHCP clients.
client against the subnets of all address pools, and selects the address pool with the longest-matching subnet. To make sure address allocation functions correctly, keep the subnet used for dynamic assignment consistent with the subnet where the interface of the DHCPv6 server or DHCPv6 relay agent resides.
Configuration guidelines An IPv6 prefix can be bound to only one DHCPv6 client. You cannot modify bindings that have • been created. To change the binding for a DHCPv6 client, you must delete the existing binding first. • Only one prefix pool can be applied to an address pool. You cannot modify prefix pools that have been applied.
Configuring IPv6 address assignment Use one of the following methods to configure IPv6 address assignment: • Configure a static IPv6 address binding in an address pool: If you bind a DUID and an IAID to an IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client.
Step Command Remarks By default, all IPv6 addresses except for the DHCPv6 server's IP address in a DHCPv6 address pool are assignable. (Optional.) Specify the IPv6 ipv6 dhcp server forbidden-address addresses excluded from start-ipv6-address If the excluded IPv6 address is in dynamic assignment.
Step Command Remarks network prefix/prefix-length Specify an IPv6 subnet for By default, no IPv6 subnet is [ preferred-lifetime preferred-lifetime dynamic assignment. specified. valid-lifetime valid-lifetime ] (Optional.) Specify a DNS By default, no DNS server dns-server ipv6-address server address. address is specified. (Optional.) Specify a domain By default, no domain name domain-name domain-name...
Step Command Remarks By default, the interface discards Enable the DHCPv6 ipv6 dhcp select server DHCPv6 packets from DHCPv6 server on the interface. clients. • Configure global address assignment: ipv6 dhcp server { allow-hint | preference preference-value | Use one of the commands. rapid-commit } * Configure an By default, desired...
Task Command Display information about IPv6 prefix display ipv6 dhcp server pd-in-use [ pool pool-name | prefix bindings. prefix/prefix-len ] Display packet statistics on the DHCPv6 display ipv6 dhcp server statistics [ pool pool-name ] server. Clear information about IPv6 address reset ipv6 dhcp server conflict [ address ipv6-address ] conflicts.
Page 185
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 [Switch-Vlan-interface2] quit # Create prefix pool 1, and specify the prefix 2001:0410::/32 with the assigned prefix length 48. [Switch] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 48 # Create address pool 1. [Switch] ipv6 dhcp pool 1 # In address pool 1, configure subnet 1::/64 where VLAN interface-2 resides.
Configuring the DHCPv6 relay agent The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
Figure 73 Operating process of a DHCPv6 relay agent DHCPv6 client DHCPv6 relay agent DHCPv6 server Solicit (contains a Rapid Commit option) (2) Relay-forward (3) Relay-reply (4) Reply Configuration guidelines You can use the ipv6 dhcp relay server-address command to specify a maximum of eight DHCPv6 •...
Displaying and maintaining the DHCPv6 relay agent Execute display commands in any view and reset commands in user view. Task Command Display the DUID of the local device. display ipv6 dhcp duid Display DHCPv6 server addresses display ipv6 dhcp relay server-address [ interface interface-type specified on the DHCPv6 relay agent.
[SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ipv6 address 1::1 64 # Enable the DHCPv6 relay agent on VLAN-interface 3 and specify the DHCPv6 server on the relay agent. [SwitchA-Vlan-interface3] ipv6 dhcp select relay [SwitchA-Vlan-interface3] ipv6 dhcp relay server-address 2::2 Enable Switch A to send RA messages, and turn on the M and O flags.
Configuring the DHCPv6 client This feature is available in Release 2406P03 and later versions. Overview With DHCPv6 client configured, an interface can obtain configuration parameters from the DHCPv6 server. A DHCPv6 client can use DHCPv6 to complete the following functions: Obtain an IPv6 address, an IPv6 prefix, and other configuration parameters.
Step Command Remarks Enter system view. system-view • Layer 3 Ethernet interface: interface interface-type interface-number • Layer 3 aggregate interface: interface route-aggregation interface-number Enter interface view. • Management Ethernet interface: interface m-ethernet interface-number • VLAN interface: interface vlan-interface interface-number By default, the device uses DUID-LL as the DHCPv6 client DUID.
