Page of 231
Download Table of ContentsContents Print This PagePrint Bookmark

HP 10500 Series Configuration Manual

Layer 3 - ip services.
Hide thumbs

Advertisement

HP 10500 Switch Series
Layer 3 - IP Services
Part number: 5998-2209
Software version: Release 1201 and later
Document version: 6W102-20130530

Advertisement

   Related Manuals for HP 10500 Series

   Summary of Contents for HP 10500 Series

  • Page 1: Configuration Guide

    HP 10500 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-2209 Software version: Release 1201 and later Document version: 6W102-20130530...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring ARP ··························································································································································· 1   Overview············································································································································································ 1   ARP message format ················································································································································ 1   ARP operation ··························································································································································· 1   ARP table ··································································································································································· 2   Configuring a static ARP entry ········································································································································· 3   Configuring the maximum number of dynamic ARP entries for an interface ····························································· 4  ...

  • Page 4: Table Of Contents

    IP address classes ·················································································································································· 24   Special IP addresses ············································································································································· 25   Subnetting and masking ······································································································································· 25   Assigning an IP address to an interface ······················································································································ 26   Configuration guidelines ······································································································································ 26   Configuration procedure ······································································································································ 26   Configuration example ········································································································································· 26  ...

  • Page 5: Table Of Contents

    Static IP address assignment configuration example ························································································ 51   Dynamic IP address assignment configuration example ··················································································· 53   Self-defined option configuration example ········································································································· 54   Troubleshooting DHCP server configuration ··············································································································· 55   Configuring the DHCP relay agent ··························································································································· 56   Overview·········································································································································································...

  • Page 6: Table Of Contents

    Configuring DHCP snooping entries backup ·············································································································· 78   Enabling DHCP starvation attack protection ··············································································································· 79   Enabling DHCP-REQUEST message attack protection ······························································································· 80   Configuring DHCP packet rate limit ····························································································································· 80   Displaying and maintaining DHCP snooping ············································································································· 81   DHCP snooping configuration examples ·····················································································································...

  • Page 7: Table Of Contents

    IPv6 features ························································································································································· 105   IPv6 addresses ····················································································································································· 106   IPv6 neighbor discovery protocol ······················································································································ 109   IPv6 path MTU discovery ···································································································································· 112   IPv6 transition technologies ································································································································ 112   Protocols and standards ····································································································································· 113   IPv6 basics configuration task list ······························································································································· 113  ...

  • Page 8: Table Of Contents

    Configuration procedure ············································································································································· 140   Setting the DSCP value for DHCPv6 packets ··································································································· 140   Displaying and maintaining the DHCPv6 relay agent ····························································································· 141   DHCPv6 relay agent configuration example ············································································································ 141   Network requirements ········································································································································· 141   Configuration procedure ···································································································································· 142  ...

  • Page 9: Table Of Contents

      GRE over IPv6 tunnel configuration example ············································································································ 197   Troubleshooting GRE ··················································································································································· 201   Support and other resources ·································································································································· 202   Contacting HP ······························································································································································ 202   Subscription service ············································································································································ 202   Related information ······················································································································································ 202   Documents ···························································································································································· 202  ...

  • Page 10: Configuring Arp

    Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into physical addresses such as MAC addresses. On an Ethernet LAN, a device uses ARP to get the MAC address of the target device for a packet. NOTE: Layer You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see...

  • Page 11: Arp Table

    Host A looks through its ARP table for an ARP entry for Host B. If an entry is found, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.

  • Page 12: Configuring A Static Arp Entry

    Dynamic ARP entry ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down, and it can be overwritten by a static ARP entry. Static ARP entry A static ARP entry is manually configured and maintained.

  • Page 13: Configuring The Maximum Number Of Dynamic Arp Entries For An Interface

    Configuring the maximum number of dynamic ARP entries for an interface An interface can dynamically learn ARP entries, so it may hold too many ARP entries. To solve this problem, you can set the maximum number of dynamic ARP entries that an interface can learn. When the maximum number is reached, the interface stops learning ARP entries.

  • Page 14: Configuring Arp Quick Update

    Enabled by default. Configuring ARP quick update HP recommends enabling ARP quick update in WLANs only. As shown in Figure 3, the laptop frequently roams between AP 1 and AP 2. This affects the mapping between its MAC address and outbound interface on the switch. If the switch does not update its ARP table immediately after the outbound interface changes, it may fail to communicate with the laptop.

  • Page 15: Configuring Multicast Arp

    subnet mask of the receiving interface is not in the subnet 10.10.10.5/24, VLAN-interface 10 cannot process the ARP packet. With this feature enabled, the device calculates the subnet address by using the default mask of the class A network where 10.10.10.5/24 resides. Because 10.10.10.5/24 is on the same class A network as 10.1 1.1 1.1/8, VLAN-interface 10 can learn the sender IP and MAC addresses in the request.

  • Page 16: Displaying And Maintaining Arp

    NOTE: When configuring multicast ARP, use the interfaces on the EB, EA, SE, or SF card of the switch to connect to hosts and servers. Displaying and maintaining ARP CAUTION: Clearing ARP entries from the ARP table might cause communication failures. Task Command Remarks...

  • Page 17: Arp Configuration Examples

    ARP configuration examples Static ARP entry configuration example Network requirements As shown in Figure 4, hosts are connected to the switch, which is connected to the router through interface GigabitEthernet 1/0/1 in VLAN 10. The IP and MAC addresses of the router are 192.168.1.1/24 and 00e0-fc01-0000 respectively.

  • Page 18: Multicast Arp Configuration Example (in Standalone Mode)

    IP Address MAC Address VLAN ID Interface Aging Type 192.168.1.1 00e0-fc01-0000 GE1/0/1 Multicast ARP configuration example (in standalone mode) Network requirements As shown in Figure 5, a small data center uses Microsoft multicast-mode NLB. To enable the switch to cooperate with NLB, perform the following configurations: Use the interfaces on the EB, EA, SE, or SF card of the switch to connect to the hosts and servers.

  • Page 19: Multicast Arp Configuration Example (in Irf Mode)

    As shown in Figure 6, a small data center uses Microsoft multicast-mode NLB. Two HP 10500 switches form an IRF fabric. To enable the switches to cooperate with NLB, perform the following configurations: Use the interfaces on the EB, EA, SE, or SF card of the switch to connect to the hosts and servers.

  • Page 20

    Configuration procedure This example only describes multicast ARP configuration. For more information about IRF, see the IRF configuration guide for switches. For NLB configuration on the servers, see the related documents for Windows Server. # Specify an IP address for VLAN-interface 10. <Switch>...

  • Page 21: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device.

  • Page 22: Configuration Procedure

    If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router in the VRRP group.

  • Page 23

    You can use this command to enable the device to display error message without sending any gratuitous ARP request for conflict confirmation. The receiving device displays the message every 30 seconds until the conflict is resolved. To enable IP conflict notification: Step Command Remarks...

  • Page 24: Configuring Proxy Arp

    Configuring proxy ARP Overview Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on the same network.

  • Page 25: Enabling Common Proxy Arp

    Figure 8 Application environment of local proxy ARP   Enable local proxy ARP in one of the following cases: Hosts connecting to different isolated Layer 2 ports in the same VLAN must communicate at Layer • If a super VLAN is configured, hosts in different sub VLANs of the super VLAN must communicate •...

  • Page 26: Displaying And Maintaining Proxy Arp

    Step Command Remarks local-proxy-arp enable [ ip-range Enable local proxy ARP. Disabled by default. startIP to endIP ] Displaying and maintaining proxy ARP Task Command Remarks display proxy-arp [ interface interface-type Display whether proxy ARP is interface-number ] [ | { begin | exclude | Available in any view.

  • Page 27: Local Proxy Arp Configuration Example In Case Of Port Isolation

    [Switch-vlan2] quit # Specify the IP address of interface VLAN-interface 1. [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 # Enable proxy ARP on interface VLAN-interface 1. [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit # Specify the IP address of interface VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable proxy ARP on interface VLAN-interface 2.

  • Page 28

    Figure 10 Network diagram Switch A   GE1/0/2 VLAN 2 Vlan-int2 192.168.10.100/16 VLAN 2 port-isolate group GE1/0/2 GE1/0/3 GE1/0/1 Switch B Host B Host A 192.168.10.200/16 192.168.10.99/16 Configuration procedure On Switch B, add GigabitEthernet 1/0/3, GigabitEthernet 1/0/1, and GigabitEthernet 1/0/2 to VLAN 2.

  • Page 29: Local Proxy Arp Configuration Example In Super Vlan

    Local proxy ARP configuration example in super VLAN Network requirements Figure 1 1 shows a super VLAN, VLAN 10, with the interface IP address 192.168.10.100/16 and sub-VLANs (VLAN 2 and VLAN 3). GigabitEthernet 1/0/2 belongs to VLAN 2 and GigabitEthernet 1/0/1 belongs to VLAN 3.