Page 197
Figure 75 Network diagram Configuration procedure You must configure the DHCPv6 server first before configuring the DHCPv6 client. For information about configuring DHCPv6 server, see "Configuring the DHCPv6 server." # Configure VLAN-interface 2 to use DHCPv6 to obtain an IPv6 address and other configuration parameters.
# Display brief IPv6 information for all interfaces on the device. The output shows that the DHCPv6 client has obtained an IPv6 address.. [Switch] display ipv6 interface brief *down: administratively down (s): spoofing Interface Physical Protocol IPv6 Address Vlan-interface2 1:2::2 IPv6 prefix acquisition configuration example Network requirements As shown in...
State: OPEN IAID: 0xf0019 Client DUID: 00030001000fe2ff0000 Preferred server: Reachable via address: FE80::200:5EFF:FE0A:2303 Server DUID: 00030001000fe20a0a00 Prefix: 12:34::/32 Preferred lifetime 90 sec, valid lifetime 90 sec T1 45 sec, T2 72 sec Will expire on Feb 4 2013 at 15:37:20 (80 seconds left) DNS server addresses: 2000::FF Domain name:...
Page 200
<SwitchB> system-view [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 1::1 64 # Set the O flag in RA messages to 1. [SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag # Allow the interface to advertise RA messages. [SwitchB-Vlan-interface2] undo ipv6 nd ra halt Configure the DHCPv6 client Switch A.
Configuring DHCPv6 snooping DHCPv6 snooping works between the DHCPv6 client and server, or between the DHCPv6 client and DHCPv6 relay agent. It guarantees that DHCPv6 clients obtain IP addresses from authorized DHCPv6 servers. Also, it records IP-to-MAC bindings of DHCPv6 clients (called DHCPv6 snooping entries) for security purposes.
Option 18, also called the interface-ID option, is used by the DHCPv6 relay agent to determine the interface to use to forward RELAY-REPLY message. In HP implementation, the DHCPv6 snooping device adds Option 18 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. The server then assigns IP address to the client based on the client information in Option 18.
Option 37, also called the remote-ID option, is used to identify the client. In HP implementation, the DHCPv6 snooping device adds Option 37 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. This option provides client information about address allocation.
Tasks at a glance (Optional. ) Configuring DHCPv6 packet rate limit (Optional.) Enabling DHCPv6-REQUEST check Configuring basic DHCPv6 snooping Follow these guidelines when you configure basic DHCPv6 snooping: • To make sure DHCPv6 clients can obtain valid IPv6 addresses, specify the ports connected to authorized DHCPv6 servers as trusted ports.
Step Command Remarks (Optional.) Manually save ipv6 dhcp snooping DHCPv6 snooping entries are saved to the DHCPv6 snooping entries binding database update database file each time this command is to the database file. executed. The default setting is 300 seconds. (Optional.) Set the amount When a DHCPv6 snooping entry is learned or of time to wait to update...
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, DHCPv6-REQUEST check is disabled. Enable DHCPv6-REQUEST ipv6 dhcp snooping check You can enable the function only on Layer check. request-message 2 Ethernet interfaces and Layer 2 aggregate interfaces.
Verifying the configuration The DHCPv6 client obtains an IPv6 address and other configuration parameters from the authorized DHCPv6 server. You can use the display ipv6 dhcp snooping binding command to display DHCPv6 snooping entries on the authorized DHCPv6 server.
Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end.
Page 212
physical interface of the tunnel. In the IPv4 header, the source IPv4 address is the IPv4 address of the tunnel source, and the destination IPv4 address is the IPv4 address of the tunnel destination. Upon receiving the packet, Device B de-encapsulates the packet. If the destination address of the IPv6 packet is itself, Device B forwards it to the upper-layer protocol.
6to4 tunneling—A point-to-multipoint automatic tunnel. It is used to connect multiple isolated IPv6 • networks over an IPv4 network. The destination IPv4 address of a 6to4 tunnel is embedded in the destination 6to4 address of packets. This mechanism enables the device to automatically get the tunnel destination address, simplifying tunnel establishment.