  • Page 30: Local Proxy Arp Configuration Example In Isolate-user-vlan

    The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to implement Layer 3 communication between sub-VLANs. [Switch-Vlan-interface10] local-proxy-arp enable The ping operation from Host A to Host B is successful after the configuration. Local proxy ARP configuration example in isolate-user-VLAN Network requirements...

  • Page 31

    [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port GigabitEthernet 1/0/2 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port isolate-user-vlan 5 promiscuous [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port isolate-user-vlan host [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] port isolate-user-vlan host [SwitchB-GigabitEthernet1/0/3] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A:...

  • Page 32: Configuring Arp Snooping

    Configuring ARP snooping Overview ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. The ARP snooping entries can be used by manual-mode MFF (MAC–Forced Forwarding). For more information about MFF, see Security Configuration Guide. If ARP snooping is enabled on a VLAN, ARP packets received by the interfaces of the VLAN are redirected to the CPU.

  • Page 33: Configuring Ip Addressing

    Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (DHCP) is beyond the scope of this chapter. NOTE: The term "interface" in this chapter collectively refers to Layer-3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces.

  • Page 34: Special Ip Addresses

    Class Address range Remarks 192.0.0.0 to 223.255.255.255 224.0.0.0 to Multicast addresses. 239.255.255.255 240.0.0.0 to Reserved for future use except for the broadcast address 255.255.255.255 255.255.255.255. Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses. IP address with an all-zero net ID—Identifies a host on the local network.

  • Page 35: Assigning An Ip Address To An Interface

    Assigning an IP address to an interface You can assign an interface one primary address and multiple secondary addresses. Generally, you only need to assign the primary address to an interface. In some cases, you must assign secondary IP addresses to the interface. For example, if the interface connects to two subnets, to enable the device to communicate with all hosts on the LAN, assign a primary IP address and a secondary IP address to the interface.

  • Page 36

    Figure 15 Network diagram 172.16.1.0/24 Switch Host B Vlan-int1 172.16.1.1/24 172.16.1.2/24 172.16.2.1/24 sub 172.16.2.2/24 Host A 172.16.2.0/24 Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1. <Switch> system-view [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0 [Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub # Set the gateway address to 172.16.1.1 on the hosts attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the hosts attached to subnet 172.16.2.0/24.

  • Page 37: Displaying And Maintaining Ip Addressing

    Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/25/26 ms The output shows that the switch can communicate with the hosts on subnet 172.16.2.0/24. # Ping a host on subnet 172.16.1.0/24 from a host on subnet 172.16.2.0/24 to verify the connectivity.

  • Page 38: Dhcp Overview

    DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 16 Typical DHCP application A DHCP client can obtain an IP address and other configuration parameters from a DHCP server on another subnet through a DHCP relay agent.

  • Page 39: Dynamic Ip Address Allocation Process

    Dynamic IP address allocation process Figure 17 Dynamic IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.

  • Page 40: Dhcp Message Format

    DHCP message format Figure 18 shows the DHCP message format, which is based on the BOOTP message format although DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 18 DHCP message format op—Message type defined in option field.

  • Page 41: Dhcp Options

    DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for dynamic address allocation and to provide additional configuration information to clients. Figure 19 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.

  • Page 42

    Vendor-specific option (Option 43) DHCP servers and clients use Option 43 to exchange vendor-specific configuration information. The DHCP client can obtain the following information through Option 43: Auto-Configuration Server (ACS) parameters, including the ACS URL, username, and password. • • Service provider identifier, which is acquired by the Customer Premises Equipment (CPE) from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters.

  • Page 43

    Figure 22 PXE server address sub-option value field Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.

  • Page 44: Protocols And Standards

    Sub-option 1—Contains the user-specified access node identifier (ID of the device that adds Option 82 in DHCP messages), and the type, number, and VLAN ID of the interface that received the client's request. The VLAN ID field has a fixed length of 2 bytes. All the other padding contents of sub-option 1 are length variable.

  • Page 45: Configuring The Dhcp Server

    Configuring the DHCP server This chapter shows how to configure DHCP servers. Overview The DHCP server is well suited to networks where: Manual configuration and centralized management are difficult to implement. • • IP addresses are limited. For example, an ISP limits the number of concurrent online users, and most users must acquire IP addresses dynamically.

  • Page 46: Ip Address Allocation Sequence

    Principles for selecting an address pool The DHCP server observes the following principles to select an address pool when assigning an IP address to a client: If there is an address pool where an IP address is statically bound to the MAC address or ID of the client, the DHCP server selects this address pool and assigns the statically bound IP address to the client.

  • Page 47: Dhcp Server Configuration Task List

    DHCP server configuration task list Task Remarks Configuring an address pool on the DHCP server Required. Enabling DHCP Required. Enabling the DHCP server on an interface Required. Required by the extended address pool configuration. Applying an extended address pool on an interface When configuring a common address pool, ignore this task.

  • Page 48: Creating A Dhcp Address Pool

    Creating a DHCP address pool When creating a DHCP address pool, specify it as a common address pool or an extended address pool. Address allocation mode is configured differently for common address pools and extended address pools. Configurations of other parameters (for example, the domain name suffix and DNS server address) are the same.

  • Page 49

    If the interfaces on a DHCP client share the same MAC address, specify the client ID, rather than • MAC address, in a static binding to identify the requesting interface. If you do not specify the client ID, the client may fail to obtain an IP address. To configure a static binding in a common address pool: Step Command...

  • Page 50: Configuring Dynamic Address Allocation For An Extended Address Pool

    Step Command Remarks expired { day day [ hour hour Optional. Specify the address lease [ minute minute ] [ second duration. One day by default. second ] ] | unlimited } Return to system view. quit Optional. Except IP addresses of the DHCP Exclude IP addresses from dhcp server forbidden-ip server interfaces, all addresses in...

  • Page 51: Configuring A Domain Name Suffix For The Client

    Configuring a domain name suffix for the client You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client only needs to enter part of a domain name, and the system adds the domain name suffix for name resolution.

  • Page 52: Configuring Bims Server Information For The Client

    To configure WINS servers and NetBIOS node type in a DHCP address pool: Step Command Remarks Enter system view. system-view Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] Optional for b-node. Specify WINS servers. nbns-list ip-address&<1-8> No WINS server is specified by default.

  • Page 53: Configuring The Tftp Server And Bootfile Name For The Client

    To configure option 184 parameters in a DHCP address pool: Step Command Remarks Enter system view. system-view dhcp server ip-pool pool-name Enter DHCP address pool view. [ extended ] Not primary network calling processor is specified by default. Specify the IP address of the primary network calling...

  • Page 54: Specifying A Server's Ip Address For The Dhcp Client

    Step Command Remarks • Specify the TFTP server: tftp-server ip-address ip-address Use either command. Specify the IP address or the • Specify the name of the TFTP server: name of the TFTP server. Not specified by default. tftp-server domain-name domain-name Specify the bootfile name.

  • Page 55: Enabling Dhcp

    Step Command Remarks option code { ascii ascii-string | Configure self-defined No self-defined DHCP option is hex hex-string&<1-16> | DHCP option. configured by default. ip-address ip-address&<1-8> } Table 2 for a description of common options and corresponding commands. Table 2 Common DHCP options Option Option name Corresponding command...

  • Page 56: Configuration Guidelines

    Configuration guidelines Follow these guidelines when you enable the DHCP server on an interface: If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of • whether the subaddress keyword is used, selects an IP address from the address pool containing the primary IP address of the DHCP relay agent's interface (connected to the client) for a requesting client.

  • Page 57: Configuring The Dhcp Server Security Functions

    Step Command Remarks Optional. By default, the DHCP server has no Apply an extended address dhcp server apply ip-pool extended address pool applied on its pool on the interface. pool-name interface, and assigns an IP address from a common address pool to a requesting client.

  • Page 58: Enabling Client Offline Detection

    Step Command Remarks Optional. Specify the maximum number of dhcp server ping packets The default setting is one. ping packets to be sent for number The value 0 disables IP address conflict conflict detection. detection. Optional. dhcp server ping timeout The default setting is 500 ms.

  • Page 59: Specifying The Threshold For Sending Trap Messages

    Step Command Remarks Enter system view. system-view Optional. Enable the server to handle dhcp server relay information Option 82. enable Enabled by default. Specifying the threshold for sending trap messages Configuration prerequisites Before performing the configuration, use the snmp-agent target-host command to specify the destination address of the trap messages.

  • Page 60: Dhcp Server Configuration Examples

    IMPORTANT: A restart of the DHCP server or execution of the reset dhcp server ip-in-use command deletes all lease information. The DHCP server denies any DHCP request for lease extension, and the client must request an IP address again. Task Command Remarks display dhcp server conflict { all | ip...

  • Page 61

    The client ID of VLAN-interface 2 on Switch B is: 3030-3066-2e65-3234-392e-3830-3530-2d56-6c61-6e2d-696e-7465-7266-6163-6532. Figure 26 Network diagram   Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A: <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server: # Enable DHCP.

  • Page 62: Dynamic Ip Address Assignment Configuration Example

    Dynamic IP address assignment configuration example Network requirements • As shown in Figure 27, the DHCP server (Switch A) assigns IP addresses to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25. The IP addresses of VLAN-interfaces 1 and 2 on Switch A are 10.1.1.1/25 and 10.1.1.129/25 •...

  • Page 63: Self-defined Option Configuration Example

    [SwitchA] dhcp server forbidden-ip 10.1.1.126 [SwitchA] dhcp server forbidden-ip 10.1.1.254 # Configure DHCP address pool 0 (subnet, client domain name suffix, and DNS server address). [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] domain-name aabbcc.com [SwitchA-dhcp-pool-0] dns-list 10.1.1.2 [SwitchA-dhcp-pool-0] quit # Configure DHCP address pool 1 (subnet, gateway, lease duration, and WINS server).

  • Page 64: Troubleshooting Dhcp Server Configuration

    Configuration procedure Specify IP addresses for the interfaces. (Details not shown.) Configure the DHCP server: # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server global-pool [SwitchA-Vlan-interface2] quit # Configure DHCP address pool 0.

  • Page 65: Configuring The Dhcp Relay Agent

    Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet, centralizes management, and reduces investment. An MCE device serving as the DHCP relay agent can forward DHCP packets not only between a DHCP server and clients on a public network, but also between a DHCP server and clients on a private network.

  • Page 66: Dhcp Relay Agent Support For Option 82

    Figure 30 DHCP relay agent work process As shown in Figure 30, after receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode. Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters in a response to the relay agent, and the relay agent conveys it to the client.

  • Page 67: Dhcp Relay Agent Configuration Task List

    If a DHCP request Handling Padding The DHCP relay agent will… has… strategy format Forward the message after adding the Option Verbose 82 padded in verbose format. Forward the message after adding the User-defined user-defined Option 82. DHCP relay agent configuration task list Task Remarks Enabling DHCP...

  • Page 68: Correlating A Dhcp Server Group With A Relay Agent Interface

    Step Command Remarks interface interface-type Enter interface view. interface-number With DHCP is enabled, an Enable the DHCP relay agent dhcp select relay interface works in the DHCP server on the current interface. mode. Correlating a DHCP server group with a relay agent interface To improve availability, you can specify several DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface with the server group.

  • Page 69: Configuring The Dhcp Relay Agent Security Functions

    Configuring the DHCP relay agent security functions Configuring address check Address check can block illegal hosts from accessing external networks. With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after they obtain IP addresses through DHCP. You can also configure static IP-to-MAC bindings on the DHCP relay agent so that users can access external networks by using fixed IP addresses.

  • Page 70: Enabling Unauthorized Dhcp Server Detection

    With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server. If the server returns a DHCP-ACK message or does not return any message within a specific interval, •...

  • Page 71

    compares the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP relay agent decides this request as valid and forwards it to the DHCP server. If not, it discards the DHCP request. To enable MAC address check: Step Command...

  • Page 72: Configuring The Dhcp Relay Agent To Handle Option 82

    Step Command Configure the DHCP relay agent to release an IP address. dhcp relay release ip client-ip The IP address to be released must be available in a dynamic client entry. Dynamic client entries can be generated only after you enable address check or IP source guard on the DHCP relay agent.

  • Page 73: Setting The Dscp Value For Dhcp Packets

    Step Command Remarks Optional. • Configure the padding format for By default: Option 82: • The padding format for Option dhcp relay information format 82 is normal. { normal | verbose [ node-identifier • The code type for the circuit ID { mac | sysname | user-defined sub-option depends on the node-identifier } ] }...

  • Page 74: Dhcp Relay Agent Configuration Examples

    Task Command Remarks display dhcp relay security [ ip-address | Display information about bindings of Available in any dynamic | static ] [ | { begin | exclude | DHCP relay agents. view. include } regular-expression ] display dhcp relay security statistics [ | Display statistics information about Available in any { begin | exclude | include }...

  • Page 75: Dhcp Relay Agent Option 82 Support Configuration Example

    Configuration procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Add DHCP server 10.1.1.1 into DHCP server group 1. [SwitchA] dhcp relay server-group 1 ip 10.1.1.1 # Enable the DHCP relay agent on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1.

  • Page 76: Troubleshooting Dhcp Relay Agent Configuration

    [SwitchA-Vlan-interface1] dhcp relay information remote-id string device001 Troubleshooting DHCP relay agent configuration Symptom DHCP clients cannot obtain any configuration parameters through the DHCP relay agent. Analysis Some problems may occur with the DHCP relay agent or server configuration. Solution To locate the problem, enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information.

  • Page 77: Configuring Dhcp Client

    Configuring DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters such as an IP address from the DHCP server. Configuration restrictions The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), •...

  • Page 78: Displaying And Maintaining The Dhcp Client

    Step Command Remarks Optional. Set the DSCP value for DHCP packets dhcp client dscp sent by the DHCP client. dscp-value By default, the DSCP value is 56. Displaying and maintaining the DHCP client Task Command Remarks display dhcp client [ verbose ] [ interface Display specified interface-type interface-number ] [ | { begin | Available in any view.

  • Page 79: Verifying The Configuration

    # Enable the DHCP service. [SwitchA] dhcp enable # Exclude an IP address from automatic allocation. [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24. [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] expired day 10...

  • Page 80

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0...

  • Page 81: Configuring Dhcp Snooping

    Configuring DHCP snooping A DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. DHCP snooping functions DHCP snooping can: Make sure DHCP clients obtain IP addresses from authorized DHCP servers.

  • Page 82: Application Environment Of Trusted Ports

    Application environment of trusted ports Configuring a trusted port connected to a DHCP server Figure 33 Configuring trusted and untrusted ports As shown in Figure 33, the DHCP snooping device port that is connected to an authorized DHCP server should be configured as a trusted port. The trusted port forwards response messages from the authorized DHCP server to the client, but the untrusted port does not forward response messages from the unauthorized DHCP server.

  • Page 83: Dhcp Snooping Support For Option 82

    Figure 34 Configuring trusted ports in a cascaded network Table 4 Roles of ports Trusted port disabled from Trusted port enabled to Device Untrusted port recording binding entries record binding entries Switch A GigabitEthernet 1/0/1 GigabitEthernet 1/0/3 GigabitEthernet 1/0/2 GigabitEthernet 1/0/3 and Switch B GigabitEthernet 1/0/1 GigabitEthernet 1/0/2...

  • Page 84: Dhcp Snooping Configuration Task List

    If a DHCP request Handling Padding format The DHCP snooping device will… has… strategy Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format. Forward the message after replacing the Replace verbose original Option 82 with the Option 82 padded in verbose format.

  • Page 85

    If a Layer 2 Ethernet interface is added to an aggregation group, the DHCP snooping configuration • of the interface does not take effect. After the interface quits the aggregation group, the configuration becomes effective. DHCP snooping can work with basic QinQ or flexible QinQ. When receiving a packet without any •...

  • Page 86

    If the handling strategy of the DHCP-snooping device is configured as replace, configure a padding • format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format. If Option 82 contains the device name, the device name must contain no spaces. Otherwise, the •...

  • Page 87: Configuring Dhcp Snooping Entries Backup

    Step Command Remarks • Configure the padding format Optional. for Option 82: dhcp-snooping information By default: format { normal |verbose • The padding format for Option [ node-identifier { mac | 82 is normal. sysname | user-defined • The code type for the circuit ID node-identifier } ] } sub-option depends on the •...

  • Page 88: Enabling Dhcp Starvation Attack Protection

    To configure DHCP snooping entries backup: Step Command Remarks Enter system view. system-view Not specified by default. DHCP snooping entries are stored dhcp-snooping binding immediately after this command is Specify the name of the file for database filename used and then updated at the storing DHCP snooping entries.

  • Page 89: Enabling Dhcp-request Message Attack Protection

    To enable MAC address check: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable MAC address check. dhcp-snooping check mac-address Disabled by default. Enabling DHCP-REQUEST message attack protection Attackers may forge DHCP-REQUEST messages to renew the IP address leases for legitimate DHCP clients that no longer need the IP addresses.

  • Page 90: Displaying And Maintaining Dhcp Snooping

    If a Layer 2 Ethernet interface belongs to an aggregation group, it uses the DHCP packet maximum • rate configured on the corresponding Layer 2 aggregate interface. To configure DHCP packet rate limit: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface view interface interface-type or Layer 2 aggregate interface view.