The IPv4 protocol stack determines how to forward the packet according to the destination address in the IP header. If the packet is destined for the IPv4 host connected to Device B, Device A delivers the packet to the tunnel interface. The tunnel interface adds a new IPv4 header to the IPv4 packet and submits it to the IP protocol stack.
The tunneling module removes the IPv6 header and delivers the remaining IPv4 packet to the IPv4 protocol stack. The IPv4 protocol stack forwards the IPv4 packet. IPv6 over IPv6 tunneling IPv6 over IPv6 tunneling (RFC 2473) enables isolated IPv6 networks to communicate with each other over another IPv6 network.
RFC 6333, Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion • Tunneling configuration task list Tasks at a glance (Required.) Configuring a tunnel interface Perform one of the following tasks: • Configuring an IPv6 over IPv4 tunnel: Configuring an IPv6 over IPv4 manual tunnel Configuring a 6to4 tunnel Configuring an ISATAP tunnel •...
Step Command Remarks The default MTU is 64000 bytes. Set an appropriate MTU to avoid fragmentation. The MTU for the Set the MTU of the tunnel tunnel interface applies only to mtu mtu-size interface. unicast packets. An MTU set on any tunnel interface is effective on all existing tunnel interfaces.
Step Command Remarks Specify an IPv6 address for For configuration details, see No IPv6 address is configured for the tunnel interface. "Configuring basic IPv6 settings." the tunnel interface by default. By default, no source address or source interface is configured for the tunnel interface.
Page 219
# Specify an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 3002::1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel.
# Specify an IPv6 address for the tunnel interface. [SwitchB-Tunnel0] ipv6 address 3001::2/64 # Specify VLAN-interface 100 as the source interface of the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 # Specify the destination address for the tunnel interface as the IP address of VLAN-interface 100 of Switch A.
Step Command Remarks Specify an IPv6 address For configuration details, see No IPv6 address is configured for the for the tunnel interface. "Configuring basic IPv6 settings." tunnel interface by default. By default, no source address or source interface is configured for the Configure a source tunnel interface.
Page 222
Configuration procedure Before configuring a 6to4 tunnel, make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 2.1.1.1 24 [SwitchA-Vlan-interface100] quit...
[SwitchB] interface tunnel 0 mode ipv6-ipv4 6to4 # Specify an IPv6 address for the tunnel interface. [SwitchA-Tunnel0] ipv6 address 3002::1/64 # Specify the source interface as VLAN-interface 100 for the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 [SwitchB-Tunnel0] quit # Configure a static route destined for 2002::/16 through the tunnel interface. [SwitchB] ipv6 route-static 2002:: 16 tunnel 0 Verifying the configuration # Ping Host B from Host A or ping Host A from Host B.
Step Command Remarks By default, no source address or source interface is configured for the tunnel interface. Configure a source address or source { ip-address | source interface for the tunnel The specified source address or interface-type interface-number } interface. the primary IP address of the specified source interface is used as the source IP address of...
Page 225
# Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1. [Switch] interface Ten-GigabitEthernet 1/1/5 [Switch-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [Switch-Ten-GigabitEthernet1/1/5] quit # Configure an ISATAP tunnel interface tunnel 0. [Switch] interface tunnel 0 mode ipv6-ipv4 isatap # Specify an EUI-64 IPv6 address for the tunnel interface tunnel 0. [Switch-Tunnel0] ipv6 address 2001:: 64 eui-64 # Specify VLAN-interface 101 as the source interface of the tunnel interface.
router link-layer address: 1.1.1.1 preferred global 2001::5efe:1.1.1.2, life 29d23h59m46s/6d23h59m46s (public) preferred link-local fe80::5efe:1.1.1.2, life infinite link MTU 1500 (true link MTU 65515) current hop limit 255 reachable time 42500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 default site prefix length 48 The host has acquired the address prefix 2001::/64 and has automatically generated the global unicast address 2001::5efe:1.1.1.2.
interface or specify the IPv4 address of the peer tunnel interface as the next hop. Alternatively, you can enable a dynamic routing protocol on both tunnel interfaces to achieve the same purpose. For the detailed configuration, see Layer 3—IP Routing Configuration Guide. •...
Page 228
Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv4 address for VLAN-interface 101, which is the physical interface of the tunnel.
[SwitchB-Ten-GigabitEthernet1/1/5] port service-loopback group 1 [SwitchB-Ten-GigabitEthernet1/1/5] quit # Create an IPv4 over IPv4 tunnel interface tunnel 2. [SwitchB] interface tunnel 2 mode ipv4-ipv4 # Specify an IPv4 address for the tunnel interface. [SwitchB-Tunnel2] ip address 10.1.2.2 255.255.255.0 # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchB-Tunnel2] source 3.1.1.1 # Specify the IP address of VLAN-interface 101 on Switch A as the destination address for the tunnel interface.
Step Command Remarks Enter system view. system-view Enter tunnel interface interface tunnel number [ mode view. ipv6 ] Configure an IPv4 ip address ip-address { mask | By default, no IPv4 address is configured address for the tunnel mask-length } [ sub ] for the tunnel interface.
Page 231
# Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2001::1:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1.
# Specify the IP address of VLAN-interface 101 on Switch A as the destination address for the tunnel interface. [SwitchB-Tunnel2] destination 2001::1:1 [SwitchB-Tunnel2] quit # Configure a static route destined for IPv4 network 1 through the tunnel interface. [SwitchB] ip route-static 30.1.1.0 255.255.255.0 tunnel 2 Verifying the configuration # Use the display interface tunnel command to display the status of the tunnel interfaces on Switch A and Switch B.
Step Command Remarks Configure an IPv6 address for For configuration details, see No IPv6 address is configured for the tunnel interface. "Configuring basic IPv6 settings." the tunnel interface by default. By default, no source address or interface is configured for the tunnel.
Page 234
[SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 2002:1::1 64 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2001::11:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/1/5 to service loopback group 1.
# Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchB-Tunnel2] source 2002::22:1 # Specify the IP address of VLAN-interface 101 on Switch A as the destination address for the tunnel interface. [SwitchB-Tunnel2] destination 2001::11:1 [SwitchB-Tunnel2] quit # Configure a static route destined for the IPv6 network group 1 through the tunnel interface.
Analysis The physical interface of the tunnel does not go up, or the tunnel destination is unreachable. Solution Use the display interface or display ipv6 interface commands to check whether the physical interface of the tunnel is up. If the physical interface is down, check the network connection. Use the display ipv6 routing-table or display ip routing-table command to check whether the tunnel destination is reachable.
Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate any network layer protocol (such as IPv6) into a virtual point-to-point tunnel over an IP network (such as an IPv4 network). Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. The network layer protocol of the packets before encapsulation and after encapsulation can be the same or different.
GRE tunnel operating principle Figure 94 IPv6 networks interconnected through a GRE tunnel As shown in Figure 94, an IPv6 protocol packet traverses an IPv4 network through a GRE tunnel as follows: After receiving an IPv6 packet from the interface connected to IPv6 network 1, Device A looks up the routing table to determine that the outgoing interface is a GRE tunnel interface (Tunnel 0 in this example), and then submits the IPv6 packet to the tunnel interface Tunnel 0.
Page 239
• HP recommends not configuring the same tunnel source and destination addresses for local tunnel interfaces that use the same GRE encapsulation protocol. If the destination address of a packet before encapsulation is not in the same subnet as the IP •...
Step Command Remarks By default, no source address or interface is configured for a tunnel interface. If you configure a source address for a tunnel interface, the tunnel Configure a source interface uses the source address address or source source { ip-address | interface-type as the source address of the interface for the tunnel interface-number }...
Page 241
• HP recommends not configuring the same tunnel source and destination addresses for local tunnel interfaces that use the same GRE encapsulation protocol. If the destination address of a packet before encapsulation is not in the same subnet as the IP •...
Step Command Remarks By default, no source IPv6 address or interface is configured for a tunnel interface. If you configure a source IPv6 address for a tunnel interface, the tunnel interface uses the source Configure a source IPv6 IPv6 address as the source IPv6 source { ipv6-address | address or source interface for address of the encapsulated...
Task Command Remarks For more information about Display IPv6 information about tunnel display ipv6 interface [ tunnel this command, see Layer interface. [ number ] ] [ brief ] 3—IP Services Command Reference. For more information about reset counters interface [ tunnel this command, see Layer Clear tunnel interface statistics.