  • Page 91: Dhcp Snooping Configuration Examples

    DHCP snooping configuration examples DHCP snooping configuration example Network requirements As shown in Figure 35, perform configurations on Switch B to achieve the following purposes: The port connected to the DHCP server can forward responses from the server, but the other ports •...

  • Page 92

    <SwitchB> system-view [SwitchB] dhcp-snooping # Specify GigabitEthernet 1/0/1 as trusted. [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 to support Option 82. [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information strategy replace [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information circuit-id string company001 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information remote-id string device001 [SwitchB-GigabitEthernet1/0/2] quit...

  • Page 93: Configuring Ipv4 Dns

    Configuring IPv4 DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. DNS services can be static or dynamic.

  • Page 94: Configuring The Ipv4 Dns Client

    The DNS client comprises the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store the latest mappings between domain names and IP addresses in the dynamic domain name cache.

  • Page 95: Configuring Dynamic Domain Name Resolution

    Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, enable dynamic domain name resolution and configure a DNS server. In addition, you can configure a DNS suffix that the system automatically adds to the provided domain name for resolution.

  • Page 96: Displaying And Maintaining Ipv4 Dns

    Step Command Remarks Optional. Set the DSCP value for DNS packets. dns dscp dscp-value By default, the DSCP value is 0. Displaying and maintaining IPv4 DNS Task Command Remarks display ip host [ | { begin | Display the static IPv4 domain exclude | include } Available in any view.

  • Page 97: Dynamic Domain Name Resolution Configuration Example

    # Use the ping host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com PING host.com (10.1.1.2): data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms...

  • Page 98

    The DNS server configuration page appears, as shown in Figure Right-click Forward Lookup Zones, select New Zone, and then follow the instructions to create a new zone named com. Figure 39 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 40 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1.

  • Page 99

    Figure 41 Adding a mapping between domain name and IP address Configure the DNS client: # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the...

  • Page 100: Troubleshooting Ipv4 Dns Configuration

    Troubleshooting IPv4 DNS configuration Symptom After enabling dynamic domain name resolution, the user cannot get the correct IP address. Solution Use the display dns host ip command to verify that the specified domain name is in the cache. • If the specified domain name does not exist, verify that dynamic domain name resolution is enabled •...

  • Page 101: Configuring Ip Forwarding Basics

    Configuring IP forwarding basics Upon receiving a packet, the device uses the destination IP address of the packet to find a match from the forwarding information base (FIB) table, and uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table.

  • Page 102

    Task Command Remarks display fib [ vpn-instance vpn-instance-name ] [ acl acl-number | ip-prefix ip-prefix-name ] [ | Display FIB information. Available in any view. { begin | exclude | include } regular-expression ] Display FIB information display fib [ vpn-instance vpn-instance-name ] matching the specified ip-address [ mask | mask-length ] [ | { begin | Available in any view.

  • Page 103: Configuring Ip Performance Optimization

    Configuring IP performance optimization This chapter describes multiple features for IP performance optimization. The term "interface" in the IP performance optimization features collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

  • Page 104: Configuration Example

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable the interface to ip forward-broadcast [ acl Disabled by default. forward directed broadcasts. acl-number ] Configuration example Network requirements As shown in Figure 42, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of Switch A.

  • Page 105: Configuring The Tcp Send/receive Buffer Size

    A router that fails to forward the packet because it exceeds the MTU on the outgoing interface discards the packet and returns an ICMP error message, which contains the MTU of the outgoing interface. Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection.

  • Page 106: Configuring Tcp Timers

    Configuring TCP timers You can configure the following TCP timers: synwait timer—When sending a SYN packet, TCP starts the synwait timer. If no response packet is • received within the synwait timer interval, the TCP connection cannot be created. • finwait timer—When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is started.

  • Page 107: Disadvantages Of Sending Icmp Error Packets

    If the device receives an IP packet with a timeout error, it drops the packet and sends an ICMP timeout packet to the source. The device sends an ICMP timeout packet under the following conditions: If the device finds that the destination of a packet is not itself and the TTL field of the packet is 1, it sends a "TTL timeout"...

  • Page 108

    Configuration procedure To enable sending ICMP error packets: Step Command Remarks Enter system view. system-view Enable sending ICMP redirect packets. ip redirects enable Disabled by default. Enable sending ICMP timeout packets. ip ttl-expires enable Disabled by default. Enable sending ICMP destination ip unreachables enable Disabled by default.

  • Page 109

    Table 6 Handling ICMP messages Device mode ICMP messages sent ICMP messages received Remarks Extension information in extended ICMP messages is Common mode Common ICMP messages Common ICMP messages not processed. Extended ICMP messages Common ICMP messages Common ICMP messages without a length field are Compliant mode Extended ICMP messages...

  • Page 110

    Task Command Remarks display ip statistics [ chassis chassis-number Display statistics of IP packets. (In IRF slot slot-number ] [ | { begin | exclude | Available in any view. mode.) include } regular-expression ] display icmp statistics [ slot slot-number ] [ | Display ICMP statistics.

  • Page 111: Configuring Udp Helper

    Configuring UDP helper UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.

  • Page 112: Displaying And Maintaining Udp Helper

    Step Command Remarks interface interface-type Enter interface view. interface-number udp-helper server [ vpn-instance No destination server is Specify a destination server. vpn-instance-name ] ip-address specified by default. Displaying and maintaining UDP helper Task Command Remarks display udp-helper server [ interface Display information about packets interface-type interface-number ] [ | { begin Available in any view.

  • Page 113

    # Specify the IP address of the destination server in the public network as 10.2.1.1 on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1...

  • Page 114: Configuring Ipv6 Basics

    Configuring IPv6 basics Overview Internet Protocol Version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet Protocol version 4 (IPv4). The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits. NOTE: The term "interface"...

  • Page 115: Ipv6 Addresses

    Hierarchical address structure IPv6 uses the hierarchical address structure to speed up route lookups and reduce the IPv6 routing table size through route aggregation. Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration: Stateful address autoconfiguration enables a host to acquire an IPv6 address and other •...

  • Page 116

    IMPORTANT: A double colon may appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents, and correctly convert it to zeros to restore a 128-bit IPv6 address.

  • Page 117

    Link-local addresses are used for communication among link-local nodes for neighbor discovery • and stateless autoconfiguration. Packets with link-local source or destination addresses are not forwarded to other links. • Site-local unicast addresses are similar to private IPv4 addresses. Packets with site-local source or destination addresses are not forwarded out of the local site (or a private network).

  • Page 118: Ipv6 Neighbor Discovery Protocol

    Figure 45 Converting a MAC address into an EUI-64 address-based interface identifier • On a tunnel interface The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros.

  • Page 119

    ICMPv6 message Type Function Informs the source host of a better next hop on the path to a Redirect message particular destination when certain conditions are satisfied. Address resolution This function is similar to the ARP function in IPv4. An IPv6 node acquires the link-layer addresses of neighboring nodes on the same link through NS and NA message exchanges.

  • Page 120

    Figure 47 Duplicate address detection Host A sends an NS message whose source address is the unspecified address and whose destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message contains the IPv6 address. If Host B uses this IPv6 address, Host B returns an NA message.

  • Page 121: Ipv6 Path Mtu Discovery

    IPv6 path MTU discovery The links that a packet passes from a source to a destination may have different MTUs. In IPv6, when the packet size exceeds the path MTU of a link, the packet is fragmented at the source end of the link to reduce the processing pressure on intermediate devices and to use network resources effectively.

  • Page 122

    Protocols and standards RFC 1881, IPv6 Address Allocation Management • RFC 1887, An Architecture for IPv6 Unicast Address Allocation • RFC 1981, Path MTU Discovery for IP version 6 • • RFC 2375, IPv6 Multicast Address Assignments RFC 2460, Internet Protocol, Version 6 (IPv6) Specification •...

  • Page 123: Configuring Basic Ipv6 Functions

    Task Remarks Configuring the maximum ICMPv6 error packets sent Optional. in an interval Enabling replying to multicast echo requests Optional. Configuring ICMPv6 packet sending Enabling sending ICMPv6 time exceeded messages Optional. Enabling sending ICMPv6 destination unreachable Optional. messages Configuring basic IPv6 functions Enabling IPv6 Enable IPv6 before you perform any IPv6-related configuration.

  • Page 124: Manual Configuration

    Step Command Remarks interface interface-type Enter interface view. interface-number Configure the interface to ipv6 address By default, no IPv6 global unicast generate an EUI-64 IPv6 ipv6-address|prefix-length eui-64 address is configured on an interface. address. Manual configuration To specify an IPv6 address manually for an interface: Step Command Remarks...

  • Page 125: Configuring An Ipv6 Link-local Address

    Before sending a packet, the system preferably uses the temporary IPv6 address of the sending interface as the source address of the packet to be sent. When this temporary IPv6 address expires, the system removes it and generates a new one. This enables the system to send packets with different source addresses through the same interface.

  • Page 126: Configure An Ipv6 Anycast Address

    If you delete the manually assigned address, the automatically generated link-local address is validated. To configure automatic generation of an IPv6 link-local address for an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Configure the interface By default, no link-local address is to automatically...

  • Page 127: Configuring Ipv6 Nd

    Step Command Remarks interface interface-type Enter interface view. interface-number Optional. Configure an IPv6 anycast ipv6 address By default, no IPv6 anycast address. ipv6-address/prefix-length anycast address is configured on an interface. Configuring IPv6 ND The following topics apply to configuring IPv6 ND. Configuring a static neighbor entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.

  • Page 128: Setting The Age Timer For Nd Entries In Stale State

    that an interface can dynamically learn. When the number of dynamically learned neighbors reaches the threshold, the interface stops learning neighbor information. To configure the maximum number of neighbors dynamically learned: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.

  • Page 129

    Parameters Description Determines whether hosts use the stateful autoconfiguration to acquire IPv6 addresses. If the M flag is set to 1, hosts use the stateful autoconfiguration (for example, through M flag a DHCP server) to acquire IPv6 addresses. Otherwise, hosts use the stateless autoconfiguration to acquire IPv6 addresses and generate IPv6 addresses according to their own link-layer addresses and the obtained prefix information.

  • Page 130

    Step Command Remarks interface interface-type Enter interface view. interface-number Optional. By default, no prefix information is ipv6 nd ra prefix { ipv6-prefix configured for RA messages, and the Configure the prefix prefix-length | IPv6 address of the interface sending RA information in RA ipv6-prefix/prefix-length } messages is used as the prefix...

  • Page 131: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    Configuring the maximum number of attempts to send an NS message for DAD An interface sends an NS message for DAD after acquiring an IPv6 address. If the interface does not receive a response within a specified time (determined by the ipv6 nd ns retrans-timer command), it continues to send an NS message.

  • Page 132: Configuring Path Mtu Discovery

    Configuring path MTU discovery This section contains information on configuring path MTU discovery. Configuring a static path MTU for a specified IPv6 address You can configure a static path MTU for a specified destination IPv6 address. When a source host sends a packet through an interface, it compares the interface MTU with the static path MTU of the specified destination IPv6 address.

  • Page 133: Configuring Icmpv6 Packet Sending

    Step Command Remarks Enter system view. system-view Optional. Set the synwait timer. tcp ipv6 timer syn-timeout wait-time The default is 75 seconds. Optional. Set the finwait timer. tcp ipv6 timer fin-timeout wait-time The default is 675 seconds. Optional. Set the size of the IPv6 TCP tcp ipv6 window size sending/receiving buffer.

  • Page 134: Enabling Sending Icmpv6 Time Exceeded Messages

    multicast address, all the hosts in the multicast group send echo replies to Host B. To prevent such an attack, disable a device from answering multicast echo requests by default. In some application scenarios, however, you need to enable the device to answer multicast echo requests. To enable replying to multicast echo requests: Step Command...

  • Page 135: Displaying And Maintaining Ipv6 Basics Configuration

    If the packet with the destination being local and transport layer protocol being UDP and the • packet's destination port number does not match the running process, the device sends the source a "port unreachable" ICMPv6 error message. If an attacker sends abnormal traffic that causes the device to generate ICMPv6 destination unreachable messages, end users may be affected.

  • Page 136

    Task Command Remarks display ipv6 neighbors vpn-instance Display the neighbor Available in any vpn-instance-name [ count ] [ | { begin | exclude | information of a specified VPN. view. include } regular-expression ] display ipv6 pathmtu [ vpn-instance Display the IPv6 path MTU vpn-instance-name ] { ipv6-address | all | dynamic Available in any information.

  • Page 137: Ipv6 Basics Configuration Example

    IPv6 basics configuration example Network requirements As shown in Figure 49, a host, Switch A and Switch B are connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify that they are connected. Enable IPv6 on the host to automatically obtain an IPv6 address through IPv6 ND.

  • Page 138

    # Execute the ping ipv6 command on Switch A to verify the connectivity between Switch A and Switch B. [SwitchA] ping ipv6 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=0 hop limit=64 time = 3 ms Reply from 3001::1 bytes=56 Sequence=1 hop limit=64...

  • Page 139

    ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 25829 InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1...

  • Page 140

    ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B.

  • Page 141

    IPv6 Packet statistics: InReceives: InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected.

  • Page 142: Troubleshooting Ipv6 Basics Configuration

    1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms The output shows that Switch B can ping Switch A and the host. Troubleshooting IPv6 basics configuration Symptom The peer IPv6 address cannot be pinged. Solution •...

  • Page 143: Dhcpv6 Overview

    DHCPv6 overview IMPORTANT: The device cannot act as a DHCPv6 server. The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. Compared with other IPv6 address allocation methods (such as manual configuration and stateless address autoconfiguration), DHCPv6 can: Record addresses assigned to hosts and assign specific addresses to hosts, facilitating network •...

  • Page 144: Iaid

    Figure 50 DUID-LL format Identified by an IAID, an Identity Association (IA) provides a construct through which the obtained addresses, prefixes, and other configuration parameters assigned from a server to a client are managed. A client can have more than one IA assigned to it, for example, one for each of its interfaces, to manage the addresses, prefixes, and other configuration parameters obtained by the interfaces.

  • Page 145: Assignment Involving Four Messages

    Figure 51 Rapid assignment involving two messages Assignment involving four messages Figure 52 shows the process of IPv6 address/prefix assignment involving four messages. Figure 52 Assignment involving four messages The assignment involving four messages operates as follows: The DHCPv6 client sends out a Solicit message, requesting an IPv6 address/prefix and other configuration parameters.

  • Page 146: Stateless Dhcpv6 Configuration

    Figure 53 Using the Renew message for address/prefix lease renewal As shown in Figure 54, if the DHCPv6 client receives no response from the DHCPv6 server after sending out a Renew message at T1, it multicasts a Rebind message to all DHCPv6 servers at T2 (that is, when 80% preferred lifetime expires).

  • Page 147

    Request option, specifying the configuration parameters that the client requests from the DHCPv6 server. After receiving the Information-request message, the DHCPv6 server returns to the client a Reply message containing the requested configuration parameters. The client checks the Reply message. If the obtained configuration parameters match those requested in the Information-request message, the client performs network configuration with the parameters.

  • Page 148: Configuring Dhcpv6 Relay Agent

    Configuring DHCPv6 relay agent A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 56, if the DHCPv6 server resides on another subnet, the DHCPv6 client can contact the server through a DHCPv6 relay agent, so you do not need to deploy a DHCPv6 server on each subnet.

  • Page 149: Configuration Prerequisites

    within the Relay Message option of a Relay-reply message. The DHCPv6 server then sends the Relay-reply message to the DHCPv6 relay agent. The DHCPv6 relay agent obtains the reply from the Relay-reply message and sends the reply to the DHCPv6 client. Then the DHCPv6 client uses the IPv6 address and other network parameters assigned by the DHCPv6 server to perform network configuration.

  • Page 150: Displaying And Maintaining The Dhcpv6 Relay Agent

    Step Command Remarks Optional. Set the DSCP value for DHCPv6 packets sent by the ipv6 dhcp dscp dscp-value By default, the DSCP value in DHCPv6 relay agent. DHCPv6 packets is 56. Displaying and maintaining the DHCPv6 relay agent Task Command Remarks Display the DUID of the local display ipv6 dhcp duid [ | { begin | exclude |...

  • Page 151

    Configuration procedure Configure Switch A as a DHCPv6 relay agent: # Enable the IPv6 packet forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure the IPv6 addresses of VLAN-interface 2 and VLAN-interface 3 respectively. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ipv6 address 1::1 64...

  • Page 152

    RELAY-FORWARD RELAY-REPLY...

  • Page 153: Configuring Dhcpv6 Client

    Configuring DHCPv6 client Serving as a DHCPv6 client, the device only supports stateless DHCPv6 configuration, that is, the device can only obtain other network configuration parameters, except the IPv6 address and prefix from the DHCPv6 server. With an IPv6 address obtained through stateless address autoconfiguration, the device automatically enables the stateless DHCPv6 function after it receives an RA message with the M flag set to 0 and the O flag set to 1.

  • Page 154: Stateless Dhcpv6 Configuration Example

    Task Command Remarks display ipv6 dhcp client [ interface Display DHCPv6 client interface-type interface-number ] [ | { begin | Available in any view. information. exclude | include } regular-expression ] display ipv6 dhcp client statistics [ interface Display DHCPv6 client statistics. interface-type interface-number ] [ | { begin | Available in any view.