Page 244
# Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch A. [SwitchA-Tunnel1] source vlan-interface 101 # Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch B. [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Configure a static route from Switch A through the tunnel interface to Group 2.
Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Display tunnel interface information on Switch B.
Page 246
Figure 96 Network diagram Switch A XGE1/1/6 XGE1/1/6 Switch B Vlan-int101 Vlan-int101 2002::1:1/64 2001::2:1/64 IPv6 network XGE1/1/5 XGE1/1/5 GRE tunnel XGE1/1/7 XGE1/1/7 Vlan-int100 Vlan-int100 Tunnel0 10.1.1.1/24 Tunnel0 10.1.3.1/24 10.1.2.2/24 10.1.2.1/24 IPv4 IPv4 Service loopback port Group 1 Group 2 Configuration procedure Before the following configurations, configure an IP address for each interface, and make sure Switch A and Switch B can reach each other.
Page 247
# Configure an IP address for the tunnel interface. [SwitchB-Tunnel0] ip address 10.1.2.2 255.255.255.0 # Configure the source address of tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel0] source 2001::2:1 # Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch A.
Solution Execute the display ip routing-table command on Device A and Device C to view whether Device A has a route over tunnel 0 to 10.2.0.0/16 and whether Device C has a route over tunnel 0 to 10.1.0.0/16. If such a route does not exist, execute the ip route-static command in system view to add the route. Take Device A as an example: [DeviceA] ip route-static 10.2.0.0 255.255.0.0 tunnel 0...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 252
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 253
Index Numerics IP services DHCPv6 address pool, IP services DHCPv6 address pool selection, 6to4 IP services DHCPv6 address/prefix assignment, relay, IP services DHCPv6 address/prefix lease tunnel, renewal, tunnel configuration, 209, IP services DHCPv6 IA, IP services DHCPv6 IAID, address IP services DHCPv6 IPv6 address assignment, DHCPv6 client IPv6 address acquisition, IP services DHCPv6 IPv6 address/prefix allocation sequence,...
Page 254
IPv6 address type, IP services DHCPv6 assignment (4 messages), applying IP services DHCPv6 IPv6 address, IP services DDNS client policy to interface, IP services DHCPv6 IPv6 prefix, IP services DHCP address pool on interface, IP services DHCPv6 rapid assignment (2 messages), IP services DHCPv6 snooping trusted port, IP services DHCPv6 server dynamic IPv6 address...
Page 255
maintaining client, IP services DHCP voice client Option 184 parameters, protocols and standards, IP services DHCPv6 address pool, Bootstrap Protocol. Use BOOTP IP services DHCPv6 IA, broadcast IP services DHCPv6 IAID, IP services DHCP server response broadcast, IP services DHCPv6 IPv6 prefix assignment, IP services UDP helper configuration, 129, 129, IP services DHCPv6 relay agent configuration,...
Page 256
IP services DHCP relay agent, 55, 56, IP services DHCPv6 snooping Option 37, IP services DHCP relay agent IP address IP services DHCPv6 snooping packet rate limit, release, IP services DNS, 81, IP services DHCP relay agent Option 82, 60, IP services DNS proxy, IP services DHCP relay agent security IP services DNS spoofing,...
Page 257
IPv6 ND, IP services DHCP client duplicated address detection, IPv6 ND customer-side port, IP services DHCP IP address conflict detection, IPv6 ND static neighbor entry, IPv6 ND duplicate address detection, IPv6 path MTU discovery, IPv6 ND neighbor reachability detection, IPv6 RA message parameter, 146, IPv6 ND redirection, IPv6 stateless address with autoconfiguration,...
Page 258
IP services ISATAP tunnel configuration, displaying BOOTP client, IP services stateless DHCPv6, displaying client, IP services UDP helper configuration), displaying relay agent, IPv4 DNS client configuration, displaying server, IPv4 DNS proxy configuration, enabling, IPv4/IPv4 tunnel configuration, enabling Option 82 handling, IPv4/IPv6 manual tunnel configuration, IP address allocation, 25, IPv6 basic settings configuration,...