  • Page 155

    <SwitchA> system-view [SwitchA] ipv6 # Enable stateless IPv6 address autoconfiguration on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address auto With this command executed, if VLAN-interface 2 has no IPv6 address configured, Switch A automatically generates a link-local address, and send an RS message, requesting the gateway (Switch B) to reply with an RA message immediately.

  • Page 156: Configuring Ipv6 Dns

    Configuring IPv6 DNS IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like IPv4 DNS, IPv6 DNS includes static domain name resolution and dynamic domain name resolution. The functions and implementations of the two types of domain name resolution are the same as those of IPv4 DNS.

  • Page 157: Setting The Dscp Value For Ipv6 Dns Packets

    Step Command Remarks Enable dynamic domain dns resolve Disabled by default. name resolution. Not specified by default. dns server ipv6 ipv6-address If the IPv6 address of a DNS server is a Specify a DNS server. [ interface-type link-local address, you need to specify the interface-number ] interface-type and interface-number arguments.

  • Page 158: Ipv6 Dns Configuration Examples

    IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements As shown in Figure 60, the device wants to access the host by using an easy-to-remember domain name rather than an IPv6 address. Configure static domain name resolution on the device so that the device can use the domain name host.com to access the host at 1::2.

  • Page 159

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 61, the device wants to access the host by using an easy-to-remember domain name rather than an IPv6 address. The IPv6 address of the DNS server is 2::2/64 and the server has a com domain, which stores the mapping between domain name host and IPv6 address 1::1/64.

  • Page 160

    Figure 62 Creating a zone On the DNS server configuration page, right-click zone com and select Other New Records. Figure 63 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type, and click Create Record.

  • Page 161

    Figure 64 Selecting the resource record type On the page that appears, enter host name host and IPv6 address 1::1. Click OK. The mapping between the IP address and host name is created.

  • Page 162

    Figure 65 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Enable dynamic domain name resolution. <Device> system-view [Device] dns resolve # Specify the DNS server 2::2. [Device] dns server ipv6 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device...

  • Page 163

    Reply from 1::1 bytes=56 Sequence=3 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=4 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=5 hop limit=126 time = 1 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms...

  • Page 164: Configuring Tunneling

    Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end.

  • Page 165

    Tunnel types IPv6 over IPv4 tunnels fall into manually configured tunnels and automatic tunnels, depending on how the IPv4 address of the tunnel destination is acquired. • Manually configured tunnel—The destination IPv4 address of the tunnel cannot be automatically acquired from the destination IPv6 address of an IPv6 packet at the tunnel source. It must be manually configured.

  • Page 166: Ipv4 Over Ipv4 Tunneling

    Figure 67 Principle of 6to4 tunneling   ISATAP tunneling An ISATAP tunnel is a point-to-point automatic tunnel. It provides a solution to connect an IPv6 host to an IPv6 network over an IPv4 network. The destination addresses of IPv6 packets and the IPv6 addresses of tunnel interfaces are all ISATP addresses.

  • Page 167: Ipv4 Over Ipv6 Tunneling

    The IP protocol stack determines how to forward the packet according to the destination address in the IP header. If the packet is destined for the IPv4 host connected to Device B, Device A delivers the packet to the tunnel interface. The tunnel interface adds a new IPv4 header to the IPv4 packet and submits to the IP protocol stack.

  • Page 168: Ipv6 Over Ipv6 Tunneling

    The tunneling module removes the IPv6 header and delivers the remaining IPv4 packet to the IPv4 protocol stack. The IPv4 protocol stack forwards the IPv4 packet. IPv6 over IPv6 tunneling IPv6 over IPv6 tunneling (RFC 2473) enables isolated IPv6 networks to communicate with each other over another IPv6 network.

  • Page 169: Tunneling Configuration Task List

    Tunneling configuration task list Complete the following tasks to configure the tunneling feature: Task Remarks Configuring a tunnel interface Required. Configuring an IPv6 manual tunnel Configuring an Optional. IPv6 over IPv4 Configuring a 6to4 tunnel Use one as needed. tunnel Configuring an ISATAP tunnel Configuring an IPv4 over IPv4 tunnel Optional.

  • Page 170

    By default, sending ICMP destination unreachable packets is disabled. To enable it, use the ip • unreachables enable command. Configuration procedure To configure a tunnel interface: Step Command Remarks Enter system view. system-view By default, no tunnel interface is Create a tunnel interface interface tunnel number and enter its view.

  • Page 171: Configuring An Ipv6 Manual Tunnel

    Configuring an IPv6 manual tunnel Configuration prerequisites Configure an IP addresses for the interface (such as a VLAN interface, or loopback interface) to be configured as the source interface of the tunnel interface. Configuration guidelines Follow these guidelines when you configure an IPv6 manual tunnel: After a tunnel interface is deleted, all the features configured on the tunnel interface will be deleted.

  • Page 172

    Step Command Remarks By default, the tunnel mode is GRE over IPv4. Specify IPv6 tunnel-protocol ipv6-ipv4 The same tunnel mode should be manual tunnel mode. configured at both ends of the tunnel. Otherwise, packet delivery fails. Configure a source source { ip-address | interface-type By default, no source address or address or interface interface-number }...

  • Page 173

    # Specify an IPv6 address for VLAN-interface 101. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 3002::1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP on the interface.

  • Page 174

    [SwitchB-Tunnel0] ipv6 address 3001::2/64 [SwitchB-Tunnel0] source vlan-interface 100 [SwitchB-Tunnel0] destination 192.168.100.1 [SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 # Apply service loopback group 1 on the tunnel interface. [SwitchB-Tunnel0] service-loopback-group 1 [SwitchB-Tunnel0] quit # Configure a static route to IPv6 Group 1 through Tunnel 0 on Switch B. [SwitchB] ipv6 route-static 3002:: 64 tunnel 0 Verifying the configuration # Display the status of the tunnel interfaces on Switch A and Switch B, respectively.

  • Page 175: Configuring A 6to4 Tunnel

    InReceives: # Ping the IPv6 address of VLAN-interface 101 at the peer end from Switch A. [SwitchA] ping ipv6 3003::1 PING 3003::1 : 56 data bytes, press CTRL_C to break Reply from 3003::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 3003::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms...

  • Page 176

    Step Command Remarks Enter system view. system-view By default, the IPv6 packet forwarding Enable IPv6. ipv6 function is disabled. Enter tunnel interface interface tunnel number view. • Configure an IPv6 global unicast address or a site-local address: The IPv6 link-local address configuration ipv6 address { ipv6-address is optional.

  • Page 177: Configuration Considerations

    Figure 73 Network diagram Configuration considerations To enable communication between 6to4 networks, configure 6to4 addresses for 6to4 switches and hosts in the 6to4 networks. The IPv4 address of VLAN-interface 100 on Switch A is 2.1.1.1/24, and the corresponding 6to4 • prefix is 2002:0201:0101::/48 after it is translated to an IPv6 address.

  • Page 178

    [SwitchA-GigabitEthernet1/0/3] quit # Configure a 6to4 tunnel. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] ipv6 address 2002:201:101::1/64 [SwitchA-Tunnel0] source vlan-interface 100 [SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4 # Apply service loopback group 1 on the tunnel. [SwitchA-Tunnel0] service-loopback-group 1 [SwitchA-Tunnel0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface.

  • Page 179: Configuring An Isatap Tunnel

    Verifying the configuration # Ping Host B from Host A or ping Host A from Host B. The ping operation succeeds. D:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2 Pinging 2002:501:101:1::2 from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2:...

  • Page 180

    Step Command Remarks By default, the IPv6 forwarding Enable IPv6. ipv6 function is disabled. Enter tunnel interface view. interface tunnel number • Configure an IPv6 global unicast address or site-local address: The IPv6 link-local address configuration is optional. ipv6 address { ipv6-address prefix-length | By default: ipv6-address/prefix-length }...

  • Page 181

    Configuration procedure Make sure the corresponding VLAN interfaces have been created on the switch, and that VLAN-interface 101 on the ISATAP switch and the ISATAP host can reach each other through IPv4. • Configure the switch: # Enable IPv6. <Switch> system-view [Switch] ipv6 # Specify addresses for interfaces.

  • Page 182

    Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery does not use Router Discovery routing preference 1 EUI-64 embedded IPv4 address: 0.0.0.0 router link-layer address: 0.0.0.0 preferred link-local fe80::5efe:2.1.1.2, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 42500ms (base 30000ms) retransmission interval 1000ms...

  • Page 183: Configuring An Ipv4 Over Ipv4 Tunnel

    Ping statistics for 2001::5efe:1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms Verifying the configuration The ISATAP host can access the host in the IPv6 network. Configuring an IPv4 over IPv4 tunnel Configuration prerequisites Configure an IP addresses for the interface (such as a VLAN interface or loopback interface) to be...

  • Page 184

    Step Command Remarks By default, the tunnel mode is GRE over IPv4. Specify the IPv4 over tunnel-protocol ipv4-ipv4 The same tunnel mode should be IPv4 tunnel mode. configured at both ends of the tunnel. Otherwise, packet delivery will fail. Configure source source { ip-address | interface-type By default, no source address or...

  • Page 185

    # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP on the interface. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] undo lldp enable [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Create interface Tunnel 1. [SwitchA] interface tunnel 1 # Specify an IPv4 address for interface Tunnel 1.

  • Page 186

    # Specify an IPv4 address for interface Tunnel 2. [SwitchB-Tunnel2] ip address 10.1.2.2 255.255.255.0 # Configure the tunnel encapsulation mode as IPv4 over IPv4. [SwitchB-Tunnel2] tunnel-protocol ipv4-ipv4 # Specify the IP address of VLAN-interface 101 as the source address for interface Tunnel 2. [SwitchB-Tunnel2] source 3.1.1.1 # Specify the IP address of VLAN-interface 101 of Switch A as the destination address for interface Tunnel 2.

  • Page 187: Configuring An Ipv4 Over Ipv6 Tunnel

    Last 300 seconds output: 0 bytes/sec, 0 packets/sec 5 packets input, 320 bytes 0 input error 9 packets output, 576 bytes 0 output error # Ping the IPv4 address of the peer interface VLAN-interface 100 from Switch A. [SwitchA] ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break Reply from 10.1.3.1: bytes=56 Sequence=1 ttl=255 time=15 ms...

  • Page 188

    Step Command Remarks Enter system view. system-view By default, the IPv6 packet forwarding Enable IPv6. ipv6 function is disabled. Enter tunnel interface interface tunnel number view. Configure IPv4 ip address ip-address { mask | By default, no IPv4 address is configured address for the tunnel mask-length } [ sub ] for the tunnel interface.

  • Page 189

    [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, the physical interface of the tunnel. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2001::1:1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP.

  • Page 190

    [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] undo stp enable [SwitchB-GigabitEthernet1/0/3] undo lldp enable [SwitchB-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-GigabitEthernet1/0/3] quit # Create interface Tunnel 2. [SwitchB] interface tunnel 2 # Specify an IPv4 address for interface Tunnel 2. [SwitchB-Tunnel2] ip address 30.1.2.2 255.255.255.0 # Configure the tunnel encapsulation mode as IPv4 over IPv6.

  • Page 191: Configuring An Ipv6 Over Ipv6 Tunnel

    Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 2002::0002:0001, destination 2002::0001:0001 Tunnel bandwidth 64 (kbps) Tunnel protocol/transport IP/IPv6 last clearing of counters: Never Last 300 seconds input: 1 bytes/sec, 0 packets/sec Last 300 seconds output: 1 bytes/sec, 0 packets/sec 167 packets input, 10688 bytes 0 input error...

  • Page 192

    The IPv6 address of the tunnel interface must not be on the same subnet as the destination address • configured for the tunnel interface. The destination address of the route passing the tunnel interface must not be on the same subnet as •...

  • Page 193

    Step Command Remarks Enable dropping of IPv6 Optional. packets using tunnel discard ipv4-compatible-packet The default setting is IPv4-compatible IPv6 disabled. addresses. Configuration example Network requirements As shown in Figure 77, configure an IPv6 over IPv6 tunnel between Switch A and Switch B so the two IP networks can reach each other without disclosing their IPv6 addresses.

  • Page 194

    # Create interface Tunnel 1. [SwitchA] interface tunnel 1 # Specify an IPv6 address for interface Tunnel 1. [SwitchA-Tunnel1] ipv6 address 3001::1:1 64 # Configure the tunnel encapsulation mode as IPv6 over IPv6. [SwitchA-Tunnel1] tunnel-protocol ipv6-ipv6 # Specify the IP address of VLAN-interface 101 as the source address for interface Tunnel 1. [SwitchA-Tunnel1] source 2001::11:1 # Specify the IP address of VLAN-interface 101 of Switch B as the destination address for interface Tunnel 1.

  • Page 195

    # Specify the IP address of VLAN-interface 101 of Switch A as the destination address for interface Tunnel 2. [SwitchB-Tunnel2] destination 2001::11:1 # Apply service loopback group 1 on the tunnel. [SwitchB-Tunnel2] service-loopback-group 1 [SwitchB-Tunnel2] quit # Configure a static route destined to the IPv6 network Group 1 through interface Tunnel 2. [SwitchB] ipv6 route-static 2002:1:: 64 tunnel 2 Verifying the configuration # Display the status of the tunnel interfaces on Switch A and Switch B, respectively.

  • Page 196: Displaying And Maintaining Tunneling Configuration

    [SwitchA] ping ipv6 2002:3::1 PING 2002:3::1 : 56 data bytes, press CTRL_C to break Reply from 2002:3::1 bytes=56 Sequence=1 hop limit=64 time = 31 ms Reply from 2002:3::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2002:3::1 bytes=56 Sequence=3 hop limit=64 time = 16 ms Reply from 2002:3::1 bytes=56 Sequence=4 hop limit=64...

  • Page 197

    reachable. If no routing entry is available for tunnel communication in the routing table, configure a route to reach the tunnel destination.

  • Page 198: Configuring Gre

    Configuring GRE This chapter describes how to configure GRE. Overview Generic Routing Encapsulation (GRE) is a protocol designed for encapsulating and carrying the packets of one network layer protocol (for example, IP or IPX) over another network layer protocol (for example, IP).

  • Page 199: Gre Encapsulation And De-encapsulation Processes

    GRE over IPv4—The transport protocol is IPv4, and the passenger protocol is any network layer • protocol. GRE over IPv6—The transport protocol is IPv6, and the passenger protocol is any network layer • protocol. GRE encapsulation and de-encapsulation processes The following encapsulation process and de-encapsulation process use Figure 80 to describe how an X protocol packet traverses the IP network through a GRE tunnel.

  • Page 200: Configuring A Gre Over Ipv4 Tunnel

    Configuring a GRE over IPv4 tunnel Configuration restrictions and guidelines The source address or interface and the destination address that are specified for the tunnel • interface must be a public address or interface. The source address and destination address of a tunnel uniquely identify a path. They must be •...

  • Page 201: Configuring A Gre Over Ipv6 Tunnel

    Step Command Remarks Optional. The default tunnel mode is GRE over IPv4. Set the tunnel mode to GRE tunnel-protocol gre You must configure the same tunnel over IPv4. mode on both ends of a tunnel. Otherwise, packet delivery may fail. Configure the source address By default, no source address or source { ip-address | interface-type...

  • Page 202

    Configure a static route, using the address of the subnet the original packet is destined for as its destination address and the address of the peer tunnel interface as its next hop. Enable a dynamic routing protocol on both the tunnel interface and the router interface connecting the private network, so that the dynamic routing protocol can establish a routing entry that allows the tunnel to forward packets through the tunnel.

  • Page 203: Displaying And Maintaining Gre

    For information about tunnel interfaces and more configuration commands on a tunnel interface, see "Configuring tunneling." For more information about commands interface tunnel, tunnel-protocol, source, destination, and tunnel discard ipv4-compatible-packet, see Layer 3—IP Services Command Reference. Displaying and maintaining GRE Task Command Remarks...

  • Page 204

    [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure an IPv4 address for interface GigabitEthernet 1/0/2, the physical interface of the tunnel. [SwitchA] vlan 101 [SwitchA-vlan101] port GigabitEthernet 1/0/2 [SwitchA-vlan101] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ip address 1.1.1.1 255.255.255.0 [SwitchA-Vlan-interface101] quit # Create service loopback group 1, and configure the service type as tunnel.

  • Page 205

    # Configure an IPv4 address for interface GigabitEthernet 1/0/2, the physical interface of the tunnel. [SwitchB] vlan 101 [SwitchB-vlan101] port GigabitEthernet 1/0/2 [SwitchB-vlan101] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 2.2.2.2 255.255.255.0 [SwitchB-Vlan-interface101] quit # Create service loopback group 1, and configure the service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Add port GigabitEthernet 1/0/3 to service loopback group 1, and disable STP, and LLDP on the port.

  • Page 206: Gre Over Ipv6 Tunnel Configuration Example

    Checksumming of GRE packets disabled Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec 10 packets input, 840 bytes 0 input error 10 packets output, 840 bytes 0 output error [SwitchB] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP...

  • Page 207

    Figure 82 Network diagram Configuration procedure Before the configuration, make sure Switch A and Switch B can reach each other. Configure Switch A: <SwitchA> system-view # Enable IPv6. [SwitchA] ipv6 # Configure interface VLAN-interface 100. [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 1/0/1 [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0...