Page 259
relay agent relay entry recording, DHCPv6 relay agent security functions, address allocation, relay agent starvation attack protection, address pool, server address pool configuration, address pool selection, server address pool creation, address/prefix assignment, server address pool IP address range, address/prefix lease renewal, server address pool IP address range (primary assignment (4 messages), subnet/multiple ranges),...
Page 261
DUID IP services DHCP client duplicated address detection, DHCPv6 client DUID, IP services DHCP client on interface, DUID (DHCPv6), IP services DHCP Option 82 handling, duplicated address detection (DHCP), IP services DHCP relay agent on interface, dynamic IP services DHCP relay agent relay entry periodic IP services ARP dynamic entry, refresh, IP services ARP entry max number (for device),...
Page 262
IP services ARP configuration (multiport entry), IP services DHCP server BOOTP response format, IP services ARP snooping configuration, IP services GRE encapsulation format, IP services ARP static configuration, IPv6 addresses, IP services BOOTP client configuration, 79, fragment IP services common proxy ARP configuration, IP performance optimization ICMP fragment IP services DHCP client configuration, 64, forwarding,...
Page 263
error message rate limit, DHCP server address pool IP address range (primary subnet/multiple secondary subnets), IPv6 message send control, DHCP server configuration, IPv6 ND duplicate address detection, DHCP server IP address dynamic assignment, IPv6 ND neighbor reachability detection, DHCP server IP address static assignment, IPv6 ND protocol, DHCP server option customization, IPv6 ND protocol address resolution,...
Page 264
IP services ARP OpenFlow table entry, IPv6 ICMPv6 destination unreachable message, IP services ARP operation, IPv6 ICMPv6 error message rate limit, IP services ARP snooping configuration, IPv6 ICMPv6 message send, IP services ARP static configuration, IPv6 ICMPv6 redirect message, IP services ARP static entry configuration, IPv6 ICMPv6 time exceeded message, IP services ARP static table entry, IPv6 interface address assignment,...
Page 269
IP services ARP message format, IP services ARP snooping configuration, MAC address IP services ARP static configuration, IP services DHCP client configuration, 64, IP services common proxy ARP configuration, MAC addressing IP services DHCP format, IP services ARP configuration, 1, IP services DHCP-REQUEST message attack IP services ARP configuration (multiport entry), protection,...
Page 270
IP services DNS proxy configuration, DHCPv6 client IPv6 prefix acquisition configuration, IP services DNS spoofing configuration, DHCPv6 client packet DSCP value, IP services DNS static domain name resolution, DHCPv6 client stateless DHCPv6, IPv4 DNS client configuration, DHCPv6 client stateless DHCPv6 configuration, IPv4 DNS client dynamic domain name directed broadcast forward configuration, resolution, 85,...
Page 271
IP services DHCP client gateway, IP services DHCPv6 snooping entry max number, IP services DHCP client ID configuration for interface, IP services DHCPv6 snooping entry save, IP services DHCP client packet DSCP value, IP services DHCPv6 snooping Option 18 configuration, IP services DHCP client server specification, IP services DHCPv6 snooping Option 37 IP services DHCP relay agent enable on...
Page 272
IPv6 interface MTU configuration, IP services ARP configuration, 1, IPv6 link-local address configuration, IP services ARP configuration (multiport entry), IPv6 max number NS message sent IP services ARP snooping configuration, attempts, IP services ARP static configuration, IPv6 multicast echo request reply, IP services BOOTP client configuration, 79, IPv6 ND configuration, IP services common proxy ARP configuration,...
Page 273
IP services GRE/IPv4 configuration, IP performance optimization TCP path MTU discovery, IP services GRE/IPv6 configuration, IP performance optimization TCP SYN cookie, IP services IRDP configuration, 1 17 IP performance optimization TCP timers, IP services proxy ARP configuration, option IP services tunneling configuration, 200, IP services DHCP field, IP services UDP helper configuration, 129, 129,...
Page 274
IP services DDNS outgoing packet DSCP IPv6 ND stateless address autoconfiguration, value, IPv6 ND static neighbor entry configuration, IP services DHCP client packet DSCP value, IPv6 path MTU discovery, IP services DHCP server packet DSCP value, IPv6 path MTU discovery configuration, IP services DHCP snooping packet rate limit, IPv6 RA message parameter configuration, IP services DHCPv6 packet DSCP value,...
Page 275
IP services DHCPv6 IPv6 address/prefix configuring IP services ARP multiport entry, allocation sequence, configuring IP services ARP snooping, IP services DHCPv6 IPv6 prefix assignment, configuring IP services ARP static entry, IP services DHCPv6 server dynamic IPv6 prefix configuring IP services BOOTP client, assignment, configuring IP services BOOTP client address IP services DHCPv6 server IPv6 prefix...
Page 276
configuring IP services DHCP server subnets, configuring IP services GRE/IPv6 tunnel, configuring IP services DHCP server to ignore configuring IP services IRDP, 1 17 BOOTP requests, configuring IP services ISATAP tunnel, 212, configuring IP services DHCP server user configuring IP services tunneling, class, configuring IP services tunneling Layer 3 virtual configuring IP services DHCP snooping, 71,...
Page 277
configuring IPv6 RA message enabling IP services DHCP, parameters, 146, enabling IP services DHCP client duplicated configuring IPv6 stateless address with address detection, autoconfiguration, enabling IP services DHCP client on interface, configuring IPv6 static path MTU, enabling IP services DHCP Option 82 handling, configuring IPv6 static prefix, enabling IP services DHCP relay agent on configuring IPv6/IPv4 manual tunnel, 206,...
Page 278
maintaining IP services tunneling specifying IP services DHCP server address pool IP configuration, address range (primary subnet/multiple ranges), maintaining IP services UDP helper, specifying IP services DHCP server address pool IP maintaining IPv4 DNS, address range (primary subnet/multiple secondary maintaining IPv6 basics, subnets), minimizing IPv6 ND link-local entry, specifying IP services DHCP server on relay...
Page 279
configuration, relay entry recording, displaying, starvation attack protection, local proxy ARP enable, troubleshooting configuration, proxying releasing IP services DNS proxy, IP services DHCP relay agent IP address release, IP services DNS proxy configuration, reserved DHCP Option 184, 28, IP services IRDP proxy-advertised IP address, 1 15 resolving IPv4 DNS proxy configuration,...
Page 280
IP performance optimization, IP services DDNS client configuration, saving IP services DDNS client policy application, IP services DHCP snooping entries, IP services DDNS client policy IP services DHCPv6 snooping entries, configuration, security IP services DDNS configuration, 102, IP services DHCP relay agent IP address release, IP services DDNS configuration (PeanutHull IP services DHCP relay agent relay entry periodic server),...
Page 281
IP services DHCP address pool IP address range IP services DHCPv6 IPv6 prefix assignment, (primary subnet/multiple ranges), IP services DHCPv6 network parameters IP services DHCP address pool IP address range assignment, (primary subnet/multiple secondary IP services DHCPv6 packet DSCP value, subnets), IP services DHCPv6 PD, IP services DHCP client BIMS server...
Page 282
IP services DHCP server address pool IP address IP services DHCP server subnets, range, IP services DHCPv6 relay agent configuration, IP services DHCP server address pool IP address suffix range (primary subnet/multiple ranges), IP services DHCP client domain name suffix, IP services DHCP server address pool IP address IP services DNS client, range (primary subnet/multiple secondary...
Page 283
ICMPv6 time exceeded message, IPv4/IPv6 manual tunnel configuration, 218, timer IPv4/IPv6 manual tunneling, IP services ARP dynamic entry aging timer IPv6 tunneling technology, configuration, IPv6/IPv4 manual tunnel configuration, 206, IPv6 dynamic path MTU aging timer, IPv6/IPv4 tunneling, IPv6 ND stale state entry aging timer, IPv6/IPv6 tunnel configuration, 221, TCP FIN wait timer, IPv6/IPv6 tunneling,...
Page 284
DHCPv6 client stateless DHCPv6 configuration, IP services BOOTP client configuration, 79, IP services DHCP client configuration, 64, IP services DHCP relay agent configuration, 55, 56, IP services DHCP relay agent Option 82, IP services DHCP server configuration, 32, 34, IP services DHCP server IP address dynamic assignment, IP services DHCP server IP address static assignment,...