  • Page 208

    # Configure the source address of the tunnel interface Tunnel0 as the IP address of the interface VLAN-interface 101. [SwitchA-Tunnel0] source 2002::1:1 # Configure the destination address of the tunnel interface Tunnel0 as the IP address of the interface VLAN-interface 101 on Switch B. [SwitchA-Tunnel0] destination 2001::2:1 # Apply service loopback group 1 to the tunnel in tunnel interface view.

  • Page 209: Verify The Configuration

    [SwitchB-Tunnel0] source 2001::2:1 # Configure the destination address of the tunnel interface Tunnel0 to be the IP address of interface VLAN-interface 101 on Switch A. [SwitchB-Tunnel0] destination 2002::1:1 # Apply service loopback group 1 to the tunnel in tunnel interface view. [SwitchB-Tunnel0] service-loopback-group 1 [SwitchB-Tunnel0] quit # Configure a static route from Switch B through the tunnel interface Tunnel0 to Group 1.

  • Page 210: Troubleshooting Gre

    0 output error # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=3 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=2 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms...

  • Page 211: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 212: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 213

    Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 214: Index

    Index address specifying IPv6 interface address manually, 1 15 applying DHCP extended address pool on subnetting IP addresses, 25 interface, 47 troubleshooting IPv6 peer address cannot be ARP resolution process), 1 pinged, 133 configuring DHCP common address pool address address resolution protocol. See ARP allocation mode, 39 configuring DHCP dynamic address allocation, 40 IPv6 dynamic PMTU aging time, 123...

  • Page 215

    local proxy ARP isolate-user-VLAN configuration, configuring DHCP client TFTP server, 44 configuring DHCP client WINS server, 42 local proxy ARP port isolation configuration, 18 configuring DHCP client's server IP address, 45 local proxy ARP super VLAN configuration, 20 configuring DHCP voice client Option 184 maintaining, 7 parameters, 43 maintaining ARP snooping, 23...

  • Page 216

    ICMPv6 packet sending, 124 IP address, 26 tunneling, 155, 163 UDP helper, 102, 103 IP addressing, 24 contacting HP, 202 IP forwarding basics, 92 correlating DHCP server group with relay agent, 59 IP performance optimization, 94, 95 creating DHCP address pool, 39...

  • Page 217

    device configuring voice client Option 184 parameters, assigning IP address to interface, 26 configuring IPv4 DNS client, 85 correlating server group with relay agent, 59 configuring IPv6 EUI-64 address generation by creating address pool, 39 interface, 1 14 custom options, 32 DHCP overview, 29 DHCPv6.

  • Page 218

    relay agent configuration, 56, 65 DHCP server, 50 relay agent Option 82 support configuration, 66 DHCP snooping, 81 relay agent support for Option 82, 57 DHCPv6 client, 144 selecting address pool, 37 DHCPv6 relay agent, 141 self-defined option configuration, 54 FIB table, 92 server configuration, 36, 51 GRE, 194...

  • Page 219

    DHCP IP address allocation, 29 gratuitous ARP configuration, 12 DHCP IP address assignment configuration, 53 error IPv4 domain name resolution, 84 ICMP error packet sending, 97 verifying DHCP address assignment ICMPv6 error packet sending, 124 configuration, 54 Ethernet dynamic host configuration protocol. See DHCP DHCP client configuration, 68 echo request replies (IPv6), 124 DHCP configuration, 82...

  • Page 220

    encapsulation format, 189 ARP source IP conflict prompt enable, 13 encapsulation process, 190 assigning to interface, 26 protocols and standards, 190 configuration, 24, 26 troubleshooting hosts cannot ping each other, 201 configuring DHCP client's server IP address, 45 handling configuring DHCP IP address conflict detection, 48 DHCP Option 82, 49 configuring DHCP relay agent IP address release, ICMP messages, 99...

  • Page 221

    TCP attribute configuration, 95 configuring IPv6/IPv6 tunnel, 182, 184 IPng. See IPv6 configuring ISATAP tunnel, 170, 171 IPsec (IPv6 support), 106 configuring link-local address, 1 16 IP-to-MAC configuring manual tunnel, 162 DHCP client binding, 49 configuring max number NS DAD message send DHCP client mapping, 72 attempts, 122 DHCP configuration, 72...

  • Page 222

    transition technologies, 1 12 enabling gratuitous ARP packet learning, 12 troubleshooting peer address cannot be pinged, gratuitous ARP configuration, 12 IP-to-MAC mapping, 72 tunnel types, 156 multicast ARP configuration in IRF mode, 10 tunneling configuration, 155, 163 multicast ARP configuration in standalone mode, 9 tunneling encapsulation, 1 12 proxy ARP configuration, 15 unicast address type, 107...

  • Page 223

    IPv6 address type, 107 IPv6/IPv4 tunneling, 155 IPv6 unicast address type, 108 IPv6/IPv6 tunneling, 159 IRF mode ARP configuration, 10 ISATAP tunnel configuration, 170, 171 standalone ARP configuration, 9 proxy ARP configuration, 15 verifying IRF mode ARP configuration, 1 1 network management verifying standalone ARP configuration, 10 ARP configuration, 1, 8...

  • Page 224

    verifying DHCP self-defined option configuration, configuring snooping support, 76, 82 enabling handling, 49 verifying DHCP server dynamic IP address relay agent support, 57 assignment configuration, 54 snooping support, 74 verifying DHCP server static IP address assignment packet configuration, 52 configuring 6to4 tunnel, 166, 167 verifying DHCPv6 relay agent configuration, 142 configuring DHCP packet rate limit, 80 verifying DHCPv6 stateless client configuration,...

  • Page 225

    configuring DHCP dynamic address allocation configuring DHCP common address pool address (extended address pool), 41 allocation mode, 39 configuring DHCP server address pool, 38 configuring DHCP dynamic address allocation, 40 creating DHCP address pool, 39 configuring DHCP dynamic address allocation DHCP address, 36 (extended address pool), 41 DHCP address pool structure, 36...

  • Page 226

    configuring IP performance optimization TCP creating DHCP address pool, 39 PMTU discovery, 95 displaying DHCP client, 69 configuring IP performance optimization TCP displaying DHCP relay agent, 64 send/receive buffer size, 96 displaying DHCP server, 50 configuring IP performance optimization TCP displaying DHCP snooping, 81 timers, 97 displaying DHCPv6 client, 144...

  • Page 227

    specifying DHCP trap message sending threshold, rapid assignment (DHCPv6 two message), 135 rate limit (DHCP packet), 80 specifying IPv6 interface address manually, 1 15 receiving directed broadcast, 94 verifying 6to4 tunnel configuration, 170 recording IP-to-MAC mappings (DHCP client), 72 verifying DHCP client configuration, 70 redirecting (IPv6 ND), 109, 1 1 1 verifying DHCP self-defined option configuration, relay agent...

  • Page 228

    IPv6 ND address resolution, 109 configuring DHCP client NetBIOS node type, 42 restriction configuring DHCP client TFTP bootfile, 44 GRE/IPv4 tunnel configuration, 191 configuring DHCP client TFTP server, 44 GRE/IPv6 tunnel configuration, 192 configuring DHCP client WINS server, 42 UDP helper configuration, 102 configuring DHCP client's server IP address, 45 router/prefix discovery (IPv6 ND), 1 1 1 configuring DHCP security functions, 48...

  • Page 229

    DHCP snooping, 79 configuring IP performance optimization TCP stateful address (IPv6 autoconfiguration), 106 send/receive buffer size, 96 stateless configuring IP performance optimization TCP timer, DHCPv6 configuration, 137 DHCPv6 stateless client configuration, 145 configuring IPv4 DNS dynamic domain name IPv6 address autoconfiguration, 106, 1 15 resolution, 86 static configuring IPv4 DNS static domain name...

  • Page 230

    configuring IPv4/IPv4 tunnel, 174, 175 6to4 tunnel configuration, 170 configuring IPv4/IPv6 manual tunnel, 178, 179 DHCP client configuration, 70 configuring IPv6 manual tunnel, 162 DHCP self-defined option configuration, 55 configuring IPv6/IPv6 tunnel, 182, 184 DHCP server dynamic IP address assignment configuring ISATAP tunnel, 170, 171 configuration, 54 configuring tunnel interface, 160...

  • Page 231

    Windows NLB verifying multicast ARP configuration in standalone configuring multicast ARP, 6 mode, 10 multicast ARP configuration in IRF mode, 10 Windows server (DHCP client configuration), 68 multicast ARP configuration in standalone mode, 9 WINS server (DHCP client), 42 verifying multicast ARP configuration in IRF mode,...

Comments to this Manuals

Symbols: 0
Latest comments: